If you're even remotely into Kubernetes, you've probably heard about the ingress-nginx retirement. It's no longer maintained so it has to get replaced with something else. That something else is obviously something to do with Gateway API because it's the new hot thing everyone should be using. I tried a bunch on a separate EKS cluster, like HAProxy and Traefik, but eventually I landed on using Envoy Gateway since to me it felt like the most approachable and stable solution for our use case. Since I started the migration I made a respectable number of mistakes. These are my notes. TL;DR Run one shared Gateway per audience (shared-public, shared-private), not one per service. The HTTPRoute itself is simple; the HTTPS redirect is a second HTTPRoute attached to the http listener. nginx annotations don't map 1:1 — they split across SecurityPolicy, BackendTrafficPolicy, and ClientTrafficPolicy, and some live in the platform layer rather than the service chart. Cross-namespace TLS secrets…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.