7:[["$","$12",null,{"fallback":null,"children":["$","$L13",null,{"reason":"next/dynamic","children":["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org/\",\"@type\":\"Article\",\"headline\":\"Cloud Annotations for Gateway API and Ingress with Cilium\",\"image\":\"https://cdn.sanity.io/images/xinsvxfu/production/65fc9a34b3c10a975c6e0be2117f888398be89ae-1024x576.png\",\"datePublished\":\"2025-04-03T07:29:39.000Z\",\"dateModified\":\"2025-04-03T06:55:05.000Z\",\"description\":\"This tutorial shows how to use cloud-specific annotations for the Load Balancer service for Ingress & Gateway API on an Elastic Kubernetes Service and Azure Kubernetes Service cluster.\",\"author\":[{\"@type\":\"Person\",\"name\":\"Amit Gupta\",\"url\":\"https://isovalent.com/\"}]}"}}]}]}],["$","main",null,{"id":"top","children":[["$","header",null,{"className":"restricted mt-10 mb-14","children":[["$","$L18",null,{"href":"/blog/","className":"flex items-center justify-items-center gap-1 mb-6 text-sm font-bold text-action max-w-max","children":[["$","isov-icon",null,{"class":"block rotate-90","name":"arrow-right","size":"small"}],["$","isov-content",null,{"children":["$","span",null,{"className":"ui-text","children":"Blog"}]}]]}],["$","h1",null,{"className":"text-4xl text-nightfall font-bold mb-5 max-w-3xl","children":"Cloud Annotations for Gateway API and Ingress with Cilium"}],["$","div",null,{"className":"article-details block sm:flex items-center justify-items-start sm:justify-items-center cursor-default","children":[[["$","isov-avatar","ff5e2eda-05bb-ade9-8831-4dddc66e927d",{"size":"medium","name":"Amit Gupta","class":"mr-1","children":["$","$L19",null,{"src":"https://cdn.sanity.io/images/xinsvxfu/production/19b2e7212433d6c85f9a7cbb62beb590d8044fa0-528x1009.jpg?auto=format&q=80&fit=clip&w=200","alt":"Amit Gupta Image","slot":"avatar","height":200,"width":200}]}]],["$","div",null,{"className":"text-charcoal","children":[["$","span",null,{"className":"hidden sm:inline","children":"| "}],["$","span",null,{"children":["Published:"," ",["$","strong",null,{"className":"font-bold","children":"April 3, 2025"}]]}]," | ",[["$","$L1a","2159f293-7dd2-46f3-9b11-bf943ad2ae98",{"href":"/blog/networking-for-kubernetes","className":"inline-block text-action hover:underline font-bold pr-1","children":["Networking for Kubernetes",", "]}],["$","$L1a","4fcb3736-f359-4616-b52e-70db6cdbf558",{"href":"/blog/load-balancer","className":"inline-block text-action hover:underline font-bold pr-1","children":["Load Balancer",false]}]]]}]]}]]}],["$","section",null,{"id":"page-content","className":"mb-8","children":["$","$12",null,{"fallback":null,"children":["$","$L13",null,{"reason":"next/dynamic","children":["$","$L1b",null,{"content":[{"_key":"b129eddf-0deb-46c7-9ee0-4ad9298df2ef","_type":"block","children":[{"_key":"1a87f521-06e2-4d9a-acce-056fa58f4b35","_type":"span","marks":[],"text":"The debate around Ingress or "},{"_key":"47c30424-59b3-428b-a65c-7a4ba233f4f8","_type":"span","marks":["6bd1d49d-6608-45cc-a891-ca550bad8b75"],"text":"Gateway API is settled"},{"_key":"d43d60a3-0414-4231-b302-b38d449d4fd6","_type":"span","marks":[],"text":". Gateway API is the better of the two when providing a more flexible and extensible API for more advanced and robust traffic management and control in Kubernetes. Some users are either using Ingress as the standard API object with Cilium or rolling out Gateway API with cloud providers like AWS, Azure, etc. Imagine scrolling through multiple documents and links to figure out which annotation would serve the need for your use-case. "},{"_key":"c1f06d2e-8ac8-4385-a28f-252a0eb39903","_type":"span","marks":["strong"],"text":"This tutorial shows how to use cloud-specific annotations for the Load Balancer service for Ingress & Gateway API on an Elastic Kubernetes Service and Azure Kubernetes Service cluster."}],"markDefs":[{"_key":"6bd1d49d-6608-45cc-a891-ca550bad8b75","_type":"link","href":"/blog/post/migrate-from-kubernetes-ingress-to-gateway-api/","openInNewTab":true}],"style":"normal"},{"_key":"17d9106e-9f2b-484a-95b3-849760e324f1","_type":"block","children":[{"_key":"5bd23514-f22f-4548-a920-558c7d550f8a","_type":"span","marks":[],"text":"Pre-requisites"}],"markDefs":[],"style":"h2"},{"_key":"31a75129-36d4-4c29-8093-d06724662ace","_type":"block","children":[{"_key":"319232eb-57f8-4135-ad74-ddd229d44246","_type":"span","marks":[],"text":"The following prerequisites need to be taken into account before you proceed with this tutorial:"}],"markDefs":[],"style":"normal"},{"_key":"a95d9c60700c","_type":"block","children":[{"_key":"6e9a4f66fb14","_type":"span","marks":[],"text":"Access to AWS. Create a "},{"_key":"ad180a7724e6","_type":"span","marks":["0d77e6cca9f0"],"text":"new account"},{"_key":"182ae5db5d12","_type":"span","marks":[],"text":" for free."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"0d77e6cca9f0","_type":"link","href":"https://aws.amazon.com/free/?gclid=CjwKCAjwhvi0BhA4EiwAX25ujzwbDw045fPhrdzjY3mHrIM9XSGr6yuA_LFF5QT74MKppQgz5a6wGhoCc-0QAvD_BwE&trk=09863622-0e2a-4080-9bba-12d378e294ba&sc_channel=ps&ef_id=CjwKCAjwhvi0BhA4EiwAX25ujzwbDw045fPhrdzjY3mHrIM9XSGr6yuA_LFF5QT74MKppQgz5a6wGhoCc-0QAvD_BwE:G:s&s_kwcid=AL!4422!3!453325184854!e!!g!!aws%20account!10712784862!111477280251&all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc&awsf.Free%20Tier%20Types=*all&awsf.Free%20Tier%20Categories=*all"}],"style":"normal"},{"_key":"ec54e1d12132","_type":"block","children":[{"_key":"c6ed9511ce63","_type":"span","marks":[],"text":"The Cilium operator requires the "},{"_key":"8fefb7ddd9f3","_type":"span","marks":["e769057b6f02"],"text":"following "},{"_key":"29617f601fe7","_type":"span","marks":[],"text":"EC2 privileges to perform ENI creation and IP allocation."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"e769057b6f02","_type":"link","href":"https://docs.cilium.io/en/stable/network/concepts/ipam/eni/#required-privileges"}],"style":"normal"},{"_key":"39012c558328","_type":"block","children":[{"_key":"b7553542b36e","_type":"span","marks":[],"text":"Ensure you have a "},{"_key":"cc585e4820a3","_type":"span","marks":["df5900a3b6da"],"text":"cluster IAM role"},{"_key":"65d1b9b72f02","_type":"span","marks":[],"text":" if you’re going to create your cluster with "},{"_key":"4638d4f035f9","_type":"span","marks":["code"],"text":"eksctl"},{"_key":"e69245bd0098","_type":"span","marks":[],"text":"."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"df5900a3b6da","_type":"link","href":"https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html"}],"style":"normal"},{"_key":"52888dcb7e8b","_type":"block","children":[{"_key":"6cced52dcc34","_type":"span","marks":[],"text":"To ensure that Cilium works properly in an environment that requires firewall rules to enable connectivity, you must add the "},{"_key":"9ed1701fcec9","_type":"span","marks":["15e0b4f19f7b"],"text":"respective firewall rules"},{"_key":"a52605eb8e82","_type":"span","marks":[],"text":"."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"15e0b4f19f7b","_type":"link","href":"https://docs.cilium.io/en/stable/operations/system_requirements/#firewall-rules"}],"style":"normal"},{"_key":"76945f3be9b6","_type":"block","children":[{"_key":"d1113233b880","_type":"span","marks":[],"text":"You should have an "},{"_key":"91afa8ee6ede","_type":"span","marks":["34060500c0c2"],"text":"Azure Subscription"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"34060500c0c2","_type":"link","href":"https://aka.ms/freeazure"}],"style":"normal"},{"_key":"8813887bba32","_type":"block","children":[{"_key":"0677f27527b0","_type":"span","marks":[],"text":"Install "},{"_key":"bf3578b6826a","_type":"span","marks":["d56c31c34f4a"],"text":"Azure CLI"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"d56c31c34f4a","_type":"link","href":"https://learn.microsoft.com/en-us/cli/azure/install-azure-cli"}],"style":"normal"},{"_key":"1c78b1baca30","_type":"block","children":[{"_key":"6130c3ee2ec2","_type":"span","marks":[],"text":"Install"},{"_key":"c0fa8f845517","_type":"span","marks":["0baae33533ae"],"text":" kubectl"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"0baae33533ae","_type":"link","href":"https://kubernetes.io/releases/download/#kubectl"}],"style":"normal"},{"_key":"7f7bbeb9e9be","_type":"block","children":[{"_key":"2ee0f5f3aa73","_type":"span","marks":[],"text":"Install"},{"_key":"253ae79382ba","_type":"span","marks":["aa8ee1ffedf0"],"text":" Helm"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"aa8ee1ffedf0","_type":"link","href":"https://helm.sh/docs/intro/install/"}],"style":"normal"},{"_key":"191f65f61794","_type":"block","children":[{"_key":"6f0018a10b40","_type":"span","marks":[],"text":"Install "},{"_key":"8090e24891c0","_type":"span","marks":["31ea71946ae5"],"text":"eksctl"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"31ea71946ae5","_type":"link","href":"https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html"}],"style":"normal"},{"_key":"452630e54c8a","_type":"block","children":[{"_key":"b1c442ee7b08","_type":"span","marks":[],"text":"Install "},{"_key":"159c3f028679","_type":"span","marks":["b030d0c1f9a5"],"text":"awscli"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"b030d0c1f9a5","_type":"link","href":"https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html"}],"style":"normal"},{"_key":"366c2d1bc8b1","_type":"block","children":[{"_key":"d8de96b4e860","_type":"span","marks":["strong"],"text":"Cilium CLI"},{"_key":"ea989d076e91","_type":"span","marks":[],"text":" (optional): Cilium Enterprise provides a "},{"_key":"2dbdb3ea925d","_type":"span","marks":["0e9b655b43a9"],"text":"Cilium CLI "},{"_key":"754cd1c1ce34","_type":"span","marks":[],"text":"tool that automatically collects all the logs and debug information needed to troubleshoot your Cilium Enterprise installation. You can install Cilium CLI for Linux, macOS, or other distributions on their local machine(s) or server(s)."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"0e9b655b43a9","_type":"link","href":"https://docs.isovalent.com/operations-guide/monitoring/sysdump/index.html?"}],"style":"normal"},{"_key":"2779c5d5f7ba","_type":"block","children":[{"_key":"3eeff7d465df","_type":"span","marks":[],"text":"Gateway API related CRD’s should be installed before installing Cilium."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:16Z","_id":"a612236e-dba3-2ec6-3757-229e1dbaa955","_key":"9d8c1336-a7f0-4276-9e27-92c48240c1da","_ref":"a612236e-dba3-2ec6-3757-229e1dbaa955","_rev":"4wy3EvkFBguUtSHAFFnAxW","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:16Z","code":"$1c","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"31874891-1405-47a0-a8fc-d6e20d92ca2c","_type":"block","children":[{"_key":"42a60d85-7a71-43d1-bcd6-8ebd50f903cc","_type":"span","marks":[],"text":"Demo environment"}],"markDefs":[],"style":"h2"},{"_key":"ab77f3f0-f08b-4701-bc04-7d658fbfdfd2","_type":"block","children":[{"_key":"2c008c4c-00ea-4448-80d3-591eaee5ba8c","_type":"span","marks":[],"text":"In this blog, we will be testing the respective annotations for Ingress and Gateway API on Azure Kubernetes Service (AKS) and Elastic Kubernetes Service (EKS) based clusters."}],"markDefs":[],"style":"normal"},{"_key":"1e31a4ddae48","_type":"block","children":[{"_key":"a842245a5162","_type":"span","marks":[],"text":"AKS"}],"markDefs":[],"style":"h3"},{"_key":"6cd4e381ce7e","_type":"block","children":[{"_key":"78a06bc0b55d","_type":"span","marks":["strong"],"text":"Create an AKS cluster with BYOCNI."}],"markDefs":[],"style":"normal"},{"_key":"467faf64bc35","_type":"block","children":[{"_key":"7e09b962f925","_type":"span","marks":[],"text":"Ensure that the AKS cluster is created with a "},{"_key":"64299867d8e3","_type":"span","marks":["9a50980cc895"],"text":"Service Principal"},{"_key":"7126d265e6c1","_type":"span","marks":[],"text":" with the correct roles and permissions."}],"markDefs":[{"_key":"9a50980cc895","_type":"link","href":"https://learn.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli"}],"style":"normal"},{"_key":"00cadffe34e6","_type":"block","children":[{"_key":"2cb3758bc88b","_type":"span","marks":[],"text":"Set the subscription"}],"markDefs":[],"style":"h4"},{"_key":"5f99e120e19a","_type":"block","children":[{"_key":"84c1d270fdc5","_type":"span","marks":[],"text":"Choose the subscription you want to use if you have multiple Azure subscriptions."}],"markDefs":[],"style":"normal"},{"_key":"14841b58bcb1","_type":"block","children":[{"_key":"4565e432dabc","_type":"span","marks":[],"text":"Replace "},{"_key":"7673d6ca035f","_type":"span","marks":["code"],"text":"SubscriptionName"},{"_key":"ba54b1abe5d6","_type":"span","marks":[],"text":" with your subscription name."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"97e84b57972d","_type":"block","children":[{"_key":"d42567a1c7db","_type":"span","marks":[],"text":"You can also use your subscription ID instead of your subscription name."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:13:33Z","_id":"cd5c0c0f-4a14-481a-8db4-13d2a7182d7c","_key":"935aea937e76","_ref":"cd5c0c0f-4a14-481a-8db4-13d2a7182d7c","_rev":"2OzNRfGhtv75zqJgWtUqAi","_type":"codeBlock","_updatedAt":"2025-05-20T05:16:37Z","code":"az account set --subscription SubscriptionName","language":"bash","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create an AKS cluster with BYOCNI - code block 1"},{"_key":"05ccd76e9340","_type":"block","children":[{"_key":"f3dab63c7ea3","_type":"span","marks":[],"text":"AKS Resource Group Creation"}],"markDefs":[],"style":"h4"},{"_key":"6256078f9a3e","_type":"block","children":[{"_key":"00b2741aca55","_type":"span","marks":[],"text":"Create a Resource Group"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:14:22Z","_id":"0444f3e4-00a3-4651-84fc-afaf0fbd9739","_key":"9b80d4f639cc","_ref":"0444f3e4-00a3-4651-84fc-afaf0fbd9739","_rev":"eyXZ58p7YJYlr4DcQQyK2C","_type":"codeBlock","_updatedAt":"2025-05-20T05:16:24Z","code":"clusterName=\"byocni\"\nresourceGroup=\"byocni\"\nlocation=\"eastus\"\n\naz group create -l eastus -n byocni","language":"bash","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create an AKS cluster with BYOCNI - code block 2"},{"_key":"3c3b72d3dfed","_type":"block","children":[{"_key":"ede1983c39ca","_type":"span","marks":["strong"],"text":"Disable Kube-Proxy on the AKS cluster."}],"markDefs":[],"style":"normal"},{"_key":"dd6abbe7f0cc","_type":"block","children":[{"_key":"65203b77dd67","_type":"span","marks":[],"text":"Create a file by the name of "},{"_key":"6d537514c6be","_type":"span","marks":["code"],"text":"kube-proxy.json"},{"_key":"c2ba93a6b232","_type":"span","marks":[],"text":" with the following contents."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:15:03Z","_id":"bf705e1d-beaf-401c-b2a2-31278338ed35","_key":"50e0cb8fe54b","_ref":"bf705e1d-beaf-401c-b2a2-31278338ed35","_rev":"2OzNRfGhtv75zqJgWtUliK","_type":"codeBlock","_updatedAt":"2025-05-20T05:16:04Z","code":"{\n \"enabled\": false,\n \"mode\": \"IPVS\",\n \"ipvsConfig\": {\n \"scheduler\": \"LeastConnection\",\n \"TCPTimeoutSeconds\": 900,\n \"TCPFINTimeoutSeconds\": 120,\n \"UDPTimeoutSeconds\": 300\n }\n}","language":"json","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create an AKS cluster with BYOCNI - code block 3"},{"_key":"47a43b236483","_type":"block","children":[{"_key":"5c1d87b352fa","_type":"span","marks":[],"text":"AKS Cluster creation"}],"markDefs":[],"style":"h4"},{"_key":"95be49a6b2fb","_type":"block","children":[{"_key":"32261aa97cee","_type":"span","marks":[],"text":"Pass the "},{"_key":"765a44702779","_type":"span","marks":["code"],"text":"--network-plugin"},{"_key":"d758f412ff0f","_type":"span","marks":[],"text":" parameter with the parameter value of "},{"_key":"2c129a3e8fa0","_type":"span","marks":["code"],"text":"none"},{"_key":"7f4cdbbf9591","_type":"span","marks":[],"text":". Also, observe that we will be disabling "},{"_key":"c825e8f4189c","_type":"span","marks":["code"],"text":"kube-proxy"},{"_key":"21863504cd02","_type":"span","marks":[],"text":"."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:17:17Z","_id":"e5856caf-eee6-471d-84f1-785d9ab63140","_key":"a93e5f8be2eb","_ref":"e5856caf-eee6-471d-84f1-785d9ab63140","_rev":"eU8kLcXz53DJzQDgPHHZJC","_type":"codeBlock","_updatedAt":"2025-05-20T05:17:34Z","code":"az aks create -l eastus -g byocni -n amit--network-plugin none --kubernetes-version 1.29 --ip-families ipv4,ipv6 --node-vm-size standard_b4ms --vm-set-type VirtualMachineScaleSets --node-count 3 --zones 1 2 3 --kube-proxy-config kube-proxy.json","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create an AKS cluster with BYOCNI - code snippet 4"},{"_key":"4f0bfd21cef6","_type":"block","children":[{"_key":"6bfd767e4926","_type":"span","marks":[],"text":"Set the Kubernetes Context"}],"markDefs":[],"style":"h4"},{"_key":"51a75832eeb9","_type":"block","children":[{"_key":"cac51d941b31","_type":"span","marks":[],"text":"Log in to the Azure portal, browse Kubernetes Services>, select the respective Kubernetes service created (AKS Cluster), and click connect. This will help you connect to your AKS cluster and set the respective Kubernetes context."}],"markDefs":[],"style":"normal"},{"_key":"660ea87e586a","_type":"block","children":[{"_key":"f91d38cc1d28","_type":"span","marks":[],"text":"[code snippet]"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:19:54Z","_id":"4e32db3d-2d88-4b74-874d-35ed6c956eb4","_key":"70a6e0720804","_ref":"4e32db3d-2d88-4b74-874d-35ed6c956eb4","_rev":"eyXZ58p7YJYlr4DcQR0P9Y","_type":"codeBlock","_updatedAt":"2025-05-20T05:26:48Z","code":"az aks get-credentials --name $clusterName --resource-group $resourceGroup","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create an AKS cluster with BYOCNI - code snippet 4.5"},{"_key":"99b474d29684","_type":"block","children":[{"_key":"e1cd94222f23","_type":"span","marks":[],"text":"Cluster status check"}],"markDefs":[],"style":"h4"},{"_key":"77de6666b1e2","_type":"block","children":[{"_key":"78a6cfdc51fd","_type":"span","marks":[],"text":"Check the status of the nodes and make sure they are in a “Ready” state."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:18:00Z","_id":"19318242-2591-4a72-8156-d78b001c8457","_key":"d68c7adb671d","_ref":"19318242-2591-4a72-8156-d78b001c8457","_rev":"eU8kLcXz53DJzQDgPHHfmo","_type":"codeBlock","_updatedAt":"2025-05-20T05:18:16Z","code":"kubectl get nodes -o wide\n\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\naks-nodepool1-23628489-vmss000000 Ready 24h v1.29.14 10.224.0.6 Ubuntu 22.04.5 LTS 5.15.0-1082-azure containerd://1.7.26-1\naks-nodepool1-23628489-vmss000001 Ready 24h v1.29.14 10.224.0.4 Ubuntu 22.04.5 LTS 5.15.0-1082-azure containerd://1.7.26-1\naks-nodepool1-23628489-vmss000002 Ready 24h v1.29.14 10.224.0.5 Ubuntu 22.04.5 LTS 5.15.0-1082-azure containerd://1.7.26-1\n\nkubectl describe nodes | grep -E 'InternalIP'\n\n InternalIP: 10.224.0.6\n InternalIP: fd87:ef94:e938:40b5::6\n InternalIP: 10.224.0.5\n InternalIP: fd87:ef94:e938:40b5::5\n InternalIP: 10.224.0.4\n InternalIP: fd87:ef94:e938:40b5::4","language":"bash","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create an AKS cluster with BYOCNI - code snippet 5"},{"_key":"b203faf6c559","_type":"block","children":[{"_key":"624ca00eb78e","_type":"span","marks":[],"text":"Install Isovalent Enterprise for Cilium"}],"markDefs":[],"style":"h4"},{"_key":"93c6c56f8df0","_type":"block","children":[{"_key":"4305f58cec5d","_type":"span","marks":[],"text":"Users can contact their partner Sales/SE representative(s) at "},{"_key":"28951be4e3aa","_type":"span","marks":["6ac3adcbad7d"],"text":"sales@isovalent.com"},{"_key":"b5490e7ef26e","_type":"span","marks":[],"text":" to access the requisite documentation and learn how to "},{"_key":"7f3811d0d203","_type":"span","marks":["727eb9f5acb9"],"text":"install Isovalent Enterprise for Cilium on an AKS cluster with BYOCNI"},{"_key":"d9cd1ff7b3ce","_type":"span","marks":[],"text":" as the network plugin."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"6ac3adcbad7d","_type":"link","href":"mailto:sales@isovalent.com"},{"_key":"727eb9f5acb9","_type":"link","href":"https://docs.isovalent.com/operations-guide/installation/clean-install.html"}],"style":"normal"},{"_key":"c0436562a7c3","_type":"block","children":[{"_key":"5c64b29e4a42","_type":"span","marks":[],"text":"Validate Cilium version"}],"markDefs":[],"style":"h4"},{"_key":"ce474ab35eaf","_type":"block","children":[{"_key":"f939074d2e6b","_type":"span","marks":[],"text":"Check the version of cilium with "},{"_key":"0833c94384bb","_type":"span","marks":["code"],"text":"cilium version"},{"_key":"47cead3859cf","_type":"span","marks":[],"text":":"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:18:35Z","_id":"c7050596-759c-4602-b54b-26669ee0723c","_key":"a9ca9bf9b790","_ref":"c7050596-759c-4602-b54b-26669ee0723c","_rev":"2OzNRfGhtv75zqJgWtVHsG","_type":"codeBlock","_updatedAt":"2025-05-20T05:18:46Z","code":"$1d","language":"bash","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create an AKS cluster with BYOCNI - code snippet 6"},{"_key":"39701742e5c6","_type":"block","children":[{"_key":"11d8e0fdff71","_type":"span","marks":[],"text":"Cilium Health Check"}],"markDefs":[],"style":"h4"},{"_key":"c4f226f555c1","_type":"block","children":[{"_key":"a843f3429425","_type":"span","marks":["code"],"text":"cilium-health"},{"_key":"a07fc3fc0fdc","_type":"span","marks":[],"text":" is a tool available in Cilium that provides visibility into the overall health of the cluster’s networking connectivity. You can check node-to-node health with cilium-health status:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:19:10Z","_id":"63b165b8-d449-4092-8456-3ea25325f427","_key":"b4ea847925d0","_ref":"63b165b8-d449-4092-8456-3ea25325f427","_rev":"eyXZ58p7YJYlr4DcQQyr64","_type":"codeBlock","_updatedAt":"2025-05-20T05:19:23Z","code":"$1e","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create an AKS cluster with BYOCNI - code snippet 7"},{"_key":"06019ade78ec","_type":"block","children":[{"_key":"45d6677439dc","_type":"span","marks":[],"text":"EKS"}],"markDefs":[],"style":"h3"},{"_key":"9de9a6805af9","_type":"block","children":[{"_key":"f3df3d1a524e","_type":"span","marks":["strong"],"text":"Create a ClusterConfig file to create an EKS cluster (e.g., default-ipv4.yaml) in ENI mode."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:28:44Z","_id":"422a9f62-1070-45a8-88a0-ac683e08ef99","_key":"cb6d3701f9f7","_ref":"422a9f62-1070-45a8-88a0-ac683e08ef99","_rev":"eU8kLcXz53DJzQDgPHKaoY","_type":"codeBlock","_updatedAt":"2025-05-20T05:29:06Z","code":"apiVersion: eksctl.io/v1alpha5\nkind: ClusterConfig\n\nmetadata:\n name: cluster1\n region: ap-northeast-2\n version: \"1.30\"\n\niam:\n withOIDC: true\n\nmanagedNodeGroups:\n - name: ng-1\n iam:\n attachPolicyARNs:\n - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\n - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\n - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\n - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\n desiredCapacity: 2\n privateNetworking: true\n # taint nodes so that application pods are\n # not scheduled/executed until Cilium is deployed.\n # Alternatively, see the note below.\n taints:\n - key: \"node.cilium.io/agent-not-ready\"\n value: \"true\"\n effect: \"NoExecute\"","language":"yaml","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create a ClusterConfig file to create an EKS cluster - code snippet 1"},{"_key":"c224271b8cb7","_type":"block","children":[{"_key":"379b11bda195","_type":"span","marks":["strong"],"text":"Create the Cluster"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:30:42Z","_id":"c08d2a8a-0461-45f7-92f5-983fc4e4c23a","_key":"4c4a064fe1c7","_ref":"c08d2a8a-0461-45f7-92f5-983fc4e4c23a","_rev":"2OzNRfGhtv75zqJgWtZ5aE","_type":"codeBlock","_updatedAt":"2025-05-20T05:30:49Z","code":"eksctl create cluster -f ./default-ipv4.yaml","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create a ClusterConfig file to create an EKS cluster - code snippet 2"},{"_key":"e519787b7026","_type":"block","children":[{"_key":"d2940f028808","_type":"span","marks":["strong"],"text":"Check the status of the nodes and make sure they are in a “Ready” state."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:31:21Z","_id":"ef0744e3-4cb2-4d90-9a03-2810369e03fe","_key":"56dcd2d3e2dd","_ref":"ef0744e3-4cb2-4d90-9a03-2810369e03fe","_rev":"eU8kLcXz53DJzQDgPHLSHC","_type":"codeBlock","_updatedAt":"2025-05-20T05:31:42Z","code":"kubectl get nodes -o wide\n\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\nip-192-168-150-148.ap-northeast-2.compute.internal Ready 2d9h v1.30.9-eks-5d632ec 192.168.150.148 Amazon Linux 2023.6.20250303 6.1.129-138.220.amzn2023.x86_64 containerd://1.7.25\nip-192-168-177-162.ap-northeast-2.compute.internal Ready 2d9h v1.30.9-eks-5d632ec 192.168.177.162 Amazon Linux 2023.6.20250303 6.1.129-138.220.amzn2023.x86_64 containerd://1.7.25","language":"bash","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create a ClusterConfig file to create an EKS cluster - code snippet 3"},{"_key":"f2d0060103cd","_type":"block","children":[{"_key":"22b2ad3442cc","_type":"span","marks":["strong"],"text":"Patch the AWS daemonset"}],"markDefs":[],"style":"normal"},{"_key":"4b3b7e339a76","_type":"block","children":[{"_key":"8cd80fc6e6ce","_type":"span","marks":[],"text":"When running in ENI mode, Cilium Enterprise manages ENIs and IP address allocation in place of the AWS VPC CNI plugin. Because of this, and to avoid conflicting behavior, the kube-system/aws-node DaemonSet must be deleted or, at least, prevented from running. To achieve this in a non-destructive way, run the following command:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:32:08Z","_id":"46647528-eb10-473d-b797-05ce09385371","_key":"2521ad2733b8","_ref":"46647528-eb10-473d-b797-05ce09385371","_rev":"eU8kLcXz53DJzQDgPHLYK2","_type":"codeBlock","_updatedAt":"2025-05-20T05:32:20Z","code":"kubectl -n kube-system patch daemonset aws-node --type='strategic' -p='{\"spec\":{\"template\":{\"spec\":{\"nodeSelector\":{\"io.cilium/aws-node-enabled\":\"true\"}}}}}'","language":"bash","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create a ClusterConfig file to create an EKS cluster - code snippet 4"},{"_key":"c89a200a2e83","_type":"block","children":[{"_key":"6ce5cbd80f47","_type":"span","marks":[],"text":"Install Isovalent Enterprise for Cilium"}],"markDefs":[],"style":"h3"},{"_key":"169418402e20","_type":"block","children":[{"_key":"92ad8d0aa35d","_type":"span","marks":[],"text":"Users can contact their partner Sales/SE representative(s) at "},{"_key":"5b11d3abde02","_type":"span","marks":["47bb29e10fd2"],"text":"sales@isovalent.com"},{"_key":"603ea64acf1a","_type":"span","marks":[],"text":" to access the requisite documentation and learn how to "},{"_key":"cc0477f16fa0","_type":"span","marks":["a980a57e3ea2"],"text":"install Isovalent Enterprise for Cilium on an EKS cluster."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"47bb29e10fd2","_type":"link","href":"mailto:sales@isovalent.com"},{"_key":"a980a57e3ea2","_type":"link","href":"https://docs.isovalent.com/operations-guide/installation/clean-install.html"}],"style":"normal"},{"_key":"17d114f67a62","_type":"block","children":[{"_key":"2a4d3fd47617","_type":"span","marks":[],"text":"Validate Cilium version"}],"markDefs":[],"style":"h4"},{"_key":"fcaea2134a9e","_type":"block","children":[{"_key":"5254a60bdf9e","_type":"span","marks":[],"text":"Check the version of cilium with "},{"_key":"0b0fac3f6655","_type":"span","marks":["code"],"text":"cilium version"},{"_key":"d204b9063ea6","_type":"span","marks":[],"text":":"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:32:55Z","_id":"d9dec068-7c22-429a-b8bb-45757e4381a6","_key":"c69bf4ba97a7","_ref":"d9dec068-7c22-429a-b8bb-45757e4381a6","_rev":"eyXZ58p7YJYlr4DcQR31O4","_type":"codeBlock","_updatedAt":"2025-05-20T05:33:11Z","code":"$1f","language":"bash","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create a ClusterConfig file to create an EKS cluster - code snippet 5"},{"_key":"6ff4a22de01a","_type":"block","children":[{"_key":"c285a0b48f0a","_type":"span","marks":[],"text":"Cilium Health Check"}],"markDefs":[],"style":"h4"},{"_key":"360301712610","_type":"block","children":[{"_key":"ec271dcd9346","_type":"span","marks":["code"],"text":"cilium-health"},{"_key":"ebf9b442cd58","_type":"span","marks":[],"text":" is a tool available in Cilium that provides visibility into the overall health of the cluster’s networking connectivity. You can check node-to-node health with cilium-health status:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-20T05:33:37Z","_id":"828c3136-c195-4550-93dc-f0a5246049b8","_key":"cde201b6ead7","_ref":"828c3136-c195-4550-93dc-f0a5246049b8","_rev":"2OzNRfGhtv75zqJgWtZS22","_type":"codeBlock","_updatedAt":"2025-05-20T05:33:43Z","code":"kubectl -n kube-system exec ds/cilium -- cilium-health status\n\nDefaulted container \"cilium-agent\" out of: cilium-agent, config (init), mount-cgroup (init), apply-sysctl-overwrites (init), mount-bpf-fs (init), clean-cilium-state (init), install-cni-binaries (init)\nProbe time: 2025-03-27T14:01:03Z\nNodes:\n ip-192-168-177-162.ap-northeast-2.compute.internal (localhost):\n Host connectivity to 192.168.177.162:\n ICMP to stack: OK, RTT=232.614µs\n HTTP to agent: OK, RTT=207.302µs\n Endpoint connectivity to 192.168.166.233:\n ICMP to stack: OK, RTT=235.086µs\n HTTP to agent: OK, RTT=482.347µs\n ip-192-168-150-148.ap-northeast-2.compute.internal:\n Host connectivity to 192.168.150.148:\n ICMP to stack: OK, RTT=787.418µs\n HTTP to agent: OK, RTT=856.838µs\n Endpoint connectivity to 192.168.141.45:\n ICMP to stack: OK, RTT=782.037µs\n HTTP to agent: OK, RTT=706.165µs","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"Create a ClusterConfig file to create an EKS cluster - code snippet 6"},{"_key":"60b7a9072ece","_type":"block","children":[{"_key":"e3da499ba2e0","_type":"span","marks":[],"text":""}],"markDefs":[],"style":"normal"},{"_key":"88cc4a0a-9bfd-43f8-800f-6864ca5974c9","_type":"block","children":[{"_key":"869b1cb2-b69e-42f3-a1ab-72af0c4d24b4","_type":"span","marks":[],"text":"What are annotations in Kubernetes?"}],"markDefs":[],"style":"h2"},{"_createdAt":"2025-04-15T14:01:17Z","_id":"1b09518e-84ff-4529-1100-414a697bb56f","_key":"979d77f3-02f8-41a5-b44a-0ea6bb50ea46","_ref":"1b09518e-84ff-4529-1100-414a697bb56f","_rev":"9kz0FTU16Ui9PYoDK281FP","_type":"mediaImage","_updatedAt":"2025-04-15T14:01:17Z","alignment":"center","image":{"_type":"image","asset":{"_ref":"image-65fc9a34b3c10a975c6e0be2117f888398be89ae-1024x576-png","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"languages":["en"],"originalFilename":"isovalent-cover-blog-1600x900-9.png","size":"large","title":"isovalent-cover-blog-1600x900-9.png - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Image","url":"https://cdn.sanity.io/images/xinsvxfu/production/65fc9a34b3c10a975c6e0be2117f888398be89ae-1024x576.png"},{"_key":"b0453f1f-348e-4a52-bb48-d0f21f439457","_type":"block","children":[{"_key":"a2187ae1-c192-4a12-83b6-bd656edc46ad","_type":"span","marks":[],"text":"The Service API, part of Kubernetes, is an abstraction to help you expose groups of Pods over a network. Each Service object defines a logical set of endpoints (usually these endpoints are Pods) along with a policy about how to make those pods accessible."}],"markDefs":[],"style":"normal"},{"_key":"d8e68e001801","_type":"block","children":[{"_key":"94ae354b8c55","_type":"span","marks":[],"text":"If your workload speaks HTTP, you might choose to use an "},{"_key":"5b1cde571327","_type":"span","marks":["e898fa060f20"],"text":"Ingress"},{"_key":"428f48beaa66","_type":"span","marks":[],"text":" to control how web traffic reaches that workload. Ingress is not a Service type, but it acts as the entry point for your cluster. An Ingress lets you consolidate your routing rules into a single resource so that you can expose multiple components of your workload, running separately in your cluster, behind a single listener."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"e898fa060f20","_type":"link","href":"https://kubernetes.io/docs/concepts/services-networking/ingress/"}],"style":"normal"},{"_key":"907dcb0667f6","_type":"block","children":[{"_key":"0e48c531ad60","_type":"span","marks":[],"text":"The "},{"_key":"8070c8e26d46","_type":"span","marks":["42c8a616cd18"],"text":"Gateway API "},{"_key":"53f19d1bfe79","_type":"span","marks":[],"text":"for Kubernetes provides extra capabilities beyond Ingress and Service. You can add Gateway to your cluster – it is a family of extension APIs, implemented using "},{"_key":"df0f8e036ced","_type":"span","marks":["7393018c2444"],"text":"CustomResourceDefinitions"},{"_key":"0ec96847e986","_type":"span","marks":[],"text":"– and then use these to configure access to network services that are running in your cluster."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"42c8a616cd18","_type":"link","href":"https://gateway-api.sigs.k8s.io/#what-is-the-gateway-api"},{"_key":"7393018c2444","_type":"link","href":"https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/"}],"style":"normal"},{"_key":"bfe9f073-d908-4163-a0ef-26e4c4d90dc0","_type":"block","children":[{"_key":"e42ef261-c879-44eb-8b76-aee2103257da","_type":"span","marks":[],"text":"Services can be annotated to automatically select available load balancers and to provide specific availability sets that host them. Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS) have a respective way of dealing with annotations (listed below) that can be used with Ingress/Gateway API and have been validated for Cilium."}],"markDefs":[],"style":"normal"},{"_key":"3aed51f1-1a06-4caa-8607-2db610f6a1fe","_type":"block","children":[{"_key":"d4aa1266-721c-4bc0-b4e9-7508653f0157","_type":"span","marks":["strong","em"],"text":"Note: "},{"_key":"86b5c094-8503-45c8-9fd1-1b8cb408df48","_type":"span","marks":["em"],"text":"All these annotations have been extensively tested, and the test results for all cannot be captured, keeping in mind the brevity of the blog."}],"markDefs":[],"style":"normal"},{"_key":"d20f0f7b-dda2-442f-9435-e39d16234e87","_type":"table","hasHLines":true,"hasLeftHeader":false,"hasTopHeader":false,"hasVLines":true,"rows":[{"_key":"9132c456-8abe-4e4d-bb60-840ebb991bb0","_type":"tableRow","cells":["Load Balancer Service to have an Internal IP","Azure","`service.beta.kubernetes.io/azure-load-balancer-internal: \"true\"`","Valid for both IPv4 and IPv6 in case of Dual Stack clusters."]},{"_key":"b71f0933-62df-429f-9634-b53c7fce2698","_type":"tableRow","cells":["Load Balancer Service to have a Public IP","Azure","`service.beta.kubernetes.io/azure-load-balancer-internal: \"false\"`","Default. Valid for both IPv4 and IPv6 in case of Dual Stack clusters."]},{"_key":"c23acfeb-7c3d-4904-a9aa-1e8561d77519","_type":"tableRow","cells":["Load Balancer Service to have an Internal IP from a chosen subnet","Azure","`service.beta.kubernetes.io/azure-load-balancer-internal: \"true\"service.beta.kubernetes.io/azure-load-balancer-internal-subnet: \"app-testing\"`","Both annotations need to be used. Valid for both IPv4 and IPv6 in case of Dual Stack clusters. These should be existing subnets."]},{"_key":"b99fca6d-b365-4aa9-8c4d-23939539fbbc","_type":"tableRow","cells":["Load Balancer Service should have a Public IP from a Resource Group other than the AKS cluster.","Azure","`service.beta.kubernetes.io/azure-load-balancer-resource-group: \"app-testing\"`","Valid for both IPv4 and IPv6 in case of Dual Stack clusters."]},{"_key":"d03e96b8-9c56-486f-81ff-f77cd54ead45","_type":"tableRow","cells":["Load Balancer Service to have a static Internal IP (IPv4)","Azure","`service.beta.kubernetes.io/azure-load-balancer-internal: \"true\" service.beta.kubernetes.io/azure-load-balancer-internal-subnet: \"app-testing\" service.beta.kubernetes.io/azure-load-balancer-ipv4: \"10.228.0.4\"`","All three annotations need to be used. This should be an existing subnet."]},{"_key":"9e3eba70-cdcc-4c49-a55b-8f31bfe8a8a3","_type":"tableRow","cells":["Specify the Public IP (IPv4) that will be applied to the load balancer","Azure","`service.beta.kubernetes.io/azure-load-balancer-internal: \"false\" service.beta.kubernetes.io/azure-dns-label-name: \"tmetesting\"`","Both annotations need to be used. Valid for both IPv4 and IPv6."]},{"_key":"b3c5fe49-1f2d-4d05-8715-b1f238cfdad4","_type":"tableRow","cells":["Load Balancer Service to have a static Internal IP (IPv4 & IPv6)","Azure","`service.beta.kubernetes.io/azure-load-balancer-internal: \"true\" service.beta.kubernetes.io/azure-load-balancer-internal-subnet: \"dsapp-testing\"service.beta.kubernetes.io/azure-load-balancer-ipv4: \"10.225.0.8\" service.beta.kubernetes.io/azure-load-balancer-ipv6: \"fd87:ef94:e938:40b4::4\"`","All three annotations need to be used. These should be existing subnets."]},{"_key":"09307281-b1a7-4b74-89aa-98f92649841c","_type":"tableRow","cells":["Specify the Public IP (IPv4) that will be applied to load balancer","Azure","`service.beta.kubernetes.io/azure-pip-name: \"pip-aks-ipv4-lb\"`","The Public IP needs to be created beforehand."]},{"_key":"07e82140-12ef-4540-8d16-b2b3b22c759c","_type":"tableRow","cells":["Specify the Public IP (IPv6) that will be applied to the load balancer","Azure","`service.beta.kubernetes.io/azure-pip-name-ipv6: \"pip-aks-ipv6-lb\"`","The Public IP needs to be created beforehand."]},{"_key":"582d2ee0-036f-460b-973e-afacbe36331d","_type":"tableRow","cells":["Load Balancer Service to have a Public IP","AWS","`service.beta.kubernetes.io/aws-load-balancer-type: \"nlb\"`","Default"]},{"_key":"08a543fc-2a9d-4ad9-962d-67df9e6a430f","_type":"tableRow","cells":["Load Balancer Service to have an Internal IP","AWS","`service.beta.kubernetes.io/aws-load-balancer-type: \"nlb\" service.beta.kubernetes.io/aws-load-balancer-internal: \"true\"`","Both annotations need to be used."]},{"_key":"a41563ce-8424-4c02-a3ca-9f2e2b235c2d","_type":"tableRow","cells":["Load Balancer Service to have a Public IP in a specific subnet","AWS","`service.beta.kubernetes.io/aws-load-balancer-type: \"nlb\"service.beta.kubernetes.io/aws-load-balancer-subnets: \"subnet-0e3c4f1ed23c97ee7\"`","Both annotations need to be used. This should be an existing subnet."]},{"_key":"ce757008-7ebb-4234-9e13-f82ef478fa99","_type":"tableRow","cells":["Load Balancer Service to have a static Public IP (IPv4)","AWS","`service.beta.kubernetes.io/aws-load-balancer-type: \"nlb\" service.beta.kubernetes.io/aws-load-balancer-eip-allocations: \"eipalloc-06d75f3b31d165222\" service.beta.kubernetes.io/aws-load-balancer-subnets: \"subnet-0e3c4f1ed23c97ee7\"`","All three annotations need to be used. The Elastic IP needs to be created beforehand."]},{"_key":"825657f7-8f20-4895-bc8a-1ca53d80a6b4","_type":"tableRow","cells":["Load Balancer Service to have an Internal IP from a chosen subnet","AWS","`service.beta.kubernetes.io/aws-load-balancer-type: nlb service.beta.kubernetes.io/aws-load-balancer-internal: \"true\" service.beta.kubernetes.io/aws-load-balancer-subnets: subnet-0e3c4f1ed23c97ee7`","All three annotations need to be used. This should be an existing subnet."]},{"_key":"32b0a47e-92ae-45f9-b642-332f137be152","_type":"tableRow","cells":["Load Balancer Service sends traffic directly to the Kubernetes pods behind the service, eliminating the need for an extra network hop through the worker nodes in the Kubernetes cluster.","AWS","`service.beta.kubernetes.io/aws-load-balancer-type: \"nlb\"service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: \"ip\"`","Both annotations need to be used."]},{"_key":"d80bb9e3-b782-4aea-bbd3-1faad0354c43","_type":"tableRow","cells":["Load Balancer Service sends traffic to the instances, and the kube-proxy on the individual worker nodes forward it to the pods through one or more worker nodes in the Kubernetes cluster.","AWS","`service.beta.kubernetes.io/aws-load-balancer-type: \"nlb\"service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: \"instance\"`","Both annotations need to be used."]}]},{"_key":"2c1e4ddd-107c-4ec2-bfc6-14b1030413d2","_type":"block","children":[{"_key":"fe0a89c5-77bd-4275-95c0-0f7fe05fdd22","_type":"span","marks":[],"text":"How do you set up Cloud Annotations with Gateway API?"}],"markDefs":[],"style":"h2"},{"_key":"ec48dcd8-5eaf-4880-a1da-8c38c9e7b711","_type":"block","children":[{"_key":"1742c29d-1bdb-4d74-b6e0-2e95f0530ca2","_type":"span","marks":[],"text":"Gateway API is a Kubernetes SIG-Network subproject to design a successor for the Ingress object. It is a set of resources that model service networking in Kubernetes and is designed to be role-oriented, portable, expressive, and extensible."}],"markDefs":[],"style":"normal"},{"_key":"d2da4fc2-c481-4bd8-abe5-c05a52a477cf","_type":"block","children":[{"_key":"5747e6f6-35c4-419e-baf1-77cc1b8e450c","_type":"span","marks":[],"text":"Sample helm config file to enable gateway-api in your EKS or AKS cluster."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:18Z","_id":"405887fa-6e8e-3284-f089-97a9e4f9a7fc","_key":"1b55d574-2f07-48dd-a6fb-9f81c571bba8","_ref":"405887fa-6e8e-3284-f089-97a9e4f9a7fc","_rev":"4wy3EvkFBguUtSHAFFnB1O","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:18Z","code":"gatewayAPI:\n enabled: true\nk8sServiceHost: #################################################################\nk8sServicePort: 443\nkubeProxyReplacement: true","language":"yaml","title":"yaml - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"8e25619e-dcc9-451a-adbf-50756283ea48","_type":"block","children":[{"_key":"fa89f2da-c8f9-4dd6-a01c-e22fab1b7561","_type":"span","marks":[],"text":"Create a demo app to test the gateway API and name it basic-http.yaml."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:19Z","_id":"e73ddf5e-ed67-ebfc-e3ed-3fcc16700b37","_key":"8ee7c746-ae05-4935-a939-9c5eae1cd20d","_ref":"e73ddf5e-ed67-ebfc-e3ed-3fcc16700b37","_rev":"9kz0FTU16Ui9PYoDK281LN","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:19Z","code":"---\napiVersion: gateway.networking.k8s.io/v1\nkind: Gateway\nmetadata:\n name: my-gateway\nspec:\n gatewayClassName: cilium\n infrastructure:\n annotations:\n service.beta.kubernetes.io/aws-load-balancer-type: \"nlb\"\n service.beta.kubernetes.io/aws-load-balancer-internal: \"true\"\n listeners:\n - protocol: HTTP\n port: 80\n name: web-gw\n allowedRoutes:\n namespaces:\n from: Same\n---\napiVersion: gateway.networking.k8s.io/v1\nkind: HTTPRoute\nmetadata:\n name: http-app-1\nspec:\n parentRefs:\n - name: my-gateway\n namespace: default\n rules:\n - matches:\n - path:\n type: PathPrefix\n value: /details\n backendRefs:\n - name: details\n port: 9080\n - matches:\n - headers:\n - type: Exact\n name: magic\n value: foo\n queryParams:\n - type: Exact\n name: great\n value: example\n path:\n type: PathPrefix\n value: /\n method: GET\n backendRefs:\n - name: productpage\n port: 9080","language":"yaml","title":"yaml - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"f717fcb7-8fec-483b-9ef2-6d97a2148b12","_type":"block","children":[{"_key":"fd0d620d-6b10-4521-903f-3049dce3f820","_type":"span","marks":[],"text":"Apply the manifest for gateway API."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:20Z","_id":"85023dec-89dd-43c9-b323-f7711b01a042","_key":"fef69894-1a16-4a8c-afbe-0acd79d15ea9","_ref":"85023dec-89dd-43c9-b323-f7711b01a042","_rev":"kcq4Y4Flzce7Z96LpMlKzg","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:20Z","code":"kubectl apply -f gateway-api.yaml","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"4259ef7b-15d8-4f0c-af0e-d371b693e6bb","_type":"block","children":[{"_key":"bb6c6069-d999-454c-9d88-abede9fef10c","_type":"span","marks":[],"text":"Check the status of the service that is created."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:21Z","_id":"4e019e7f-6a45-2dc5-3a01-cff7e8008989","_key":"60fbccd6-356a-4a3f-99f6-1d5aa52c9104","_ref":"4e019e7f-6a45-2dc5-3a01-cff7e8008989","_rev":"4wy3EvkFBguUtSHAFFnBIo","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:21Z","code":"kubectl describe svc cilium-gateway-my-gateway\n\nName: cilium-gateway-my-gateway\nNamespace: default\nLabels: io.cilium.gateway/owning-gateway=my-gateway\nAnnotations: service.beta.kubernetes.io/aws-load-balancer-type: nlb\nSelector: \nType: LoadBalancer\nIP Family Policy: SingleStack\nIP Families: IPv4\nIP: 10.100.125.253\nIPs: 10.100.125.253\nLoadBalancer Ingress: a0075645d674441a2a288d59c2ee3917-03f4d1bbe1eb6c76.elb.ap-northeast-2.amazonaws.com\nPort: port-80 80/TCP\nTargetPort: 80/TCP\nNodePort: port-80 32203/TCP\nEndpoints:\nSession Affinity: None\nExternal Traffic Policy: Cluster\nInternal Traffic Policy: Cluster\nEvents: ","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"4f325918-3bb2-4c5a-8f6c-b5f663794d37","_type":"block","children":[{"_key":"21eb3f7a-7933-4c91-8651-1d4f2b05cb66","_type":"span","marks":[],"text":"Check the status of the gateway that is created"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:22Z","_id":"0860d704-eb16-cf64-9b78-5bc0381f140f","_key":"0d1715b8-c638-457f-bce5-93d40beb72be","_ref":"0860d704-eb16-cf64-9b78-5bc0381f140f","_rev":"kcq4Y4Flzce7Z96LpMlLNQ","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:22Z","code":"$20","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"d0166bda-ff38-4197-84ee-3cba647e0465","_type":"block","children":[{"_key":"b2dd0dff-d22c-4e2d-a84b-0aeaeda96c07","_type":"span","marks":[],"text":"When the Gateway is functional, you can check the routes to verify if they are configured correctly."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:23Z","_id":"3ad03fcb-6da0-c85f-cc0e-7eef6174291f","_key":"95c83d92-48b6-430e-8fea-1548c01c73ab","_ref":"3ad03fcb-6da0-c85f-cc0e-7eef6174291f","_rev":"kcq4Y4Flzce7Z96LpMlLu4","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:23Z","code":"$21","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"f39e0237-f254-4424-96a5-5eeea650d4fc","_type":"block","children":[{"_key":"589eb31a-9291-4a49-ad8e-6df65b6a45ed","_type":"span","marks":[],"text":"Send requests to the Gateway IP (Load Balancer IP) from a test pod."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:24Z","_id":"9b2dcb67-a05e-a663-3176-a6d1f650474c","_key":"48131d1d-51c1-4ff8-936b-5c4b9f6629b2","_ref":"9b2dcb67-a05e-a663-3176-a6d1f650474c","_rev":"4wy3EvkFBguUtSHAFFnBju","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:24Z","code":"$22","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"5b867beb-bd82-4597-8aeb-07361126f1c8","_type":"block","children":[{"_key":"da0176ea-59cb-4489-858c-8bcf49ee7638","_type":"span","marks":[],"text":"How do you set up Cloud Annotations with Ingress?"}],"markDefs":[],"style":"h2"},{"_key":"1ec9a142-9e06-4a15-8e77-1abd688ac919","_type":"block","children":[{"_key":"f9ff4ca7-01f0-4153-a920-7d560f5bb740","_type":"span","marks":[],"text":"Ingress makes your network service ( e.g, HTTP or HTTPS) available using a protocol-aware configuration mechanism that understands web concepts like URIs, hostnames, paths, and more. "}],"markDefs":[],"style":"normal"},{"_key":"a5c0ab758597","_type":"block","children":[{"_key":"70c29a3a48f0","_type":"span","marks":[],"text":"Ingress lets you map traffic to different backends based on rules you define via the Kubernetes API. Cilium uses the standard "},{"_key":"19d564220d87","_type":"span","marks":["3631d5854ea2"],"text":"Kubernetes Ingress"},{"_key":"bbe281d38ab4","_type":"span","marks":[],"text":" resource definition, with an ingressClassName of cilium."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"3631d5854ea2","_type":"link","href":"https://kubernetes.io/docs/concepts/services-networking/ingress/"}],"style":"normal"},{"_key":"20c7187ce74c","_type":"block","children":[{"_key":"5049867274c7","_type":"span","marks":[],"text":"This can be used for path-based routing and TLS termination."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"970eafa64424","_type":"block","children":[{"_key":"c682ede62116","_type":"span","marks":[],"text":"The ingress controller creates a service of the LoadBalancer type for which annotations can be used in cloud provider environments (AKS, EKS, GKE, etc)."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"6761bbc58c38","_type":"block","children":[{"_key":"9f65709e029e","_type":"span","marks":[],"text":"Cilium allows you to specify the load balancer mode for the Ingress resource:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"49bb2bf74329","_type":"block","children":[{"_key":"0f55e4e2351a","_type":"span","marks":["code"],"text":"dedicated"},{"_key":"e9950256a01a","_type":"span","marks":[],"text":": The Ingress controller will create a dedicated load balancer for the Ingress."}],"level":2,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"cc941aedfe2c","_type":"block","children":[{"_key":"324810b8c9ef","_type":"span","marks":["code"],"text":"shared"},{"_key":"f2af3ffcf915","_type":"span","marks":[],"text":": The Ingress controller will use a shared load balancer for all Ingress resources."}],"level":2,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"c642639702fb","_type":"block","children":[{"_key":"93d2ac72457f","_type":"span","marks":[],"text":"For Testing IPv6 Ingress/Gateway API in AKS with Cilium, make sure the service is created as"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:25Z","_id":"7c3f6cb0-e071-c15a-df7c-294e8a6eaa2b","_key":"1eeea9c6-9b2b-4d78-a4b4-893cf05e8212","_ref":"7c3f6cb0-e071-c15a-df7c-294e8a6eaa2b","_rev":"kcq4Y4Flzce7Z96LpMlMNk","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:25Z","code":"ipFamilies:\n - IPv4\n - IPv6\n ipFamilyPolicy: PreferDualStack","language":"yaml","title":"yaml - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"790a86486566","_type":"block","children":[{"_key":"f604e10b8218","_type":"span","marks":[],"text":"IPv6 Ingress/Gateway API in EKS with ENI mode is a roadmap item."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"d8bb4a4ec25c","_type":"block","children":[{"_key":"83565040561d","_type":"span","marks":[],"text":"Sample helm config file to enable "},{"_key":"27b026ae9bac","_type":"span","marks":["code"],"text":"dedicated"},{"_key":"c505643dcea9","_type":"span","marks":[],"text":" ingress in your EKS or AKS cluster."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:26Z","_id":"2afd89ad-8413-bd25-17cc-47982c39b02d","_key":"a106a12f-a94e-47d8-900d-80151a2c3451","_ref":"2afd89ad-8413-bd25-17cc-47982c39b02d","_rev":"9kz0FTU16Ui9PYoDK282Md","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:26Z","code":"ingressController:\n enabled: true\n enforceHttps: false\n loadbalancerMode: dedicated\n service:\n annotations:\n service.beta.kubernetes.io/azure-load-balancer-internal: \"true\"\n type: LoadBalancer\nk8sServiceHost: ###################################################################\nk8sServicePort: 443\nkubeProxyReplacement: true","language":"yaml","title":"yaml - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"fbb09acb1694","_type":"block","children":[{"_key":"12a90ff61594","_type":"span","marks":[],"text":"Create a demo app to test the ingress and name it "},{"_key":"c69a5ebf29db","_type":"span","marks":["code"],"text":"ingress.yaml"},{"_key":"24bd60026f0b","_type":"span","marks":[],"text":"."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:27Z","_id":"0a146e95-ef76-4e54-8c26-d6281b17e144","_key":"10e1d449-00f2-4e0a-80a0-069a49c054b3","_ref":"0a146e95-ef76-4e54-8c26-d6281b17e144","_rev":"kcq4Y4Flzce7Z96LpMlMxM","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:27Z","code":"$23","language":"yaml","title":"yaml - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"d216fddf-9f6c-4de5-b5d6-e33e5a653ef0","_type":"block","children":[{"_key":"aed50ac8-0b39-4f24-ba9d-db2364125e04","_type":"span","marks":[],"text":"Apply the manifest for ingress."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:29Z","_id":"629ea783-9a1b-9af6-86fa-c67632fedc63","_key":"54185606-617e-457a-943e-a6e512b52ac4","_ref":"629ea783-9a1b-9af6-86fa-c67632fedc63","_rev":"4wy3EvkFBguUtSHAFFnC78","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:29Z","code":"kubectl apply -f http-ingress.yaml","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"9a710844-591e-4e9f-bc0e-4db162987dd4","_type":"block","children":[{"_key":"83331bdb-7c0e-4507-a54e-14994e8899ac","_type":"span","marks":[],"text":"Check the status of the service that is created."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:30Z","_id":"ff2893c3-33b4-5bb2-9529-ef48c0533e49","_key":"6a824049-9e17-4b88-bcbe-810fa68d30be","_ref":"ff2893c3-33b4-5bb2-9529-ef48c0533e49","_rev":"9kz0FTU16Ui9PYoDK282lh","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:30Z","code":"$24","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"ef0ecc2b-2b11-496d-a6ca-43985e0267ab","_type":"block","children":[{"_key":"63f5144f-214e-4566-a27d-883345ce817b","_type":"span","marks":[],"text":"Check the status of the ingress that is created."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:31Z","_id":"7227b037-fb4e-4349-2794-a003fe9b0dcf","_key":"2e11ecbb-b509-406e-abda-f3a1d507fe3d","_ref":"7227b037-fb4e-4349-2794-a003fe9b0dcf","_rev":"kcq4Y4Flzce7Z96LpMlNcu","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:31Z","code":"kubectl get ingress\n\nNAME CLASS HOSTS ADDRESS PORTS AGE\nbasic-ingress cilium * 10.224.0.7 80 62m","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"90763c0e-1ffa-4909-8f95-3870677d6f77","_type":"block","children":[{"_key":"30550579-92f2-40bf-996f-e92e0279633e","_type":"span","marks":[],"text":"Send requests to the Ingress IP (Load Balancer IP) from a test pod."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:32Z","_id":"8f6edc9f-ab67-2f5d-2ea4-1d6552145ead","_key":"e87a90c8-6971-4df7-ad9e-62bb0cd69c14","_ref":"8f6edc9f-ab67-2f5d-2ea4-1d6552145ead","_rev":"kcq4Y4Flzce7Z96LpMlOUK","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:32Z","code":"curl --fail -s http://10.224.0.7/details/1 -v\n\n* Trying 10.224.0.7:80...\n* Connected to 10.224.0.7 (10.224.0.7) port 80 (#0)\n> GET /details/1 HTTP/1.1\n> Host: 10.224.0.7\n> User-Agent: curl/7.81.0\n> Accept: */*\n>\n* Mark bundle as not supporting multiuse\n< HTTP/1.1 200 OK\n< content-type: application/json\n< server: envoy\n< date: Wed, 04 Sep 2024 10:58:11 GMT\n< content-length: 178\n< x-envoy-upstream-service-time: 5\n<\n* Connection #0 to host 10.224.0.7 left intact\n{\"id\":1,\"author\":\"William Shakespeare\",\"year\":1595,\"type\":\"paperback\",\"pages\":200,\"publisher\":\"PublisherA\",\"language\":\"English\",\"ISBN-10\":\"1234567890\",\"ISBN-13\":\"123-1234567890\"","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"50b322eb3073","_type":"block","children":[{"_key":"a76358041c53","_type":"span","marks":[],"text":"Sample helm config file to enable "},{"_key":"632faad7a2f8","_type":"span","marks":["code"],"text":"shared"},{"_key":"a40e3c504a86","_type":"span","marks":[],"text":" ingress in your EKS or AKS cluster."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:33Z","_id":"8ddc99b1-784f-66cd-4130-47acd11afe8e","_key":"025eb152-470e-4992-a2d4-d51d083a5516","_ref":"8ddc99b1-784f-66cd-4130-47acd11afe8e","_rev":"kcq4Y4Flzce7Z96LpMlPsO","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:33Z","code":"ingressController:\n enabled: true\n enforceHttps: false\n loadbalancerMode: shared\n service:\n annotations:\n service.beta.kubernetes.io/azure-load-balancer-internal: \"true\"\n type: LoadBalancer\nk8sServiceHost: ###################################################################\nk8sServicePort: 443\nkubeProxyReplacement: true","language":"yaml","title":"yaml - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"e4b68bc1-aa48-46f7-9550-091e9be166e3","_type":"block","children":[{"_key":"ab2d12b1-ba04-4c20-86fc-7b7147535d56","_type":"span","marks":[],"text":"Applying a similar manifest as above with distinct names, two Ingress services are sharing the same Load Balancer IP."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"e9aea13ad834","_type":"block","children":[{"_key":"062e6bd10491","_type":"span","marks":["strong","em"],"text":"Note- "},{"_key":"155f98432fda","_type":"span","marks":["em"],"text":"With any annotation being added/changed to a shared ingress, "},{"_key":"82b97b196e1c","_type":"span","marks":["em","code"],"text":"cilium-operator"},{"_key":"f0f590c34a3f","_type":"span","marks":["em"],"text":" and "},{"_key":"c208c76c888b","_type":"span","marks":["em","code"],"text":"cilium-agent"},{"_key":"3e52153f81ee","_type":"span","marks":["em"],"text":" will have to be restarted."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-04-15T14:01:34Z","_id":"fdb500b9-7cce-77af-c844-b2abca5ca654","_key":"a7bf7183-4d5b-410e-addd-b08b48cee1e4","_ref":"fdb500b9-7cce-77af-c844-b2abca5ca654","_rev":"4wy3EvkFBguUtSHAFFnDIg","_type":"codeBlock","_updatedAt":"2025-04-15T14:01:34Z","code":"kubectl get ingress -A\n\nNAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE\ndefault basic-ingress cilium * 10.228.0.4 80 2d11h\ndefault basic-ingress1 cilium * 10.228.0.4 80 4s","language":"bash","title":"bash - \"Cloud Annotations for Gateway API & Ingress with Cilium\" Code Block"},{"_key":"d8108526-467b-4d15-9b5f-427fb8b72c28","_type":"block","children":[{"_key":"e72f1573-fd30-4f65-8da0-e4f12fc045b7","_type":"span","marks":[],"text":"Conclusion"}],"markDefs":[],"style":"h2"},{"_key":"d9c5cd646730","_type":"block","children":[{"_key":"d748916e78a3","_type":"span","marks":[],"text":"Hopefully, this post gave you an idea of how to use annotations in your AKS and EKS environments with Ingress or Gateway API with Cilium. You can also see these in action in our labs:"}],"markDefs":[],"style":"normal"},{"_key":"c29d90a592ea","_type":"block","children":[{"_key":"f8c5a8f6e65e","_type":"span","marks":["b1b90df11223"],"text":"Cilium Gateway API"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"b1b90df11223","_type":"link","href":"/labs/cilium-gateway-api/"}],"style":"normal"},{"_key":"1221389613e4","_type":"block","children":[{"_key":"101ab9b5a3e6","_type":"span","marks":["5dc6746ff41b"],"text":"Advanced Gateway API Use Cases"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"5dc6746ff41b","_type":"link","href":"/labs/cilium-gateway-api-advanced/"}],"style":"normal"},{"_key":"cafdba0f-68ae-4ba8-bad7-514a171705d4","_type":"block","children":[{"_key":"1c185048-738c-4a15-a1cc-fff5d35115e3","_type":"span","marks":[],"text":"References"}],"markDefs":[],"style":"h2"},{"_key":"b6336edc628d","_type":"block","children":[{"_key":"90c0985588bd","_type":"span","marks":["434bb24b84a5"],"text":"Azure Load Balancer Annotations"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"434bb24b84a5","_type":"link","href":"https://cloud-provider-azure.sigs.k8s.io/topics/loadbalancer/#loadbalancer-annotations"}],"style":"normal"},{"_key":"f120a98f7763","_type":"block","children":[{"_key":"ab4cd4965a66","_type":"span","marks":["387d5eeebc4e"],"text":"AWS Load Balancer Annotations"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"387d5eeebc4e","_type":"link","href":"https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.12/guide/service/annotations/"}],"style":"normal"}],"featuredImage":["$","$L19",null,{"src":"https://cdn.sanity.io/images/xinsvxfu/production/65fc9a34b3c10a975c6e0be2117f888398be89ae-1024x576.png?auto=format&q=80&fit=clip&w=1080","alt":"isovalent-cover-blog-1600x900-9.png","className":"mx-auto mb-10 w-full max-w-[72.75]","placeholder":"blur","blurDataURL":"data:image/svg+xml;base64,CiAgICA8c3ZnIHdpZHRoPSIxMDgwIiBoZWlnaHQ9IjEwODAiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KICAgICAgICA8ZGVmcz4KICAgICAgICAgICAgPGxpbmVhckdyYWRpZW50IGlkPSJnIj4KICAgICAgICAgICAgPHN0b3Agc3RvcC1jb2xvcj0iI0Y2RjhGRSIgb2Zmc2V0PSIyMCUiIC8+CiAgICAgICAgICAgIDxzdG9wIHN0b3AtY29sb3I9IiNFRkY1RkYiIG9mZnNldD0iNTAlIiAvPgogICAgICAgICAgICA8c3RvcCBzdG9wLWNvbG9yPSIjRjZGOEZFIiBvZmZzZXQ9IjcwJSIgLz4KICAgICAgICAgICAgPC9saW5lYXJHcmFkaWVudD4KICAgICAgICA8L2RlZnM+CiAgICAgICAgPHJlY3Qgd2lkdGg9IjEwODAiIGhlaWdodD0iMTA4MCIgZmlsbD0iI0Y2RjhGRSIgLz4KICAgICAgICA8cmVjdCBpZD0iciIgd2lkdGg9IjEwODAiIGhlaWdodD0iMTA4MCIgZmlsbD0idXJsKCNnKSIgLz4KICAgICAgICA8YW5pbWF0ZSBocmVmPSIjciIgYXR0cmlidXRlTmFtZT0ieCIgZnJvbT0iLTEwODAiIHRvPSIxMDgwIiBkdXI9IjFzIiByZXBlYXRDb3VudD0iaW5kZWZpbml0ZSIgIC8+CiAgICA8L3N2Zz4=","width":1080,"height":1080,"priority":true}],"articleData":{"title":"Cloud Annotations for Gateway API & Ingress with Cilium","description":"This tutorial shows how to use cloud-specific annotations for the Load Balancer service for Ingress & Gateway API on an Elastic Kubernetes Service and Azure Kubernetes Service cluster.","url":"https://isovalent.com/blog/post/cloud-annotations-for-gateway-api-ingress-with-cilium","download":"$undefined","authors":[{"_createdAt":"2024-09-27T10:02:48Z","_id":"ff5e2eda-05bb-ade9-8831-4dddc66e927d","_rev":"VO3Rz3CKgO8VZQnLmkJbUp","_type":"person","_updatedAt":"2024-09-27T12:06:31Z","bio":{"en":[{"_key":"1995ca31-02b1-49c0-a862-dfc8df0297ff","_type":"block","children":[{"_key":"c78e0e11-f4b0-4342-a5fc-a02e085947fa","_type":"span","marks":[],"text":"Amit Gupta is a senior technical marketing engineer at Isovalent, powering eBPF cloud-native networking and security. Amit has 21+ years of experience in Networking, Telecommunications, Cloud, Security, and Open-Source. He has previously worked with Motorola, Juniper, Avi Networks (acquired by VMware), and Prosimo. He is keen to learn and try out new technologies that aid in solving day-to-day problems for operators and customers.\n\nHe has worked in the Indian start-up ecosystem for a long time and helps new folks in that area outside of work. Amit is an avid runner and cyclist and also spends considerable time helping kids in orphanages."}],"markDefs":[],"style":"normal"}]},"company":{"_ref":"35073912-4894-4a13-89f6-caa5d58ff52d","_type":"reference"},"firstName":{"en":"Amit"},"fullName":{"en":"Amit Gupta"},"headshot":{"_type":"image","asset":{"_ref":"image-19b2e7212433d6c85f9a7cbb62beb590d8044fa0-528x1009-jpg","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"image":"https://cdn.sanity.io/images/xinsvxfu/production/19b2e7212433d6c85f9a7cbb62beb590d8044fa0-528x1009.jpg","languages":["en"],"lastName":{"en":"Gupta"},"title":{"en":"Senior Technical Marketing Engineer"}}]}}]}]}]}],"$undefined"]}]]