7:[[["$","$L18",null,{"moduleIds":["5268705073681142283"]}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org/\",\"@type\":\"Article\",\"headline\":\"Tutorial: Getting Started with the Cilium Gateway API\",\"image\":\"https://cdn.sanity.io/images/xinsvxfu/production/ec8eef2c9ea5faad275fcd3f1005af58dd6cc212-944x612.png\",\"datePublished\":\"2023-12-15T18:03:03.000Z\",\"dateModified\":\"2023-03-15T10:56:36.000Z\",\"description\":\"In this tutorial, you will learn how to install, configure and manage the Cilium Gateway API to route traffic into your Kubernetes cluster.\",\"author\":[{\"@type\":\"Person\",\"name\":\"Nico Vibert\",\"url\":\"https://isovalent.com/\"}]}"}}]],["$","main",null,{"id":"top","children":[["$","header",null,{"className":"restricted mt-10 mb-14","children":[["$","$L19",null,{}],["$","h1",null,{"className":"text-4xl text-nightfall font-bold mb-5 max-w-3xl","children":"Tutorial: Getting Started with the Cilium Gateway API"}],["$","div",null,{"className":"article-details block sm:flex items-center justify-items-start cursor-default","children":[["$","$L1a",null,{"authors":[{"_createdAt":"2024-09-27T10:02:38Z","_id":"0ae51702-7dba-84ad-a28a-f771145d2ef7","_rev":"6LVvD8xfzQrGEZvFexsj7u","_type":"person","_updatedAt":"2025-03-25T23:54:43Z","bio":{"en":[{"_key":"be6d1ddb-c534-48aa-9920-df188816a37a","_type":"block","children":[{"_key":"bb5153ab-f237-44b0-9510-a169a1950ad0","_type":"span","marks":[],"text":"Nico Vibert is a Senior Staff Technical Marketing Engineer at Isovalent, the company behind the open-source cloud-native solution Cilium. Prior to joining Isovalent, Nico worked in many different roles—operations and support, design and architecture, and technical pre-sales—at companies such as HashiCorp, VMware, and Cisco. In his current role, Nico focuses primarily on creating content to make networking a more approachable field and regularly speaks at events like KubeCon, VMworld, and Cisco Live. Nico has held over 15 networking certifications, including the Cisco Certified Internetwork Expert CCIE (# 22990). Nico is now the Lead Subject Matter Expert on the Cilium Certified Associate (CCA) certification."}],"markDefs":[],"style":"normal"},{"_key":"74d4f41ab634","_type":"block","children":[{"_key":"d11957993c26","_type":"span","marks":[],"text":"Outside of Isovalent, Nico is passionate about intentional diversity & inclusion initiatives and is Chief DEI Officer at the Open Technology organization OpenUK. You can find out more about him on his blog."}],"markDefs":[],"style":"normal"}]},"company":{"_ref":"35073912-4894-4a13-89f6-caa5d58ff52d","_type":"reference"},"firstName":{"en":"Nico"},"fullName":{"en":"Nico Vibert"},"headshot":{"_type":"image","asset":{"_ref":"image-a8fa134c3d7583ee70832353c7ff0d8a2181ff16-200x200-jpg","_type":"reference"}},"image":"https://cdn.sanity.io/images/xinsvxfu/production/a8fa134c3d7583ee70832353c7ff0d8a2181ff16-200x200.jpg","languages":["en"],"lastName":{"en":"Vibert"},"title":{"en":"Senior Staff Technical Marketing Engineer"}}],"locale":"en"}],["$","div",null,{"className":"text-charcoal","children":[["$","span",null,{"className":"hidden sm:inline","children":"| "}],["$","span",null,{"children":["Published:"," ",["$","strong",null,{"className":"font-bold","children":"March 15, 2023"}],[" ","| Updated:"," ",["$","strong",null,{"className":"font-bold","children":"December 15, 2023"}]]]}]," | ",[["$","$L1b","2159f293-7dd2-46f3-9b11-bf943ad2ae98",{"href":"/blog/networking-for-kubernetes","className":"inline-block text-action hover:underline font-bold pr-1","children":["Networking for Kubernetes",false]}]]]}]]}]]}],["$","section",null,{"id":"page-content","className":"mb-8","children":["$","$L1c",null,{"content":[{"_key":"12f7a1bd-3ac8-4324-8b74-01278328e44b","_type":"block","children":[{"_key":"c01187b6-f993-477c-9d75-47890807f2b6","_type":"span","marks":["em"],"text":"Last updated: April 2023"}],"markDefs":[],"style":"normal"},{"_key":"1228fdea-c5b9-4cce-a17f-b27443dcf3fd","_type":"block","children":[{"_key":"9dae5954-c202-45c8-a2ca-35e94f86890a","_type":"span","marks":[],"text":"Gateway API support has landed on Cilium! "},{"_key":"a48ff0a9-c2b1-421f-bcf9-b7f82bdfef42","_type":"span","marks":["5ac0bb74-622a-4d57-b800-818b6fbca3e3"],"text":"Gateway API"},{"_key":"1f1d3d09-27d8-4ada-8dae-667ac93abb5a","_type":"span","marks":[],"text":" is the long term replacement for Kubernetes Ingress and provides operators a role-based, portable and extensible model to route traffic into your clusters. "}],"markDefs":[{"_key":"5ac0bb74-622a-4d57-b800-818b6fbca3e3","_type":"link","href":"https://gateway-api.sigs.k8s.io/","openInNewTab":true}],"style":"normal"},{"_key":"f60025d2-cfc1-4013-abe5-5aa14d865fce","_type":"block","children":[{"_key":"9620ea5a-b7aa-4dbb-ba3b-23f7e25e285f","_type":"span","marks":[],"text":"In this blog post, we will walk you through how to install, configure and manage the Cilium Gateway API for a number of use cases. If you would like to understand the \"what\" and the \"why\" of the Cilium Gateway API, head over to that "},{"_key":"0ee9378c-5007-45f0-b348-59379cbe9618","_type":"span","marks":["aff9d2ca-f0c1-4367-aead-35065c5c720b"],"text":"post"},{"_key":"5504f7f5-c474-4a3d-aebf-6a0325cdf103","_type":"span","marks":[],"text":"."}],"markDefs":[{"_key":"aff9d2ca-f0c1-4367-aead-35065c5c720b","_type":"link","href":"/blog/post/cilium-gateway-api/","openInNewTab":true}],"style":"normal"},{"_key":"22fb0968-5824-453b-81ad-5b8182f59e68","_type":"block","children":[{"_key":"8a539a6f-405e-4cc9-999a-68ffe30fc2c2","_type":"span","marks":[],"text":"This post will focus on the \"how\"."}],"markDefs":[],"style":"normal"},{"_key":"3093ea086572","_type":"block","children":[{"_key":"619018fc4fe1","_type":"span","marks":["em"],"text":"If you would rather "},{"_key":"c6e733e39826","_type":"span","marks":["em","strong"],"text":"do"},{"_key":"19ab30ad0c59","_type":"span","marks":["em"],"text":" than "},{"_key":"71a6857222f7","_type":"span","marks":["em","strong"],"text":"read"},{"_key":"65a3f2bf51a1","_type":"span","marks":["em"],"text":", head to the "},{"_key":"c2eca5e5a6f5","_type":"span","marks":["em","48d699d2d3d9"],"text":"Cilium Gateway API lab"},{"_key":"c6f42f4b7bb6","_type":"span","marks":["em"],"text":" and "},{"_key":"04ee74adfba2","_type":"span","marks":["em","cd0e23e898a1"],"text":"Cilium Advanced Gateway API Use Cases lab"},{"_key":"adc6358bdf9d","_type":"span","marks":["em"],"text":" instead."}],"markDefs":[{"_key":"48d699d2d3d9","_type":"link","href":"/labs/gateway-api/"},{"_key":"cd0e23e898a1","_type":"link","href":"/labs/advanced-gateway-api-use-cases/"}],"style":"normal"},{"_key":"194c3922-f042-4d89-9616-32225dea1c17","_type":"block","children":[{"_key":"dc2f340b-e0da-4783-b47e-7de490f80229","_type":"span","marks":[],"text":"Installing Cilium with Gateway API"}],"markDefs":[],"style":"h2"},{"_key":"f3761239-c832-4885-b9a9-0c9148e75343","_type":"block","children":[{"_key":"62f38b11-ef66-4ce2-b2fd-9716123b64be","_type":"span","marks":[],"text":"In our environment, we start with a "},{"_key":"080aef7a-022b-442d-9196-20be0cbfe953","_type":"span","marks":["6c60b28b-0abb-4036-abaf-880bb4d1474e"],"text":"kind"},{"_key":"57ea0602-4e8e-4c12-8818-8cfe00ba8934","_type":"span","marks":[],"text":"-based Kubernetes cluster. You can use a configuration such as simple as this one below (note the "},{"_key":"c1bc55fd-6604-442d-90c2-fc3d9988f5c3","_type":"span","marks":["code"],"text":"disableDefaultCNI: true"},{"_key":"2db11840-ab50-43f8-883c-06c943dc0045","_type":"span","marks":[],"text":" as we will be installing Cilium instead of the default CNI):"}],"markDefs":[{"_key":"6c60b28b-0abb-4036-abaf-880bb4d1474e","_type":"link","href":"https://kind.sigs.k8s.io/","openInNewTab":true}],"style":"normal"},{"_createdAt":"2024-09-30T12:14:09Z","_id":"061216a5-f2c1-4346-b512-4d913217d7fc","_key":"276f7881-f16e-457a-b68d-73cbc488544c","_ref":"061216a5-f2c1-4346-b512-4d913217d7fc","_rev":"P5GVFsWfT1LlxauxUAADHs","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:37Z","code":"---\nkind: Cluster\napiVersion: kind.x-k8s.io/v1alpha4\nnodes:\n- role: control-plane\n- role: worker\n- role: worker\nnetworking:\n disableDefaultCNI: true","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"13cc1bba-664c-42b8-8da5-586e278cea4c","_type":"block","children":[{"_key":"a383d3a2-983a-4a09-9bef-894394c5a64a","_type":"span","marks":[],"text":"Save this configuration as "},{"_key":"59c0dad0-ef40-4be0-844e-fb2e87db8402","_type":"span","marks":["code"],"text":"kind-config.yaml"},{"_key":"0a7f7a5c-bc13-4fa5-bd9e-ca766689232b","_type":"span","marks":[],"text":" and deploy it (for example, with "},{"_key":"21f00bc7-f558-4e71-b0ac-38d6c7ed6208","_type":"span","marks":["code"],"text":"kind create cluster --image kindest/node:v1.24.0"},{"_key":"a178aa6a-3d3d-4e23-8bc2-346c95ec9fa8","_type":"span","marks":[],"text":" "},{"_key":"7d36c8d9-fa2e-4833-83df-430d7106c19e","_type":"span","marks":["code"],"text":"--config kind-config.yaml"},{"_key":"61d5000b-ab63-4480-8abe-a2ddede28212","_type":"span","marks":[],"text":")."}],"markDefs":[],"style":"normal"},{"_key":"08a56660-6744-4500-b5fa-514839de1164","_type":"block","children":[{"_key":"a7a7a152-f198-4a7e-80f6-29762c422dca","_type":"span","marks":[],"text":"Before we install Cilium with Gateway API, we need to make sure we install the Gateway API CRDs "},{"_key":"d23ba3ed-5fcf-43a4-81e8-899baee0d535","_type":"span","marks":["em"],"text":"prior"},{"_key":"ba7365cc-ed1c-482b-8475-ee2efd93d8e3","_type":"span","marks":[],"text":" to the Cilium install (Gateway API is a "},{"_key":"cd7f144f-f7cb-4604-adee-cf24b48a9867","_type":"span","marks":["8c80d149-d01f-4a2a-89d8-9247fd1415cf"],"text":"Custom Resource Definition (CRD)"},{"_key":"bdde6484-2982-401c-840b-a0e559f97d53","_type":"span","marks":[],"text":" based API so you'll need to "},{"_key":"58e1ccf2-f1d2-4e1c-8ad0-051037d72efa","_type":"span","marks":["c003cfad-2291-49ac-817b-8155d6073d14"],"text":"install the CRDs"},{"_key":"988c268b-a7d0-47fc-90bd-0a7302dbc110","_type":"span","marks":[],"text":" onto a cluster to use the API):"}],"markDefs":[{"_key":"8c80d149-d01f-4a2a-89d8-9247fd1415cf","_type":"link","href":"https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/","openInNewTab":true},{"_key":"c003cfad-2291-49ac-817b-8155d6073d14","_type":"link","href":"https://gateway-api.sigs.k8s.io/guides/getting-started/#install-the-crds","openInNewTab":false}],"style":"normal"},{"_createdAt":"2024-09-30T12:14:10Z","_id":"14de5951-a690-8b34-202a-35f925f12f47","_key":"5be9bd0d-c93f-4729-a515-c220a71b83a7","_ref":"14de5951-a690-8b34-202a-35f925f12f47","_rev":"be3C7ysj1QqQyrHso4heqA","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:38Z","code":"kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v0.5.1/config/crd/standard/gateway.networking.k8s.io_gatewayclasses.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v0.5.1/config/crd/standard/gateway.networking.k8s.io_gateways.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v0.5.1/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v0.5.1/config/crd/experimental/gateway.networking.k8s.io_referencegrants.yaml\n","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"8af6aa60-1e0b-441d-adc8-6195d981064e","_type":"block","children":[{"_key":"9e453aa9-98aa-44e9-abaf-45bb1d3003d1","_type":"span","marks":[],"text":"You can check the CRDs have been installed with the following command:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:11Z","_id":"68399834-64bb-9cf2-ca46-3bb141475928","_key":"50a6a465-4195-4b99-99c9-49eb082f706a","_ref":"68399834-64bb-9cf2-ca46-3bb141475928","_rev":"OU5lQsExGohDwkAnEcWNOG","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:39Z","code":"root@server:~# kubectl get crd gatewayclasses.gateway.networking.k8s.io\nkubectl get crd gateways.gateway.networking.k8s.io\nkubectl get crd httproutes.gateway.networking.k8s.io\nkubectl get crd referencegrants.gateway.networking.k8s.io\nNAME CREATED AT\ngatewayclasses.gateway.networking.k8s.io 2023-03-09T13:39:22Z\nNAME CREATED AT\ngateways.gateway.networking.k8s.io 2023-03-09T13:39:22Z\nNAME CREATED AT\nhttproutes.gateway.networking.k8s.io 2023-03-09T13:39:23Z\nNAME CREATED AT\nreferencegrants.gateway.networking.k8s.io 2023-03-09T13:39:23Z","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"c0baffbc-9cd9-45b8-befc-fb3dafb6718a","_type":"block","children":[{"_key":"807b2c1f-b629-41d4-9298-0268b40f46a6","_type":"span","marks":[],"text":"We can now go ahead and deploy Cilium. We've talked about the many ways to deploy Cilium in a previous "},{"_key":"b65b4340-7327-4ed3-b04b-4ad49510cdf8","_type":"span","marks":["7628e363-3973-4bde-a9d9-b05ff9b088a7"],"text":"post"},{"_key":"65164e2c-4bb8-431a-bf2e-728d5399d9b3","_type":"span","marks":[],"text":". This time, let's use Helm. Notice the main requirement for Gateway API to work: Cilium must be configured with "},{"_key":"8df97580-b34a-4032-b77e-cf526d682d6a","_type":"span","marks":["code"],"text":"kubeProxyReplacement"},{"_key":"f09193bd-cc1b-44ab-86e7-e87ab224cd01","_type":"span","marks":[],"text":" set to "},{"_key":"dd0b50d5-c0a4-47fa-930b-da40ecb0c7d7","_type":"span","marks":["code"],"text":"partial"},{"_key":"1d41349b-ed9e-41c8-b670-17a37f266a85","_type":"span","marks":[],"text":" or "},{"_key":"b6469ea5-9020-4071-b9fc-5115ad2184f7","_type":"span","marks":["code"],"text":"strict"},{"_key":"f2abbfb4-ea2a-428d-854a-d43f39ef644b","_type":"span","marks":[],"text":"."}],"markDefs":[{"_key":"7628e363-3973-4bde-a9d9-b05ff9b088a7","_type":"link","href":"/blog/post/tutorial-tips-and-tricks-to-install-cilium/","openInNewTab":true}],"style":"normal"},{"_createdAt":"2024-09-30T12:14:12Z","_id":"16ac26a9-1a3d-4c52-cade-67401520c4fd","_key":"99807b11-219d-44b6-926d-256eb81f1e1b","_ref":"16ac26a9-1a3d-4c52-cade-67401520c4fd","_rev":"P5GVFsWfT1LlxauxUAADNa","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:40Z","code":"helm repo add cilium https://helm.cilium.io\n\nhelm upgrade --install cilium cilium/cilium --version 1.13.0 --namespace kube-system --set kubeProxyReplacement=strict --set gatewayAPI.enabled=true","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"125da045-f801-4eb4-b6d8-28c021fba1e3","_type":"block","children":[{"_key":"1f99a64b-d284-4817-addd-b637cfd88f9c","_type":"span","marks":[],"text":"Let's double check it was successfully set up:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:13Z","_id":"3c9dea43-2e53-258a-844e-3e1c23124061","_key":"ad826451-2f04-4235-a1ed-eb6600049fe8","_ref":"3c9dea43-2e53-258a-844e-3e1c23124061","_rev":"9px8ir0NfLa6aydsXNUMkM","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:41Z","code":"root@server:~# cilium config view | grep \"enable-gateway-api\"\nenable-gateway-api true\nenable-gateway-api-secrets-sync true","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"597c9e5a-ea69-49ca-9bae-7aa5bf20797d","_type":"block","children":[{"_key":"4edf4d75-9361-4efa-85ac-878467dad038","_type":"span","marks":[],"text":"To access the service that will be exposed via the Gateway API, we need to allocate an external IP address. When a Gateway is created, an associated Kubernetes Services of the type LoadBalancer is created. When using a managed Kubernetes Service like EKS, AKS or GKE, the LoadBalancer is assigned an IP (or DNS name) automatically. For private cloud or for home labs, we need another tool - such as "},{"_key":"486dc023-3574-40db-a9a5-df14767a6903","_type":"span","marks":["fb6c7487-c22c-4061-84f4-8f521e565566"],"text":"MetalLB"},{"_key":"aab18e17-44de-46b7-8c19-1592ea9997cf","_type":"span","marks":[],"text":" below - to allocate an IP Address and to provide L2 connectivity (as in - advertising to said IP to the network with gratuitous "},{"_key":"d99254eb-c213-4503-ac4d-2c5909e57f8c","_type":"span","marks":["0ce86ebb-73ea-4507-949d-ff43eb3d300f"],"text":"ARPs"},{"_key":"e7db9de6-019a-4682-891d-0b9de8cdf50a","_type":"span","marks":[],"text":"). Note that Cilium itself provides "},{"_key":"e927f9ec-f1f3-4393-b992-b0f71b9d93fb","_type":"span","marks":["3d310c43-7ecb-4016-b996-6f7d2a3b2f4a"],"text":"Load-Balancer IP Address Management"},{"_key":"5b084ee2-f809-44d8-ac90-3a2105d272b0","_type":"span","marks":[],"text":" support but not Layer 2 connectivity (that is a work-in-progress)."}],"markDefs":[{"_key":"fb6c7487-c22c-4061-84f4-8f521e565566","_type":"link","href":"https://metallb.universe.tf/","openInNewTab":true},{"_key":"0ce86ebb-73ea-4507-949d-ff43eb3d300f","_type":"link","href":"https://en.wikipedia.org/wiki/Address_Resolution_Protocol","openInNewTab":true},{"_key":"3d310c43-7ecb-4016-b996-6f7d2a3b2f4a","_type":"link","href":"/labs/lb-ipam-bgp-service/","openInNewTab":true}],"style":"normal"},{"_createdAt":"2024-09-30T12:14:14Z","_id":"388ff462-6b54-98af-f03a-f67fcd7daec4","_key":"e1897b11-5aa4-41a4-b80d-f5701e12844c","_ref":"388ff462-6b54-98af-f03a-f67fcd7daec4","_rev":"9px8ir0NfLa6aydsXNUN32","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:43Z","code":"KIND_NET_CIDR=$(docker network inspect kind -f '{{(index .IPAM.Config 0).Subnet}}')\nMETALLB_IP_START=$(echo ${KIND_NET_CIDR} | sed \"s@0.0/16@255.200@\")\nMETALLB_IP_END=$(echo ${KIND_NET_CIDR} | sed \"s@0.0/16@255.250@\")\nMETALLB_IP_RANGE=\"${METALLB_IP_START}-${METALLB_IP_END}\"\n\ncat << EOF > metallb_values.yaml\nconfigInline:\n address-pools:\n - name: default\n protocol: layer2\n addresses:\n - ${METALLB_IP_RANGE}\nEOF\n\nhelm install --namespace metallb-system --create-namespace \n --repo https://metallb.github.io/metallb metallb metallb \n --version 0.12.1 --values metallb_values.yaml\n","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"20081042-c4df-48b0-85ba-b99f3a6b62be","_type":"block","children":[{"_key":"a363d1d4-2e65-4770-995d-03743ed51eea","_type":"span","marks":[],"text":"What is a GatewayClass and a Gateway?"}],"markDefs":[],"style":"h2"},{"_key":"30af877e-9c35-4cf5-8a03-a96d0f3d45ec","_type":"block","children":[{"_key":"2cac64e7-00b2-4412-b498-f3d355e08ca4","_type":"span","marks":[],"text":"Before we actually start routing traffic into the cluster, we should explain what these CRDs were and why they were required."}],"markDefs":[],"style":"normal"},{"_key":"c0e27aab-9ec6-4c65-b78c-fe7b9e668881","_type":"block","children":[{"_key":"07d03dba-77f7-40a1-9856-56b5e23d2d1d","_type":"span","marks":[],"text":"If the CRDs have been deployed beforehand, a GatewayClass will be deployed by Cilium during its installation (assuming the Gateway API option has been selected)."}],"markDefs":[],"style":"normal"},{"_key":"015c849f-c225-4ab3-8b39-2f9ce71b3383","_type":"block","children":[{"_key":"e3671d21-07b7-46fa-861f-dac923d8abc6","_type":"span","marks":[],"text":"Let's verify that a GatewayClass has been deployed and accepted:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:15Z","_id":"dc77dc3a-4443-b6f6-e63e-98ed253b2c05","_key":"9c4dc240-44fb-4128-9c30-da5cd8312a74","_ref":"dc77dc3a-4443-b6f6-e63e-98ed253b2c05","_rev":"OU5lQsExGohDwkAnEcWR8K","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:44Z","code":"root@server:~# kubectl get gatewayclasses.gateway.networking.k8s.io \nNAME CONTROLLER ACCEPTED AGE\ncilium io.cilium/gateway-controller True 13m","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"79524fbb-d98a-4588-818c-4904b94e655a","_type":"block","children":[{"_key":"9d5944d8-81eb-46dc-b386-29e7a43152f4","_type":"span","marks":[],"text":"The "},{"_key":"2b6c8f29-cc35-4bc3-a7b6-b18d64c4a1cc","_type":"span","marks":["code"],"text":"GatewayClass"},{"_key":"b462b07f-6e54-4cfb-b337-01f36caa922d","_type":"span","marks":[],"text":" is a type of Gateway that can be deployed: in other words, it is a template. This is done in a way to let infrastructure providers offer different types of Gateways. Users can then choose the Gateway they like."}],"markDefs":[],"style":"normal"},{"_key":"db8605ba-854b-4232-bc92-1694a21ed197","_type":"block","children":[{"_key":"9c552ed0-28e7-400b-a4c5-c5d74f4ba480","_type":"span","marks":[],"text":"For instance, an infrastructure provider may create two "},{"_key":"4a658527-72c3-42ea-a5b6-524f98fc5b33","_type":"span","marks":["code"],"text":"GatewayClasses"},{"_key":"c6eb7d42-60e4-4667-be57-b736a74da543","_type":"span","marks":[],"text":" named "},{"_key":"14a7d188-884c-44ae-bc77-5305bf09c068","_type":"span","marks":["code"],"text":"internet"},{"_key":"409b0b42-2aaa-46f7-8f46-9cd55eef848a","_type":"span","marks":[],"text":" and "},{"_key":"657d5f8e-3c84-4a84-8e6a-fd394c17412d","_type":"span","marks":["code"],"text":"private"},{"_key":"f71f7fd3-d490-4e4c-b70f-44105250e7c5","_type":"span","marks":[],"text":" for two different purposes and possibly with different features: one to proxy Internet-facing services and one for private internal applications."}],"markDefs":[],"style":"normal"},{"_key":"41b400bc-8320-441c-bfe4-b95224fba107","_type":"block","children":[{"_key":"401cae71-7b93-43fe-8846-ac73177dfaf0","_type":"span","marks":[],"text":"In our case, we will instantiate Cilium Gateway API ("},{"_key":"927d15c8-94c5-4a6f-a2c5-da30cf036bc9","_type":"span","marks":["code"],"text":"io.cilium/gateway-controller"},{"_key":"d5bced31-8349-4f8e-8e61-6480886b1459","_type":"span","marks":[],"text":")."}],"markDefs":[],"style":"normal"},{"_key":"70a7008e-6e5d-412a-8a81-dfb626d414d7","_type":"block","children":[{"_key":"4ba5fab2-ad3a-40f1-aa41-fb2123ffded0","_type":"span","marks":[],"text":"HTTP Routing"}],"markDefs":[],"style":"h2"},{"_key":"9cbbd85e-9b3d-45ea-9cca-0d5c476d5314","_type":"block","children":[{"_key":"f742c12c-41da-4289-94f4-77582167b3bb","_type":"span","marks":[],"text":"Let's now deploy an application and set up GatewayAPI "},{"_key":"f01f9046-0066-4f77-b924-7dc3594c7b07","_type":"span","marks":["code"],"text":"HTTPRoutes"},{"_key":"0da13fc5-b1d3-4b71-8495-ca4da3708dad","_type":"span","marks":[],"text":" to route HTTP traffic into the cluster. We will use "},{"_key":"43338b04-6704-41e7-8571-f33f5abdb633","_type":"span","marks":["8f8eaa05-04db-4b2e-a0f9-8771ea36c158"],"text":"bookinfo"},{"_key":"97ab98fa-dd36-4fc1-b8bc-6e350b2026ef","_type":"span","marks":[],"text":" as a sample application."}],"markDefs":[{"_key":"8f8eaa05-04db-4b2e-a0f9-8771ea36c158","_type":"link","href":"https://istio.io/v1.12/docs/examples/bookinfo/","openInNewTab":true}],"style":"normal"},{"_key":"761ba779-e291-41f4-bf10-5ea362f3b242","_type":"block","children":[{"_key":"95ef121f-778a-4ac8-9fc9-291995c1a500","_type":"span","marks":[],"text":"This demo set of microservices provided by the Istio project consists of several deployments and services:"}],"markDefs":[],"style":"normal"},{"_key":"fb7e820a8ce3","_type":"block","children":[{"_key":"330b08070715","_type":"span","marks":[],"text":"🔍 details"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"d627a38a526a","_type":"block","children":[{"_key":"c22c88c8d479","_type":"span","marks":[],"text":"⭐ ratings"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"2d948f97ee0d","_type":"block","children":[{"_key":"e419936ae537","_type":"span","marks":[],"text":"✍ reviews"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"0bae416cee76","_type":"block","children":[{"_key":"76ae48e7ce7e","_type":"span","marks":[],"text":"📕 productpage"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"1f9359cf-1044-4580-96e4-af2a13a296ee","_type":"block","children":[{"_key":"f7eaf9ea-a21b-47f7-b2cd-b3b53e1dbc04","_type":"span","marks":[],"text":"We will use several of these services as bases for our Gateway APIs."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T17:01:03Z","_id":"e337e41a-1ac7-7ac3-dd60-26f2f88f0ac3","_key":"57564e49-077b-490b-9dc2-bf9926969be9","_ref":"e337e41a-1ac7-7ac3-dd60-26f2f88f0ac3","_rev":"9px8ir0NfLa6aydsXIj4VX","_type":"mediaImage","_updatedAt":"2024-09-30T17:01:03Z","alignment":"center","image":{"_type":"image","asset":{"_ref":"image-a4b92641ecd979505f42a7d97fed253a9f365331-2630x1176-png","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"languages":["en"],"originalFilename":"NgR7cojKUSUuUqa2xxB7Ee","size":"large","title":"NgR7cojKUSUuUqa2xxB7Ee - \"Tutorial: Getting Started with the Cilium Gateway API\" Image","url":"https://cdn.sanity.io/images/xinsvxfu/production/a4b92641ecd979505f42a7d97fed253a9f365331-2630x1176.png"},{"_key":"8ee9d34c-4e32-4877-bc0e-9cfd54f72072","_type":"block","children":[{"_key":"eca60655-cedf-4bb1-8ab2-abfc36bb1b37","_type":"span","marks":[],"text":"Deploy an application"}],"markDefs":[],"style":"h3"},{"_key":"638d6e40-8761-4f8a-942b-b7c60522c20c","_type":"block","children":[{"_key":"6259efde-37a4-4da8-b1b1-63d1f1f31096","_type":"span","marks":[],"text":"Let's deploy the sample application in the cluster."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:16Z","_id":"c71e8948-e7cb-6f90-1f2e-991cccc20877","_key":"ecf98657-adcf-4975-942b-bbc0ea3d0d9f","_ref":"c71e8948-e7cb-6f90-1f2e-991cccc20877","_rev":"be3C7ysj1QqQyrHso4heyC","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:45Z","code":"root@server:~# kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.12/samples/bookinfo/platform/kube/bookinfo.yaml\nservice/details created\nserviceaccount/bookinfo-details created\ndeployment.apps/details-v1 created\nservice/ratings created\nserviceaccount/bookinfo-ratings created\ndeployment.apps/ratings-v1 created\nservice/reviews created\nserviceaccount/bookinfo-reviews created\ndeployment.apps/reviews-v1 created\ndeployment.apps/reviews-v2 created\ndeployment.apps/reviews-v3 created\nservice/productpage created\nserviceaccount/bookinfo-productpage created\ndeployment.apps/productpage-v1 created","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"2900760a-bb24-4702-a187-78a0f751c1c6","_type":"block","children":[{"_key":"5715dae7-24f1-4784-a0a4-02bc7184a6b6","_type":"span","marks":[],"text":"Check that the application is properly deployed:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:17Z","_id":"5011d2f9-ecf2-3621-ed28-6a7f45d1fdc2","_key":"88914543-7e04-481d-b59e-756bd2e5c7b9","_ref":"5011d2f9-ecf2-3621-ed28-6a7f45d1fdc2","_rev":"be3C7ysj1QqQyrHso4hf6E","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:46Z","code":"root@server:~# kubectl get pods\nNAME READY STATUS RESTARTS AGE\ndetails-v1-586577784f-nr5t2 1/1 Running 0 61s\nproductpage-v1-589b848cc9-prrnh 1/1 Running 0 61s\nratings-v1-679fc7b4f-g48xz 1/1 Running 0 61s\nreviews-v1-7b76665ff9-6g7fq 1/1 Running 0 61s\nreviews-v2-6b86c676d9-v65k9 1/1 Running 0 61s\nreviews-v3-b77c579-pqmgl 1/1 Running 0 61s","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"49e5d8a7-12ac-4964-b243-20421263cf92","_type":"block","children":[{"_key":"62acf1d5-038d-4547-bcfa-594ee50df7d0","_type":"span","marks":[],"text":"You should see multiple pods being deployed in the "},{"_key":"b5e5ed1c-c8da-46fa-9da8-014f257ba303","_type":"span","marks":["code"],"text":"default"},{"_key":"9d25098f-5348-4e13-bdf0-faddb89d32d9","_type":"span","marks":[],"text":" namespace. "}],"markDefs":[],"style":"normal"},{"_key":"41ba7353-fffc-40dd-8bff-a375a84a6721","_type":"block","children":[{"_key":"7d9d38fc-6beb-455d-b12d-e3024e789216","_type":"span","marks":[],"text":"Notice that with Cilium Service Mesh, there is no Envoy sidecar created alongside each of the demo app microservices. With a sidecar implementation, the output would show "},{"_key":"0704f57e-f55b-4ab4-a87d-a9e505e06411","_type":"span","marks":["code"],"text":"2/2 READY"},{"_key":"af86c6f0-5297-4939-a1b8-160a94d0478f","_type":"span","marks":[],"text":": one for the microservice and one for the Envoy sidecar."}],"markDefs":[],"style":"normal"},{"_key":"76d8ec3c-41bc-4a3c-be79-c364fb04a0c1","_type":"block","children":[{"_key":"e2f26810-29c3-4e91-82d0-ff91f85218de","_type":"span","marks":[],"text":"Have a quick look at the Services deployed:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:18Z","_id":"57abcb1a-e261-dab1-8bf8-f7c9ffe50472","_key":"d0a1a54f-5627-477f-804e-9e0c551cf758","_ref":"57abcb1a-e261-dab1-8bf8-f7c9ffe50472","_rev":"P5GVFsWfT1LlxauxUAADTI","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:47Z","code":"root@server:~# kubectl get svc\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ndetails ClusterIP 10.96.41.65 9080/TCP 2m3s\nkubernetes ClusterIP 10.96.0.1 443/TCP 11m\nproductpage ClusterIP 10.96.147.97 9080/TCP 2m3s\nratings ClusterIP 10.96.105.89 9080/TCP 2m3s\nreviews ClusterIP 10.96.149.14 9080/TCP 2m3s","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"f16a8fe7-a66a-4a04-96bf-5a48c00a3b52","_type":"block","children":[{"_key":"d3375c46-fd62-49f9-927c-6291d72a9d40","_type":"span","marks":[],"text":"Note these Services are only internal-facing ("},{"_key":"16e1a8c2-7f20-431d-bc77-79c9718487d5","_type":"span","marks":["code"],"text":"ClusterIP"},{"_key":"401e6cca-a0e4-4b57-8b65-58e7a7998158","_type":"span","marks":[],"text":") and therefore there is no access from outside the cluster to these Services."}],"markDefs":[],"style":"normal"},{"_key":"830f95ab-e941-48bd-96ae-c9cd66f876d9","_type":"block","children":[{"_key":"42a77bcd-5b06-4ee0-b0bc-8cbf585c96bc","_type":"span","marks":[],"text":"Deploy the Gateway and the HTTPRoutes"}],"markDefs":[],"style":"h3"},{"_key":"94208b84-8239-4f77-8563-b2eca88b441c","_type":"block","children":[{"_key":"670654ad-b3b4-499d-9c18-c1a57447a48d","_type":"span","marks":[],"text":"Before deploying the Gateway and HTTPRoutes, let's review the "},{"_key":"e880c38b-96ed-47ce-9f38-6ff34367537e","_type":"span","marks":["b9867cb5-839b-41b0-8d2d-103657bcd6cc"],"text":"configuration"},{"_key":"9c4583c2-d678-45b6-897a-fcd5fc43ec86","_type":"span","marks":[],"text":" we're going to use. Let's review it section by section:"}],"markDefs":[{"_key":"b9867cb5-839b-41b0-8d2d-103657bcd6cc","_type":"link","href":"https://raw.githubusercontent.com/cilium/cilium/1.13.0/examples/kubernetes/gateway/basic-http.yaml","openInNewTab":true}],"style":"normal"},{"_createdAt":"2024-09-30T12:14:19Z","_id":"b468ba3a-8313-9834-dff9-12481bf61402","_key":"7ff2e47e-ea10-4ff1-ab17-558fe0d2f34c","_ref":"b468ba3a-8313-9834-dff9-12481bf61402","_rev":"OU5lQsExGohDwkAnEcWRTQ","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:48Z","code":"spec:\n gatewayClassName: cilium\n listeners:\n - protocol: HTTP\n port: 80\n name: web-gw\n allowedRoutes:\n namespaces:\n from: Same","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"3b4b25ba-e847-4c29-bf88-a46e6d33c015","_type":"block","children":[{"_key":"fe654155-9fc9-4ea3-9cf2-79c03258df99","_type":"span","marks":[],"text":"First, note in the "},{"_key":"9552bca3-d6ba-458d-ac82-0853ca46d952","_type":"span","marks":["code"],"text":"Gateway"},{"_key":"2026ddb1-e9c3-44c3-813d-77a38d9d83e9","_type":"span","marks":[],"text":" section that the "},{"_key":"88ea11be-b454-4179-858e-96e547a57e97","_type":"span","marks":["code"],"text":"gatewayClassName"},{"_key":"26cecdd0-fe06-49be-9cca-d2dd91569df6","_type":"span","marks":[],"text":" field uses the value "},{"_key":"85aa399c-a572-4594-8045-1ca3625ff1a5","_type":"span","marks":["code"],"text":"cilium"},{"_key":"0764d868-4b17-487f-aae3-b12a6f605df1","_type":"span","marks":[],"text":". This refers to the Cilium "},{"_key":"c64f48a4-baba-4765-9c83-2e389c4cbd00","_type":"span","marks":["code"],"text":"GatewayClass"},{"_key":"27679a24-35fe-4eb4-9cd0-a6bfb926a7d8","_type":"span","marks":[],"text":" previously configured."}],"markDefs":[],"style":"normal"},{"_key":"f14672e0-5ac2-4777-ade3-a2d6e8067095","_type":"block","children":[{"_key":"4b305a1f-4732-41ac-8713-9945a3d0ca6d","_type":"span","marks":[],"text":"The Gateway will listen on port "},{"_key":"d24f3d18-97de-480b-9ae7-b43cff184c64","_type":"span","marks":["code"],"text":"80"},{"_key":"db15eb27-a535-431d-8229-e1d27c8877ab","_type":"span","marks":[],"text":" for HTTP traffic coming southbound into the cluster.The "},{"_key":"658caafb-a687-408f-ae30-dc35c19efa5a","_type":"span","marks":["code"],"text":"allowedRoutes"},{"_key":"962f4247-ac99-46bb-876e-b8cdbdfbd972","_type":"span","marks":[],"text":" is here to specify the namespaces from which Routes may be attached to this Gateway. "},{"_key":"e0706040-7685-46bf-88c7-63942ab540e4","_type":"span","marks":["code"],"text":"Same"},{"_key":"448e6ab0-9cfe-4c23-882b-d0184bb85274","_type":"span","marks":[],"text":" means only Routes in the same namespace may be used by this Gateway."}],"markDefs":[],"style":"normal"},{"_key":"6edc1001-0cdd-4bcc-836c-acad5bcba086","_type":"block","children":[{"_key":"077a2349-d971-4c28-a72b-ff163d4cb4a6","_type":"span","marks":[],"text":"Note that, if we were to use "},{"_key":"eb20b8c0-ceb2-42a2-bab6-ef580ee03b99","_type":"span","marks":["code"],"text":"All"},{"_key":"cd56d37f-7579-4122-b194-802472a61055","_type":"span","marks":[],"text":" instead of "},{"_key":"f0b75545-4f1e-40a5-a8cb-ef8a1992f290","_type":"span","marks":["code"],"text":"Same"},{"_key":"964ee2b1-505a-4978-a4c4-684e1e1b566b","_type":"span","marks":[],"text":", we would enable this gateway to be associated with routes in any namespace and it would enable us to use a single gateway across multiple namespaces that may be managed by different teams."}],"markDefs":[],"style":"normal"},{"_key":"58c64d17-7345-449b-bd0d-6f776431e59d","_type":"block","children":[{"_key":"ce2f310f-93c2-4b88-9d66-fc58fb3f1b5b","_type":"span","marks":[],"text":"We could specify different namespaces in the "},{"_key":"c153c547-b162-416d-bc39-b439f3a5d8c2","_type":"span","marks":["code"],"text":"HTTPRoutes"},{"_key":"aaa54cf7-2867-4f93-b012-0abf7c7e4672","_type":"span","marks":[],"text":" – therefore, for example, you could send the traffic to "},{"_key":"1c7b77eb-1004-4af4-b94a-1edee037eb90","_type":"span","marks":["code"],"text":"https://acme.com/payments"},{"_key":"f809a414-d06a-4880-9302-7b2aeb8ca9b8","_type":"span","marks":[],"text":" in a namespace where a payment app is deployed and "},{"_key":"46ad5c4a-9156-4f3f-845f-13a60fc05954","_type":"span","marks":["code"],"text":"https://acme.com/ads"},{"_key":"1e0e9d3f-d77e-4ea2-b228-da14c8ea8173","_type":"span","marks":[],"text":" in a namespace used by the ads team for their application."}],"markDefs":[],"style":"normal"},{"_key":"008bf8bb-9f85-4697-ad6c-252a74217f58","_type":"block","children":[{"_key":"c4a928ce-f4c9-4ef3-8ec8-7601ea5c41dc","_type":"span","marks":[],"text":"Let's now review the "},{"_key":"7b13373b-f3cb-4a9a-903f-3aeccbd27b97","_type":"span","marks":["code"],"text":"HTTPRoute"},{"_key":"60a30204-3c86-4277-8f48-0d36fe794e27","_type":"span","marks":[],"text":" manifest. "},{"_key":"9550a2d3-200f-43f2-9ff1-2acddc75d522","_type":"span","marks":["code"],"text":"HTTPRoute"},{"_key":"5915b13f-da1d-4317-b840-24543f03fd1a","_type":"span","marks":[],"text":" is a GatewayAPI type for specifiying routing behaviour of HTTP requests from a Gateway listener to a Kubernetes Service."}],"markDefs":[],"style":"normal"},{"_key":"a49aa295-1f66-4b0b-a9e2-fbc4eec5efb1","_type":"block","children":[{"_key":"68905daf-861f-434a-a54a-c3d52ccd8c7c","_type":"span","marks":[],"text":"It is made of Rules to direct the traffic based on your requirements."}],"markDefs":[],"style":"normal"},{"_key":"2fbc1ff4-2048-49c8-9d51-cd33193805bf","_type":"block","children":[{"_key":"b794cacd-a725-423b-b445-3652b668eae1","_type":"span","marks":[],"text":"This first Rule is essentially a simple L7 proxy route: for HTTP traffic with a path starting with "},{"_key":"49424278-32dc-4cae-938e-152022e954f0","_type":"span","marks":["code"],"text":"/details"},{"_key":"893484d8-56ec-4b52-b01d-df1dedf36f75","_type":"span","marks":[],"text":", forward the traffic over to the "},{"_key":"d7571b3b-6b0b-4e1d-965a-804f4f19e04f","_type":"span","marks":["code"],"text":"details"},{"_key":"30f9bdb6-d551-4429-a160-53a7f48eef29","_type":"span","marks":[],"text":" Service over port 9080."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:20Z","_id":"3828fabc-6086-3b23-3e7f-78b0b1003a9e","_key":"c836f23d-2ad3-4f61-b4fd-f17252e29a31","_ref":"3828fabc-6086-3b23-3e7f-78b0b1003a9e","_rev":"be3C7ysj1QqQyrHso4hfEG","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:49Z","code":" rules:\n - matches:\n - path:\n type: PathPrefix\n value: /details\n backendRefs:\n - name: details\n port: 9080","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"8c4b6fc8-a146-410d-a7ec-e3ec11f1b575","_type":"block","children":[{"_key":"ba10e76c-dc56-4bfd-806e-9f46724a92ad","_type":"span","marks":[],"text":"The second rule is similar but it's leveraging different matching criteria.If the HTTP request has:"}],"markDefs":[],"style":"normal"},{"_key":"4d6c492f6603","_type":"block","children":[{"_key":"b51c74cc9f74","_type":"span","marks":[],"text":"a HTTP header with a name set to "},{"_key":"443966d7ed04","_type":"span","marks":["code"],"text":"magic"},{"_key":"0ce0d1cb60b0","_type":"span","marks":[],"text":" with a value of "},{"_key":"377390f24045","_type":"span","marks":["code"],"text":"foo"},{"_key":"49f8b06c2b5f","_type":"span","marks":[],"text":", AND"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"41d2c9f7d8b7","_type":"block","children":[{"_key":"99c58d8f05df","_type":"span","marks":[],"text":"the HTTP method is “GET”, AND"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"446c6fd4e97d","_type":"block","children":[{"_key":"3b0c8bd6c1f7","_type":"span","marks":[],"text":"the HTTP query param is named "},{"_key":"e96dd482a4cd","_type":"span","marks":["code"],"text":"great"},{"_key":"18e2fcc97684","_type":"span","marks":[],"text":" with a value of "},{"_key":"df7e5d54df57","_type":"span","marks":["code"],"text":"example"},{"_key":"51c767ef1436","_type":"span","marks":[],"text":",\nThen the traffic will be sent to the "},{"_key":"96a6d325610c","_type":"span","marks":["code"],"text":"productpage"},{"_key":"6e0bd2d937b4","_type":"span","marks":[],"text":" service over port 9080."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:21Z","_id":"45df830b-1ea8-0340-366e-08101e498afa","_key":"21d5d47a-4b65-4298-9437-de71a1a122a1","_ref":"45df830b-1ea8-0340-366e-08101e498afa","_rev":"P5GVFsWfT1LlxauxUAAE4P","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:50Z","code":"rules:\n - matches:\n - headers:\n - type: Exact\n name: magic\n value: foo\n queryParams:\n - type: Exact\n name: great\n value: example\n path:\n type: PathPrefix\n value: /\n method: GET\n backendRefs:\n - name: productpage\n port: 9080","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"489ea0c3-7ba0-4ca5-ac4e-0ad44b070c13","_type":"block","children":[{"_key":"5809d715-f721-4cd7-854a-a169fae3a13b","_type":"span","marks":[],"text":"As you can see, you can deploy sophisticated L7 traffic rules that are consistent. With Ingress API, annotations were often required to achieve such routing goals and that created inconsistencies from one Ingress controller to another."}],"markDefs":[],"style":"normal"},{"_key":"e2f98785-77a0-4121-9838-232af355d11f","_type":"block","children":[{"_key":"70e27084-86a0-4a0a-af86-5b364ad455e6","_type":"span","marks":[],"text":"One of the benefits of these new APIs is that the Gateway API is essentially split into separate functions – one to describe the Gateway and one for the Routes to the back-end services. By splitting these two functions, it gives operators the ability to change and swap gateways but keep the same routing configuration."}],"markDefs":[],"style":"normal"},{"_key":"d1b1189a-7af4-44de-bd62-94b567e207b6","_type":"block","children":[{"_key":"5448c7a6-0f7f-4afd-b4ac-54f6e5d23370","_type":"span","marks":[],"text":"In other words: if you decide you want to use a different Gateway API controller instead, you will be able to re-use the same manifest."}],"markDefs":[],"style":"normal"},{"_key":"f0d0f8c8-c9a3-4171-8639-0fc013eecf1a","_type":"block","children":[{"_key":"7508c1a9-3935-480d-98ab-aede47e4ab5f","_type":"span","marks":[],"text":"Let's now deploy the Gateway and the HTTPRoute:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:22Z","_id":"3c5ef450-407b-0bb2-0f90-522751426769","_key":"38928a0f-d93b-4312-9fe6-70fba1c72a6c","_ref":"3c5ef450-407b-0bb2-0f90-522751426769","_rev":"OU5lQsExGohDwkAnEcWRz4","_type":"codeBlock","_updatedAt":"2024-09-30T12:14:22Z","code":"kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/1.13.0/examples/kubernetes/gateway/basic-http.yaml","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"485453d5-421b-41db-938d-d1a0c8f0c5c2","_type":"block","children":[{"_key":"051f82bb-b27a-403c-82a0-d2523818f9b3","_type":"span","marks":[],"text":"Let's now look at the Service created by the Gateway:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:24Z","_id":"5c758de7-6d21-6487-a30d-87ecd82eeead","_key":"d4fac3b0-8f03-41d8-a945-5b31ea123678","_ref":"5c758de7-6d21-6487-a30d-87ecd82eeead","_rev":"9px8ir0NfLa6aydsXNUNLi","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:52Z","code":"root@server:~# kubectl get svc cilium-gateway-my-gateway \nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ncilium-gateway-my-gateway LoadBalancer 10.96.1.63 172.18.255.201 80:31033/TCP 12s","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"aac01579-a839-452d-928f-f467c486e4da","_type":"block","children":[{"_key":"2d82bc02-a7c9-41a6-84c9-288c153ed080","_type":"span","marks":[],"text":"You will see a "},{"_key":"a31fa57f-6a1b-48e1-817f-a7e2fa9d86a5","_type":"span","marks":["code"],"text":"LoadBalancer"},{"_key":"d53368ca-506e-4429-b6a9-2d677557a0d7","_type":"span","marks":[],"text":" service named "},{"_key":"75b34efa-d6f5-4ef4-b9cd-894d69f1afe6","_type":"span","marks":["code"],"text":"cilium-gateway-my-gateway"},{"_key":"da28c506-37ca-416f-a8c2-f15ab0e5bce2","_type":"span","marks":[],"text":" which was created for the Gateway API. MetalLB will automatically provision an IP address for it."}],"markDefs":[],"style":"normal"},{"_key":"1e4bcbc8-f721-4538-b284-d66654d1c811","_type":"block","children":[{"_key":"27828d3d-ccac-452f-b821-8a3900eb7360","_type":"span","marks":[],"text":"The same external IP address is also associated to the Gateway:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:25Z","_id":"08b996f1-d1c7-3211-5022-3b9206aa78a1","_key":"a6c7ce82-8d88-44ff-8684-7b14c9abc7c2","_ref":"08b996f1-d1c7-3211-5022-3b9206aa78a1","_rev":"P5GVFsWfT1LlxauxUAADei","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:53Z","code":"root@server:~# kubectl get gateway\nNAME CLASS ADDRESS READY AGE\nmy-gateway cilium 172.18.255.201 True 61s","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"7bcddcc1-6c26-4ad2-8080-d9a1bb7ead30","_type":"block","children":[{"_key":"7fc5f3a1-846d-4053-b5c4-cf87ad99b637","_type":"span","marks":[],"text":"Let's retrieve this IP address:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:26Z","_id":"5511c53f-867c-9423-4ac7-29bb172b74f0","_key":"5e01272c-69dc-40fc-bd39-e1a1e9b20b92","_ref":"5511c53f-867c-9423-4ac7-29bb172b74f0","_rev":"P5GVFsWfT1LlxauxUAADkQ","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:54Z","code":"root@server:~# GATEWAY=$(kubectl get gateway my-gateway -o jsonpath='{.status.addresses[0].value}')\necho $GATEWAY\n172.18.255.201","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"06d7a1b5-c650-40bf-81eb-d410d2868a56","_type":"block","children":[{"_key":"07f0672a-2d77-49de-9b2a-343ea6221057","_type":"span","marks":[],"text":"HTTP Path matching"}],"markDefs":[],"style":"h3"},{"_key":"1a051de9-7f8c-4c72-8294-15f0ec957a29","_type":"block","children":[{"_key":"4e26ed96-eb28-4a9e-98a3-645beebd9798","_type":"span","marks":[],"text":"Let's now check that traffic based on the URL path is proxied by the Gateway API."}],"markDefs":[],"style":"normal"},{"_key":"c21a1d21-d1f7-4f0e-9b01-d618099f108d","_type":"block","children":[{"_key":"ea847cfb-6bc0-4adf-81f9-a5fb18e31043","_type":"span","marks":[],"text":"Because of the path starts with "},{"_key":"4e598430-c500-4472-9901-1e4c0f663cb0","_type":"span","marks":["code"],"text":"/details"},{"_key":"5eb049cf-f125-41fd-9bdb-bde449d5f285","_type":"span","marks":[],"text":", this traffic will match the first rule and will be proxied to the "},{"_key":"895731b9-9583-41e9-a1eb-2698e05359f0","_type":"span","marks":["code"],"text":"details"},{"_key":"e47fab15-cc49-409c-9910-17fc1035a68e","_type":"span","marks":[],"text":" Service over port 9080. The "},{"_key":"529d5c6f-fd90-4ea1-85a3-8b17fbdf2f43","_type":"span","marks":["code"],"text":"curl"},{"_key":"0a9dd58d-4320-4236-9de3-cf3b96a75615","_type":"span","marks":[],"text":" request is successful:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:27Z","_id":"ee131999-50ca-0c21-109b-f82fc09dbb0a","_key":"4e0f64eb-6b7a-47d1-ac8d-8572c6f4053e","_ref":"ee131999-50ca-0c21-109b-f82fc09dbb0a","_rev":"P5GVFsWfT1LlxauxUAADq8","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:55Z","code":"root@server:~# curl --fail -s http://$GATEWAY/details/1 | jq\n{\n \"id\": 1,\n \"author\": \"William Shakespeare\",\n \"year\": 1595,\n \"type\": \"paperback\",\n \"pages\": 200,\n \"publisher\": \"PublisherA\",\n \"language\": \"English\",\n \"ISBN-10\": \"1234567890\",\n \"ISBN-13\": \"123-1234567890\"\n}","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"b0cb7c81-a605-4d4a-8371-1d8e72af47cf","_type":"block","children":[{"_key":"22c94a27-e0d7-41c6-bb71-be39ef31fc0b","_type":"span","marks":[],"text":"If you enable Hubble (either during the Cilium installation or later on with "},{"_key":"e0cdd511-7248-42c4-b900-939141167079","_type":"span","marks":["code"],"text":"cilium hubble enable"},{"_key":"921e43b0-5707-4a64-8268-defdea7a8274","_type":"span","marks":[],"text":"), you can track the flows of this particular HTTP transaction. Note how you can filter flows based on the HTTP Path."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:28Z","_id":"d0bd1264-1fc6-d29f-d8d6-1a8e7dcb5784","_key":"c51461ab-07e0-4b70-b8fe-728267a3c913","_ref":"d0bd1264-1fc6-d29f-d8d6-1a8e7dcb5784","_rev":"be3C7ysj1QqQyrHso4hiH1","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:56Z","code":"root@server:~# hubble observe --http-path \"/details\"\nMar 15 10:37:23.000: 172.18.0.1:44128 (world) -> default/cilium-gateway-my-gateway:80 (world) http-request FORWARDED (HTTP/1.1 GET http://172.18.255.201/details/1)\nMar 15 10:37:23.002: 172.18.0.1:44128 (world) <- default/cilium-gateway-my-gateway:80 (world) http-response FORWARDED (HTTP/1.1 200 2ms (GET http://172.18.255.201/details/1))","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"ce4ff729-9fce-499d-81ff-b690379f1aed","_type":"block","children":[{"_key":"1990df65-b362-4132-8230-5605215c3c7f","_type":"span","marks":[],"text":"HTTP Header Matching"}],"markDefs":[],"style":"h3"},{"_key":"8ad96b8f-cc03-4410-a9a0-e24e8febdbe9","_type":"block","children":[{"_key":"3532cc32-6c1c-47d5-816d-3c3c9490f8c3","_type":"span","marks":[],"text":"This time, we will route traffic based on HTTP parameters like header values, method and query parameters."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:21Z","_id":"45df830b-1ea8-0340-366e-08101e498afa","_key":"8583ff16-5d07-4081-a3b7-f424348182b8","_ref":"45df830b-1ea8-0340-366e-08101e498afa","_rev":"P5GVFsWfT1LlxauxUAAE4P","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:50Z","code":"rules:\n - matches:\n - headers:\n - type: Exact\n name: magic\n value: foo\n queryParams:\n - type: Exact\n name: great\n value: example\n path:\n type: PathPrefix\n value: /\n method: GET\n backendRefs:\n - name: productpage\n port: 9080","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"270a13c2-d4a7-4bdb-a15c-00c98ab10a86","_type":"block","children":[{"_key":"a130c564-13bc-4326-a884-7207344bd954","_type":"span","marks":[],"text":"With "},{"_key":"874b1db0-e22e-428d-ba7e-5f049950e782","_type":"span","marks":["code"],"text":"curl"},{"_key":"4eadb039-3243-4dd8-8e88-155715ae714c","_type":"span","marks":[],"text":", we can specify the headers values and query parameters to match this particular rule above:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:29Z","_id":"e9a5bbbc-7895-496e-4ac1-05a068b2f758","_key":"f3adb096-320f-42e9-b7ca-faf7c0cad43d","_ref":"e9a5bbbc-7895-496e-4ac1-05a068b2f758","_rev":"9px8ir0NfLa6aydsXNUNRw","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:58Z","code":"root@server:~# curl -v -H 'magic: foo' http://\"$GATEWAY\"\\?great\\=example\n* Trying 172.18.255.201:80...\n* Connected to 172.18.255.201 (172.18.255.201) port 80 (#0)\n> GET /?great=example HTTP/1.1\n> Host: 172.18.255.201\n> User-Agent: curl/7.81.0\n> Accept: */*\n> magic: foo\n> \n* Mark bundle as not supporting multiuse\n< HTTP/1.1 200 OK\n[Output truncated for brevity]","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"13fbdfde-a447-433b-b36c-b0fd9cbbf782","_type":"block","children":[{"_key":"dcb48823-92b3-46cf-ae8d-529906ae566b","_type":"span","marks":[],"text":"The "},{"_key":"e8289130-0171-4cd1-b1ab-7b96f77c692a","_type":"span","marks":["code"],"text":"curl"},{"_key":"7c7836cf-d03b-44b4-b374-f3372557cdf6","_type":"span","marks":[],"text":" query is successful and returns a successful "},{"_key":"d37eb4c9-62b8-44ce-be7f-d4f48a3924ba","_type":"span","marks":["code"],"text":"200"},{"_key":"f8bc28ff-3752-4a9f-a592-6d7dc3a58d33","_type":"span","marks":[],"text":" code and a verbose HTML reply."}],"markDefs":[],"style":"normal"},{"_key":"3d69788a-184f-4940-9468-6f86c07e8ad1","_type":"block","children":[{"_key":"3c9e92b9-ea43-4a4c-bb6f-5097e10ea5d9","_type":"span","marks":[],"text":"Likewise, Hubble lets you visualize and filter traffic based on some HTTP values, such as the method ("},{"_key":"b2820e47-4320-47fc-a888-e59356338550","_type":"span","marks":["code"],"text":"GET"},{"_key":"fcc1acf3-b69f-469c-a3b1-7427b7f58220","_type":"span","marks":[],"text":", "},{"_key":"7e06baa8-2e50-413e-b2b5-a437c541131b","_type":"span","marks":["code"],"text":"POST"},{"_key":"015e39ac-3795-4f12-8f43-ef9cb6bfe62e","_type":"span","marks":[],"text":", etc...) or the status code ("},{"_key":"8c44ef81-db1e-413f-81f4-8d2391428bcf","_type":"span","marks":["code"],"text":"200"},{"_key":"7d83c390-dee9-4e9d-803f-27dc15764d5c","_type":"span","marks":[],"text":", "},{"_key":"38642c3b-baf8-40a3-b89a-41b56de3e5b1","_type":"span","marks":["code"],"text":"404"},{"_key":"acb0e688-96f6-47c1-bf97-517a79f9a048","_type":"span","marks":[],"text":", etc...):"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:30Z","_id":"8f28f586-97a7-9d3c-85cf-d437aac95f34","_key":"08b8547d-1bcb-4766-9d28-24fa214be61a","_ref":"8f28f586-97a7-9d3c-85cf-d437aac95f34","_rev":"be3C7ysj1QqQyrHso4hoQY","_type":"codeBlock","_updatedAt":"2024-10-01T11:03:59Z","code":"root@server:~# hubble observe --http-method GET\nMar 15 10:51:46.364: 172.18.0.1:44134 (world) -> default/cilium-gateway-my-gateway:80 (world) http-request FORWARDED (HTTP/1.1 GET http://172.18.255.201/?great=example)\nMar 15 10:51:46.374: 172.18.0.1:44134 (world) <- default/cilium-gateway-my-gateway:80 (world) http-response FORWARDED (HTTP/1.1 200 10ms (GET http://172.18.255.201/?great=example))\n\nroot@server:~# hubble observe --http-status 200\nMar 15 10:51:46.374: 172.18.0.1:44134 (world) <- default/cilium-gateway-my-gateway:80 (world) http-response FORWARDED (HTTP/1.1 200 10ms (GET http://172.18.255.201/?great=example))","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"a754165a-0ea0-462f-bda7-ce0469bed164","_type":"block","children":[{"_key":"f61ce3dc-0676-4521-ad02-787df5771bb3","_type":"span","marks":[],"text":"TLS Termination"}],"markDefs":[],"style":"h2"},{"_key":"990f0ced-03bf-413e-a9a2-78009fcd762e","_type":"block","children":[{"_key":"cb502c7c-5f75-448f-a758-9a0c1a51dfb6","_type":"span","marks":[],"text":"While routing HTTP traffic was easy to understand, secure workloads will require the use of HTTPS and TLS certificates. Let's start this walkthrough with first deploying the certificate. "}],"markDefs":[],"style":"normal"},{"_key":"0fabf9e2-059f-4c73-8af5-44d7cbbc45c4","_type":"block","children":[{"_key":"84c769aa-5c76-4ff3-b85c-06d84289fbb8","_type":"span","marks":[],"text":"For demonstration purposes we will use a TLS certificate signed by a made-up, self-signed certificate authority (CA). One easy way to do this is with "},{"_key":"7f55f31c-a256-4af6-9bf9-be2a16f3b1d5","_type":"span","marks":["c3694b37-94a2-48c0-a275-701669fe8e43"],"text":"mkcert"},{"_key":"c45361fe-0252-4be7-9755-b9417e9d7dde","_type":"span","marks":[],"text":"."}],"markDefs":[{"_key":"c3694b37-94a2-48c0-a275-701669fe8e43","_type":"link","href":"https://github.com/FiloSottile/mkcert","openInNewTab":true}],"style":"normal"},{"_key":"6c9675ca-7688-497e-929d-052433a50514","_type":"block","children":[{"_key":"8ea86ce8-9822-4d85-b681-2dfcee89f545","_type":"span","marks":[],"text":"First, let's create a certificate that will validate "},{"_key":"5cd1c441-7234-4cd1-84da-253dc8d4f6d8","_type":"span","marks":["code"],"text":"bookinfo.cilium.rocks"},{"_key":"6a9c9887-933b-4b64-a717-c745e4f36863","_type":"span","marks":[],"text":" and "},{"_key":"df7ac573-b581-4517-bf03-0eace42c455d","_type":"span","marks":["code"],"text":"hipstershop.cilium.rocks"},{"_key":"4756b475-537a-4830-b59a-6806c8df6172","_type":"span","marks":[],"text":", as these are the host names used in this Gateway example:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:32Z","_id":"96377f21-6c85-2df0-1a13-074cf09babf3","_key":"d6fd532d-045a-4b73-bdc8-b394c5addc76","_ref":"96377f21-6c85-2df0-1a13-074cf09babf3","_rev":"OU5lQsExGohDwkAnEcWSfG","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:00Z","code":"root@server:~# mkcert '*.cilium.rocks'\nCreated a new local CA 💥\nNote: the local CA is not installed in the system trust store.\nRun \"mkcert -install\" for certificates to be trusted automatically ⚠️\n\nCreated a new certificate valid for the following names 📜\n - \"*.cilium.rocks\"\n\nReminder: X.509 wildcards only go one level deep, so this won't match a.b.cilium.rocks ℹ️\n\nThe certificate is at \"./_wildcard.cilium.rocks.pem\" and the key at \"./_wildcard.cilium.rocks-key.pem\" ✅\n\nIt will expire on 9 June 2025 🗓","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"505a2569-2c49-4b3d-aeaa-44d7fd39633e","_type":"block","children":[{"_key":"bf98e856-c535-4d44-bbee-50b3db2ed4cb","_type":"span","marks":[],"text":"Mkcert created a key ("},{"_key":"2ecba70b-6802-4e26-8c9f-7025b942d44f","_type":"span","marks":["code"],"text":"_wildcard.cilium.rocks-key.pem"},{"_key":"861c4c6e-f308-43bd-afe6-30596d8d5fd2","_type":"span","marks":[],"text":") and a certificate ("},{"_key":"58c3c704-642c-4fd1-abff-bc998c9a6879","_type":"span","marks":["code"],"text":"_wildcard.cilium.rocks.pem"},{"_key":"12f064e9-1cfd-499c-97ad-8a3e67364303","_type":"span","marks":[],"text":") that we will use for the Gateway service."}],"markDefs":[],"style":"normal"},{"_key":"01ca828f-f57c-44f6-8607-f24516256d86","_type":"block","children":[{"_key":"0857c4a9-9fb7-4198-b9b6-b750ce662e03","_type":"span","marks":[],"text":"Let's now create a Kubernetes TLS secret with this key and certificate:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:33Z","_id":"b49cdd9d-a6aa-a0bf-3739-2dc539dedde8","_key":"a21cdedc-29a0-408e-a452-d28d55fc9b34","_ref":"b49cdd9d-a6aa-a0bf-3739-2dc539dedde8","_rev":"9px8ir0NfLa6aydsXNUNYA","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:02Z","code":"root@server:~# kubectl create secret tls demo-cert --key=_wildcard.cilium.rocks-key.pem --cert=_wildcard.cilium.rocks.pem\nsecret/demo-cert created","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"b8c7725a-bdbd-4081-9347-ee79021276dd","_type":"block","children":[{"_key":"d6784f1b-334f-4cb5-8372-cfc16fd4bd78","_type":"span","marks":[],"text":"We can now deploy another Gateway for HTTPS Traffic:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:34Z","_id":"d0da5e65-f224-87ad-7f63-970c9767b92a","_key":"b7adbf4e-dd34-4cb5-9240-db54ee5ba920","_ref":"d0da5e65-f224-87ad-7f63-970c9767b92a","_rev":"be3C7ysj1QqQyrHso4hocb","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:03Z","code":"root@server:~# kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/1.13.0/examples/kubernetes/gateway/basic-https.yaml\ngateway.gateway.networking.k8s.io/tls-gateway created\nhttproute.gateway.networking.k8s.io/https-app-route-1 created\nhttproute.gateway.networking.k8s.io/https-app-route-2 created","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"0b19341d-2334-4521-afca-e6e3049713c6","_type":"block","children":[{"_key":"2a98fa1d-b2e7-4278-825c-b02371f1b3e0","_type":"span","marks":[],"text":"Let's review the configuration. It is almost identical to the one we reviewed previously. Just notice the following in the Gateway manifest:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:35Z","_id":"0df6dd78-421a-c07a-58ab-e4decfdd9d49","_key":"ce3d1703-a6e6-403b-bd03-08274b0b2986","_ref":"0df6dd78-421a-c07a-58ab-e4decfdd9d49","_rev":"P5GVFsWfT1LlxauxUAAERF","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:04Z","code":"spec:\n gatewayClassName: cilium\n listeners:\n - name: https-1\n protocol: HTTPS\n port: 443\n hostname: \"bookinfo.cilium.rocks\"\n tls:\n certificateRefs:\n - kind: Secret\n name: demo-cert","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"8385220e-8bc8-4b68-bca5-e5e93842011e","_type":"block","children":[{"_key":"1cff789f-6c95-49a8-a1a7-c400c341bc3c","_type":"span","marks":[],"text":"And the following in the HTTPRoute manifest:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:36Z","_id":"a0700c27-0e65-cfb7-e9bd-267dbece7155","_key":"61793a75-34d5-40ee-938f-089ca2cf87b8","_ref":"a0700c27-0e65-cfb7-e9bd-267dbece7155","_rev":"be3C7ysj1QqQyrHso4hokd","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:05Z","code":"spec:\n parentRefs:\n - name: tls-gateway\n hostnames:\n - \"bookinfo.cilium.rocks\"","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"4bd782fd-4dee-4446-8d71-ccf08d87b92d","_type":"block","children":[{"_key":"6237d1c8-5dba-4a66-8742-943d3ea7d943","_type":"span","marks":[],"text":"The HTTPS Gateway API examples build up on what was done in the HTTP example and adds TLS termination for two HTTP routes:"}],"markDefs":[],"style":"normal"},{"_key":"005e9d477174","_type":"block","children":[{"_key":"0a0cebaee6b6","_type":"span","marks":[],"text":"the "},{"_key":"c2cfaf1fef37","_type":"span","marks":["code"],"text":"/details"},{"_key":"557d1e11f17d","_type":"span","marks":[],"text":" prefix will be routed to the "},{"_key":"acfc6f75600d","_type":"span","marks":["code"],"text":"details"},{"_key":"a94bd6b48ee2","_type":"span","marks":[],"text":" HTTP service deployed earlier"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"3170aaa75289","_type":"block","children":[{"_key":"e0a572f8fa24","_type":"span","marks":[],"text":"the "},{"_key":"136d5e3d7ea3","_type":"span","marks":["code"],"text":"/"},{"_key":"054d75d9bb73","_type":"span","marks":[],"text":" prefix will be routed to the "},{"_key":"93828f4193a5","_type":"span","marks":["code"],"text":"productpage"},{"_key":"6766b3a4b96b","_type":"span","marks":[],"text":" HTTP service deployed earlier"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"84bd877657aa","_type":"block","children":[{"_key":"bb4c981e2794","_type":"span","marks":[],"text":"These services will be secured via TLS and accessible on two domain names:"}],"markDefs":[],"style":"normal"},{"_key":"2172b5335e0f","_type":"block","children":[{"_key":"8cc17d495006","_type":"span","marks":["code"],"text":"bookinfo.cilium.rocks"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"e0426002f13c","_type":"block","children":[{"_key":"bcc1b15cd710","_type":"span","marks":["code"],"text":"hipstershop.cilium.rocks"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"fe85a02a-d985-4eaa-9a9a-efc727b579cc","_type":"block","children":[{"_key":"80157765-fcb0-4622-a7bb-87010e89803b","_type":"span","marks":[],"text":"In our example, the Gateway serves the TLS certificate defined in the "},{"_key":"b2474c42-787f-40ad-b405-9b084c350ea1","_type":"span","marks":["code"],"text":"demo-cert"},{"_key":"edc2aa59-1ecc-4fb5-bd77-5bd3872d055d","_type":"span","marks":[],"text":" Secret resource for all requests to "},{"_key":"99c5a117-d137-4930-80e6-6c3194f0b85c","_type":"span","marks":["code"],"text":"bookinfo.cilium.rocks"},{"_key":"0c80bdbf-d06e-4d14-8d83-84f465f45513","_type":"span","marks":[],"text":" and to "},{"_key":"1980ddf6-20bb-4dbb-a404-0e32964eb3e6","_type":"span","marks":["code"],"text":"hipstershop.cilium.rocks"},{"_key":"24ef31af-dc6a-4442-a546-5913d627a35a","_type":"span","marks":[],"text":"."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T17:00:37Z","_id":"1c0ee524-1e09-3524-8f7e-bb6fbb8446b6","_key":"97af3008-c348-468f-b0cc-f1413555f8b8","_ref":"1c0ee524-1e09-3524-8f7e-bb6fbb8446b6","_rev":"be3C7ysj1QqQyrHsnyQJZa","_type":"mediaImage","_updatedAt":"2024-09-30T17:00:37Z","alignment":"center","image":{"_type":"image","asset":{"_ref":"image-ffc90a5cb6a65b3400b529c4fec3f626bee4db00-2794x1176-png","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"languages":["en"],"originalFilename":"EpGoMfJD4wboqSTk8tvMk1","size":"large","title":"EpGoMfJD4wboqSTk8tvMk1 - \"A Deep Dive into Cilium Gateway API: The Future of Ingress Traffic Routing\" Image","url":"https://cdn.sanity.io/images/xinsvxfu/production/ffc90a5cb6a65b3400b529c4fec3f626bee4db00-2794x1176.png"},{"_key":"2a7a2340-c773-48e4-bcef-47875f17fc98","_type":"block","children":[{"_key":"9dc51960-95c6-4daa-868e-85bc9828f1c1","_type":"span","marks":[],"text":"After the deployment, the Gateway will pick up and IP address from MetalLB:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:37Z","_id":"1fbd812e-63c1-5e37-54dd-ecead33cd6eb","_key":"64828808-f83f-4b3f-bd11-02454ce92ec2","_ref":"1fbd812e-63c1-5e37-54dd-ecead33cd6eb","_rev":"9px8ir0NfLa6aydsXNUNkc","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:06Z","code":"root@server:~# kubectl get gateway tls-gateway\nNAME CLASS ADDRESS READY AGE\ntls-gateway cilium 172.18.255.202 True 33s\nroot@server:~# \nroot@server:~# GATEWAY_IP=$(kubectl get gateway tls-gateway -o jsonpath='{.status.addresses[0].value}')\necho $GATEWAY_IP\n172.18.255.202","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"4b74bab6-d4d6-4106-a7a3-acdf7216fd32","_type":"block","children":[{"_key":"6e0124e8-3cf3-44ef-9991-af435297eeb1","_type":"span","marks":[],"text":"In this Gateway configuration, the host names "},{"_key":"bfad6632-f857-4f32-b327-ac6d1ef73e75","_type":"span","marks":["code"],"text":"hipstershop.cilium.rocks"},{"_key":"2bfaea3e-9103-4239-8075-2b42631f6c26","_type":"span","marks":[],"text":" and "},{"_key":"6f8ecfba-606e-459e-9585-19ce1ee7e262","_type":"span","marks":["code"],"text":"bookinfo.cilium.rocks"},{"_key":"748e15c9-7f09-4ddf-b241-b5ee56ce080d","_type":"span","marks":[],"text":" are specified in the path routing rules."}],"markDefs":[],"style":"normal"},{"_key":"cd169c5e-0a9b-47c2-a7b9-28c395530aef","_type":"block","children":[{"_key":"39e83051-8cb6-4048-8010-ec8a7646c269","_type":"span","marks":[],"text":"Since we do not have DNS entries for these names, we will modify the "},{"_key":"f96955c7-d8c6-4e50-9d3f-6a2b4834cd14","_type":"span","marks":["code"],"text":"/etc/hosts"},{"_key":"f368eec9-9618-4f5d-bec7-c09e47de9d9c","_type":"span","marks":[],"text":" file on the host to manually associate these names to the known Gateway IP we retrieved."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:38Z","_id":"e75a5fa4-acc3-297b-963e-14758910e727","_key":"a31f7458-d7b4-4aa7-8e0f-843576cb4f37","_ref":"e75a5fa4-acc3-297b-963e-14758910e727","_rev":"9px8ir0NfLa6aydsXNUNqq","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:07Z","code":"root@server:~# cat << EOF >> /etc/hosts\n${GATEWAY_IP} bookinfo.cilium.rocks\n${GATEWAY_IP} hipstershop.cilium.rocks\nEOF\nroot@server:~# tail -n 2 /etc/hosts \n172.18.255.202 bookinfo.cilium.rocks\n172.18.255.202 hipstershop.cilium.rocks","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"2eebf444-cf2e-4517-9a85-476ee19e42f6","_type":"block","children":[{"_key":"f4aca55b-e6be-4deb-9e5c-4aa0db8c6028","_type":"span","marks":[],"text":"Requests to these names will now be directed to the Gateway."}],"markDefs":[],"style":"normal"},{"_key":"78ebdd14-9322-4fb4-9d8e-d9f82e08f5f2","_type":"block","children":[{"_key":"34eb3e5e-b614-4a97-87aa-4927651c21c5","_type":"span","marks":[],"text":"Let's install the Mkcert CA into your system so cURL can trust it:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:39Z","_id":"5ac8a3c6-7482-e174-107c-480f8d037412","_key":"0f755da7-6fb3-4235-987d-db243713498d","_ref":"5ac8a3c6-7482-e174-107c-480f8d037412","_rev":"P5GVFsWfT1LlxauxUAAEcf","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:08Z","code":"root@server:~# mkcert -install\nThe local CA is now installed in the system trust store! ⚡️","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"c2df5752-0120-426b-aca9-dcd1be2bd6a0","_type":"block","children":[{"_key":"eecfb6cb-14f1-458c-b4ab-1a4bcb87a292","_type":"span","marks":[],"text":"Let's now make a HTTPS request to the Gateway:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:40Z","_id":"ab330323-6d17-ce7a-cc81-c2fe1275658d","_key":"e5395eb5-875e-4bb6-8111-72414ad5f02b","_ref":"ab330323-6d17-ce7a-cc81-c2fe1275658d","_rev":"9px8ir0NfLa6aydsXNUO3I","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:09Z","code":"root@server:~# curl -s https://bookinfo.cilium.rocks/details/1 | jq\n{\n \"id\": 1,\n \"author\": \"William Shakespeare\",\n \"year\": 1595,\n \"type\": \"paperback\",\n \"pages\": 200,\n \"publisher\": \"PublisherA\",\n \"language\": \"English\",\n \"ISBN-10\": \"1234567890\",\n \"ISBN-13\": \"123-1234567890\"\n}","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"53470671-6e0c-4acf-ac50-a9dc6bf1a51c","_type":"block","children":[{"_key":"6cd81991-18bf-4a23-8849-a0bc9ddf5c8f","_type":"span","marks":[],"text":"The data was be properly retrieved, using HTTPS (and thus, the TLS handshake was properly achieved)."}],"markDefs":[],"style":"normal"},{"_key":"cef9aa4b-d004-4bab-92c1-0a15f7e32003","_type":"block","children":[{"_key":"d5a797d6-fc68-424d-87d0-0fad9b9eacf9","_type":"span","marks":[],"text":"Traffic Splitting"}],"markDefs":[],"style":"h2"},{"_key":"c80312bc-5565-44a4-b71b-b28bb6bf31d1","_type":"block","children":[{"_key":"bb1cc1ef-78a5-4f10-afbc-43e690e9b2f3","_type":"span","marks":[],"text":"For this particular use case, we're going to use Gateway API to load-balance incoming traffic to different backends, with different weights associated. "}],"markDefs":[],"style":"normal"},{"_key":"03b41f39-2c3b-462a-a5a1-a40ff9ff78e9","_type":"block","children":[{"_key":"ee659e0b-4f18-4171-b282-4778ada4bf56","_type":"span","marks":[],"text":"We will use a deployment made of echo servers - they will reply to our "},{"_key":"d94700a1-1e32-4aef-9aa5-1c45b385c085","_type":"span","marks":["code"],"text":"curl"},{"_key":"ef85c8fd-f986-43d3-83ed-8e490c445aaa","_type":"span","marks":[],"text":" queries with the pod name and the node name."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:41Z","_id":"ba8e4ca0-3368-bc69-fb87-2267c232aaba","_key":"9b2825c0-135b-4ad4-8594-fdcb1558ecee","_ref":"ba8e4ca0-3368-bc69-fb87-2267c232aaba","_rev":"OU5lQsExGohDwkAnEcWbFx","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:10Z","code":"root@server:~# kubectl apply -f https://raw.githubusercontent.com/nvibert/gateway-api-traffic-splitting/main/echo-servers.yml\nservice/echo-1 created\ndeployment.apps/echo-1 created\nservice/echo-2 created\ndeployment.apps/echo-2 created","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"90e5733f-c380-4f55-8b9f-dc18dcc9cb2f","_type":"block","children":[{"_key":"925ec9ba-6cfc-45a8-87a7-e7e17df397c4","_type":"span","marks":[],"text":"Let's now deploy the Gateway and the HTTPRoute:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:42Z","_id":"2577b97b-dab6-b96d-c832-87de63af1032","_key":"977a802f-468a-4db5-9f2a-354ffec00cb8","_ref":"2577b97b-dab6-b96d-c832-87de63af1032","_rev":"OU5lQsExGohDwkAnEcWbb3","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:11Z","code":"root@server:~# kubectl apply -f gateway.yaml\nkubectl apply -f http-route.yaml\ngateway.gateway.networking.k8s.io/cilium-gw created\nhttproute.gateway.networking.k8s.io/example-route-1 created\nroot@server:~# kubectl apply -f https://raw.githubusercontent.com/nvibert/gateway-api-traffic-splitting/main/gateway.yaml\ngateway.gateway.networking.k8s.io/my-example-gateway created\nroot@server:~# \nroot@server:~# \nroot@server:~# kubectl apply -f https://raw.githubusercontent.com/nvibert/gateway-api-traffic-splitting/main/httpRoute.ymlhttproute.gateway.networking.k8s.io/example-route-1 configured","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"254a91cd-3a81-4d5f-9acf-3a5bd0e15580","_type":"block","children":[{"_key":"0e7a25a4-daec-4804-8871-0f13c7e5b257","_type":"span","marks":[],"text":"The "},{"_key":"3407b35f-e02f-406b-9784-28bd5c9abe1b","_type":"span","marks":["code"],"text":"HTTPRoute"},{"_key":"a558f05f-c4a8-4950-bb92-e0bde212a098","_type":"span","marks":[],"text":" Rules includes two different backendRefs and weights associated with them"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:43Z","_id":"49a12a27-34cc-cd32-0c8a-f6f6735e14d5","_key":"15bb741b-8497-40a6-8ec3-05ea1c2df857","_ref":"49a12a27-34cc-cd32-0c8a-f6f6735e14d5","_rev":"P5GVFsWfT1LlxauxUAAElE","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:12Z","code":" backendRefs:\n - kind: Service\n name: echo-1\n port: 8080\n weight: 50\n - kind: Service\n name: echo-2\n port: 8090\n weight: 50","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"b93fae05-1f4d-4425-94ab-7bd411cea001","_type":"block","children":[{"_key":"fcc3db70-022a-4e8d-87c9-c5eefe5a154c","_type":"span","marks":[],"text":"Access is successful and as described above, we get, in the reply, the pod name and the node name:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:44Z","_id":"35ca5a52-1d11-979d-6f40-708092943789","_key":"68714b1c-79fd-4000-9cb1-9cf603593345","_ref":"35ca5a52-1d11-979d-6f40-708092943789","_rev":"be3C7ysj1QqQyrHso4hvkN","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:13Z","code":"root@server:~# GATEWAY=$(kubectl get gateway cilium-gw -o jsonpath='{.status.addresses[0].value}')\necho $GATEWAY\n172.18.255.200\nroot@server:~# \nroot@server:~# \nroot@server:~# curl --fail -s http://$GATEWAY/echo\n\n\nHostname: echo-1-7d88f779b-trmzt\n\nPod Information:\n node name: kind-worker\n pod name: echo-1-7d88f779b-trmzt\n pod namespace: default\n pod IP: 10.0.2.228\n\nServer values:\n server_version=nginx: 1.12.2 - lua: 10010\n\nRequest Information:\n client_address=10.0.1.231\n method=GET\n real path=/echo\n query=\n request_version=1.1\n request_scheme=http\n request_uri=http://172.18.255.200:8080/echo\n\nRequest Headers:\n accept=*/* \n host=172.18.255.200 \n user-agent=curl/7.81.0 \n x-forwarded-proto=http \n x-request-id=d035c99d-cd5d-45ce-9eff-3fcf614ebdcc \n\nRequest Body:\n -no body in request-","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"9d43726e-e631-4c10-add6-7544dab727f9","_type":"block","children":[{"_key":"852e3530-8029-4079-9c05-4eeea93f46a7","_type":"span","marks":[],"text":"When repeating the curl, the traffic is split roughly between two services. To verify, we can run a loop and count how the replies are spread:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:45Z","_id":"12ac2316-e522-b256-34c8-815489839438","_key":"744661d6-e7f7-4643-a71c-105407689298","_ref":"12ac2316-e522-b256-34c8-815489839438","_rev":"be3C7ysj1QqQyrHso4hvsP","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:14Z","code":"root@server:~# while true; do curl -s -k \"http://$GATEWAY/echo\" >> curlresponses.txt ;done\n^C\nroot@server:~# cat curlresponses.txt| grep -c \"Hostname: echo-1\"\n2536\nroot@server:~# cat curlresponses.txt| grep -c \"Hostname: echo-2\"\n2486","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"c59b88dd-b725-4467-9e04-bf81926dd71c","_type":"block","children":[{"_key":"0b9fe7ec-9f40-4e83-8f68-4dd4d4ce5e8d","_type":"span","marks":[],"text":"Update the "},{"_key":"5dda315a-5aee-459f-8824-56e1ba668734","_type":"span","marks":["code"],"text":"HTTPRoute"},{"_key":"4e9a11be-7276-4189-be27-e98c8e23cca3","_type":"span","marks":[],"text":" weights (either by updating the value in the original manifest before reapplying it or by using "},{"_key":"3cf193d4-746f-4056-ac0a-c5525e079054","_type":"span","marks":["code"],"text":"kubectl edit httproute"},{"_key":"0b987d26-2831-48e5-afe1-cc6c826f7604","_type":"span","marks":[],"text":") to, for example, 99 for "},{"_key":"1756bbab-3994-4fab-b4d7-befd8753f2c3","_type":"span","marks":["code"],"text":"echo-1"},{"_key":"5c9555c8-1c1b-42ac-86fc-b51e36924d54","_type":"span","marks":[],"text":" and 1 for "},{"_key":"7ca8b420-6dbf-47c2-b18f-d8ad063078e5","_type":"span","marks":["code"],"text":"echo-2"},{"_key":"5b51e61c-4ed8-41cf-953f-6134522a2a79","_type":"span","marks":[],"text":":"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T17:01:04Z","_id":"49b2bd13-a51e-f28a-7cff-646016834ab0","_key":"1f727f1d-72ae-4ef1-998b-128032f835d3","_ref":"49b2bd13-a51e-f28a-7cff-646016834ab0","_rev":"P5GVFsWfT1LlxauxU5pb27","_type":"mediaImage","_updatedAt":"2024-09-30T17:01:04Z","alignment":"center","image":{"_type":"image","asset":{"_ref":"image-dc0e9bb9b0e954555ac78cf171334f0a58e707bf-2352x768-png","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"languages":["en"],"originalFilename":"Vab1w77E6UpGuyga2Rt6Cd","size":"large","title":"Vab1w77E6UpGuyga2Rt6Cd - \"Tutorial: Getting Started with the Cilium Gateway API\" Image","url":"https://cdn.sanity.io/images/xinsvxfu/production/dc0e9bb9b0e954555ac78cf171334f0a58e707bf-2352x768.png"},{"_key":"ad55009f-f7e5-4556-9149-8b5a9f2d17ce","_type":"block","children":[{"_key":"6cce9cc3-5d03-4bd4-a9ec-49b2f0ed631f","_type":"span","marks":[],"text":"Running the same loop validates that traffic is split based on the new weights:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:46Z","_id":"8765d230-6f05-f167-9d44-4be42f7243ee","_key":"cd84bfce-c9ee-49e2-bec7-7d7ce35fdd82","_ref":"8765d230-6f05-f167-9d44-4be42f7243ee","_rev":"OU5lQsExGohDwkAnEcWcBy","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:15Z","code":"root@server:~# kubectl describe httproutes.gateway.networking.k8s.io | grep -A 10 Rules\n Rules:\n Backend Refs:\n Group: \n Kind: Service\n Name: echo-1\n Port: 8080\n Weight: 99\n Group: \n Kind: Service\n Name: echo-2\n Port: 8090\nroot@server:~# kubectl describe httproutes.gateway.networking.k8s.io | grep -A 11 Rules\n Rules:\n Backend Refs:\n Group: \n Kind: Service\n Name: echo-1\n Port: 8080\n Weight: 99\n Group: \n Kind: Service\n Name: echo-2\n Port: 8090\n Weight: 1\nroot@server:~# cat curlresponses991.txt| grep -c \"Hostname: echo-1\"\n1711\nroot@server:~# cat curlresponses991.txt| grep -c \"Hostname: echo-2\"\n14","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"a281aa54-1a09-4dc1-9317-6d8995cba8a6","_type":"block","children":[{"_key":"0b1408ce-429b-4ab4-9c95-1e791169bf8a","_type":"span","marks":[],"text":"HTTP Request Header Modification"}],"markDefs":[],"style":"h2"},{"_key":"60d8a078-c97c-4ddf-9660-6110d5c24258","_type":"block","children":[{"_key":"5203a12e-7378-4bee-9d5c-485d80bf67f2","_type":"span","marks":[],"text":"With this functionality, the Cilium Gateway API lets us add, remove or edit HTTP Headers of incoming traffic."}],"markDefs":[],"style":"normal"},{"_key":"986a34fb-7bf0-4e44-9fe3-d8e60c05fc3d","_type":"block","children":[{"_key":"ddbee1ae-859b-4c69-8d82-0f1e009a2161","_type":"span","marks":[],"text":"This is best validated by trying without and with the functionality. We'll use the same echo servers."}],"markDefs":[],"style":"normal"},{"_key":"ff755c99-ad04-4d2d-aa45-a8c80a5f4894","_type":"block","children":[{"_key":"d9b86d95-487c-4407-b65a-ade8be0c4f7b","_type":"span","marks":[],"text":"Let's add another "},{"_key":"93b8e4de-db22-4838-bf3b-22d542d4feff","_type":"span","marks":["code"],"text":"HTTPRoute"},{"_key":"b6d88212-c008-4380-b4b5-b42fc2b03f9d","_type":"span","marks":[],"text":" (we can use the Gateway created in any of the previous HTTP-related use cases):"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:47Z","_id":"ec8d0932-bcce-fb08-1fda-ebed2b4e26bf","_key":"4702a7f9-0fc4-44c2-b20d-766e7c2b6077","_ref":"ec8d0932-bcce-fb08-1fda-ebed2b4e26bf","_rev":"9px8ir0NfLa6aydsXNUSyM","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:17Z","code":"---\napiVersion: gateway.networking.k8s.io/v1beta1\nkind: HTTPRoute\nmetadata:\n name: header-http-echo\nspec:\n parentRefs:\n - name: cilium-gw\n rules:\n - matches:\n - path:\n type: PathPrefix\n value: /cilium-add-a-request-header\n filters:\n - type: RequestHeaderModifier\n requestHeaderModifier:\n add:\n - name: my-cilium-header-name\n value: my-cilium-header-value\n backendRefs:\n - name: echo-1\n port: 8080","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"7562a42a-1e4b-4a01-9ded-828a6fa8890b","_type":"block","children":[{"_key":"90eabd05-d6ee-468c-9280-4622d91bed7a","_type":"span","marks":[],"text":"A curl is successful and the reply sent back from the echo server is the original HTTP Header:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:48Z","_id":"a53361fa-bafe-9c1a-0c67-3532f3a446df","_key":"71f90b1e-df16-4bdf-980b-cb8c56859626","_ref":"a53361fa-bafe-9c1a-0c67-3532f3a446df","_rev":"P5GVFsWfT1LlxauxUAAFS3","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:18Z","code":"root@server:~# GATEWAY=$(kubectl get gateway cilium-gw -o jsonpath='{.status.addresses[0].value}')\necho $GATEWAY\n172.18.255.200\nroot@server:~# \nroot@server:~# curl --fail -s http://$GATEWAY/cilium-add-a-request-header | grep -A 6 \"Request Headers\"\nRequest Headers:\n accept=*/* \n host=172.18.255.200 \n user-agent=curl/7.81.0 \n x-forwarded-proto=http \n x-request-id=7ebb351c-f630-4f03-b4db-74945525c0a8 \n\nroot@server:~# ","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"4b905afe-da57-4775-9115-97e2b8f4e2c0","_type":"block","children":[{"_key":"f2544670-27f8-40f5-a604-d94c2b3df8cc","_type":"span","marks":[],"text":"To add the header, we will be using the "},{"_key":"a8f8df2d-5bb2-4c6f-a0c4-67b1f2aa5aaf","_type":"span","marks":["code"],"text":"filters"},{"_key":"10a3a45c-464c-4cd5-bbde-02ab22a758d0","_type":"span","marks":[],"text":" field. Add this to the "},{"_key":"75917851-4a10-40cc-9401-55021b40e4e3","_type":"span","marks":["code"],"text":"HTTPRoute"},{"_key":"2086ee67-4241-4a8b-98bb-d9fbce34bfc2","_type":"span","marks":[],"text":" rules spec (on the same indentation as "},{"_key":"61cf08d6-7cdf-47db-8242-3b3f4ca88fa9","_type":"span","marks":["code"],"text":"matches"},{"_key":"c9f014e6-aa86-4873-b039-7089f6c563e6","_type":"span","marks":[],"text":" and "},{"_key":"f0653623-b245-40f6-8ad5-b25f898f3003","_type":"span","marks":["code"],"text":"backendRefs"},{"_key":"fa308340-549e-464d-aeef-0c2bdd54c2e9","_type":"span","marks":[],"text":") and re-apply it."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:49Z","_id":"a61c3616-f331-e6b7-9f07-a7ade0e4db5e","_key":"4664e70e-ab46-4625-9ca0-01bc28d4b7aa","_ref":"a61c3616-f331-e6b7-9f07-a7ade0e4db5e","_rev":"P5GVFsWfT1LlxauxUAAFjB","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:19Z","code":" filters:\n - type: RequestHeaderModifier\n requestHeaderModifier:\n add:\n - name: my-cilium-header-name\n value: my-cilium-header-value","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"70827325-88f6-42a7-aa2b-cd9324b35d53","_type":"block","children":[{"_key":"47604308-e650-4770-99fa-5a94e637a1f2","_type":"span","marks":[],"text":"When running the "},{"_key":"b56004f0-ffcb-4050-9c25-fd08578c0021","_type":"span","marks":["code"],"text":"curl"},{"_key":"4b9e2412-4f45-4702-9ee6-c389c0739945","_type":"span","marks":[],"text":" test again, notice how the header has been added:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:50Z","_id":"df0dfcd5-8c97-c2c6-472c-7076a3c7458f","_key":"08c5dda0-6a3e-4ab7-98f7-60f72cb2ff0a","_ref":"df0dfcd5-8c97-c2c6-472c-7076a3c7458f","_rev":"OU5lQsExGohDwkAnEcWccL","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:20Z","code":"root@server:~# curl -s http://$GATEWAY/cilium-add-a-request-header | grep -A 5 \"Request Headers\"\nRequest Headers:\n accept=*/* \n host=172.18.255.200 \n my-cilium-header-name=my-cilium-header-value \n user-agent=curl/7.81.0 \n x-forwarded-proto=http ","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"574d4984-5a86-4a20-b37c-9f2aaea6b22b","_type":"block","children":[{"_key":"373ae8a1-d9aa-4210-a446-de2cc09d4947","_type":"span","marks":[],"text":"To remove a header, you can add the following fields:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:51Z","_id":"bd2161ae-a69f-a933-6a3a-8e1511edd601","_key":"618a8214-775f-4f5c-a4d3-620bacc0fd82","_ref":"bd2161ae-a69f-a933-6a3a-8e1511edd601","_rev":"P5GVFsWfT1LlxauxUAAG61","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:21Z","code":" - type: RequestHeaderModifier\n requestHeaderModifier:\n remove: [\"x-request-id\"]","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"e5e59bd5-4c9f-4881-a1be-c026d0cd03f4","_type":"block","children":[{"_key":"ed480eaa-6afe-4dfe-adfb-ae3a02417268","_type":"span","marks":[],"text":"Notice how the "},{"_key":"62737e81-cef7-44e4-a6ad-00b790c8f383","_type":"span","marks":["code"],"text":"x-request-id"},{"_key":"a356d060-dd63-42b2-8333-69068a725e8d","_type":"span","marks":[],"text":" header has been removed:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:52Z","_id":"90d91bb3-a4fd-4730-0c76-f3511da2d129","_key":"a81e0424-1926-4bdc-8e2c-addf8fcf487e","_ref":"90d91bb3-a4fd-4730-0c76-f3511da2d129","_rev":"OU5lQsExGohDwkAnEcWd7z","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:22Z","code":"root@server:~# curl --fail -s http://$GATEWAY/cilium-add-a-request-header | grep -A 6 \"Request Headers\"\nRequest Headers:\n accept=*/* \n host=172.18.255.200 \n user-agent=curl/7.81.0 \n x-forwarded-proto=http \n\nRequest Body:","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"f8d5034b-5849-4a70-a6de-ece20169beef","_type":"block","children":[{"_key":"7a5360b1-be6e-45af-8c04-e60cd7afbb5b","_type":"span","marks":[],"text":"HTTP Response Header Modification"}],"markDefs":[],"style":"h2"},{"_key":"c2599ea7-17a7-4f13-bdf9-f92bd3e41d23","_type":"block","children":[{"_key":"bfd24e16-7f69-4393-8d9f-08c25b0e61e1","_type":"span","marks":[],"text":"Just like editing request headers can be useful, the same goes for response headers. For example, it allows teams to add/remove cookies for only a certain backend, which can help in identifying certain users that were redirected to that backend previously."}],"markDefs":[],"style":"normal"},{"_key":"e649b8f0-84f3-4b19-a37a-fd18cd23394f","_type":"block","children":[{"_key":"7ed68c10-b537-4571-94ef-907d379b1f38","_type":"span","marks":[],"text":"Another potential use case could be when you have a frontend that needs to know whether it's talking to a stable or a beta version of the backend server, in order to render different UI or adapt its response parsing accordingly."}],"markDefs":[],"style":"normal"},{"_key":"bc2bad66-28b6-45e4-8959-ccafe959f8be","_type":"block","children":[{"_key":"efdd3352-2f56-4ac2-b327-2770dbe90d07","_type":"span","marks":[],"text":"At time of writing, this feature is currently only included in the \"Experimental\" channel of Gateway API. Therefore, before using it, we need to deploy the "},{"_key":"86f2657a-920a-49fb-9666-eedf7337be96","_type":"span","marks":["em"],"text":"experimental"},{"_key":"c445fadd-38d0-4ed8-a1d6-f2b7ab968b62","_type":"span","marks":[],"text":" Gateway CRDs."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:53Z","_id":"7177e4fa-888d-7475-e1ea-ba4cc1e4dc01","_key":"b412041a-36bc-4028-9cd6-b641d4a5b066","_ref":"7177e4fa-888d-7475-e1ea-ba4cc1e4dc01","_rev":"9px8ir0NfLa6aydsXNUYOY","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:23Z","code":"root@server:~# kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v0.6.0/config/crd/experimental/gateway.networking.k8s.io_gatewayclasses.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v0.6.0/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v0.6.0/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v0.6.0/config/crd/experimental/gateway.networking.k8s.io_referencegrants.yaml\ncustomresourcedefinition.apiextensions.k8s.io/gatewayclasses.gateway.networking.k8s.io configured\ncustomresourcedefinition.apiextensions.k8s.io/gateways.gateway.networking.k8s.io configured\ncustomresourcedefinition.apiextensions.k8s.io/httproutes.gateway.networking.k8s.io configured\ncustomresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking.k8s.io configured","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"00bcb629-e4fd-4efb-8bea-1133992b17cf","_type":"block","children":[{"_key":"8e6c00bc-f1bc-4a76-8972-27faafa612ea","_type":"span","marks":[],"text":"Find more information about the experimental features on the Gateway API "},{"_key":"b9f429d7-c4d8-45f6-af1d-0d7caa3769d0","_type":"span","marks":["42a328bd-4fac-4bea-b84f-b2055361a14d"],"text":"website"},{"_key":"15fd290e-60f7-444c-9563-907bc68ada7d","_type":"span","marks":[],"text":"."}],"markDefs":[{"_key":"42a328bd-4fac-4bea-b84f-b2055361a14d","_type":"link","href":"https://gateway-api.sigs.k8s.io/geps/gep-1323/","openInNewTab":true}],"style":"normal"},{"_key":"52bfd4c2-cef7-4cda-9a7f-95294131251b","_type":"block","children":[{"_key":"db612044-f732-453d-a586-acf94640e72d","_type":"span","marks":[],"text":"Let's review the HTTPRoute we will be using to modify the response headers:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:54Z","_id":"b03c7c39-f575-a2ef-cc88-98b3667c5757","_key":"09a507ad-c728-4afb-a7fc-92c99119d9fc","_ref":"b03c7c39-f575-a2ef-cc88-98b3667c5757","_rev":"9px8ir0NfLa6aydsXNUYXt","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:24Z","code":"---\napiVersion: gateway.networking.k8s.io/v1beta1\nkind: HTTPRoute\nmetadata:\n name: response-header-modifier\nspec:\n parentRefs:\n - name: cilium-gw\n rules:\n - matches:\n - path:\n type: PathPrefix\n value: /multiple\n filters:\n - type: ResponseHeaderModifier\n responseHeaderModifier:\n add:\n - name: X-Header-Add-1\n value: header-add-1\n - name: X-Header-Add-2\n value: header-add-2\n - name: X-Header-Add-3\n value: header-add-3\n backendRefs:\n - name: echo-1\n port: 8080","language":"yaml","title":"yaml - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"db31a440-88af-428f-90b2-7c0a68ef2c41","_type":"block","children":[{"_key":"4ca8a055-b4c8-487c-841d-d2d1c59febcc","_type":"span","marks":[],"text":"Notice how this time, the header's "},{"_key":"a4b320a9-92d3-4ded-942e-aea808d55d36","_type":"span","marks":["em"],"text":"response"},{"_key":"df6d4b5b-5de4-418b-a33b-bd6156dd92b7","_type":"span","marks":[],"text":" is modified, using the "},{"_key":"ac04cfe9-811a-45a4-b864-260cdb740d19","_type":"span","marks":["code"],"text":"type: ResponseHeaderModifier"},{"_key":"52c21491-47a5-47da-a7c4-44edf2628d62","_type":"span","marks":[],"text":" filter. We are going to add 3 headers in one go."}],"markDefs":[],"style":"normal"},{"_key":"935aba89-e006-4b2c-b5e7-ab1c7b6e7d9c","_type":"block","children":[{"_key":"c811146e-0110-40ad-93dc-edad0910db80","_type":"span","marks":[],"text":"Apply the "},{"_key":"82582df8-69de-496a-b739-81d2350a682b","_type":"span","marks":["code"],"text":"HTTPRoute"},{"_key":"9a813bdc-88bb-4942-b10e-79c3262bf102","_type":"span","marks":[],"text":" manifest above and start making HTTP requests to the Gateway address (we're using the same one as before). Remember that the body of the response packet includes details about the original request. Note that no specific header was added to the original request."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:55Z","_id":"163e7592-6594-e7cd-4703-a0779166e4ca","_key":"b13a8238-773a-4ed9-91c4-79bbe3211c7d","_ref":"163e7592-6594-e7cd-4703-a0779166e4ca","_rev":"be3C7ysj1QqQyrHso4i2Q2","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:25Z","code":"root@server:~# curl --fail -s http://$GATEWAY/multiple | grep \"Request Headers\" -A 10\nRequest Headers:\n accept=*/* \n host=172.18.255.200 \n user-agent=curl/7.81.0 \n x-forwarded-proto=http \n x-request-id=d497e7d8-525b-4a95-9a38-b4e67351e88a \n\nRequest Body:\n -no body in request-","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"e364c236-d8c2-42e5-8a21-614c411030bb","_type":"block","children":[{"_key":"8dc1ca28-0ffc-4075-b9f6-c32d09df9aef","_type":"span","marks":[],"text":"To show the headers of the response, we can run "},{"_key":"a0fa7cee-fdda-4f22-bbda-4ee9a7624dc2","_type":"span","marks":["code"],"text":"curl"},{"_key":"e0659557-20f1-4b0c-9e35-bff470dd9125","_type":"span","marks":[],"text":" in verbose mode:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:57Z","_id":"c742b063-64e4-2d64-4c4c-7a64e8676ebe","_key":"85a4c937-1b59-434e-8357-2e084fae0631","_ref":"c742b063-64e4-2d64-4c4c-7a64e8676ebe","_rev":"9px8ir0NfLa6aydsXNUdJc","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:26Z","code":"root@server:~# curl -v --fail -s http://$GATEWAY/multiple\n* Trying 172.18.255.200:80...\n* Connected to 172.18.255.200 (172.18.255.200) port 80 (#0)\n> GET /multiple HTTP/1.1\n> Host: 172.18.255.200\n> User-Agent: curl/7.81.0\n> Accept: */*\n> \n* Mark bundle as not supporting multiuse\n< HTTP/1.1 200 OK\n< date: Mon, 24 Apr 2023 10:20:56 GMT\n< content-type: text/plain\n< server: envoy\n< x-envoy-upstream-service-time: 0\n< x-header-add-1: header-add-1\n< x-header-add-2: header-add-2\n< x-header-add-3: header-add-3\n< transfer-encoding: chunked\n< \n\n\nHostname: echo-1-7d88f779b-pmssf\n\nPod Information:\n node name: kind-worker\n pod name: echo-1-7d88f779b-pmssf\n pod namespace: default\n pod IP: 10.0.2.54\n\n[OUTPUT TRUNCATED FOR BREVITY]","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"641f3625-44f6-44a0-8709-ddea55a138ea","_type":"block","children":[{"_key":"afb36fe4-68ca-4754-8681-d08ada28c843","_type":"span","marks":[],"text":"You should see, in the fields starting with "},{"_key":"9bd6b929-bc9d-4377-803f-711ffe135159","_type":"span","marks":["code"],"text":"<"},{"_key":"ce3f4559-ce07-4fe2-887e-617b3b8e0cce","_type":"span","marks":[],"text":", the response header. You should see the headers added by the Gateway API to the response:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T12:14:58Z","_id":"5f29b5cd-106b-a9cb-4080-c2859bf663ef","_key":"0d2da669-fa76-4c79-8a2b-7add3bc7cb7a","_ref":"5f29b5cd-106b-a9cb-4080-c2859bf663ef","_rev":"9px8ir0NfLa6aydsXNUdPq","_type":"codeBlock","_updatedAt":"2024-10-01T11:04:27Z","code":"< x-header-add-1: header-add-1\n< x-header-add-2: header-add-2\n< x-header-add-3: header-add-3","language":"bash","title":"bash - \"Tutorial: Getting Started with the Cilium Gateway API\" Code Block"},{"_key":"3fbd4cd1-2730-4011-9307-39b688d25ded","_type":"block","children":[{"_key":"c54d5cda-0ecd-4373-be68-6e66cdd10d36","_type":"span","marks":[],"text":"Again, you can see how simple it is to use Cilium Gateway API to modify HTTP traffic - incoming requests or outgoing responses."}],"markDefs":[],"style":"normal"},{"_key":"01dc1f7a-43e2-4467-b9cd-927524e5a787","_type":"block","children":[{"_key":"81de6197-bfbb-4e4b-9e94-98f3ab690a4c","_type":"span","marks":[],"text":"Conclusion"}],"markDefs":[],"style":"h2"},{"_key":"5061d8a0-b9ac-4186-a6cc-2b0ec1462053","_type":"block","children":[{"_key":"fd439817-e625-440d-8b8b-084942361a8c","_type":"span","marks":[],"text":"We hope you found this deep dive into Gateway API use cases useful. As more features are added to the Gateway API, we will update this post periodically with more features."}],"markDefs":[],"style":"normal"},{"_key":"e40be588-f2ae-4f3b-aeb9-659b1b8d66bf","_type":"block","children":[{"_key":"14b71269-7a0d-49f5-8733-d8436716d22a","_type":"span","marks":[],"text":"To learn more:"}],"markDefs":[],"style":"normal"},{"_key":"6764d04b95f6","_type":"block","children":[{"_key":"0ebea80f0c94","_type":"span","marks":[],"text":"Try the "},{"_key":"4f018b7b0f4c","_type":"span","marks":["d94d6e60b3b1"],"text":"Gateway API lab"},{"_key":"6157a32d3e2a","_type":"span","marks":[],"text":" and the "},{"_key":"03792b034851","_type":"span","marks":["5726eb467c92"],"text":"Advanced Gateway API lab"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"d94d6e60b3b1","_type":"link","href":"/labs/gateway-api/"},{"_key":"5726eb467c92","_type":"link","href":"/labs/advanced-gateway-api-use-cases/"}],"style":"normal"},{"_key":"e0e5c1ce08aa","_type":"block","children":[{"_key":"a117ca6040e8","_type":"span","marks":[],"text":"Watch the "},{"_key":"19f13fa10b6c","_type":"span","marks":["f8c8454fee67"],"text":"Cilium Gateway API YouTube Playlist"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"f8c8454fee67","_type":"link","href":"https://youtube.com/playlist?list=PLngi_1qThAPCiulGkrufXeN_ibmKZDCia"}],"style":"normal"},{"_key":"82cf8abe8355","_type":"block","children":[{"_key":"a63cf926ba89","_type":"span","marks":[],"text":"Read the "},{"_key":"271ac5c8737b","_type":"span","marks":["1c661c094e0f"],"text":"companion blog post"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"1c661c094e0f","_type":"link","href":"/blog/post/cilium-gateway-api/#h-use-cases"}],"style":"normal"},{"_key":"e0425e0fc887","_type":"block","children":[{"_key":"7fe3c9c6b523","_type":"span","marks":[],"text":"Join "},{"_key":"eefc5c5795a5","_type":"span","marks":["8403224605cd"],"text":"Cilium Slack"},{"_key":"a09f0c33fc3c","_type":"span","marks":[],"text":" to interact with the Cilium community"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"8403224605cd","_type":"link","href":"https://cilium.herokuapp.com/"}],"style":"normal"},{"_key":"f1609757-cdf1-43be-bbb0-307fd2706b60","_type":"block","children":[{"_key":"41e97e2b-f5f8-4c9b-a5e9-3b6dd5635692","_type":"span","marks":[],"text":"Thanks for reading."}],"markDefs":[],"style":"normal"}],"featuredImage":"$L1d","articleData":{"title":"Tutorial: Getting Started with the Cilium Gateway API","description":"In this tutorial, you will learn how to install, configure and manage the Cilium Gateway API to route traffic into your Kubernetes cluster.","url":"https://isovalent.com/blog/post/tutorial-getting-started-with-the-cilium-gateway-api","download":"$undefined","authors":"$7:1:props:children:0:props:children:2:props:children:0:props:authors"},"dict":{"headings":{"ebpf":"eBPF-based networking, security, and observability"},"buttons":{"tryAll":"Try all Isovalent products today"},"formatTypes":{"upcoming":"Upcoming","onDemand":"On demand"},"ui":{"contentGrid":{"narrowSearch":"Narrow your search","clearFilters":"Clear all filters","noItems":"No items available","noResults":"No results","showingSingle":"Showing 1 single result","isovalentResources":"Isovalent resources","allLabel":"All"},"richText":{"tableOfContents":"Table of Contents","backToTop":"Back to top ↑","shareOnSocial":"Share on social media","exportPdf":"Export PDF","aboutTheAuthor":"About the author"},"error":{"title":"Server error","description":"Something seems to have gone wrong on the server!","tryAgain":"Try again","goHome":"Go to the home page"},"notFound":{"title":"Page not found","description":"If you don't know where to move next, here are some suggestions:","visitBlog":"Visit our blog","browseLabs":"Browse our labs","goHome":"Go to the home page"}}}}]}],"$L1e",null]}]]