Cilium Feature Proposal

This issue is to discuss and track for k8s API Gateway work mentioned in roadmap. Kindly note that the actual work or implementation might vary based on the discussion and requirements mentioned in this GitHub issue.

Pre-tasks v1.13.0-rc1

While it's not strictly required, it's best to complete all follow-up items in #19698 or at least the below-related tasks:

• Allow sharing of External Load Balancer for multiple Ingresses (with non-overlapping hosts/paths)
  • The main reason is to re-use the same pattern for API gateway, as multiple HTTP routes can re-use the same APIGateway (i.e. same external load balancer) @sayboras. This is done as part of ingress: Support shared load balancer mode #21386
• Prepend Envoy resource names with CEC/CCEC namespace (and name?) so that operator does not need to worry about that.
  • This is to simplify the logic of constructing envoy resources. @pippolo84. Done as part of Prepend Envoy resources with CEC namespace and name #21500

Tasks (Mid October)

At the time of writing, the below APIs were just graduated to beta, it's making sense to start with these APIs as the first step.

• GatewayClass @sayboras
• Gateway @sayboras
• HTTPRoute @sayboras
• ReferenceGrant @sayboras

At the high level, the L7 HTTP route could be done the same way Cilium does with IngressController. Below items can be used as references or starting points:

• Add new APIs into the Cilium codebase and check if slim types are required.
  • If slim types are not required, direct go import should be just sufficed.
• Add required watchers for Gateway, HTTPRoute objects.
  • Watch only Gateway object with class name as cilium.
• Provision required envoy resources.
  • no change in datapath is foreseen, but let's see how it's going.
  • handle conflicts between HTTP routes. Please refer to API Spec.
• Add a feature flag like what we have with ingress controller or envoy config.
• Add installation support via helm chart
  • Pre-configure Cilium GatewayClass if the feature flag is enabled.
• Make sure that upstream conformance tests are successfully running as part of CI.
• Add Getting Started Guide documentation. docs: Add Getting Started guide for Gateway API support #21908

Optional

Below APIs are still under v1alpha2 at the time of writing. However, while implementing the above tasks, it's better to think forward to avoid any potential re-work in future.

• GRPCRoute. Tracked in CFP: Support GRPCRoute in Cilium Gateway API #21928.
• TCPRoute. Tracked in CFP: Support TCPRoute and UDPRoute in Cilium Gateway API #21929.
• TLSRoute. Tracked in CFP: Support TLSRoute in Cilium Gateway API #21927.
• UDPRoute. Tracked in CFP: Support UDPRoute in Cilium Gateway API #21930.