DigitalOcean Kubernetes Now Supports Gateway API

In recent years, managing network traffic within Kubernetes clusters, particularly those hosted on DigitalOcean, has predominantly relied on the Ingress API. While effective, this approach has often been criticized for its lack of flexibility and the complexity it adds when trying to implement advanced routing features. Today, we’re excited to share a significant advancement in this area. DigitalOcean is introducing the Kubernetes Gateway API as a pre-installed managed service in all DigitalOcean Kubernetes (DOKS) clusters. This service is accessible at no extra cost to the users.

The Gateway API represents a new era in traffic management for Kubernetes clusters. It is designed to be more expressive, extensible, and robust compared to the traditional Ingress approach. This new API is powered by Cilium’s high-performance eBPF (extended Berkeley Packet Filter) implementation, which provides impressive performance improvements and sophisticated routing capabilities, all without the burden of conventional proxy-based solutions.

Key Features of the Gateway API

1. Zero Configuration Required: The Gateway API is pre-installed in all DOKS clusters using Cilium, meaning no additional setup is needed from the user’s side.
2. Advanced Traffic Management: This API supports a variety of sophisticated traffic management techniques, including header-based routing, traffic splitting, and canary deployments, which allow developers to deploy new features to a subset of users before a full rollout.
3. Superior Performance: Cilium’s eBPF implementation functions directly within the Linux kernel, bypassing the overhead of traditional user-space proxies, thereby enhancing performance.
4. Native Load Balancer Integration: The Gateway API integrates seamlessly with DigitalOcean’s Network Load Balancers, ensuring efficient and reliable distribution of network traffic.
5. Multi-tenant Ready: The API has built-in support for cross-namespace resource sharing, secured by Role-Based Access Control (RBAC), making it suitable for environments with multiple users or teams.
6. Future-Proof API: The Gateway API is actively being developed and standardized by the Kubernetes community, ensuring it remains a cutting-edge solution.
   

   Why Transition to the Gateway API?
   

   The Gateway API is a product of community-driven efforts within the Kubernetes ecosystem to address the core limitations of the Ingress API. A key advantage of the Gateway API is its role-oriented resource model, which clearly separates infrastructure concerns from application routing. This separation is beneficial as:

   • Cluster Operators can manage Gateway resources to define where and how traffic enters the cluster, such as setting up a DigitalOcean Load Balancer.
   • Application Developers can manage Route resources like HTTPRoute to determine how traffic is directed to their specific applications.

     This clear delineation of responsibilities helps prevent conflicts and overlaps between different teams, streamlining workflows and enhancing productivity.

     Advantages Over Ingress
     

   • Resource Model: Unlike the monolithic resource model of Ingress, the Gateway API divides responsibilities into Gateway and Route resources.
   • Team Workflows: The distinct separation of infrastructure and application concerns allows different teams to work independently without interfering with each other’s responsibilities.
   • Routing Features: While Ingress supports basic path and host matching, the Gateway API expands on this with advanced features like header-based routing, method-based routing, weighted traffic distribution, and sophisticated redirect capabilities.
   • Protocol Support: The Gateway API supports a wider range of protocols beyond HTTP/HTTPS, including TCP, UDP, and gRPC.
   • Extensibility: The Gateway API uses native API fields and custom policies instead of relying on annotations, offering a more flexible and powerful configuration system.
     

     The DigitalOcean Difference: Performance Powered by Cilium and eBPF
     

     DigitalOcean’s implementation of the Gateway API is not just about a better structural approach; it is also about enhancing raw performance. By leveraging Cilium, DigitalOcean processes traffic directly at the kernel level using eBPF, which eliminates the need for traditional proxy solutions like NGINX or HAProxy. This offers several benefits:

   • Lower Latency: By avoiding the traversal through a user-space proxy, latency is significantly reduced.
   • Higher Throughput: The zero-copy packet processing capability of eBPF ensures higher data throughput.
   • Reduced CPU Usage: Kernel-native operations decrease CPU usage, freeing up resources for other tasks.
   • Minimal Memory Footprint: Since there are no proxy pods or sidecars, the memory usage is minimized, further improving efficiency.

     This means that users benefit from advanced routing capabilities without any performance trade-offs or the need for additional proxy infrastructure.

     Getting Started
     

     The Gateway API is available at no additional cost with DOKS, with charges only applicable for the resources you consume. For those interested in a deeper dive into using the Managed Gateway API for Kubernetes, DigitalOcean offers an in-depth tutorial which can be accessed here. Additionally, comprehensive product documentation and release notes are available for users wanting to explore further.

     In conclusion, the introduction of the Gateway API as a managed service in DigitalOcean Kubernetes clusters marks a significant step forward in the evolution of Kubernetes traffic management. By providing a more flexible, performant, and future-proof solution, DigitalOcean is empowering developers and operators to manage their applications more efficiently and effectively. For anyone using DigitalOcean’s Kubernetes service, this is an exciting development that promises to bring substantial benefits.

For more Information, Refer to this article.