Architecture of K8s Gateway API-based sidecarless Airlock Microgateway deployments

The articles of this chapter address the sidecarless Airlock Microgateway installation and deployment forms with one or more Microgateway Engine Pods deployed using the K8s Gateway API. Each Microgateway Engine Pod can route traffic (i.e. defined in HTTPRoute resource) to multiple Services and application Pods. Unlike in sidecar-based Microgateway deployments, the routing inside the application Pods is not reconfigured – a Microgateway CNI plugin is therefore not required.

sidecarless_Micrograteway_setup.drawio
  • North-South traffic:
  • Upstream Ingress controller.
  • Service A of type LoadBalancer.
  • Service A of type NodePort.
  • East-West traffic:
  • Traffic through Service A.

The Kubernetes Gateway API is a Kubernetes API specification defining a standard way to configure and manage application traffic routing in Kubernetes clusters. It features a superset of the classic Kubernetes Ingress functionality with powerful and granular control, including expanded protocol support and routing options. For more information, see the official Kubernetes Gateway API documentation.

For sidecar-based deployments with Ingress controller and CNI plugin, see articles in chapter Architecture of sidecar-based Airlock Microgateway deployments.

Management roles and responsibilities

The Kubernetes Gateway API features a concept of three distinctive roles to address the differing needs of the users to balance usability, flexibility, and control.

  • The following primary roles have been defined:
  • The Infrastructure provider manages the GatewayClass resource.
  • The Cluster operator manages the Gateway resource and may define cluster-wide routing limitations for xRoute resources such as HTTPRoute.
  • Developers manage the routing by *Route resources such as HTTPRoute and of course, they also manage their application Services and Pods.
K8S_Gateway_API_management_roles_en-us.drawio

Depending on the environment, a single human may take on multiple roles.