generated from kubernetes/kubernetes-template-project
-
Notifications
You must be signed in to change notification settings - Fork 67
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d0bc03b
commit e8cf702
Showing
2 changed files
with
84 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,6 +16,10 @@ translated to [Gateway API](https://gateway-api.sigs.k8s.io/) directly. | |
|
|
||
| Note: Ingress2gateway is not intended to copy annotations from Ingress to Gateway API. | ||
|
|
||
| ### Istio | ||
|
|
||
| With the introduction of the new [Istio](pkg/i2gw/providers/istio/README.md) provider, you can convert Istio API entities like Gateway and VirtualService to corresponding resources of the Gateway API, such as Gateway, HTTP/TLS/TCPRoutes, and ReferenceGrants. | ||
|
|
||
| ## Installation | ||
|
|
||
| If you have a Go development environment locally, you can install ingress2gateway with `go install github.com/kubernetes-sigs/[email protected]` | ||
|
|
@@ -106,6 +110,7 @@ Ingress2gateway also supports translating provider-specific resources and ingres | |
|
|
||
| - [ingress-nginx](pkg/i2gw/providers/ingressnginx/README.md) | ||
| - [kong](pkg/i2gw/providers/kong/README.md) | ||
| - [istio](pkg/i2gw/providers/istio/README.md) | ||
|
|
||
| If your provider, or a specific feature, is not currently supported, please open an issue and describe your use case. | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,82 @@ | ||
| # Istio Provider | ||
|
|
||
| ## WIP | ||
| The provider translates Istio API entities: [Gateway](https://istio.io/latest/docs/reference/config/networking/gateway/) and [VirtualService](https://istio.io/latest/docs/reference/config/networking/virtual-service) to the K8S Gateway API: Gateway, HTTPRoute, TLSRoute, TCPRoute and ReferenceGrants. | ||
|
|
||
| Follow #100 for updates on the progress | ||
| If certain field of the Istio API entity lacks a direct equivalent in K8S Gateway API, this field is logged and ignored during the translation. | ||
|
|
||
| ## Examples | ||
|
|
||
| You can find the examples demonstrating how the resources are translated within the [fixtures](./fixtures/) directory. | ||
|
|
||
| There are examples for: | ||
|
|
||
| * Istio Gateway -> K8S API Gateway | ||
| * VirtualService -> HTTPRoute | ||
| * VirtualService -> TLSRoute | ||
| * VirtualService -> TCPRoute | ||
| * Creation of the K8S API ReferenceGrants for cross namespace references | ||
|
|
||
| ## Conversion of Ingress resources to Gateway API | ||
|
|
||
| ### Generated ReferenceGrants and xRoute.parentRefs | ||
|
|
||
| Translator verifies if the xRoute can be connected to the Gateway and if parentRefs to it should be generated. | ||
|
|
||
| It considers the following fields: | ||
|
|
||
| `parentRefs` would be generated if: | ||
|
|
||
| 1. VirtualService can be exported to the Gateway's namespaces, values from `virtualService.Spec.ExportTo` | ||
| 2. There's an overlap between Gateway's `Server.Hosts` and `virtualService.Spec.Hosts` | ||
|
|
||
| If Gateway and VirtualService are in the different namespaces, then a `ReferenceGrant` would be created to allow translated xRoute to reference translated Gateway. | ||
|
|
||
| ### Istio Gateway | ||
|
|
||
| K8S API Gateway Listener is generated for each host of each server of istio gateway.Spec.Server. | ||
|
|
||
| Listener names are generated in the following format: `$PROTOCOL_NAME-protocol-$NAMESPACE-ns-$HOSTNAME"`. The format is chosen to ensure API compliance where all listener names MUST be unique within the Gateway. | ||
|
|
||
| #### Protocols | ||
|
|
||
| Istio supported protocols -> K8S Gateway Listener protocols | ||
|
|
||
| * HTTP|HTTPS|TCP|TLS - converted as is | ||
| * HTTP2|GRPC -> if `tls` is set then HTTPS else HTTP | ||
| * MONGO -> TCP | ||
|
|
||
| #### TLS | ||
|
|
||
| Modes translation: | ||
|
|
||
| * PASSTHROUGH and AUTO_PASSTHROUGH -> gw.TLSModePassthrough | ||
| * SIMPLE and MUTUAL -> gw.TLSModeTerminate | ||
| * other istio tls modes are not translated | ||
|
|
||
| ### Istio VirtualService | ||
|
|
||
| #### HTTP | ||
|
|
||
| The list of fields showing how istio.VirtualService.Http fields are converted to the HTTPRoute equivalents | ||
|
|
||
| * match []HTTPMatchRequest -> []gw.HTTPRouteMatch | ||
| * route []HTTPRouteDestination -> []gw.HTTPBackendRef | ||
| * redirect HTTPRedirect -> gw.HTTPRequestRedirectFilter | ||
| * rewrite HTTPRewrite -> gw.HTTPURLRewriteFilter | ||
| * timeout Duration -> gw.HTTPRouteTimeouts.Request | ||
| * mirror and mirrors -> []gw.HTTPRequestMirrorFilters | ||
| * headers.request -> requestHeaderModifier gw.HTTPHeaderFilter | ||
| * headers.response -> responseHeaderModifier gw.HTTPHeaderFilter | ||
|
|
||
| #### TLS | ||
|
|
||
| The list of fields showing how istio.VirtualService.Tls fields are converted to the TLSRoute equivalents | ||
|
|
||
| * match.sniHosts -> TLSRouteSpec.Hostnames | ||
| * route []RouteDestination -> []gw.BackendRef | ||
|
|
||
| #### TCP | ||
|
|
||
| The list of fields showing how istio.VirtualService.Tlc fields are converted to the TCPRoute equivalents | ||
|
|
||
| * route []RouteDestination -> []gw.BackendRef |