GatewayHost CRD

EnRoute Technical Reference

GatewayHost CRD

To make a service running inside a Kubernetes cluster, a GatewayHost type of resource is defined.

GatewayHost resource like the name suggests, helps define a Host and a Route to reach this service.

A GatewayHost defines the Fqdn that can be used to reach this service along with routing configuration. When using SSL, a certificate can also be specified using GatewayHost resource

Assuming a service httpbin is running in namespace httpbin, a GatewayHost to reach that service in a cluster can be configured -

apiVersion: enroute.saaras.io/v1
kind: GatewayHost
  labels:
    app: httpbin
  name: httpbin-9000-gatewayhost
  namespace: app-httpbin
spec:
  routes:
  - conditions:
    - prefix: /
    services:
    - name: httpbin
      port: 9000
  virtualhost:
    fqdn: 'demo-apps.saaraslabs.com'
    tls:
      secretName: wildcard-saaraslabs-com

To enable https, a secret can be specified using tls.secretName field above

A GateawayHost defines the top level abstraction for flow of traffic. It can have several routing rules to direct traffic to services

Services are kubernetes services to route traffic to and the corresponding port. Alternatively a protocol can also be specified for the services

A ServiceRoute type of custom resource defines a Service and L7 routing rules for that service. A ServiceRoute also has a Fqdn, one route and the service to which the route points along with L7 policy for that service. The Fqdn for ServiceRoute is used to match it with the GatewayHost

An example ServiceRoute that can be associated with the above GatewayHost -

apiVersion: enroute.saaras.io/v1
kind: ServiceRoute
metadata:
  name: echo-9001
  namespace: app-echo
spec:
  fqdn: 'demo-apps.saaraslabs.com'
  route:
    conditions:
    - prefix: /echo
    services:
    - name: echo
      port: 9001

The resulting configuration graph looks like this

'demo-apps.saaraslabs.com' -- /      -- httpbin:9000  (namespace app-httpbin)
                              /echo  -- echo:9001     (namespace app-echo)

TLS Settings

The TLS settings for GatewayHost can be specified using GlobalConfig. For more details, check the GlobalConfig type of CRD

GatewayHost to Envoy configuration

GatewayHost configuration influences the Envoy VirtualHost , Route and Cluster configurations.

Envoy needs Listener configuration to create listeners for VirtualHost, Route and Cluster. By default, an ingress_http and ingress_https listeners are created.

Complete GatewayHost CRD Spec

A complete description of the GatewayHost CRD spec is located in github

← Enforce Policy Using Open Policy Agent (OPA)
GlobalConfig CRD →