DoiT Cloud Intelligence™
Ingress2gateway: The Easy Way to Migrate from Kubernetes Ingress to Gateway API
Kubernetes Ingress has been the traditional method for exposing services outside the cluster, offering routing, TLS termination, and load balancing features. However, as the networking needs within Kubernetes have become more complex, Ingress has revealed some limitations, particularly in multi-tenant environments, advanced traffic control, and extensibility.
This is where Gateway API comes in. Designed as the next-generation replacement for Ingress, Gateway API brings richer capabilities, better flexibility, and a more Kubernetes-native approach to handling external traffic. It introduces key features like role-based access for networking resources, a standardized way to define traffic policies and support for service mesh patterns.
The specific requirements of a project will determine whether to use an Ingress or a Gateway API. The gateway API is best for complex routing and strict security requirements, while the ingress is better for Kubernetes-native approaches. In this blog, we will go over the ingress2gateway tool and how it helps with the migration from the Ingress to the Gateway API.
What is **ingress2gateway?**
The Ingress2gateway tool is designed to simplify the transition from Kubernetes Ingress resources to the more powerful and expressive Gateway API. It provides a robust, automated conversion process, ensuring a smooth migration while minimizing disruption.
Key Features and Capabilities:
✅ Automatic Conversion
- Intelligently parses existing Ingress resources and generates equivalent Gateway API configurations, including Gateway, HTTPRoute, and BackendPolicy resources.
- Handles complex Ingress rules, annotations, and configurations, translating them into the corresponding Gateway API specifications.
✅ Preserves Routing Rules:
- Accurately maps URL paths, hostnames, and backend services from Ingress rules to HTTPRoute rules.
- Ensures traffic routing behaviour remains consistent after the migration, preventing unexpected service disruptions.
- It supports various routing features, such as path matching (prefix, exact, regex), hostname matching and header-based routing.
✅ Supports Various Ingress Controllers
- The tool currently supports the apisix, cilium, ingress-nginx, istio, gce, kong and openapi providers and the community is actively working to include additional providers.
✅ Facilitates Gradual Migration:
- Enables incremental adoption of Gateway API by allowing selective conversion of Ingress resources.
- Supports dry-run modes for previewing conversion results before applying changes to the cluster.
- Allows for side-by-side testing of Ingress and Gateway API resources.
Ingress2gateway in action
To test the tool, you need a Kubernetes cluster with the Gateway API installed. Several projects support the Gateway API, and some cloud providers also offer a fully managed implementation.
In the following example, I am using Google Kubernetes Engine and the default ingress-gce ingress controller in GKE.
Deploying sample workload and ingress resource
- Deploy the sample httpbin workload.
---
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
spec:
ports:
- name: http
port: 8000
targetPort: 80
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
template:
metadata:
labels:
app: httpbin
spec:
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 80
Sample kubernetes deployment and service
- Create an Ingress resource for the httpbin deployment.
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: httpbin-ingress
namespace: default
spec:
rules:
- host: httpbin.example.com
http:
paths:
- backend:
service:
name: httpbin
port:
number: 8000
path: /
pathType: Prefix
Sample ingress resource
Install and run ingress2gateway
- Follow the installation documentation to install ingress2gateway or download the binary at the releases page.
- Run ingress2gateway for your specific provider. This reads the ingress resources and/or provider-specific CRDs from a Kubernetes cluster or a file and outputs the equivalent Gateway API resources in YAML/JSON format to stdout.
The output will look like this:
sample ingress2gateway generated gatewayapi resources
Note: Ingress2gateway is not intended to copy annotations from Ingress to Gateway API. Instead, the tool converts the annotations to Gateway CRD; widely used provider-specific annotations and/or CRDs may still not be supported. Please refer to supported providers for the current supported providers and their documentation.
Sample gateway api resources
- Verify the generated manifest to ensure it contains all required configurations before implementing them in your production environment. Conduct an end-to-end test before removing the existing ingress resources.
While Traditional Ingress has served us well, the Gateway API unlocks a new level of control and flexibility for Kubernetes traffic management. With advanced traffic routing capabilities, better security policies, and native support for multi-tenancy, the Gateway API is designed to meet the evolving needs of cloud-native networking. Ready to upgrade? The community-driven ingress2gatewayapi simplifies the migration process, ensuring a seamless transition.
I trust this blog post has provided valuable insights. If you’d like to know more or are interested in our services, don’t hesitate to get in touch. You can contact us here.