From doc, creating a Gateway listener requires specifying a port, which tells the underlying service which port should listen on. But in Traefik implementation, the port must be one of its entrypoints. Traefik won’t just listen to whatever port the Gateway tells it to.
This seems weird to me. Because in this way, the Gateway actually is not flexible as it should be, certain resource is tied to certain implementation.
Another weird part is that, for example, I used Helm to install Traefik. By default, the pod listens to 8000/8443, and the service listens to 80/443. Guess which ports should be used in Gateway? The pod ports. Hence the Gateway resource actually does not reflect which port is the listener actually listens on. It tells the port is 8000, but external user accesses from 80.
Today I got a K8S cluster with Nginx as Gateway operator. From my test, I believe Traefik implementation of Gateway API is wrong. All the weird parts do not exist in Nginx Fabric, by which I mean the behavior of it is more likely following the Gateway API doc.
To make the listeners on the gateway work properly, I had to add this section in the traefik helm config to create “traefik entrypoints”.
ports:
web:
port: 80
exposedPort: 80
protocol: TCP
websecure:
port: 443
exposedPort: 443
protocol: TCP
Perhaps I’m missing something and can be accomplished some other way that doesn’t break the gateway api abstration, but this method certainly does. I’m currently testing different implementations and this will pretty immediately eliminate traefik as an option. I’m surprised it’s listed as fully conformant if this additional configuration is required.
Isn’t this exactly what the official docs show?
You have to define listeners for the gateway (gateway):
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: example-gateway
namespace: example-namespace
spec:
gatewayClassName: example-class
listeners:
- name: http
protocol: HTTP
port: 80
hostname: "www.example.com"
allowedRoutes:
namespaces:
from: Same
In traefik’s case it’d look like this in the values.yaml:
ports:
traefik:
port: 8123
expose:
default: false
protocol: TCP
web:
port: 8000
expose:
default: true
exposedPort: 80
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
port: 8443
exposedPort: 443
Now the gateway knows which ports it should listen to.
I don’t understand in which way this implementation is “breaking the gateway api abtraction”?
Unless I understood something wrong since I’m quite a novice to gateway api as well.
Had to switch from nginx-ingress-controller to gateway api and decided to use traefik’s implementation and haven’t had any issues so far, also using in production already.