Default proxy setup
Learn about the different Solo Enterprise for kgateway and Kubernetes resources that make up your gateway proxy deployment.
GatewayClass
The GatewayClass is a Kubernetes Gateway API-native resource that defines the controller that spins up and configures gateway proxies in your environment.
When you install Solo Enterprise for kgateway, the following GatewayClass resources are automatically created with the following configuration.
The enterprise-kgateway GatewayClass is the standard class that you use for most Gateways.
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: enterprise-kgateway
spec:
controllerName: solo.io/enterprise-kgateway
description: Standard class for managing Gateway API ingress traffic.The solo.io/enterprise-kgateway controller implements the Kubernetes Gateway API and provides an abstraction of the gateway’s underlying infrastructure. The controller watches the resources in your cluster. When a Gateway resource with the enterprise-kgateway GatewayClass is created, the controller spins up an Envoy-based gateway proxy by using the configuration that is defined in the GatewayParameters resource. The controller also translates other resources, such as HTTPRoute, EnterpriseKgatewayTrafficPolicy, HTTPListenerPolicy, and more, into valid Envoy configuration, and applies the configuration to the gateway proxies it manages.
Gateway proxy template
When you create a Gateway resource, a default gateway proxy template for Envoy proxies is used to automatically spin up and bootstrap a gateway proxy deployment and service in your cluster. The template includes Envoy configuration that binds the gateway proxy deployment to the Gateway resource that you created. In addition, the settings in the EnterpriseKgatewayParameters resource are used to configure the gateway proxy.
The resulting gateway proxy is managed for you and its configuration is automatically updated based on the settings in the GatewayParameters resource. To publicly expose the gateway proxy deployment, a service of type LoadBalancer is created for you. Depending on the cloud provider that you use, the LoadBalancer service is assigned a public IP address or hostname that you can use to reach the gateway. To expose an app on the gateway, you must create an HTTPRoute resource and define the matchers and filter rules that you want to apply before forwarding the request to the app in your cluster. You can review the Get started, traffic management, security, and resiliency guides to find examples for how to route and secure traffic to an app.
You can change the default configuration of your gateway proxy by creating custom EnterpriseKgatewayParameters resources, or updating the default EnterpriseKgatewayParameters values in your Solo Enterprise for kgateway Helm chart. If you change the values in the Helm chart, Solo Enterprise for kgateway automatically applies the changes to the default EnterpriseKgatewayParameters resources.
EnterpriseKgatewayParameters
EnterpriseKgatewayParameters is a custom resource that specifies the configuration for the gateway proxies in your cluster.
To spin up new gateway proxies, the Solo Enterprise for kgateway controller uses a gateway proxy template and the configuration in the Helm chart. You can change the default configuration for your gateway proxies by creating a custom EnterpriseKgatewayParameters resource. You then use this EnterpriseKgatewayParameters resource to spin up different types of gateway proxies.
For example, you might want to pair your gateway with a Network Load Balancer (NLB) instance in AWS. To properly pair and configure the gateway with an NLB, specific annotations on the gateway proxy are required. These annotations are not included in the default gateway proxy configuration. To add them, you can create a separate EnterpriseKgatewayParameters resource where you add these annotations. For more customization options, see Customize the gateway.
Reserved ports
The following ports are reserved by Solo Enterprise for kgateway and cannot be used when configuring your gateway proxy.
| Port | Description |
|---|---|
| 19000 | The Envoy admin port. Gateway proxies expose an admin interface on this port that you can use to access important proxy information, such as the config dump, heap dump, healthchecks, and memory allocation. |
| 15000 | The agentgateway admin port. Agentgateway proxies expose several endpoints on this port that you can use to access important proxy information, such as the config dump (15000/config_dump) and a read-only user interface (15000/ui). |
| 8082 | The readiness port. This port can be used to determine if the gateway proxy is ready to receive traffic. |
| 9091 | The Prometheus scraping port. Gateway proxies expose all metrics on this port so that Prometheus can scrape them. |
Note that if you configure one of these ports, the gateway proxy still deploys. However, you see error messages, such as the following in the logs.
err="failed to apply object apps/v1, Kind=Deployment example-gateway: failed to create typed patch object
(gwtest/example-gateway; apps/v1, Kind=Deployment): .spec.template.spec.containers[name=\"kgateway-proxy\"].
ports: duplicate entries for key [containerPort=9091,protocol=\"TCP\"]"