Gateway API: cool, but why can't I configure TLS myself?
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Maël Valais, 21 May 2025
Why care about Gateway API?
- Gateway API = role-aware version of Ingress API + many more knobs and less annotations
- Ingress API not well defined, e.g., one team may silently be claiming traffic from another team's hostname
- nginx-ingress obsolescent: no new feature, will be deprecated by 2026
Today: no more TLS self-service with Gateway API
| Ingress | dev configures routes + TLS |
| Gateway | costly shared resources owned by cluster operator = dev can't configure TLS |
Tomorrow: ListenerSet + cert-manager = back to self-service TLS (GEP 1713)
tl;dr:
- Thousands of users stuck with Ingress due to cert-manager
- Work with sigs-network on a good migration (implement ListenerSet + improve
ingress2gateway)
Gateway API: cool, but why can't I configure TLS myself? Maël Valais, 21 May 2025
{"description":"Gateway API = role-aware version of Ingress API + many more knobs (e.g., lets you to fine-tune the load balancer)","slideOptions":"{\"theme\":\"white\"}","title":"Gateway API: cool, but what about my certs?","contributors":"[{\"id\":\"e67e2764-40c1-4315-969f-44487ef63c68\",\"add\":5215,\"del\":3801}]"}