Service Discovery: Support Gateway API v1#73
Service Discovery: Support Gateway API v1#73rexagod wants to merge 2 commits intoprometheus:mainfrom
Conversation
Add support for stable Gateway API resources under Kubernetes Service Discovery. Signed-off-by: Pranshu Srivastava <rexagod@gmail.com>
| - watch | ||
| ``` | ||
|
|
||
| NOTE: `GatewayClass` is only slated for metadata tracking, not service discovery, as the controller information exposed by them may be be fetched using existing `service` or `pod` roles (same practice as with Ingress controllers). |
There was a problem hiding this comment.
the Prometheus service account may not have access to all custom resources:
https://gateway-api.sigs.k8s.io/concepts/security-model/#rbac
Can we make it work in a way which degrades nicely depending on the SA permissions (e.g. using https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1/?
There was a problem hiding this comment.
I see, and since the Gateway API would be the first CRD in the Prometheus suite of offered resources under Kubernetes SD, this would be a good time to think about this. I'll add a section in this proposal to shed light on using SARs to gracefully degrade SD for CRDs (Gateway and others in the future) in a section here.
|
|
||
| * Replace or deprecate the existing Ingress role (both should coexist). | ||
| * Support non-stable Gateway API resources (TLSRoute, TCPRoute, UDPRoute are non-stable resources and excluded). | ||
| * Support Gateway API implementations outside of what's offered by the Kubernetes Gateway Controller, i.e., Contour, Gloo, Kong, etc. CNCF projects that overlap this effort to some degree are subject to discussion and may receive support in the future (such as Istio). |
There was a problem hiding this comment.
| * Support Gateway API implementations outside of what's offered by the Kubernetes Gateway Controller, i.e., Contour, Gloo, Kong, etc. CNCF projects that overlap this effort to some degree are subject to discussion and may receive support in the future (such as Istio). | |
| * Support Gateway API implementations outside of what's offered by the Kubernetes Gateway Controller, i.e., Contour, kgateway, Kong, etc. CNCF projects that overlap this effort to some degree are subject to discussion and may receive support in the future (such as Istio). |
There was a problem hiding this comment.
I see Gloo is a kgateway fork, will update.
There was a problem hiding this comment.
Gloo was the old name of the project, it’s now kgateway after being donated to CNCF.
| ## Goals | ||
|
|
||
| * Add support for discovering Gateway API **v1** resources in `kubernetes_sd_config`. | ||
| * Support the following Gateway API resources: |
There was a problem hiding this comment.
How about Gateway, and maybe GatewayClass?
There was a problem hiding this comment.
Signed-off-by: Pranshu Srivastava <rexagod@gmail.com>
3 participants
Add support for stable Gateway API resources under Kubernetes Service Discovery.
Stems from prometheus/prometheus#15863.