Beyond Gateway API: Building a Cloud Agnostic Gateway Controller for Self-Service Network Configuration

The presentation discusses the development of a common Kubernetes platform and multi-tenant platform to reduce developer cognitive load and abstract away infrastructure. The focus is on using the Kubernetes API for everything and implementing the Gateway API for network configuration.

• Development teams have been building their own cloud platforms for the past 4-5 years resulting in many similar platforms with some differences in details
• Increased need for network features external to people such as web application firewalls and DDOS protection led to the establishment of a platform team to build a common Kubernetes platform
• The main principle is to reduce developer cognitive load and provide a paved path for running applications in the cloud
• The team aims to use the Kubernetes API for everything and expose it with some kind of abstraction on top
• The team is building a custom Kubernetes controller from scratch using a cube builder and implementing the Gateway API for network configuration
• The Gateway API is a networking model that consists of several Kubernetes resources making it more flexible and role-oriented
• The team plans to use the Gateway API in production by the end of the year

The team experimented with different solutions to flow things together from the Kubernetes world with their cloud provider, including using custom scripts and templates and a tool called cartographer. They eventually built their own full-blown Kubernetes controller from scratch using a cube builder and focused on network configuration as a crucial part of the multi-tenant platform they are building.

How do we build a self-service platform that allows developers self-service of network configuration beyond what we can do with the familiar Ingress and service mesh resources? The increased adoption of GitOps and cloud-native ways of deploying applications increase our need to configure network features that are external to Kubernetes such as multi-cluster and multi cloud/region support but also adaptive traffic filtering, DoS protection etc. However, the possibilities with a Kubernetes API driven approach are limited. This forces developers into the Terraform domain and alternative workflows, which increases cognitive load. In this talk TV 2 Denmark will share their experience building a Kubernetes API-driven self-service platform for managing cloud network infrastructure. The platform builds on a Kubernetes controller-of-controllers that implements the Gateway API and realizes network infrastructure through cloud-provider agnostic integrations using Crossplane and Istio.