Running built-in gateway pods on Kubernetes

MeshGatewayInstance is a Kubernetes-only resource for deploying Kuma’s builtin gateway.

MeshGateway and MeshHTTPRoute/MeshTCPRoute allow specifying builtin gateway listener and route configuration but don’t handle deploying kuma-dp instances that listen and serve traffic.

Kuma offers MeshGatewayInstance to manage a Kubernetes Deployment and Service that together provide service capacity for the MeshGateway with the matching kuma.io/service tag.

If you’re not using the default Mesh, you’ll need to label the MeshGatewayInstance using kuma.io/mesh.

Consider the following example:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshGatewayInstance
  3. metadata:
  4.   name: edge-gateway
  5.   namespace: default
  6.   labels:
  7.     kuma.io/mesh: default # only necessary if not using default Mesh
  8. spec:
  9.   replicas: 2
  10.   serviceType: LoadBalancer
  11.   tags:
  12.     kuma.io/service: edge-gateway

Once a MeshGateway exists with kuma.io/service: edge-gateway, the control plane creates a new Deployment in the default namespace. This Deployment deploys 2 replicas of kuma-dp and corresponding builtin gateway Dataplane running with kuma.io/service: edge-gateway.

The control plane also creates a new Service to send network traffic to the builtin Dataplane pods. The Service is of type LoadBalancer, and its ports are automatically adjusted to match the listeners on the corresponding MeshGateway.

Customization

Additional customization of the generated Service or Pods is possible via spec.serviceTemplate and spec.podTemplate.

For example, you can add annotations and/or labels to the generated objects:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshGatewayInstance
  3. metadata:
  4.   name: edge-gateway
  5.   namespace: default
  6. spec:
  7.   replicas: 1
  8.   serviceType: LoadBalancer
  9.   tags:
  10.     kuma.io/service: edge-gateway
  11.   serviceTemplate:
  12.     metadata:
  13.       annotations:
  14.         service.beta.kubernetes.io/aws-load-balancer-internal: "true"
  15.   podTemplate:
  16.     metadata:
  17.       labels:
  18.         app-name: my-app

You can also modify several resource limits or security-related parameters for the generated Pods or specify a loadBalancerIP for the Service:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshGatewayInstance
  3. metadata:
  4.   name: edge-gateway
  5.   namespace: default
  6. spec:
  7.   replicas: 1
  8.   serviceType: LoadBalancer
  9.   tags:
  10.     kuma.io/service: edge-gateway
  11.   resources:
  12.     requests:
  13.       memory: 64Mi
  14.       cpu: 250m
  15.     limits:
  16.       memory: 128Mi
  17.       cpu: 500m
  18.   serviceTemplate:
  19.     metadata:
  20.       labels:
  21.         svc-id: "19-001"
  22.     spec:
  23.       loadBalancerIP: 172.17.0.1
  24.   podTemplate:
  25.     metadata:
  26.       annotations:
  27.         app-monitor: "false"
  28.     spec:
  29.       serviceAccountName: my-sa
  30.       securityContext:
  31.         fsGroup: 2000
  32.       container:
  33.         securityContext:
  34.           readOnlyRootFilesystem: true

Schema