Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ingress (north/south) traffic? #535

Open
gazal-k opened this issue Nov 21, 2023 · 2 comments
Open

Support ingress (north/south) traffic? #535

gazal-k opened this issue Nov 21, 2023 · 2 comments
Labels
discussion something to talk about enhancement New feature or request

Comments

@gazal-k
Copy link

gazal-k commented Nov 21, 2023

I believe Gateway API was meant to be v2 of Ingress API. Also, as per the documentation for Gateway API:

The Gateway API was originally designed to manage traffic from clients outside the cluster to services inside the cluster -- the ingress or north/south case. Over time, interest from service mesh users prompted the creation of the GAMMA initiative to define how the Gateway API could also be used for inter-service or east/west traffic within the same cluster.

The existence of https://github.com/aws-solutions-library-samples/guidance-for-external-connectivity-amazon-vpc-lattice and the following excerpt:

When you create a VPC Lattice Service, you are given a DNS name that represents it (globally unique and externally resolvable). However, from outside of the VPC, the DNS name resolves to a series of IP addresses in the 169.254.171.x/24 range (within the IPv4 Link-Local range 169.254/16 defined in RFC3927) and fd00:ec2:80::/64 range (within the IPv6 Link-local range fe80::/10 defined in RFC4291).
seems to indicate that aws-application-networking-k8s

indicates that this Gateway Controller (which relies on VPC Lattice) only implements east/west traffic at the moment.

Could this controller be extended to support ingress (north/south) traffic?

It almost seems to me like aws-load-balancer-controller and this controller may need to merge in some way to fully support all Gateway API capabilities. (Related: kubernetes-sigs/aws-load-balancer-controller#1338)
@graehren graehren added enhancement New feature or request discussion something to talk about labels Nov 22, 2023
@solmonk
Copy link
Contributor

solmonk commented Nov 27, 2023

In terms of publicly accessible ingress endpoint, we are investigating offering this as a native feature. In the meantime you can reference this blog as a viable workaround: https://aws.amazon.com/blogs/networking-and-content-delivery/external-connectivity-to-amazon-vpc-lattice/

On another note, the limitation imposed by such IP range is that it is only accessible within the VPCs that are associated to the service network, but it can still be outside of the cluster - e.g. another EC2 instance in the same VPC.

@seifrajhi
Copy link

In the meantime you can reference this blog as a viable workaround: https://aws.amazon.com/blogs/networking-and-content-delivery/external-connectivity-to-amazon-vpc-lattice/

@solmonk, I believe this workaround creates unnecessary complexity and overhead, especially in large microservice environments heavily reliant on EKS and ingress routing. Integrating Gateway API support would be incredibly beneficial. As suggested, perhaps merging with the AWS Load Balancer Controller (https://github.com/kubernetes-sigs/aws-load-balancer-controller) could be a great option to handle both north-south (internet) and east-west (internal) traffic.

This was referenced May 6, 2024
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion something to talk about enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@solmonk @gazal-k @seifrajhi @graehren