From ingress to gateway api

Posted on March 27, 2026 by erictummers

We use ingress for traffic into our Kubernetes clusters. The next step is to migratie to gateway api. This requires some attention since not all implementations of gateway api support the features we need. On the k8s website there is a list: https://gateway-api.sigs.k8s.io/implementations/

We use nginx ingress for the timeout and sticky session features. The gateway api should support these. We decided to go for the envoy gateway (https://gateway.envoyproxy.io) implementation.

Installation

Envoy gateway offers a helm chart that we deploy using argocd. The initial sync failed because the CRD files surpass the max size. After setting syncOption ServerSideApply everything synced.

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: envoy-gateway
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    chart: gateway-helm
    # note: the oci:// syntax is not included.
    repoURL: registry-1.docker.io/envoyproxy
    targetRevision: 1.7.1
  destination:
    name: "in-cluster"
    namespace: envoy-gateway-system
  syncPolicy:
    automated: 
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
      - ServerSideApply=true

With envoy gateway installed, we now can create the GatewayClass and gateway resources. For simplicity only the unsecured listener is shown here.

apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: envoy-gateway
spec:
  controllerName: gateway.envoyproxy.io/gatewayclass-controller

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: envoy-gateway-local
spec:
  gatewayClassName: envoy-gateway
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All

HTTPRoute

Adding the httproute will replace the ingress. Below is an example with no timeout and sticky sessions.

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: my-route
spec:
  parentRefs:
    - name: envoy-gateway-local
      namespace: envoy-gateway-system
      sectionName: http
  hostnames:
    - "my-route.localtest.me"
  rules:
    - backendRefs:
        - name: my-service
          port: 80
      matches:
        - path:
            type: PathPrefix
            value: /
      # no timeout = 0s
      timeouts:
          request: 0s
          backendRequest: 0s
      # sticky sessions
      sessionPersistence:
        sessionName: my-route-cookie
        type: Cookie

To activate the gateway api we change the dns record to use the gateway api ip-address and we’re done.

Unknown's avatar

About erictummers

Working in a DevOps team is the best thing that happened to me. I like challenges and sharing the solutions with others. On my blog I’ll mostly post about my work, but expect an occasional home project, productivity tip and tooling review.
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.