Skip to main content

Kubernetes Gateway API

1. Why Gateway API Exists

When applications run in Kubernetes, users must be able to access them from outside, and services inside the cluster must communicate with each other.

For a long time, Kubernetes used Ingress to expose applications. Ingress worked, but as systems grew larger and teams increased, many real problems appeared.

To solve these problems, Kubernetes introduced the Gateway API.

2. Understanding Traffic in Kubernetes

Before learning Gateway API, we must understand how traffic moves.

2.1 North–South Traffic

North–South traffic means:

  • Traffic coming into the cluster from outside
  • Traffic going out of the cluster

Examples:

  • User opens a website in a browser
  • Mobile app calls an API in Kubernetes
  • External system connects to a service

This is external traffic.

2.2 East–West Traffic

East–West traffic means:

  • Traffic inside the cluster
  • Service talking to another service

Examples:

  • Frontend calls backend
  • Order service calls payment service

This is internal traffic.

Important Note:

  • Ingress and Gateway API → handle North–South traffic
  • Service Mesh → handles East–West traffic

3. What Is Ingress?

Ingress is a Kubernetes object that:

  • Exposes services outside the cluster
  • Routes traffic using hostnames and paths

Example:

/     → frontend service
/api  → backend service

Ingress worked well for:

  • Small clusters
  • Single-team setups
  • Basic routing

4. Problems with Ingress (Why Change Was Needed)

As Kubernetes moved to production at scale, the following issues became apparent:

  • Everything in one file — Load balancer config, TLS config, routing rules — all mixed together.
  • Annotations everywhere — Important logic hidden in annotations.
  • Hard to read and debug — Large, complex Ingress manifests are difficult to maintain.
  • No clear ownership — Application teams could modify infrastructure settings, creating risk in multi-team clusters.
  • Different behavior per controller — The same YAML can behave differently with NGINX, ALB, and other controllers.
  • Security concerns and retirement — The widely-used Ingress NGINX controller is being retired and will no longer receive updates or security patches after March 2026, making it unsuitable for long-term production use.

See the official retirement announcement: https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/

Ingress was simple, but not safe or scalable for large environments.

5. What Is Gateway API?

Gateway API is a new Kubernetes networking API designed to fix the limitations of Ingress.

It provides:

  • Clear separation of responsibilities
  • Standard behavior across implementations
  • Safer configuration for production
  • Support for advanced routing

Gateway API separates concerns across three roles:

RoleResourceResponsibility
Infrastructure ProviderGatewayClassDefines available gateway implementations
Cluster OperatorGatewayConfigures load balancers, TLS, listeners
Application DeveloperHTTPRoute / TLSRouteDefines application routing rules