►
From YouTube: Exposing Services with the Kubernetes Gateway API
Description
The Gateway API is the next generation of the Ingress API, one of the most widely used resources across Kubernetes. We will explore the rich set of features provided by this API and deep dive into a demo-oriented talk where we will learn how to expose applications outside the cluster boundaries. We will leverage the Kong Gateway Operator to deploy the controlplane (Kong Ingress Controller) and dataplane (Kong), then, with the help of the Gateway API, expose services outside the cluster boundaries and perform traffic splitting and load balancing based on different rules.
A
A
The
topic
for
today
is
exposing
Services
through
the
kubernetes
Gateway
API,
and
we
have
Matia
who
introduce
himself
I'm
so
happy
to
see
so
many
of
you
here,
please
post
all
of
your
questions
in
the
Q
a
function
on
the
bottom
and
we
will
answer
them
as
soon
as
Matia
is
done
presenting
and
with
that
I'd
like
to
pass
it
along
to
Matia,
go
ahead.
B
B
Okay.
First,
let's
take
a
look
at
today's
agenda.
Since
the
Gateway
Pi
is
the
successor,
the
Ingress
API
will
be
briefly
introducing
the
Ingress
API
as
a
first
step,
then
we'll
discuss
the
get
API
its
model
and
the
main
resources
to
use
for
creating
an
effective
Gateway
API
configuration
last
we'll
have
a
live
demon
with
a
couple
of
slides
that
will
help
us
to
understand
the
configuration.
B
I
bet
many
of
you
already
know
the
Ingress
API
and
might
have
been
using
it
for
many
years,
but
regardless,
let's
introduce
the
API
the
wise
pros
and
cons
and
see
why
the
get
API
has
been
designed
and
developed
in
the
next
generation
of
Ingress
API.
So
what
does
the
Ingress
API
aim
for?
The
main
target
of
this
API
is
to
expose
Services
outside
the
cluster
boundaries
without
using
a
public
IP
for
every
single
service.
B
Indeed,
the
Ingress
API
is
G
is
GA
and
sheet
in
the
set
of
standard
apis
of
kubernetes.
Of
course,
it
is
not
only.
It
is
the
the
Ingress
API
is
only
an
API.
Therefore,
it
needs
an
Ingress
API
implementation
to
be
able
to
exploit
the
API
and
the
whole
feature
set.
An
example
of
implementation
is
the
engineic
synchronous
controller,
which
likely
is
the
most
adopted
implementation
here
at
con.
B
B
As
we
said,
the
Gateway
API
is
the
next
generation
of
kubernetes
routing
and
load
balancing
apis
and
is
in
beta
since
July
2022
as
the
Ingress
API
needs
an
Ingress
implementation.
The
Gateway
API
needs
a
Gateway
implementation.
Our
previously
mentioned
Kong
kubernetes
fingers
controller
has
been
improved
to
deal
with
the
Gateway
API
as
well,
so
that
it
is
able
to
reconcile
events,
resources
and
Gateway
resources.
At
the
same
time,
the
feature
set
of
the
Gateway
API.
B
The
spiritual
set
of
the
get
API
includes
TLS
configuration
as
the
Ingress
API
did
HTTP
Imaging,
which
can
be
of
different
types,
such
as
black
matching
header,
matching,
Midfield,
matching
and
query
parameters
matching,
and
then
we
have
a
couple
of
features
that
are
bound
together.
Let's
say
they
are
related
to
somehow,
which
is
the
possibility
to
reference
tab
resources
from
other
resources
living
in
different
name
spaces.
So
basically,
we
have
a
native
mechanism
to
Grant
cross
namespace
references.
B
In
this
way
we
can
do
Crossing
space
resource,
binding
and
traffic
forward.
Then
we
have
the
possibility
to
set
HTTP
filters
to
change
the
request
and
the
response.
The
request
of
the
response.
For
example,
we
have
the
requests
that
are
modifier
and
the
response
at
the
modifier
and
other
filters.
B
The
request
Adder
modifier
and
there
is
also
the
modifier-
are
intended
to
be
used
to
patch
the
set
of
headers
to
use
for
the
request
or
the
response
and
the
last
the
possibility
to
set
weights
on
the
routes
to
perform
a
weight
based
load
balance,
and
since
the
API
is
in
Vista
since
July
2022,
many
other
features
are
under
implementation
and
yeah.
There
is
still
a
lot
of
work
to
do
to
get
GA
and
but
the
the
rod
is.
Is
there
is
a
good
one
again?
B
B
B
The
infrastructure
provided
is
the
top
layer
and
is
the
person
responsible
for
defining
Gateway
class
and
managing
the
Gateway
construction.
He
basically
takes
care
of
the
user
Gateway
API
implementation.
The
cluster
provider
is
the
responsible
for
administrating
the
shared
network
infrastructure
to
be
used
by
many
different
and
non-coordinate
teams.
B
Even
if
we
only
talked
about
the
HTTP
route,
there
is
a
bunch
of
other
routes
that
can
be
used.
Every
route
is
supposed
to
use
a
different
protocol
and
defines
a
different
set
of
features.
The
get
API
defines
HTTP,
grpc,
DLS,
sdp
and
udprouts.
So,
as
you
can
see,
both
L7
and
L4
routes
are
available.
Last,
the
user
can
Define
their
own
routes
using
custom
protocols
to
implement
custom
behaviors.
B
Now,
let's
have
a
deeper
look.
The
main
gateway,
API
resources,
the
first
one
as
we
saw,
is
the
Gateway.
The
Gateway
class
is
a
fairly
simple
results.
First
of
all,
it
is
cluster-wide
cluster-wide
resource
which
is
quite
important,
and
the
main
field
of
the
Gateway
class
is
the
controller
line.
Every
Gateway
references,
I
get
a
class,
and
only
the
gateways
using
a
specific
Gateway
classroom
are
recall,
styled
by
the
controller
matching
the
controller
name
field
of
the
Gateway
class.
In
this
way
we
can
have
some
gateways
reconciled
by
the
Congo
Ingress
controller.
B
For
example,
Instagram
address
by
Contour,
which
is
another
implementation,
is
meant
to
be
used
for
enriching
the
configuration
of
the
gateways
using
this
specific
Gateway
class,
one
can
specify
group,
which
is
this
one
time
and
the
name
of
a
resource
containing
additional
configuration
indicator
case,
for
example,
which
is
a
project
we
will
be
talking
about
in
a
few
minutes.
The
results
is
named,
Gateway
configuration.
B
B
As
we
said
for
the
GE
class,
every
Gateway
needs
to
reference
a
Gateway
Cloud
through
the
Gateway
class
name
field.
Then
we
have
the
listeners
field
where
we
can
specify
the
listeners
to
the
protocol
and
the
forward
and,
as
we
will
see
in
a
second,
the
listeners
will
be
used
by
the
routes
to
wire
the
internal
services.
In
the
data
plane.
B
The
listeners
can
be
seen
as
a
representation
of
the
access
points
to
the
internal
part
of
the
cluster
from
the
outside,
as
we
saw
before,
the
HTTP
is
the
result
to
be
used
when
pulling
wires
between
the
listener
of
a
Gateway
and
the
service.
The
first
notable
field
in
this
resources
pack
is
the
paragraph.
This
field
is
the
least
of
the
gateways
the
HTTP
route
wants
to
connect
to.
They
can
live
in
different
name
spaces,
but
in
this
case
we
need
an
additional
Resource.
B
As
we've
seen
I
mean,
then
we
have
a
set
of
major
rules.
The
matching
can
be
of
different
types,
but
header
method,
method
and
query
parameters.
Each
of
them
has
a
different
subset
of
parameters.
As
you
can
see.
In
the
example,
we
are
setting
a
path
matching
of
tab
of
type
prefix.
That
means
that
all
the
paths
having
slash
alone
as
prefix
match
this
rule.
B
B
The
GIF
API
needs
an
additional
resource
to
allow
this
cross
name
space
reference,
and
this
is
the
result
here-
is
the
reference
ground,
which
is
a
result
that
aids
at
granting
cross
name
space
preferences
and
the
results
of
this
example
lives
in
the
name
space
named
namespace
and
allows
references
from
the
HTTP
routes
in
namespace
1
to
the
service
named
hello
service
living
in
namespace
2..
Without
such
an
explicit
rank,
the
configuration
wouldn't
work,
and
it
would
result
in
an
error
when
trying
to
Route
traffic
to
the
service
living
in
the
other
namespace.
B
C
B
Let's
start
with
with
the
team.
C
B
B
Sorry,
okay,
is
a
project
baked
upcon,
it's
a
project
in
a
tech
preview
state.
So
it's
not
production
ready.
Yet
it's
kind
of
a
kind
of
a
new
project
that
is
getting
traction
and
it
is
quite
quite
focused
on
the
gate.
Api
field
negative
operator
basically
is
a
component.
It's
a
project
that
allows
to
reconcile
Gateway
resources
and
to
create
control
play
and
data
plane
instances
out
of
the
out
of
the
gateways.
So
we
will
be
using
this
operator
to
create
our
Gateway
API
configuration.
B
B
A
C
B
And
two
different
workload,
two
different
deployments,
the
first
one
is
called
Bob
and
the
second
one
is
called
Alice
and
both
of
them
have
the
same
container,
which
is
this
one,
which
is
a
fairly
simple
program
that
just
it
is
just
an
HTTP
server
that
returns
their
current
time.
Okay,
so
Bob
and
Alice
has
the
the
same
container
running
and
they
are
exposed
to
two
different
Services
cluster
IP
Services,
the
Bob
star
Vista
and
the
Alice
service,
both
in
a
namespace
b.
So
let's
create
these
resources
here.
C
B
Okay,
I,
don't
know
what
was
happening:
okay,
I
just
created
Bob
and
Alice
workloads,
and
we
can
see
that
we
have
our
namespace
named
demo,
which
is
11
seconds
all,
and
we
can
watch
to
all
the
plots
and
services
in
such
a
namespace.
B
So
we
have
Alice
and
Bob
and
Alice.
The
early
sport
is
exposed
by
the
service
analyst
and
Bob
the
Same
by
the
service
bar,
and
so
we
just
want
to
verify
that
all
of
them
with
both
Alice
and
Bob
are
doing
what
we
want
them
to
do.
So
we
just
want
to
pick
them
and
we
want
to
get
back
the
current
time
right.
So,
let's
open
a
stream
for
the
alices
logs,
okay
and
let's
do
the
same
for
Bob.
B
These
the
services
are
cluster
AP
and
there
is
no
externality.
There
is
no
load
balancer
allocated
for
these
two
Services.
We
have
no
means
of
us
of
accessing
the
deployments
from
outside
the
cluster
right,
so
we
just
need
to
port
forward
the
traffic
for
Alice
on
port
8080
of
my
local
machine.
So
if
I,
curl
Alice
so
by
current
local
laws
and
8080
I,
see
that
I'm
talking
to
Alice
in
fact,
the
same
with
Bob.
B
B
We
only
have
a
field
related
to
the
control,
plane,
deployment
options
and
basically
we
want
to
say
that
okay
I
want
all
all
the
Gateway
apis
configured
in
the
in
the
control
plane
and
to
do
so,
we
just
need
to
enable
the
feature
Gates,
the
related
feature
Gates,
and
to
set
the
Gateway
Alpha
to
true.
B
B
Such
Zeus
here,
okay-
and
here
you
can
look
at
the
beginning.
We
can
see
that
it
is
not
ready
yet
because
it's
under
provisioning,
but
if
we
look
for
other
resources,
such
as
the
control
plane
and
the
data
plane,
which
are
the
resources
that
I
showed
before,
which
are
crd
shipped
by
the
Gateway
operator,
we
can
see
that
we
have
one
data
play
and
one
control
plane.
The
data
plane
is
already
ready,
but
the
control
plane
is
still
under
provisioning.
B
So
most
likely
we
just
need
to
wait
for
a
little
bit
because
before
having
it
ready
in
the
meantime,
we
can
take
a
look
at
how
the
get
operator
works.
Okay,
so
here
is
our
scenario.
We
have
the
Kong
Gateway
operator.
We
have
the
Gateway
that
we
just
created
and
the
congest
operator
reconcile
the
Gateway
and
created
the
contrary
and
the
data
plane
instances,
but
what
the
copy
plane
and
the
data
plane
are.
B
The
control
plane
is
an
instance
of
the
Kong
Ingress
controller
that,
as
we
saw
before,
as
we
saw
before
in
the
it's
it's
a
component
that
is
natively
compatible
with
both
the
increase
API
and
the
Gateway
API,
and
the
data
plane
is
the
API
Gateway
shipped
by
code.
It's
basically
the
main
product
by
come
from,
which
is
the
current
process.
B
Let's
look
okay
once
the
control
plane
is
provisional
and
ready
and
the
data
plane
the
same.
So
if
we
look
at
the
box
in
the
demon
namespace,
we
have
one
control
plane,
one
data
plane.
Both
of
them
are
ready.
So
two
different
parts,
and
if
we
look
for
the
Services,
we
can
see
that
a
couple
of
services
have
been
created.
B
The
first
one
is
an
address
service
needed
by
the
control
plane
to
talk
to
the
data
plane,
but
we
don't
care
about
it
and
the
second
one
is
the
one
that
has
interest
for
us.
The
data
plane
proxy,
which
is
the
load
balancer
service
with
an
external
IPS
sign.
So
we
can
talk
through
this
data
play
the
API
Gateway
to
Kong
to
have
our
traffic
routed
according
to
our
configuration.
B
Okay,
so
we
have
the
Gateway,
we
have
the
workloads
we
have
Alice
and
Bob
in
place.
We
just
need
an
HTTP
Cloud,
because
we
need
to
wire
our
listener.
Our
Gateway
listener
to
the
final
destination
to
the
service
to
the
internal
service.
So
here
is
the
HTTP
route.
The
the
HTTP
route
defines
Kong
Aspire
address,
Kong
is
our
gated,
so
it
will
be
attached
to
our
Gateway
and
it
defines
also
a
set
of
rules.
B
So
basically
we
want
to
match
the
path,
slash
Eco
for
both
the
rules,
and
we
want
to
match
the
header
person
named
Bob
for
this
Rule
and
then
other
person
with
value,
at
least
for
this
other
rule
and
as
the
back
and
rest
so
which
service
to
redirect
our
traffic
we
have
set
both
for
our
first
rule
and
Alice
for
our
first
rule.
B
So
what
we
are
expecting
is
that
when
we
try
to
hit
when
we
hit
the
heat,
our
data
plane
on
slash
liquid
with
this
header
set,
the
traffic
will
be
forwarded
to
Bob
or
to
at
least
depending
on
the
on
the
value
of
the
header.
B
So
sorry-
and
there
is
this
third
rule
which
we
don't
care
about,
yet
we
will
get
back
to
it
in
a
in
a
few
minutes.
So,
let's
sorry,
let's
apply
our.
B
Route-
okay,
you
just
created
the
the
here
out,
so
we
have
our
load
balancer
service,
which
is
reachable
at
172
18,
1
1.
So
if
we
curl
look
a
lot
172
18,
1
1,
slash
eco,
we
won't
be
eating
anything
because
I
didn't
set
the
header,
but
I
just
wanted
to
show
you
the
default
message
that
the
data
plane
Kong
is
getting
back
is
giving
back
the
when
there
is
no
route
defined
for
the
for
the
destination
requested.
B
B
Or
both
okay
and
okay.
So
now
we
are
hitting
a
list
on
slash
Eco
by
setting
the
header
person
to
Paris,
and
if
we
do
the
same
with
the
header
person
set,
the
bar,
you
can
see
that
we
are
hitting
Bob
as
well,
so
we
just
managed
to
expose
our
internal
services
to
different
Services
outside
the
cluster
boundaries
by
using
a
Gateway
reconciled
by
the
Gateway
operator
and
an
HTTP
route
reconciled
by
the
control
plane
component
of
the
Gateway
operator,
which
is
the
Kong
kubernetes
control.
B
Now
I
will
get
back
to
our
HTTP
route
to
the
third
row,
and
this
is
the
rule
and
the
rule
is
quite
similar
to
the
previous
ones,
because
we
want
to
still
match
flash
Hiccup
and
the
path
with
the
other
persons
that
project.
So
this
is
another
person,
but
in
this
case
we
have
two
different
backend
references.
B
The
first
one
is
Jack
one.
The
second
one
is
jet2:
all
of
them
live
in
a
different
name
space,
which
is
demo
2,
because
all
our
components
now
are
living
in
namespace
demo,
but
we
want
to
hit
who
live
in
namespace
demo2,
and
we
want
to
set
also
away.
So
we
want
to
have
load
balancing
between
check
one
and
jack2,
and
we
want
to
balance
our
traffic
according
to
the
ways
that
I
just
specified
here.
B
So
one
over
three
requests
roughly
will
be
sent
to
J2
and
2
over
3
requests
roughly
again
will
be
sent
to
Jaquan,
so
the
HTTP
route
has
been
already
created,
because
this
is
if
every
this
configuration
is
in
the
same
Institute
route
I've
already
been
creating,
but
we
need
to
create
Jack
one
and
just
two,
because
we
don't
have
such
a
workload
yet
in
in
our
in
our
class.
So
we
have
another
namespace
named
demo,
2.
B
B
B
Okay
and
now
we
can,
we
will
just
we
just
want
to.
We
just
want
to
check
that
our
HTTP
route
works
as
expected.
So
we
would
just
want
to
check
that
from
outside
the
cluster.
We
are
able
to
talk
to
Jaquan
and
talk
to
jack2.
B
B
Workloads
leading
in
a
different
namespace
in
the
namespace,
which
is
different
than
the
the
namespace
in
which
the
Gateway
and
the
HTTP
route
leads.
So
basically
we
want
to
cross
the
borders
of
the
namespaces
by
using
the
HTTP
route
and
the
gate,
and
this
is
not
allowed
by
default.
There
is
a
proper
results
to
allow
such
a
behavior,
which
is
the
reference
grind
that
we
mentioned
before,
and
here
there
is
here
is
the
reference
Trend
that
we
want
to
use
is
called
enable
jet.
B
B
Then
we
are
expected
to
see
the
all
thing
working
just
by
deploying
the
reference.
Then
here
we
are
the
reference.
Grant
has
been
created,
and
now
we
are
expected
to
hit
either
Jaquan
or
objective
by
curling,
the
endpoint,
and
here
we
are.
We
have
just
hit
Jaquan
a
couple
of
times
now,
since
we
have
set
our
balancing
configurations.
B
So,
at
the
top
of
waves
on
check
one
engine,
two,
we
expect
to
see
some
wrapping
flowing
toward
object,
2
and
some
traffic
flowing
to
project
one
right
so
to
verify
this
behavior,
let's
just
that
watch
on
this
curve,
so
that
we
can
perform
the
same
curl
every
second,
some
second-
and
here
you
can
see
that
we
are
hitting
sometimes
Jack
one,
and
sometimes
you
have
to
roughly
the
the
proportion
should
be
one
over
three
requests
should
be
sent
to
object,
2
and
2
over
3
equals
should
be
sent
to
Japan.
B
So
here
is
the
configuration
which
is
completed.
We
have
exposed
our
workloads
outside
the
cluster
boundaries
by
using
the
Gateway
API
and
we
have
performed
some
kind
of
matching,
so
we
have
performed
the
path
matching
and
the
header
matching,
and
we
also
know
how
to
set
up
the
weights
on
different
routes
to
perform
load,
balancing
and
Crossing
space
preferences
by
using
the
reference
graph.
So
the
demo
is
over
I
would
like
to
before
before
getting
to
the
questions.
I
just
would
like
to
highlight
here.
B
The
some
pointers
here
is
the
GitHub
link
to
the
Gateway
API
here.
Here
is
our
our
link
to
the
Gateway
operator,
which
is
this
website,
and
the
third
one
is
the
kubernetes
singles
controller.
So
basically,
this
is
the
control
plane
that
we
have
been
using
in
our
demon.
B
I
just
would
like
to
say
a
few
words
about
the
Gateway
API.
The
get
API
is,
of
course,
is
a
is
a
kubernetes
project.
It's
an
open,
shoe
completely
open
Suite
project
and,
as
we
saw
it's
in
beta
since
the
summer
2012
since
July
2022,
but
the
there
is
this
Milestone
there
is
the
road
map
to
get
into
GA
before
North
America
2023,
it's
not
guaranteed
yet,
but
there
is
a
milestone.
There
is
a
roadmap
and
a
lot
of
people
are
working
on
it
and
so
yeah.
B
A
B
I'm
not
sure
I'm
getting
the
question
honestly.
The
guest
API
is
the
the
API
as
I
said,
and
the
Kong
English
controller
is
the
implementation
of
the
gate.
Api.
So
basically
remember
the
our
our
Kong
Ingress
controller
is
able
to
reconcile
the
get
API
and
the
get
API
as
I
said,
is
I,
don't
know
what
you
mean
when
you
say
when,
but
I
guess
API
is
in
beta
right
now,
and
the
echo
kubernetes
Ingress
controller
is
confirmed
with
the
data
implementation
of
the
get
API
element.
B
B
Yes,
you
can
use
the
Gateway
across
the
cluster
so
that
the
resulting
in
chapter
one
are
picked
up
by
Kong
in
cluster
2..
Yes,
you
can
do
that
by
well,
not
not
in
a
native
way
Kong
and
the
Covenant
strong
Ingress
controller
are
not
a
multi-class
implementation
at
the
moment.
B
But
let's
say
that
if
you
deal
a
bit
with
the
with
the
API,
if
you
handle
a
bit
the
endpoints
and
you
can
create
a
configuration
where
you
have
one
Gateway
in
one
cluster
and
the
endpoint
in
the
back
ends
in
another
cluster,
and
you
can
manipulate
the
endpoints
to
redirect
all
the
traffic
towards
the
convenience
in
the
in
a
second
class.
B
B
What
does
the
two
items
in
data
plane?
This
specifically
you
proxy,
does?
Is
the
proxy
Hamlet
and
what
does
proxy
service
do?
Okay,
let's
get
back
to
the
terminal.
We
have
the
these
two
components.
Okay,
maybe
you
were
talking
about
the
slide.
The
slide
here
is
the
Conch
proxy
and
the
process
service.
The
con
proxy
is
the
workload
basically
so
is.
The
data
plane
instance
is
the
deployment
of
Kong
that
performs
the
routing
and
in
advance.
The
proxy
service
is
the
load
balance
of
service
that
sorry
that
exposes
the
the
data
plane
instance.
B
Other
than
Congo
what
other
implementations
of
the
kubernetes
Gateway
API
are
there
well
it's.
There
is
a
big
number
of
implementations
at
the
moment
with
almost
have
20
implementations,
something
like
that,
and
it
is
getting
a
lot
of
attractions.
Many
different
companies
are
working
on
their
implementation.
B
Does
get
API
support,
Port
based
routing
as
well?
Yes,
it
supports
Port
based
routing,
it
does
I'm,
not
sure
if
it
is
the
Accord
picture
or
an
extended
picture
at
the
moment.
I
should
look
at
the
specification
of
the
API,
but
yeah.
B
How
is
this
different
from
istio
Gateway
API?
Well,
this
is
the
Gateway
API
is
is
an
API
okay.
So,
basically
there
are
many
different
implementations,
but
the
implementations
must
be
sticking
to
the
Gap
API
definition.
B
B
They
should
be
kind
of
safe
because
there
is
no
magic
Source
I
mean
there
is
just
the
there's
just
there's
just
the
fact
that
every
implementation
must
stick
to
the
definition
of
the
API.
There
is
some
differences
between
the
Kong
English
controller,
which
is
kind
of
the
day
of
the
Easter
Gateway
API
implementation
and
the
Gateway
operator,
which
is
another
project
at
a
at.
B
What
is
the
use
case
of
this
project
in
what
situation
could
be?
Could
it
be
implemented?
Well,
the
the
the
use
case
could
be,
as
we
saw
in
the
in
the
presentation
to
expose
Services
outside
the
classroom.
What
the
gate
operator
will
help
us
to
do
is
to
do
it
in
a
managed
and
very
easy
way.
The.
B
Without
dealing
with
charts,
complex
configurations
of
the
of
the
kubernetes
English
controller
and
the
API
Gateway,
you
just
deploy
a
CR
in
this
case
a
Gateway
or
you
can
just
deploy
a
control
plane
or
a
data
plane,
and
the
gate
operator
will
instantiate
the
counter
play
in
the
data
in
the
next
iterations
of
the
Gateway
counter
play.
B
Oh
sorry,
the
Gateway
operator
we
will
be
adding
some
features,
such
as,
for
example,
the
possibility
to
horizontally
scale
the
data
plane
so
that
you
can
have
many
different
data
planes
when
you
have
tons
and
tons
of
different
HTTP
routes
and
many
different
back-end
services.
So
it
is
possible
to
perform
scaling
on
the
data
plane
to
to
to
to
deal
with
huge
amount
of
traffic.
B
Could
you
explain
again
the
way
through
yeah
yeah?
Let's
go,
let's
get
here,
the
get
the
the
wait.
Sorry,
the
weight
is
the
is
the
the
way
indeed
of
the
of
this
portion
of
the
of
the
of
the
routes.
So
for
this
rule
specifically,
we
have
that
we
want
to
match
this
part
of
the
specification
and
we
want
to
get.
B
We
want
to
split
the
amount
of
traffic
between
check
one
and
two,
but
we
don't
want
to
send
all
the
traffic
to
Japan
or
all
the
traffic
to
the
two,
but
we
want
to
send
a
certain
amount
forward.
The
same
amount
of
traffic
project,
one
which
is
true
in
this
case
and
the
certain
amount
of
traffic
to
jet2,
which
is
one
how
one
and
two
have
to
be
interpreted,
is
that
two
is
the
number
of
requests
that
have
to
be
forwarded
to
check
one
every
the
sum
of
two
and
one.
B
So
just
to
sum
up,
we
have
two
over
three
requests
and
to
check
one
and
one
of
the
three
requests
sent
to
Egypt.
So
you,
basically
you
do
the
the
sum
between
one
and
two
and
one
over
three.
You
check
one
two
over
three
sorry,
one
over
two,
two
over
three
two
one
I
hope
it
was
clear.
B
How
is
this
different
to
the
Angelic
singers
controller?
Well,
when
speaking
about
the
engineers
controller,
again,
they
are
just
implementations.
So.
B
The
ingenious
Ingress
controller
is
an
implementation
of
the
English
API,
and
the
common
kubernetes
Ingress
controller
is
an
implementation
of
the
Ingress
API
and
both
of
them
allow
you
to
use
the
gingers
API
to
expose
applications
and
to
perform
the
kind
of
load,
balancing
and
matching
rules
that
the
Ingress
API
defines
and
allow
to
Define
when
it
comes
to
the
get
API,
because
engine
X
has,
as
far
as
I
remember,
has
its
own
Gateway
API
implementation
and
called
as
its
own
implementation
of
Digit
API.
Again,
they
are
just
implementations.
B
So
since
they
are
performant
implementers,
they
should
do
basically
the
same
basic
operations.
B
If
I
want
to
implement
authentication,
then
how
we
can
configure
it
in
engagement,
yes,
there
is
in
Gateway.
There
is
the
possibility
to
set
to
configure
the
TLs
configuration.
I
didn't
write
it
here,
yeah,
but
it's
part
of
the
of
the
listeners
field.
So
here
you
have
the
possibility
to
set
the
TLs
configuration.
You
have
the
possibility
to
to
set
the
TLs
mode,
for
example,
pass
through
or
terminate,
and
you
have
the
possibility
to
set
the
TLs
secret
to
use
for
authentication
and
and
encryption.
B
B
Okay,
so
if
I'm
getting
correctly
the
question
you
are
saying,
let's
say
that
I
have
a
match
or
slash
and
a
match
or
slash
something.
B
If
this
is
the
case,
there
are
two
different
three
actually
different
ways
of
perform:
part
matching
which
are
exactly
exact
path,
matching
practice
and
write
games.
So
if
you
are
setting
a
exact,
only
slash
will
be
matching
flash
only
slash
hello
will
be
matching
selection
on
the
on
the
practice
match.
B
This
is
a
an
implementation
detail
that
should
be
verified
in
the
API
Gateway,
because
in
the
data
plane
this
is
kind
of
a
corner
situation,
I'm,
not
sure
we
should.
We
should
try,
we
should
test
it.
But,
of
course,
if
you
have
flash
and
flash
hello
with
prefix
path,
matching
slasher
law
will
hit
plot
slash,
so
yeah
I'm
not
sure
about
how
the
API
Gateway
will
behave
in
such
a
corner
scenario.
B
Is
there
a
dashboard
to
visualize
the
confirmation
Services
the
proper
plan?
No,
there
is
no
dashboard
to
see
it
and
as
as
far
as
they
know,
there
is
no
plan
to
create
such
a
such
a
dashboard.
Such
a.
B
B
Okay,
the
reference
Grant
allows
you
to
allows
you
to
cross
the
namespace
boundaries
when
referencing
an
HTTP
route
when
referencing
so
a
Gateway
from
a
HTTP
route,
leaving
a
different
name
spaces
and
the
same
between
HTTP
route
as
services
in
different
namespaces
and
the
the
check
is
performed
by
the
con
kubernetes
instrument.
So
if
this
condition
is
not
satisfied,
the
rules
are
not
pushed
to
the
data
plane.
B
So
it
is
not
possible
to
see
our
traffic
routed
toward
the
Final
Destination,
because
the
concubinative
singers
controller
doesn't
doesn't
convert
the
route
to
the
proper
set
of
rules
to
the
for
the
data
plane,
because
there
is
no
other
condition
for
the
reference
Grant,
and
so
the
reference
Grant
allows
you
to
break
the
boundaries
between
HTTP
route
and
service
and
HTTP
route
and
get
do
you
have
buggy
slot
behind
you?
Yes,
they
are
good
strength.
B
B
I'm
not
sure
what
you
mean
by
this
synchronously.
A
Yeah
I
think
there
is
one
or
two
more
in
the
chat:
okay
yeah
by
Timothy
and
diona.
B
Why
does
the
data
plane
admin
class,
the
AP
service,
have
no
clusterity?
Yes,
it
has
no
necessarily
because
it
is
headless
service.
So,
basically,
if
we
we
can
look
at
it
live
service
data
plane.
B
Okay,
you
can
see
that
it
has
a
cluster
APS
set
to
none
that
it
means
that
no
endpoints
are
created
for
this
service.
So
basically
the
you
can
you
can
just
Route
traffic
to
the
to
the
files
to
the
to
the
Pod
referencing
these
service
by
using
the
full
name,
but
there
is
no
endpoint
provided
by
the
kubernetes
controller
manager
by
the
foreign.
B
B
Is
the
call
Gateway
a
load?
Balancer
example:
can
you
have
two
instances
object
one
and
distribute
traffic
to
each
based
on
balancing
rules?
Yes,
it
is,
it
is,
and
this
is
what
we
just
did.
I
mean
I
had
two
different
instances
of
of
Jack
and
it
was
possible
to
to
perform
load
balancing
between
those
two
instances.
So
yesterday.
C
C
B
Yeah
I
understand
Kong
uses
a
database
for
lookups.
What
performance
impact
is
there
and
what
use
cases
are
appropriate
because
of
this
EG?
Are
there
studies
and
performance
metrics?
That
can
tell
me
what
is
the
performance
impact
I
can
expect
from
around
groups,
but
actually
the
call
has
two
different
modes:
the
there
is
the
DB
mod
and
dblasma
DB
mode
is
kind
of
the
the
legacy
mode
and
DPS
mode
is
the
newer
mode
of
working
of
Kong.
B
So
for
this
demo
we
just
used
Kong
in
dbls
mod
and
the
concrete
operator
only
works
with
Kong
in
DPS
mode.
So
there
is
no
database
or
lookups
in
this
scenario
in
this
video.
But
what
concerns
the
DB
mod
for
for
Kong
I'm,
not
sure
if
there
are
studies
out
there
for
my
feedback
to
studies
on
the
performance,
because
I
don't
work
in
the
team,
but
I
I,
guess
so,
and
I
think
that
they
consider
this
issue.
B
Not
related
to
the
get
API,
but
are
there
any
security
concerns
or
notable
changes,
switching
from
the
old
way
of
geek
and
proxy
on
the
same
pod
and
admin
API
only
usable
Interpol
to
the
separate
controlling
data
plane
and
the
Headless
admin
API
service?
Okay,
I,
guess
that
you
are
referring
to
the
new
version
of
Kik
2.9,
where
we
implemented
the
Gateway
Discovery,
and
so
no
there
are.
There
shouldn't,
be
any
security
concern
in
that
configuration,
and
we
also
provided
a
way
to
switch
between
the
old
way
and
the
new
way
and
yeah.
A
All
right,
I
think
we're
done
we're
a
little
bit
over
time.
Thank
you.
So
much
Matia
there's
a
lot
of
questions.
Thank
you
so
much
for
answering
all
of
them
and
thank
you
to
all
of
you
who
joined
us
today
who
asked
questions.
It
was
a
pleasure
having
you,
you
will
all
receive
a
recap:
email
with
the
recording
and
some
additional
resources.
We've
already
announced
our
next
tech
talk
for
the
next
month.
A
It
will
be
again
on
Kong
English
controller,
so
you
will
see
it
in
the
email
you
can
register
there
and
yeah
I
wish
you
all
good
evening
good
day
and
I
hope
to
see
you
next
month
at
our
next
tech.
Talk
goodbye
all.