►
From YouTube: TGI Kubernetes 148: Gateway APIs feat. Contour
Description
Come hang out with Josh Rosso (@joshrosso) and learn about the new Gateway APIs in Kubernetes. In learning about these APIs, we'll test out a new cut of Contour that implements a subset of them.
A
A
As
always,
if
it's
your
first
time
joining
us
for
tgik,
it's
kind
of
tradition,
if
you
feel
comfortable
to
say,
hey
in
chat
and
where
you're
logging
in
from,
but
what
we
typically
do
in
these
episodes,
is
we
go
through
some
topic
inside
of
kubernetes
land
and
we
just
kind
of
explore
it
together.
Sometimes
we
know
a
little
bit
about
the
topic,
but
most
commonly
like
today,
it's
new
to
us
as
well,
which
for
me
gateways
and
the
implementation
of
gateways,
is
completely
new.
So
I'm
really
looking
forward
to
learning
it
with
you
all
today.
A
So
thanks
for
joining
us,
as
always
steve,
we've
got
tim
joining
us
again:
hey
tim
elko
from
holland,
steve
yeah,
new
location,
I
I'm
still
in
boulder,
but
I'm
in
a
different
place,
just
moved
in.
That's
why
you
see
a
bunch
of
junk
behind
me,
but
I'm
slowly
slowly
getting
my
stuff
together
here!
Maddie
thanks
for
joining
us
maddie!
It's
great
to
see
you
youssef
great,
to
see
you
as
well
john
jay
great
to
see
you
again.
We
got
marcin
from
poland.
Welcome!
A
Welcome
kr
from
scotland,
philip
from
germany,
hey
phillip,
all
right
eric
says
it's
80
degrees
in
dfw.
Today,
yeah
we
had.
We
had
great
weather
in
colorado
the
last
couple
days.
It
was
like
70
degrees
almost,
but
we're
we're
due
for
some
snow
and
some
cold.
It's
been
it's
been
a
pretty
easy
winter
for
us
this
year.
So
I'm
sure
it's
I'm
sure
it's
coming
soon
ismail
great
to
have
you.
I
know
anzo
from
paris
great
to
see
you
smee
from
tunzia.
A
We've
got
leaf,
hey
how's
it
going
richard
from
austin,
hey
richard
irby
from
london
or
iroby,
hey
kasharov,
nice.
To
see
you
again!
No,
it's
not
a
box
of
climbing
gear,
that's
that's
in
a
different
room
and
that
room
is
way
more
messy.
So
I'd
be
embarrassed
to
show
you
all
that
all
right,
so
thanks
so
much
for
joining
us
today,
let's
get
into
the
news
for
the
week
as
usual,
you
can
find
this
at
tgik
dot,
io
forward,
slash
notes.
A
A
Kubernetes
1.221
will
be
built
with
go
1.16.1,
so
pretty
exciting
stuff.
I
don't
really
know
how
hard
or
easy
this
transition
was.
I
think
there
were
some
like
weird
bugs
and
stuff
that
it
brought
up
in
switching
the
go
versions,
but
at
least
to
116.
That
is,
but
I'm
glad
to
see
that
we're
we're
already
staying
on
top
of
of
the
newest
patch
release
in
golang,
the
specifically
the
security
update
that
they
put
out
and
go
116
is
great
right.
A
It's
got
a
some
new
features
in
it,
unlike
most
go
releases,
so
I'm
looking
forward
to
checking
those
out
is
116
is
where
they
put
in
the
the
static
file
stuff
right,
where
you
can
actually
like
build
with
static
files
just
out
of
standard
library.
I
can't
remember,
and
we've
got
generics
come
in
and
all
these
different
things
and
go.
So
it's
an
interesting
time
to
be
a
go
programmer,
pretty
cool
stuff.
Also,
there's
a
garbage
truck
pulling
up
right
now.
A
So
hopefully,
it's
not
too
loud
for
y'all,
okay,
so
go
is
being
built
with
116.
kubernetes
121
code
freeze
is
in
effect
this
week.
So
if
you
are
a
contributor
and
you're
working
on
kubernetes
stuff
do
note
that
code
freeze
is
coming
up
for
121,
pretty
exciting
stuff
all
right.
Additionally,
if
any
of
you
happen
to
work
in
like
some
sigs
or
some
larger
repos
in
the
kubernetes
ecosystem,
there
is
now
a
documentation
for
migrating
from
a
master
branch
to
a
main
branch.
A
It
talks
about
a
lot
of
the
different
stuff
that
you
can
do
from
like
a
proud
perspective,
make
sure
your
pr
volume's
low
all
these
different
kinds
of
things
a
lot
of
times
the
hardest
part
is
not
so
much
the
changing
of
the
name,
but
it's
all
the
tentacles.
We
have
in
our
projects
right
that
depend
and
reference
on
all
these
different
things.
A
So
it's
super
super
cool
to
see
that
some
work
has
been
done
to
lay
out
how
how
we
can
switch
over
from
a
kubernetes
perspective,
so
nikita
and
bob
thanks
so
much
for
putting
this
together
and
anyone
else
who
contributed
this
is.
This
is
really
really
great
stuff
peter
from
poland:
hey
cool,
sportiva
jacket!
Thank
you!
Yes,
yes,
I
I
I'm
always
rocking
sportiva
stuff.
For
some
reason,
cool
cool
dennis,
hey,
dennis
great,
to
see
you
too
thanks
for
joining
us
today.
A
All
right,
I
think.
That's
all
I've
got
for
the
core
news
right
now.
We
do
have
some
stuff
going
on
in
the
ecosystem.
So
if
you
are
interested,
the
tanzu
developer
portal
has
a
new
post
on
contour
that
talks
a
little
bit
about
ingress
and
beyond.
So
this
probably
goes
over
the
ingress
crds,
something
that
we'll
be
talking
a
little
bit
about
today.
A
I'm
guessing
this
post
is
not
as
bleeding
edge
as
tgik
is
so
today
we're
going
to
be
jumping
into
like
brand
new
apis
that
are
being
designed
and
talked
about
in
an
alpha
right.
But
if
you
do
want
like
a
a
more
structured
approach
to
contour,
rather
than
the
chaos
that
I'll
be
taking
you
all
through,
the
tonsil
developer
portal
has
a
has
a
guide
up
here
for
how
to
concretely
do
some
cool
routing
stuff
with
with
contour
and
its
apis,
all
right,
ooh
thanks.
A
Whoever
added
this
psp
deprecation
replacement
proposal
has
been
posted.
I
have
not
looked
at
this,
so
this
has
been
something
that
I
feel
like
we've
been
talking
about
forever
I
mean.
Can
you
all
remember
when
we
started
talking
about
psp
deprecation
and
then
we
like,
maybe
weren't,
going
to
deprecate
it,
but
then
we
probably
were
going
to
deprecate
it,
but
then
maybe
we
weren't
going
to
deprecate
it
well,
it
sounds
like
it's
actually
going
to
happen.
A
So
if
you
do
use
psps
in
your
cluster
do
take
a
look
at
what's
going
on
with
the
security
proposal,
I
got
to
do
my
homework
here
in
regards
to
how
we're
going
to
approach
pod
security
policy
like
functionality
going
forward.
So
really
looks
super
super
interesting.
I
think
my
biggest
hope
I
don't
know
about
y'all
going
into
psp
spaces.
A
A
How
we
approach
it.
You
know
a
lot
of
folks
have
been
plugging
in
gatekeeper
and
things
like
that
for
this
type
of
work,
but
even
that
can
have
some
some
problems.
Like
you
know,
gatekeeper
does
stuff
at
the
api
validation
layer
so
where
psps
could
do
deeper
resolution.
Like
an
example,
we
we've
run
into
before
in
tgik
is
like.
A
If
you
do
it
the
admission
control
layer-
and
you
don't
declare
what
what
user
is
going
to
run
your
pod,
then
it
could
fail
thinking,
you're,
assuming
you're
running
as
root,
but
in
reality
the
pod
might
default
or
container
might
default
to
run
as
a
different
user
right.
So
there's
always
kind
of
this
discrepancy
between
how
things
could
happen
at
that
layer
relative
to
like
the
conventional
psp
layer,
so
check
this
out
and
maybe
on
a
future
tgik
we'll
be
checking
out
some
some
interesting
stuff
regarding
psp
replacement.
A
That
would
make
that
would
make
a
really
interesting
episode,
I
think
so
steve
says
oppa
will
take
over.
That
seems
to
be
the
direction
for
sure
cool
all
right.
So,
let's
see
what
we
got
going
on
here.
We've
got
the
psp
deprecation
proposal,
thanks
whoever
grabbed
that
we
have
got
container
signing
verification
and
storage
in
an
oci
registry,
interesting,
let's
check
this
out,
cosign
cool,
all
right,
so
container,
signing
verification
and
storage
right.
This
has
been
something
that
has
been
a
hot
topic
for
a
lot
of
us
for
a
while.
A
I
feel
like
a
lot
of
times.
We
have
aspirations
to
do
kind
of
this
signing
in
validation,
but
it
oftentimes
kind
of
falls
to
the
side
in
our
backlog.
So
it
looks
like
cosine
is
a
project
that
is
doing
some
of
these
bits.
I
have
not
personally
looked
at
cosine,
I
don't
know
if
any
of
you
all
have
have
used
it
or
tried
it.
I'd
be
super
curious.
A
You
can
tell
us
in
chat
how
what
your
first
impressions
are,
but
it
looks
pretty
cool
at
a
high
level
looks
like
you
can
sign
and
then
push
that
up
to
a
container
registry.
So
a
consistent
way
to
do
this
would
be
really
really
nice.
You
know,
I
think
it's
something
that
we've
been
struggling
with
for
a
while,
so
cool
maddie
says
oppa
and
kant
kant
test.
Do
you
mean
conf
test
maddie,
I'm
guessing
so
conf
test
for
the
win?
I
love
conf
test
as
well.
It's
great.
We
did
do
it.
A
We
did
an
episode
on
oppa
and
some
contest
stuff
too.
Everyone,
if
you
haven't
checked
it
out
yet
so,
do
be
sure
to
check
it
out.
Kr
the
link
to
the
tgi
kate's
notes
is
tgik
dot,
io
forward,
slash
notes
if
you
want
to
check
them
out
or
add
anything
to
them,
feel
free,
steve
says:
cosign
is
epic
and
I've
been
messing
with
it
this
week?
Oh
that's!
A
brave
review,
steve
cool
so
I'll,
have
to
give
cosign
a
check.
A
Okay,
so
we've
looked
at
cosign
a
little
bit.
Istio
con
recordings
are
out,
I
didn't
even
know
there
was
an
istio
con,
I'm
so
sorry,
there's
so
many
cons
nowadays.
How
do
you
keep
track
of
all
them?
This
is
really
cool,
though
so
we've
obviously
covered
istio
and
other
service
meshes
inside
of
our
inside
of
tgik.
In
the
past
you
can
check
some
of
those
out,
but
it
looks
like
istio
khan
did
some
seemingly
really
interesting
episodes
so
be
sure
to
check
out
the
recordings.
A
Oh
very,
very
cool,
sketch
mash
enterprise
support
envoy
hears
you
when
istio
speaks
what
envoy
hears
when
istio
speaks.
That's
that's
pretty
cool.
This
would
be
an
interesting
thing
to
understand
right
when
the
control
plane
is
sending
out
signals
to
program
envoy,
I'm
guessing,
which
is
what
this
talk
is
about.
You
know
what
what
kind
of
signals
does
envoy
get
and
how
does
that
translate
into
eventual
configuration
or
an
envoys
case?
Probably
api
calls
right
so
very
cool
alex,
hey
josh.
Are
you
deploying
the
contour
operator
today?
A
I
might
be,
I'm
not
sure
I'll
see
I
might
do
the
contour
operator.
I
might
do
normal
contour
if
there's
anything
wrong
with
doing
the
contour
operator
alex.
Let
me
know
I
haven't
even
haven't
even
gotten
that
far
in
the
thought
process.
Yet
to
be
honest
with
you,
steve
says
he
calls
it
crd
con
yeah.
I
like
that
we
should
have
a
crd
con
and
it's
like
everyone
who
publishes
crds.
A
We
have
this
kind
of
universal
con
for
all
the
service
meshes
and
ingress
controllers
and
csi
drivers,
and
you
know
all
that
kind
of
stuff
eric
says,
should
be
called
you're
killing
me
smallscon.
That
would
work
too.
I
would
attend
eric
if
you
want
to
get
that
started
up
cool
kr,
you
said:
do
we
really
need
network
policies
when
we
have
istio
authorization
policies?
A
It's
a
really
good
question
kr!
It's
something
that
kind
of
happens
on.
I
guess
on
different
layers
in
a
way
like,
if
you
think
about
like
layer,
three
left
layer
for
network
policy,
some
folks
do
think
on
that
level.
It's
something
that
they
want
to
kind
of
enforce
at
the
cni
plug-in,
which
is
the
thing
actually
doing
like
the
pure
routing
of
packets
and
setting
up
routing
tables
and
all
that
kind
of
stuff,
but
it
is
fair
to
feel
somewhat
redundant.
A
When
you
look
at
some
of
the
approaches
you
can
do
with
like,
for
example,
even
just
mutual
tls
and
a
lot
of
these
service
meshes
right.
So
if
you
don't
have
mutual
tls
between
endpoint
and
end
point
b,
you
already
do
have
some
level
of
protection
between
communication,
but
it's
happening
kind
of
at
a
different
layer.
So
you
know
I
think,
of
that
kind
of
question,
as
almost
like,
a
networking,
slash,
defense,
in-depth
type
question
and
most
like
folks
that
I've
worked
with
with
kubernetes
at
large
scale.
A
It's
just
been
like
what
level
and
layers
do
we
need
to
protect
at,
and
sometimes
the
answer
is
both.
Sometimes
the
answer
is
just
one.
It
kind
of
depends
on
on
sort
of
like
what
you're,
after
as
far
as
as
far
as
policy
enforcement
goes,
but
it's
it's
an
awesome
question.
It's
it's
kind
of
a
hard
one
to
answer
all
right,
so
speaking
of
network
policies,
I
may
have
accidentally
pulled
this
down
when
I
was
editing
I
didn't
mean
to.
A
If
so,
let's
bring
this
one
up,
because
this
is
pretty
cool
fully
qualified
domain
name
network
policy
operator.
Let's
see,
josh
get
this
markdown
formatting
right
there
do
it
yeah,
okay,
cool!
There
is
a
fully
qualified
fqdn
network
policy
to
do
fully
qualified
domain
names
inside
of
network
policy.
A
I
don't
know
if
anyone
else
can
think
of
some
of
these
plugins
that
have
brought
like
their
own
crds
in
play
to
to
enforce
this
on
their
own
level.
Fqdn
looks
like
network
policy,
so
it
looks
like
it's
got
a
pretty
similar
format
and
I'm
guessing.
This
probably
deploys
as
a
controller
of
some
sort,
but
nonetheless
this
will
probably
give
some
level
of
more
network
more
native
network
policy.
That's
perhaps
not
tied
to
a
specific
cni
plug-in.
That's
at
least
what
my
my
first
take
is
kind
of
looking
like.
A
So
this
would
be
a
super
interesting
thing
to
incubate
and
then
maybe
make
it
first
class
inside
of
inside
of
the
the
kubernetes,
the
kubernetes
networking
components
right.
You
know
it's
it's
been.
It's
been
super
funny
to
kind
of
watch
the
progression
of
of
networking
network
policy
enforcement,
especially
as
some
of
the
cni
providers
are
bringing
out
replacements
for
cube
proxy
right,
we're
seeing
more
and
more
folks
do
things
like
this
at
like
a
level
of
ebpf
or
otherwise,
to
provide
a
more
fast
resolution
for
some
of
this
stuff.
A
So
it's
kind
of
like
we've
got
the
cni
providers
running
ahead
in
one
direction
with
their
own
policy
models,
then
we've
got
core
kubernetes
doing
its
its
thing
as
well,
and
I
wonder
if,
at
some
point
we'll
see
some
level
of
kind
of
more
universal
convergence.
In
fact,
what's
funny
about
this,
is
I'm
saying
it?
A
I
don't
know
much
about
gateway
api,
but
I
kind
of
feel
like
maybe
that's
a
bit
of
the
story
with
gateway
api,
where
we've
had
these
ingress
controllers,
solving
different
models,
we've
had
kubernetes
services
and
ingress,
and
you
know
its
limitations
and
so
on,
and
perhaps
this
is
an
extensible
way
for
us
to
start
thinking
about
how
we're
going
to
map
all
of
the
all
the
different
stuff
together.
So
all
right,
cool
all
right
ishmael
says,
as
I
remember,
there's
a
tool
which
creates
net
polls
based
on
istio
crds
yeah.
A
A
Sounds
good,
michael
says
what
is
kubernetes
and
michael.
I
have
absolutely
no
idea,
I'm
so
sorry,
but
we'll
try
to
figure
that
out
today.
Okay,
so
that's
about
it
for
the
news.
Oh
cool,
also
there's
a
demo
for
the
network
policy
working
group
that
you
can
check
out
on
youtube
for
network
policy
operator,
because
so
you
can
see
how
much
I
butchered
that
explanation
of
of
network
policy
and
and
take
it
from
there
so
cool.
I
think
we're
pretty
much
ready
to
get
started
everyone
so
bringing
it
all
back
here.
A
We
are
looking
at
gateway
apis
today,
specifically
looking
at
contours,
well
really
looking
at
gateway
apis,
but
using
contour
as
a
way
to
explore
and
analyze
these,
because,
like
most
apis
or
or
I
guess,
some
apis
right
network
policy
as
an
example,
network
policy
is
great,
but
without
a
cni
that
enforces
it
and
implements
it
right.
It
won't
actually
do
anything
so
same
with
these
gateway.
A
Apis
we're
going
to
be
exploring
them,
then
using
contour
as
a
thing
that
kind
of
executes
them,
hey,
abc
glad
to
see
you,
as
always
maddie,
says
anyone
actually
using
network
policies
in
production.
If
so,
how
do
you
manage
all
of
those
with
a
bunch
of
apps
curious
if
you
have
tools
that
automate?
That
that's
a
great
question
maddie.
It
can
get
pretty
chaotic
with
network
policy.
You
know
one
thing
that
I've
seen
quite
a
bit
as
as
a
model
not
saying
that
this
is
the
best
model.
A
Is
that
namespace
scope
network
policy
can
be
a
little
tricky
and
hard
to
manage
over
time,
especially
like.
If
you
have
some
default
rules
that
you
need
to
deny
on
and
then
poke
holes
in
every
individual
namespace
from
there.
One
thing
that's
helped
me
out.
A
lot
is
using
cni
providers
that
offer
a
cluster
scope.
A
Network
policy
has
been
really
really
helpful
so
that,
from
a
networking
layer
we
can
kind
of
set
the
baseline
of
denies,
be
it
like
completely
locked
down
or
otherwise,
and
then
enable
folks
to
poke
holes
in
each
namespace
to
open
up
the
pieces
that
they
need.
But
even
that
can
be
tricky
right,
because
if
you
just
give
everybody
the
ability
to
put
any
arbitrary
network
policy
in
their
own
namespace,
why
wouldn't
they
just
open
up
all
the
access
right?
So
a
lot
of
times?
A
That's
where
some
admission,
control
and
validation
has
to
kind
of
come
in
in
the
acceptance
chain
of
those
api
objects
as
they
get
submitted
to
clusters.
So
it's
a
tricky
question.
I'm
super
curious
to
see
how
other
people
solve
it.
Hey
chris
great
to
see
you
let's
climb
soon,
it's
it's
snowing
in
colorado,
so
it
can't
happen
out
here,
but
thanks
for
joining
us
today
and
hope,
the
new
gig
at
twilio
is
going
well
all
right
gateway
apis
with
contour.
A
Let's
do
this
thing,
so
we've
got
a
link
in
our
show
notes,
we're
actually
gonna
start
with
the
gateway,
api
docs
and
maybe
talk
a
little
bit
about
these
and
yeah
just
try
to
try
to
learn
a
little
bit
about
it.
Okay.
So
this
is
a
project
that
I
this
is
from.
What
little
I
know,
a
project
that
comes
from
the
sig
networking
community.
Its
goal
is
to
give
us
some
networking
apis
in
the
kubernetes
ecosystem.
A
Kind
of
like
we
were
talking
a
bit
about
with
network
policy
like
how
it
can
be
kind
of
complex
when
you
get
to
the
application
developer
level,
where
they
just
care
about
their
singular
route.
In
you
know
what
settings
and
configuration
should
kind
of
be
inherited
at
that
at
that
higher
level
right
and
chris,
I'm
not
going
to
ice
climb
with
you.
I'm
sorry.
It's
only
going
to
be
dry
rock,
but
I
appreciate
your
your
sentiment
with
the
with
the
ice
tools.
A
A
Okay,
so
first
things.
First,
it
looks
like
they
are
targeting
different
personas
inside
of
here,
so
infrastructure
providers
defining
a
gateway
class
which
is
interesting.
The
cluster
operator
defining
this
construct
called
a
gateway.
So
I
think
one
thing
we'll
want
to
figure
out
today
is:
what
exactly
is
the
relationship
between
gateway
class
and
gateway?
A
We've
got
kind
of
a
layout
here,
some
intuition
about
what
might
be
going
on.
Some
of
the
things
that
we're
talking
about
is
how
can
it
improve
on
the
current
standards
of
ingress,
so
more
expressive?
This
has
been
one
of
the
big
things
we've
hit
with
ingress.
Constantly
right
is:
how
do
we
make
something
that
can
be
more
expressive
in
things
we
want
to
do
at
layer,
seven
like
header,
based
matching
traffic
weighting,
other
capabilities.
A
If
you've
seen
a
tgik
before
where
I've
talked
about
ingrass,
you
might
be
familiar
with
my
work
on,
or
I've
talked
about
my
work
on
what
used
to
be
the
aws
alb
ingress
controller.
I
think
now
it's
just
like
the
aws
controller
back.
When
I
was
at
coreos,
we
built
this
out
using
and
it
satisfied
ingress
apis,
and
I
remember
the
first
thing
that
we
started
doing,
which
was
just
hideous,
is
because
the
api
wasn't
expressive
enough.
A
So
this
seems
like
something
that's
largely
gonna
solve
that
more
extensible
role
oriented
it
seems
like
this
is
probably
what
they're
getting
out
with
role
oriented
where
some
of
these
pieces
can
be
inherited
in
generic.
So
by
generic.
This
isn't
an
improvement,
but
rather
something
that
should
stay
the
same.
Just
as
ingress
is
universal
gateway.
Apis
are
designed
to
be
portable
to
many
implementations.
So
what
this
means
is
today
we're
going
to
look
at
contour,
but
in
theory,
with
the
spec
being
specified
by
sig
networking.
A
We
could
plug
in
traffic
or
any
one
of
the
other
ingress
controllers,
to
sort
of
satisfy
that
so
pretty
pretty
cool
stuff.
Okay,
I
think
we're
ready
to
try
to
get
started
and
play
around
with
this
a
little
bit.
So
one
of
the
first
things
I
was
wondering
is
kind
of
the
difference
between
the
gateway
class
and
gateway.
Maybe
we
could
take
a
quick
look
at
that
if
the
api
reference
tells
us
anything
all
right,
so
gateway
class
gateway
class
describes
a
class
of
gateways
available
to
the
user,
creating
the
gateway
resource.
Okay.
A
So
what
kind
of
stuff
do
we
have
inside?
The
gateway
class
looks
like
we
could
specify
a
controller
okay,
so
controller
is
a
domain
path.
That
indicates
the
controller
that
is
managing
the
gateway.
So
I'm
guessing
that
this
is
going
to
be
pointed
at
contour
in
our
case,
to
ensure
that
the
thing
satisfying
this
specific
gateway
class
is
an
instance
of
contour.
So
we
can
try
that
out.
A
Okay,
parameter,
ref
parameter
ref
is
a
reference
to
a
resource
that
contains
the
configuration
parameters
for
the
gateway
class.
Okay,
so
basically
the
the
configuration
that
we'll
be
putting
in
okay,
so
that's
gateway
class,
what's
going
on
with
gateway
gateway,
represents
an
instantiation
of
a
service
traffic
handling
infrastructure
by
binding
listeners
to
a
set
of
ip
addresses.
Okay,
so
this
probably
has
a
reference
to
the
gateway
class
somewhere.
It
looks
like
it's
going
to.
A
A
Okay,
so
it
looks
like
we
can
specify
gateway
addresses,
along
with
some
properties
of
the
listeners.
Specifically,
so
perhaps
ports-
and
you
know,
weather
ports
and
protocols-
I
guess
more
or
less
okay
and
then
there's
the
reference
to
the
gateway
class
name.
Interesting,
all
right
seems
pretty
good.
Let's
see
if
we
can
get
this
working
so
first
things.
First,
we've
probably
got
to
deploy
some
of
this
to
a
cluster,
so
I've
got
a
cluster
stood
up
here
with
some
junk.
I
was
testing
earlier
today,
but
pretty
standard
cluster.
A
This
is
just
running
on
one
of
my
my
hosts
inside
of
my
lab
at
home,
and
the
first
thing
I
think
we've
got
to
do
is
install
the
apis
because
remember
these
aren't
new
first
class
apis
and
kubernetes.
It
seems
the
approach
they're
taking
is
to
go
forward
with
crds
and
then
I'm
not
really
sure
how
kubernetes
does
it
nowadays
like?
Perhaps
these
will
come
like
first
class
supported,
crds
or
perhaps
there's
a
potential
they
could
end
up
in
core.
I
don't
really
know
how
some
of
that's
decided
nowadays,
but
but
something
like
that.
A
A
Let's
see
if
we
can
get
these
deployed
all
right,
so
we
will
just
do
a
quick
watch
here
forget
crds,
okay
and
then
I
will
go
ahead
and
apply
down
here
and
I've
been
practicing
hitting
ctrl
l
on
my
keyboard
to
clear
by
the
way,
so
you
all
might
not
have
to
watch
me
type
clear
and
incorrectly
like
20
times
in
this
episode.
I've
been
working
really
hard
on
that,
for
you
all
you're,
very
welcome,
okay.
What
do
we
got
going
on
here?
So
http
routes?
A
A
So
I
talked
to
some
of
the
contour
folks
and
I
think
I
caught
wind
that
specifically
http
routes
or
what's
working,
so
it's
probably
what
we'll?
What
we'll
check
out
today
steve
says
class
should
give
you
a
configuration
of
what
a
gateway
should
look
like
so
think
of
class,
as
your
lb
specific
configurations
got
it
so
like
internal
external
load,
balance
or
things
like
that
makes
sense.
Maddie
says
it's
super
cool,
hopefully
the
nginx
ingress
controller
won't
have
hundreds
of
annotations
in
the
future
yeah
fingers
crossed.
A
I,
oh
man.
We
we
packed
a
lot
of
things
in
annotations
in
the
early
days
of
kubernetes,
but
hey
it's
kind
of
all.
We
had
right,
I
mean
I
guess
we
could
have
done
like
a
config
map
or
something
but
too
complicated
too
complicated
anyways.
I
guess
a
config
map
would
be.
It
would
be
a
slightly
different,
slightly
different
use.
So
all
right
we've
got
those
installed
sample
gateway.
A
Once
you
have
the
crds
and
implementation
installed,
you're
ready
to
use
the
gateway
api
all
right,
so
it
looks
like
I
can
set
up
a
gateway
class,
a
gateway
and
an
http
route.
Now
steve
gave
me
a
little
guide,
that's
contour
specific
that
I
might
go
to,
but
I'll
tell
you
what
here's?
What
we'll
do
to
kind
of
take
it
step
by
step?
Let's
get!
Let's
get
the
contour
instance
installed.
A
So
we
know
that
that's
working
and
then
we'll
see
if
we
can
plug
some
of
these
bits
in
to
get
things
routing
into
it.
All
right
so
alex
had
mentioned
installing
the
contour
operator.
So
let's
go
ahead
and
check
that
out.
Github,
so
contour
operator
is
something
that
manages
instances
of
of
contour.
So
in
the
operator
model
this
should
enable
us
to
have
something
that
can
manage
the
life
cycle
of
contour,
but
a
lot
of
operators.
A
It
kind
of
gives
us
flexibility
through
crds
to
instantiate
instances
of
of
contour
right,
like
a
lot
of
you
have
probably
seen
the
prometheus
operator
where,
with
crds
we
can
instantiate
an
instance
of
prometheus
and
it
will
bootstrap
and
kind
of
life
cycle
manage
that
and
I'm
guessing
there's
a
similar
story
here
with
the
contour
one.
So,
let's
see,
if
we
can
do
this
here
and
I
think
steve
you
had
mentioned
that
there's
a
flag
that
I
need
to
use
is
the
contour
operator
gonna.
Let
me
put
that
flag
in
to
the
contour
instances.
A
I
don't
know
if
that'll
be
a
problem
or
not,
let's
go
ahead
and
let's
go
ahead
and
bring
this
down
real,
quick,
so
I'll
get
the
contour
operator
and
then
we'll
look
inside
here,
operator.yaml,
okay,
so
this
will
install
a
contour
operator.
As
expected,
steve
says
this
readme
should
work:
okay,
cool
cool,
alpha
namespace,
let's
see
what
we
got
going
on
here,
so
there's
the
crds
that
it's
going
to
bring
in.
A
Okay
and
just
custom
resources,
custom
resources
make
this
a
little
bit
smaller.
Here
we
go
okay,
so
to
do
all
right,
lots
and
lots
of
custom
resources.
We'll
get
past
these
real
quick
see.
If
I
can
find
anything
on
the
the
deployment
itself,
let's
see
kind
deployment
there
we
go
all
right,
so
we'll
be
deploying
contour
operator
and
then
again
remember.
This
is
not
the
instance
of
contour,
but
more
so
the
thing
that's
going
to
make
the
instances
of
contour
and
it
looks
like
it's
going
to
use.
A
Let's
see
here,
contour
operator,
envoy,
okay,
yeah,
let's
deploy
it,
I
don't
know
much
about
the
operator
so
we'll
check
it
out,
apply,
operator.yaml,
okay
and
we'll
get
all
that
deployed.
So
with
the
operator
in
place,
we'll
do
a
quick,
get
pods
see
what
we
got
here
and
it
looks
like
we've
got
a
contour
operator
being
instantiated
in
this
contour
operator
namespace.
So
it
looks
pretty
good.
Let's
watch
that
real
quick
and
we
are
now
running
okay,
cool
all
right,
so
we've
got
that
installed.
We've
got
the
crds
in
place,
okay.
A
Now
this
is
what
I
was
talking
about.
So
when
you
have
the
operators
instantiated,
you
typically
are
going
to
use
crds
to
create
instances
of
the
thing
so
contour
is
not
running.
The
contour
operator
is
running
to
get
the
instances
of
envoy
stood
up
and
then
the
controller
that
actually
translates.
You
know
these
apis
into
envoy
and
programs
them
we're
going
to
need
to
set
up
a
contour
custom
resource.
So,
let's
start
by
grabbing
one
of
those
real,
quick
and
we'll
we'll
check
it
out.
So
we've
got
this
here.
A
Okay,
and
this
will
be
committed
to
github
too.
If
anybody
wants
to
check
it
out
after
the
fact
looks,
looks
pretty
simple,
okay,
so
an
instance
of
contour.
It
looks
like
we're
not
doing
any
specific
configuration
in
the
crd
and
when
we
apply
this,
the
operator
should
see
it
and
then
create
our
instances
of
of
contour
from
there.
A
So,
let's
see,
if
we
can,
if
we
can
make
that
work
cool,
so
we
will
apply
contour,
yaml
great
and
then
let's
get
pods
here
again,
okay
got
a
little
bit
bigger
cool,
and
now
you
can
see
in
the
bottom,
we've
got
in
the
project.
Contour
namespace
some
new
instances
of
contour
being
created
all
right,
very,
very
cool
guami.
You
said
chris
nova.
When
are
you
back
on
tgik?
I
think
we
should
co-host
with
chris
as
soon
as
possible,
we'll
have
to
talk
joe
into
it.
That'd
be
really
fun.
A
Oh
chris
said
the
same
thing
below
yep,
we'll
have
to
talk
to
joe
and
get
chris
on
soon,
all
right
cool,
so
it
looks
like
we've
got
contour
running
in
this
case.
It
looks
like
these
top
two
are
probably
the
contour
controller,
which
is
again
going
to
be
looking
at
the
apis
and
then
eventually,
programming
envoy,
in
this
case,
to
get
the
traffic
routed
into
the
specific
workload.
A
All
right
all
seems
pretty
good,
so
yeah.
I
guess
we
could
test
with
ingrass,
maybe
real
quick,
just
to
make
sure
from
like
a
bare
bones
standpoint.
Things
are
working
before
we
switch
over
to
the
gateway
apis,
just
because,
if
something
goes
wrong
with
the
gateway,
apis
it'd
be
hard
to
know
if
things
work
in
the
more
normal
setup.
So
we'll
we'll
do
that
real,
quick,
we'll
just
do
a
quick,
quick
apply
of
this.
Okay,
put
it
in
place
oops.
A
I
do
not
want
you
in
my
way:
intellij,
okay,
cool
great,
so
we'll
do
a
cube,
cuddle
get
pods
and
we've
got
this
little
default
instance
that
is
supposedly
being
routed
to
let's
check
this
out.
It
probably
just
did
a
standard
ingress
object
in
this
case,
so
yeah
all
right.
So
these
are
the
typical
ingress
objects
that
we
have
with
kubernetes
stuff.
That's
going
to.
Let
us
define
layer,
seven
rules.
In
fact,
let's
just
let's
check
out
this
particular
one
real
quick.
A
So
this
is
that
with
o
yaml
and
we'll
do
a
quick,
less
okay.
So
if
we
look
inside
of
the
spec,
nothing
too
crazy,
we
say:
hey
here's!
The
back
end
service,
in
this
case,
it's
pointing
to
this
app.
Now
it's
pointing
to
the
service
name
and
as
we've
talked
about
before
in
tgik,
the
thing
to
know
is
like
it
uses
the
service
almost
like
as
a
map
lookup
or
or
just
I
guess,
a
look
up
to
what
the
endpoints
are
under
the
hood.
A
It's
not
necessarily
going
to
route
to
the
service
ip
and
then
rely
on
ip
tables
to
route
out.
Most
ingress
controllers
are
going
to
read
this
understand
that
this
app
has
three
instances
with
three
endpoint
ips
and
then
route
directly
to
those
pod
ips.
So
really
we're
kind
of
using
the
service
as
a
bit
of
a
reference
here,
and
then
it's
also
saying
hey.
I
want
you
to
do
this
on
port
80
on
the
back
end,
all
right,
cool.
A
All
right,
so,
let's
see
what
we've
got
here
then
so
we've
got
that
in
place.
If
I
do
a
quick
get
pods
for
for
contour,
let's
see
here,
my
instance
of
envoy
is
right
here.
So
if
I
cube
cuddle
get
the
service
for
the
namespace
project
contour
for
envoy
oops,
what
am
I
doing?
Services
inside
of
project
contour,
okay,
envoy
load,
balancer
pending,
but
it
does
have
a
node
port
set
up.
A
So
I'm
running
on
vsphere
I
don't
have
metal
b
turn
metal,
lb
or
anything
turned
on
so
I'll,
probably
just
try
to
push
through
node
ports
today
to
see
if
I
can
make
that
work.
So
if
we
do
a
cube,
cuddle
get
get,
pods,
wait,
sorry
get
nodes.
One
of
my
ips
is
oh
geez.
What
are
my
ip
addresses?
That
would
be
really
helpful
to
know,
let's
figure
that
out
real
quick.
So
if
I
go
to
my
ips
here,
let
me
just
log
into
my
my
home
lab
and
get
my
ips
out
schrader.
A
A
A
Let's
see
I'm
curious
now
that
would
have
done
it
internal
ip,
external,
ip,
okay
cool.
So
let's
write
some
things
down,
because
my
my
crazy
brain
will
not
remember
so
my
node
ip
is
this:
let's
get
the
node
port
again,
so
I
don't
forget.
So
keep
cuddle
get
service.
Namespace
project
contour,
the
node
port,
is
30697.
A
So
remember:
node
ports
are
ports,
we
open
up
effectively
on
every
host
and
we
route
into
them
and
they
will
balance
out
depending
on
your
cni
plug-in,
probably
through
ip
tables
and
eventually
get
to
the
workload
that
underlies
them
in
this
case,
that
workload
is
envoy
right.
So
in
theory,
if
I
curl
192.168.2
201
at
30697,
I
get
some
application
which
might
open
up
in
the
browser.
Let's
see
so
boom
boom
boom.
A
Hey
there,
we
go
cool
so
step.
One
complete
we
have,
we
know
nothing
about
whether
the
gateway
apis
are
working,
but
the
good
news
is
contour
is
working
so
we're
routing
in
through
envoy
again,
in
my
case,
I'm
going
in
through
a
node
port
into
my
host
down
into
envoy
and
then
eventually
going
down
into
the
application
itself.
A
Okay,
steve
says
that
operator
guide
is
more
generic
run
contour,
but
you
can
reference
that
contour
crd
from
the
gateway
class,
perfect
steve,
no
problem,
there's
a
gateway,
specific
guide
on
project
contour
can
put
in
the
notes.
Yeah.
Please
put
that
in
the
notes.
I
think
if
it
was
the
guide
you
sent
me
a
pr
on.
I
have
it
in
the
notes
already,
but
double
check.
A
A
The
simplest
solution
is
usually
the
right
one
right,
but
sometimes
not
for
me:
okay
anyways,
so
we've
got
that
in
place.
We've
gotten
this
far
and
we've
got
contour
set
up.
So,
let's,
let's
do
a
little
bit
of
clean
up
just
because
I
don't
want
to
mess
things
up
too
much.
So
we
applied
this
example.
Let's
go
ahead
and
delete
this
example
and
cool,
we'll
get
rid
of
that,
and
chris
says:
don't
use
strong,
minus
one
to
route
tables
yeah.
I
know
it's
not
good,
not
not
claiming
it's
good.
A
Okay,
I
I
know
it's
very,
very
bad
all
right,
so
we've
got
that
good
and
now
we're
gonna
try
to
hook
in
some
of
these.
These
gateway
classes,
stuff,
some
of
the
gateway
class
stuff.
So
steve
you
had
mentioned
putting
something
in
the
show
notes,
I'm
guessing
that
this
was
the
example
that
you
had
sent
me.
So
let
me
let
me
take
a
quick
look
at
this
too
and
make
sure
I
don't
veer
too
too
far
off
here.
A
Okay,
so
gateway
class
gateway
routes,
we've
got
contour
deployed.
Well,
this
is
the
this
is
the
crds
for
the
gateway
apis.
We've
got
that
deploy
contour
we're
doing
the
operator,
so
fingers
crossed
that
doesn't
cause
us
any
pain,
and
then
there
are
some
sample
resources
for
common
and
for
the
gateway
itself.
So,
let's
see
if
we
can,
if
we
can
figure
some
of
these
bits
out
right,
we'll
look
at
the
look
at
the
common
one.
A
A
Okay
use
option
two
for
the
operator:
thanks,
steve
see
you
you're
already
you're,
already
saving
me
from
going
down
a
crazy
path
and
I
was
getting
a
404
anyway,
so
using
a
load
balance
service
using
a
node
port
service,
okay,
cool.
Let's
look
at
the
let's
look
at
the
gateway
configuration
for
the
for
the
node
port
piece,
so
we'll
go
ahead
and
w
get
that
okay,
that
one
gave
me
a
200.,
so
gateway.
A
Okay.
What
do
we
got
going
on
so
namespaces
here?
Namespace
project,
contour,
project,
contour,
okay,
so
in
this
case
it's
setting
up
some
extra
configuration
for
us
inside
of
the
contour
crd,
so
it
looks
like
the
contour
crd
is
referencing
a
gateway
class
that
we're
eventually
going
to
deploy
up
and
giving
some
details
about
node
port
service.
So
we'll
check
this
out
in
a
moment
I'll
delete
my
other
crd,
but
my
guess
is
that
this
is
probably
going
to.
A
You
know
right
now,
we're
using
like
cluster
ip
to
node
port
to
load
balancer,
and
since
I
don't
have
a
load,
balancer
hooked
up.
It'll,
probably
just
stop
me
here
and
expose
it
as
a
node
port.
Okay.
So
gateway
class,
let's
see
what
we've
got
going
on
here:
okay,
cool,
so
this
is
what
we
were
looking
for.
It
looks
like
there's
references
in
both
directions.
I
suppose
right
there's
a
reference
on
the
controller
which
is
probably
telling
a
contour
just
like
you
would
tell
a
csi
driver
or
something
like
hey.
A
This
is
the
storage
class
or
the
gateway
class
you
care
about
like
this
is
yours
to
satisfy
right
and
then
to
some
degree
on
the
api
for
a
gateway
class.
It
looks
like
we
also
reference
what
controller
actually
satisfies
this?
Now?
I
wonder
I
don't
know
if
you
know
offhand
steve
or
anyone
from
the
contour
team,
but
like
does
this,
have?
Does
this
specification
on
the
gateway
class
have
like
a
functional
purpose
like?
Is
it
doing
anything
to
like
scope
itself
in
a
weird
way?
A
I
I
would
assume
not
like,
I
would
think
any
controller
could
see
this
gateway
class
with
the
right
permissions.
I
don't
know
if
this
is
more
of
a
piece
of
metadata
or
if
it
has
like
functional
purpose
and
then
some
of
the
parameter
stuff.
So,
as
we
had
mentioned,
there's
this
idea
of
parameters
in
the
api.
So
let's,
let's
go
back
to
that
real
quick
api
types,
gateway
class.
A
Okay,
let's
see
here,
api
reference
go
docs
for
the
package,
we'll
see
if
we
can
see
it
here,
so
we've
got
the
gateway
class
right
here:
okay
and
then
inside
of
the
gateway
class,
we've
got
the
spec
and
then
the
parameters
ref
inside
of
here,
which
looks
like
it's
giving
us
the
ability
to
reference
in
this
case
some
of
these
different
fields
in
here
so
group
kind,
scope,
name
and
name
space.
So
maybe
this
is
where
it's
actually
scoping.
A
Somehow
what
the
kind
of
functional
purpose
would
be
for
the
for
this
for
satisfying
this
crd,
I'm
not
really
sure,
but
the
scope
specifies
it
that
it's
going
to
be
namespace
scope,
probably
rather
than
cluster
scope.
Let's
see
if
it
says
that
in
here,
namespace
is
a
field.
This
field
is
required,
scope
to
set
namespace
and
ignored
when
the
scope
is
set
to
cluster
okay.
A
Scope
represents
if
the
referent
is
a
cluster
or
namespace
scope,
resource
the
name,
the
kind
and
the
group.
Okay,
let's
see
steve
says
supposed
to
tell
the
controller
that
it
should
manage
that
gateway,
contour,
watches
a
single
gateway
at
the
moment.
Okay
got
it,
got
it
cool
all
right
cool,
so
we've
got
a
gateway
class.
We've
got
a
contour
instance.
A
Oh
and
it
looks
like
they've
got
a
sample
gateway
in
here
as
well,
so
maybe
we'll
maybe
we'll
bring
the
sample
gateway
out
and
and
bring
that
in
as
a
second
step
just
for
the
heck
of
it.
So
let's
do
the
actual
gateway
itself
here.
I'll
put
that
oops
I'll
put
that
right
here:
cool
we'll,
go
ahead
and
save
that
up
gateway,
node
port
yml
looks
good
okay.
So
what
do
we
got
going
on
here?
So,
okay
get
contour.
A
We've
got
a
sample
contour.
Let's
get
rid
of
this
one,
just
to
make
sure
it
doesn't
mess
us
up
so
we'll
delete
the
crd
contour
the
instance
of
that
contour
sample
okay
and
then,
if
we
watch
our
pods
one
more
time,
we
should
see
that
the
contour
instance
is
terminating
and
what
I'm
going
to
do
is
bring
in
this
new
crd
from
the
guide.
We've
got
and
instantiate
another
another
instance
of
contour
here:
okay,
almost
there
terminating
terminating.
A
And
then
steve
says
the
parameter
ref
and
the
gateway
class
reference
is
the
contour
operator,
specific
crd
for
the
contour
specific
configuration
got
it.
So
I
guess
steve,
that's
probably
what
makes
it
pluggable
per
implementation
right,
wherein
what
you
would
point
to
on
in
traffic
might
be
different
depending
on
what
things
that
they
expose
in
in
that
crd,
or
in
that
configuration,
I
should
say
so:
cool
we've
got
the
contour
operator
all
right.
Let's
get
this
thing
deployed,
then
so
we're
going
to
apply
the
gateway,
node
port
here.
A
A
A
Some
rough
error
on
apply:
let's
see
it's
missing
the
value
resources
for
create
yeah.
That
I
think
this
is
just
telling
me
that
I
should
have
used
should
have
used
a
different
command.
Yes
and
marco
said
you
removed
the
gateway.
Yes,
I
do
still
have
the
gateway
removed,
so
we'll
we'll
bring
that
back
in
in
a
second.
Am
I
missing
my
my
app?
Am
I
going?
Oh?
No,
it's
at
the
bottom.
There,
okay,
we're
good!
So
we've
got
the
we've
got
the
app
running
in
the
project.
A
A
Okay,
no
big
deal,
let's
go
ahead
and
get
the
gateway
node
port,
one
more
time
and
we'll
just
look
inside
of
that
so
gateway
node,
port
yaml
and
then
here's
the
gateway
class
that
we've
got
specified
and,
oh,
you
know
what
it
brought
it
down
as
a
second
one.
One.Yaml
there
we
go.
Okay,
sorry,
hang
tight.
Here
we
go
one
yaml,
we're
gonna
move
gateway,
node
port
yml1
to
gateway
node
port
yaml.
A
There
we
go
okay
back
at
it
gateway,
node
port,
all
right,
so
here's
the
gateway
that
I
had
gotten
rid
of
before
so
gateway
has
seemingly
some
configuration
inside
of
it.
That
is
going
to
specify,
as
we
had
learned
our
listeners
right.
Okay
and
the
listeners
are
routing
in
or
specifying
the
protocol
in
the
port,
like
we
talked
about
earlier,
so
taking
https
if
available
through
443
and
then
http,
and
then
the
only
thing
that
I
don't
understand-
and
maybe
we'll
figure
this
out
in
a
moment
is
why
are
the
routes
defined
here?
A
I
don't
know,
let's
see
if
we
can
figure
this
out,
I'm
sure
it'll
tell
us
a
little
bit
later
so
I'll
do
a
quick
apply
for
the
gateway,
node
port,
again
cool,
okay
and
then
we'll
do
a
watch
which
I
think,
from
a
pod
perspective,
probably
nothing's
going
to
change
here.
We've
still
got
this
in
place.
I
would
imagine
it
is
programming
envoy
to
some
extent-
and
it
looks
like
oh,
it
looks
like
it
redeployed
the
the
controllers
as
well.
A
A
So
let's
go
ahead
and
see
if
we
can
do
that
again,
if
we
do
a
cube,
cuddle,
namespace
project
contour
for
services,
we've
got
the
envoy
node
port
at
three
zero,
zero,
eight
0
and
then,
if
we
just
grab
this
over
here,
the
ip
address
we'll
snag
that
real,
quick,
okay
and
we'll
do
another
curl
for
this
ip
at
3,
0,
0,
eight,
zero,
okay
and
nothing's
coming
back.
So
what
was
the
route
that
I
set
up
in
there?
A
The
route
was
matching
this
on
http,
on
port
80.,
interesting.
Okay,
all
right
so
steve
says:
gateways
need
to
select
which
routes
that
a
gateway
can
process,
interesting,
alex,
says,
gateway
and
http
route
will
reference
each
other
needs
bi-directional
bind
for
it
to
work.
It
seems
really
weird
to
my
brain.
I
can't
understand
why
that
would
be
necessary,
but
I
must
be
missing
something:
okay,
so
we've
got
this
in
place
and
I'll
go
back
to
the
guide
here.
Let's
see
so,
we've
got
the
node
port
service
set
up
right.
A
We
created
project
contour.
We
created
a
sample
application
right
here.
Okay,
now
verify
that
the
resources
are
available.
Okay,
I
think
we've
got
these
available.
Let's
double
check
here
so
yep,
those
all
look
healthy,
are
running,
there's
a
service,
fronting
them
and
then
there's
an
oh,
the
http
route
got
brought
in
with
the
app
it
looks
like
okay,
so
that
I
missed
that
little
detail.
Let's
check
this
out
real
quick.
So
inside
of
here
it
looks
like
we're,
maybe
specifying
an
http
route.
A
A
There
it
is
http
route,
okay,
cool,
okay.
This
is
kind
of
what
yeah
okay.
This
makes
more
sense.
So
this
is
what
I
was
expecting
from.
Like
a
routing
rule
perspective,
I'm
still
a
little
confused.
Oh,
this
is
probably
why
I
didn't
route
by
the
way.
It's
it's
specifying
a
host
name
here,
so
I
can
just
mock
the
hostname
and
trick
it
yeah,
the
okay,
so
the
http
route.
A
This
makes
sense
to
me.
I
I
still
don't
grok
the
relationship
with
the
gateway
specifying
the
route,
though,
for
some
reason.
Let's,
let's
see
if
we
can
get
this
to
work,
real,
quick
and
then
we'll
we'll
brainstorm
as
to
how
exactly
this
is
working.
So
I'm
guessing,
it
probably
just
needs
this
host
name,
which
is
totally
fair.
If
that's
the
case,
so
we'll
grab
that
we'll
do
the
curl
again
wherever
the
curl
was
curl.
This
and
let's
see,
if
I
can
remember
my
curl
stuff
hostname,
no,
no,
no,
no,
not
what
I
wanted.
A
A
Do
I
have
my
headers
right?
Hostname,
let's
see
gateway,
jsonpath
hostname,
oh
host
jeez,
it's
friday,
everybody
it's
friday.
Come
me.
Cut
me
cut
me
some
slack
there
we
go.
That
looks
a
lot
better.
Okay!
So
now
now
we're
hitting
it
with
the
with
the
right
host
header,
yeah
marcos,
yeah,
you're,
exactly
right!
Okay,
let
me
let
me
read
what
you
all
are
saying
in
chat
here,
because
you're
probably
trying
to
explain
to
me
why?
A
So
let
me
let
me
bring
up
where
I'm
confused.
Why
does
let's
get
rid
of
this
and
this?
Let's
do
a
quick
split
and
let's
look
at
gateway,
node,
port,
okay,
here's
what
I'm
confused
about
in
the
bottom
here.
I've
got
the
gateway
and
it
specifies
listeners
with
the
routes,
and
then
these
seem
to
reference
or
be
implied
to
reference
this
particular
route.
So
why
do
both
of
these
need
to
exist?
Okay,
so
looking
at
the
bottom
one
here,
the
gateway
is
matching
the
app
it
looks
like
right,
so
the
gateway
is
actually
saying.
A
A
Oh
no,
it
says
forward
too
it's
still
resolving
against
the
service
name.
What
the
heck!
Okay,
I'll
I'll
read,
chat
before
you
all
before
I
drive
you
all
crazy
marco
says
the
route
in
the
gateway
is
not
the
definition,
but
just
a
reference
to
that
http
route.
That's
what
I'm
thinking
steve
says.
Multiple
gateways
can
select
the
same
routes.
A
Interesting.
Okay,
the
example
has
label
selectors
to
find
which
okay,
this
is
where
I'm
getting
confused.
So
what
you're
saying
here
steve
is
that
the
selector
right,
the
selector
right
here
the
selector,
is
actually
selecting
the
route
object.
Does
that
make
sense
everyone?
So,
where
I
was
getting
confused
is
I
was
like
well
why
the
hell
is
the.
A
A
A
What
the
value
add
is
with
that.
So
if
I
have
another
http
route
that
resolves
against
this
service,
I
could
tie
it
to
a
different
gateway.
I
guess
which
would
be
kind
of
interesting
on
a
unique
path,
and
things
like
that
interesting,
okay,
dennis
said,
the
gateway
class
has
a
reference
to
http
routes,
but
it's
not
a
list.
So
there's
a
one-to-one
relation
single
gateway,
yeah,
I
wonder,
dennis
if
the
label
matching.
A
I
don't
know
if
the
label
matching
could
be
used,
generically
enough
to
match
against
two
routes
that
share
the
same
label.
Perhaps
yeah.
It's
interesting,
it's
kind
of
it's
kind
of
hard
to
hard
to
wrap
my
head
around
honestly,
okay,
okay!
So
let's,
let's
see
if
we
can
map
this
out
and
if
I,
if
I
just
make
it
more
confusing,
then
I'll
just
give
up
but
okay,
so
we've
got
okay
from
an
api
standpoint
right
and
we'll
keep
we'll
keep
their
diagram
around
here,
too
right.
A
A
We
know
that
the
gateway
class
defines
some
configuration
and
specifies
a
reference
to
a
gateway.
So
here's
our
gateway
class
right-
and
we
know
that
the
gateway
class
references,
this
specific
controller-
and
we
know
that
it's
looking
at
specifically
the
contour
configuration
and
where
it
could,
where
it
can
find
that
contour
configuration.
A
So
it
references
the
contour
gateway
sample
contour
operator,
which
we
can
see
down
here,
is
the
contour
sample
gateway
and
then
down
here
wait:
where
did
my
gateway
go
gateway?
Gateway
name
is
contour
namespace
contour
operator
interesting.
That
mapping
doesn't
make
sense
to
me,
okay,
so,
okay,
so
anyways
going
with
going
off
of
their
diagram
here,
oops.
What
the
heck
just
happened.
There
we
go
going
off
their
diagram,
we've
got
the
gateway
class,
we've
got
the
gateway
itself.
A
A
Okay,
alex
says
he
has
to
hop
out
thanks
for
joining
us
today,
alex
we
appreciate
it.
Do
okay,
alex
says
the
http
route
mirrors
contours,
existing
http
proxy
virtual
host
stanza.
Essentially,
it's
application
routing,
the
gateway
has
a
bunch
more
stuff
in
it.
It
represents
the
load.
Balancer
config,
so
multiple
contours
deployed
can
reference
the
same
route
resource.
I
believe,
although
not
sure,
if
that's
been
tested,
okay,
interesting,
all
right,
so
we've
got
the
gateway
and
then
basically,
I
guess
really
based
on
their
diagram.
I
guess
I'm
kind
of
recreating
it
here.
A
We
can
have
multiple
http
routes
that
reference
that
same
gateway
or
it
can
be.
I
guess
I
should
say
can
be
selected
by
that
same
gateway.
So
maybe
we'll
try
that
out
to
see
if
we
can
kind
of
prove
this
out
and
understand
it
a
little
bit
better.
So
in
theory,
I
can
have
this
http
route
that
goes
down
to
this
app
that
we're
using
right
and
then
I
can
have
maybe
another
http
route
that
goes
down
to
the
same
app.
A
A
Great
we've
got
that
okay
cool,
so
I
guess
okay,
so
in
theory
like
when
we
think
about
how
the
selection
works.
If
I
screw
with
this-
and
I
say,
foo
right-
and
I
put
this
in
place
with
a
different
header-
let's
say
the
header
we'll
make
the
header
unique-
maybe
oh
no
same
header
and
then
we'll
do
a
value
of
what
did.
I
say:
hello
there:
okay,
hello,
there
cool,
so
that's
the
prefix
and
then
it's
going
to
route
into
the
same
app.
A
Now,
if
I'm
understanding
the
relationship
of
how
this
all
resolves,
I
think
this
shouldn't
get
picked
up
because
the
http
route
set
up
in
the
gateway
doesn't
have
a
selector
oops,
I'm
looking
in
the
wrong
file
here,
let's
go
back
to
the
the
gateway
node
port,
because
the
selector
inside
of
here
is
only
matching
against
things
that
are.
Are
that
have
this
app
label,
so
in
theory
this
would
probably
be
like
an
orphaned
http
route
that
doesn't
actually
get
satisfied
by
the
ingress
controller.
That's
that's
kind
of
my
thinking
in
this
new
model.
A
A
A
A
Now
my
theory
here
with
the
selection
is
again.
This
gateway
is
using
label
selection
to
determine
which
routes
it
should
satisfy,
and
then
the
gateway
is
tied
to
the
gateway
class
which
has
tied
to
the
ingress
controller
that
should
satisfy
it.
So
I
think
I'm
maybe
I'm
definitely
not
grocking
all
the
implications,
but
I
think
we
might
be
starting
to
get
somewhere
with
how
this
all
resolves.
So
if
this
theory
is
correct,
if
we
curl
back
to
our
original
address,
this
still
works
just
fine
right.
So
that's
all
good.
A
Now
the
other
one
was
on
a
forward.
Slash,
though,
wasn't
it?
Okay,
let's,
let's
play
it
safe,
real,
quick,
we're
gonna,
go
back
to
the
example
and
change
this
to
goodbye.
Okay,
then,
let's
apply
this
here,
so
cube
cuddle
apply
this
app
again,
all
right
cool.
So,
let's
hit
that
doesn't
work.
That's
what
we'd
expect,
but
if
we
go
to
goodbye
now,
does
it
work
uh-oh?
A
Oh
right,
the
app
doesn't
have
a
path
for
that
duh
and
it's
I'm
not
doing
url
rewriting
here.
Yeah
that
makes
sense
darn
it
hostname
will
work
right.
I
can
do
hostname.
I
should
have
started
with
that.
I
didn't
even
think
about
not
doing.
I
didn't
even
think
that
I'm
not
doing
path
rewrites
here.
Okay,
so
let's
go
with
hostname
forward
slash.
This
will
be
test
one
test,
one:
okay
and
then
this
one
over
here
for
this
will
drive
me
crazy.
It's
not
a
gateway
gateway.
A
A
So
will
this
work
now
that
I'm
realizing
that
I'm
not
just
rewriting
the
path
at
the
ingress
level
that
I
was
actually
passing
that
path
down
to
the
app?
Let's
see
so
we'll
do
a
curl
again.
This
obviously
won't
work,
but
I
mean
we're
getting
a
404.
So
if
the
404
was
coming
from
the
app,
then
that's
a
that's
a
good
sign.
Local
doesn't
work,
that's
good
and
then
wow
josh.
Did
you
already
forget?
What
did
I
call
it?
Everyone
was
a
test.
A
A
A
What
did
I
do?
Did
I
screw
up?
Don't
want
to
change
too
much
on
you,
though
yeah
I
hear
you
steve.
I
think
the
host
should
work.
What
did
I?
What
did
I
do?
Did
I
do
something
stupid?
Did
I
redeploy
the
app
and
change
the
enough
if
it
was
the
if
it
was
the
node
port
that
was
broken
now,
I
would
think
it.
Wouldn't
let
me
route
at
all
so
interesting,
okay,
so
get
service,
and
then
the
service
name
here
for
envoy
is
this:
it's
three
zero:
zero,
eight,
zero?
A
Okay,
so
that
still
works.
Okay,
okay,
changed
the
changed
label
selector
for
the
gateway
dennis
says.
I
think
I
don't
think
I
changed
the
label
selector
on
the
gateway,
so
this
is
still
the
original
route
and
then,
if
we
look
at
the
gateway
real
quick,
let's
open
that
up.
So
if
we
open
up
the
gateway
which
was
in
gateway,
node
port,
it's
still
selecting
against
that
route.
A
Interesting
what
the
heck
is
going
on?
Okay,
I'll
tell
you
what
here's,
what
we
should
try,
because
I
think
we're
really
close
to
figuring
out
how
all
this
mapping
works,
I'm
going
to
redeploy
the
sample
app
again
make
sure
I
can
route
to
it.
Then
we'll
change
the
host
name
and
make
sure
that
doesn't
break
anything
and
then
we'll
try
to
introduce
another
http
route
to
show
how
this
this
resolution
works.
A
Khazrow,
you
said:
did
you
apply
the
recent
changes?
I
think
I
did,
but
now
that
you're
saying
that
I
have
no
idea.
So,
let's
just
try
it
again:
okay!
So
here's
what
we're
going
to
do.
Let's
go
back
to
the
example
and
let's
grab
this
one
more
time
and
I'm
even
going
to
be
so
careful
that
I'm
going
to
just
go
ahead
and
bring
this
file
down
again.
A
A
A
We'll
put
the
gs,
we'll
put
this
right
here.
Okay,
so
now
we've
got
http
route
1
and
then
eventually,
we'll
have
http
route
2
and
we're
going
to
redeploy
the
entire
app
stack
on
top
of
that.
So
if
we
do
a
cube,
cuddle
get
http
routes,
nothing
we're
starting
fresh
here
right,
so
we'll
apply
the
app
cool
cool
cool,
oh
and
ilco.
You
said
you
can
use
paths
like
ready,
api,
okay,
cool,
so
that
it
has
some
extra
endpoints.
We
can.
A
We
can
check
that
out
too
or
not
endpoints,
but
paths
that
it
can
resolve
against.
Okay,
so
we've
got
that
applied,
get
pods
a
okay,
it
is
running
lovely.
So
now,
if
we
apply
http
route
1
does
everything
work
the
way
it
used
to
work,
so
we
will
do
a
cube
cuddle
get
service.
Let's
just
do
it
for
all
make.
This
smaller
envoy
has
not
changed
its
node
port,
which
is
good.
A
So
in
theory,
if
I
curl
against
whatever
the
original
one
was
local,
do
we
get
a
page
back?
Thank
goodness,
okay,
we
are
in
a
known
good
state.
That's
that's!
That's
the
important
thing
here
so
now
that
we're
in
this
known,
good
state-
and
this
works.
Let's
just
change
the
host
name
of
the
http
route
and
make
sure
that's
all
cool,
so
we'll
go
ahead
and
do
this
oops
sorry
of
http
route
1
and
we're
just
going
to
change
this,
to
say
hello,
tgik
great,
and
we
will
go
ahead
and
apply
this.
A
Okay,
so
now
check
me
here:
everyone,
if
I
screw
this
up
but
hello,
tgik,
lovely
okay,
who
knows
what
the
heck
I
screwed
up
last
time,
but
now
local
should
not
work
great
and
then
hello,
tgik
should
work
lovely.
Now
to
remind
you
of
the
point
we
were
at
before
that
all
happened,
it
seems
like
as
we're
starting
to
tease
out
the
relationship.
A
This
thing
is
resolving
what
controller
and
what
configuration
to
reference.
This
thing
is
providing
then
selection
into
which
http
routes
it's
willing
to
satisfy
based
on
a
label
selector.
So
in
short,
if
we
take
one
more
look
at
the
http
route
2
here,
I
change
the
label
to
foo.
So
in
theory,
I
think
that
this
http
route
right
here
number
two,
which
is
now
just
tgik
dot
right.
A
So
in
effect
by
this
relationship
not
being
here
I'd,
imagine
there's
not
going
to
be
a
route
that
contour,
then
programs
envoy
to
route
into
for
for
tgik.
But
let's
see
if
that
theory
holds
true,
so
we've
got
labels
foo
here
we'll
go
ahead
and
bring
it
over
and
we
will
apply
http
route,
2,
dot,
yaml,
okay
and
then,
if
we
curl
again
for
hello
tgik,
this
seems
to
work
great
now.
If
we
do
just
tgik.
A
Does
not
work
so
so
far
our
theory
is
correct,
but
to
rewire
this
back
up,
then,
if
we
just
either
I
mean
I
guess
we
could
change
the
gateway
selector
in
here,
which
I
don't
think
the
gateway
selector
took
an
array
which
is
what
was
it?
Who
said
that
earlier?
Was
it
dennis
that
said
that
somebody
had
said
it
in
chat?
A
I
don't
think
the
gateway
takes
an
array,
so
I
think
the
label
probably
needs
to
be
the
same
on
both
of
the
objects,
but
let's
just
double
check
that
real,
quick,
so
gateway,
node,
port
cool,
so
routes,
http
route.
So
this
like
lets
us
select
the
actual
kind.
So
these
would
also
be
plugable
it's.
It
would
appear
at
least,
which
is
great
so
like
if
we
have
a
different
api
we
want
to
use
here.
A
A
A
Okay,
I
want
to
resolve
routes
that
use
this
kind
of
object,
so
this
particular
crd,
which
is
another
way
that
this
in
theory
could
be
extensible
and
pluggable,
and
I
only
want
to
resolve
route
objects
that
match
this
label.
So
I
think
this
is
actually
starting
to
make
a
lot
of
sense
in
regards
to
how
it
could
be
extensible
as
we
go
in
and
reference
certain
apis
and
what
they
resolve
against
and
then
remember.
A
A
I
don't
know
like
it
seems
like
you
could
plug
in
a
different
kind.
Perhaps
I
don't
really
know
if
that
would
work,
but
I'm
curious
if
this
will
work
if
we
did
http
as
an
array
here.
I
wonder
if
this
is
like
a
meta
thing
that
we'll
just
kind
of
know
that
this
is
not
a
problem,
but
no,
no,
let's
try
it.
Who
cares
so
we'll
say
that
this
is
foo?
Let's
go
ahead
and
apply
this
again,
so
you
know
I
really
want
to
take
that
out,
actually
gateway,
node
port.
A
A
So
now,
if
all
goes
well
with
this
gateway
configuration
we've
got
in
theory,
I
could
match
against
labels
foo,
I
suppose,
for
any
of
the
http
route
objects
and
then
put
it
up
against
port
80.
now
how
it
would
handle
conflicts
and
stuff.
If
there
were
two
http
routes
with
the
same
rules
and
stuff,
I
have
no
idea
how
that
would
work.
Maybe
that's,
I
guess
that's
something,
maybe
on
the
ingress
controller's
responsibilities
to
resolve
if
there
are
conflicts
against
two
things
that
it
selects
and
resolves
against.
A
I
have
no
idea,
but
anyways
seems
like
we've
got
that
in
place.
If
we
go
back
to
http
route
2
here
and
then
we
change
this
to
say
foo,
I
wonder
if
this
will
work,
so
we
will
go
ahead
and
apply
this
http
route,
it's
been
configured
and
then,
if
we
curl
against
okay,
so
this
one
we'll
start
with
hello
tgik,
just
to
make
sure
I
didn't
blow
anything
up
all
right,
so
hello,
tgik
is
seemingly
still
healthy.
A
Now,
if
we
go
in
and
do
tgik,
does
it
select
against
that
it
does
okay,
so
in
short,
we
were
able
to
make
multiple
selections
inside
of
here
against.
Potentially
multiple
label
sets
for
the
http
routes
that
we
want
to
use,
and
you
know
this
will
probably
be
honestly
not
too
uncommon
of
a
configuration
where
you
know.
Maybe
there
are
multiple
labels
we
want
to
include
in
here,
but
we
still
want
both
of
them
to
resolve
against
port
80
when
it
when
it
comes
in
right,
so
that
could
be.
A
That
could
be
a
common
thing
all
right.
I
kind
of
think
this
is
starting
to
make
a
little
bit
more
sense.
What
do
you
all
think
is
it?
Is
it
more
confusing
less
confusing,
so
it
seems
like
in
short,
we've
got
again
the
gateway
class.
Okay,
we'll
go
we'll
go
api
by
api,
real
quick,
so
we've
got
the
gateway
class
here,
which
is
gateway,
node,
port,
okay,
we'll
look
at
this
first
all
right.
So
what
do
we
know
about
the
gateway
class?
A
Well,
the
gateway
class
ties
itself
to
a
controller.
It
would
seem
so
in
this
case
we're
resolving
ourselves
against
this.
This
contour
operator
contour
gateway
sample.
So
if
we
look
at
this
in
kind
of
like
a
really
quick
thing,
so
namespace
contour
operator
get
pods
in
the
namespace
contour
operator.
A
A
Oh
there,
it
is
right
there,
okay,
so
project
contour,
all
right
cool,
so
we're
resolving
it
against
contour
operator
contour
gateway
sample
as
the
name.
I
think
this
is
maybe
one
part
that
I
don't
quite
understand
what
the
name
of
what,
because
it
doesn't
seem
to
be
the
contour
instance-
and
it
doesn't
seem
to
be
obviously
like
the
contour
operator.
So
I'm
not
quite
sure
what
the
name
is
referring
to,
but
none
it
says
kind
contours.
Was
it
actually
referencing?
The
crd?
A
Is
it
that
simple
get
contour
and
namespace
contour
operator?
Let's
see?
Oh
okay,
that's,
okay,
cool
cool,
oh
and
then
gateway
class
admitted
okay,
great
the
relationship's
starting
to
make
sense.
So
sorry,
it's
the
operator
model
in
this
gateway
thing.
That's
really
kind
of
racking,
my
brain
here,
okay.
So
what
do
we
know?
We
know
that
the
gateway
class
is
attaching
itself
to
an
instance
of
contour
which,
in
the
case
of
the
operator,
it
would
make
sense
for
it
to
be
a
crd,
because
the
contour
operator
is
not
an
instance
of
contour.
A
The
contour
crds
that
it
will
then
satisfy
is
what's
going
to
represent
these
instances
of
contour.
So
we've
got
the
contour
crd
here,
and
this
is
referencing
it
and
scoping
it,
and
then
this
in
short
kind
of
references,
many
instances,
one
or
many
instances
of
contour
right
contour
and
then
we
know
the
thing
about
contour
is
when
contour
is
instantiated.
The
underlying
proxy
is
envoy
right
and
effectively.
What
we
know
is
that
contour
goes
into
envoy's
little
brain
and
it's
like
hey.
A
Now,
as
we
go
layers
down
in
the
selection,
we
know
that
the
gateway
will
reference
a
specific
gateway
class.
So
let's
go
back
up
to
that
and
see
if
we
can
bring
this
full
circle,
so
we
know
that
the
gateway
configuration
whatever
I
saved
it
as
which
is
gateway,
config,
dot,
yaml,
okay,
we
know
that
the
gateway
configuration
references,
the
gateway
class
and
then
these
two
are
sort
of
bound
together.
A
So
if
we
do
k
get
gateway
right
here,
you
can
see
that
relationship,
one
up
so
gateway
the
gateway
class,
is
attach
this
contour
operator.
The
gateway
is
attached
to
the
gateway
class,
so
it
has
that
resolution
and
that
tie
right
there.
So
as
the
gateway
then
selects
routes,
those
will
belong
to
this
instance
of
contour,
which
is
which
is
starting
to
sort
of
make
sense.
A
We
want
to
resolve
again
so,
like
I
said
no
idea
like
what's
plugable
here.
If
you
can
even
do
something
like
this,
but
in
this
case
it's
saying
hey
any
instances
of
http
route
that
resolve
with
this
label
selector
I'm
going
to
satisfy
those
inside
of
the
contour
which
I'm
attached
to
through
my
gateway
class.
A
These
two
http
routes
that
a
developer
will
put
in
will
then
be
able
to
be
resolved
by
this
instance
of
envoy
in
the
second
we
screw
around
and
do
something
like
tggik
right.
We
then
break
that
link
away
because
the
gateway
is.
I
guess
I
should
probably
break
the
link
on
this
end
right,
because
there's
the
gateway
is
not
selecting
on
that.
A
A
Where
we
can,
then
perhaps
let
developers
self-service
their
own
http
routes
and
as
long
as
they
match
the
label
that
goes
against
the
gateway.
I
would
imagine
that
whatever
the
proxy
is,
it
should
be
able
to
eat
it
up
and
shoot
the
configuration
into
that
ingress
controller
proxy
that
underlies
it.
And
then
the
routing
will
just
work.
So
we've
got
something:
that's
extremely
extensible
and
pluggable,
and
we've
also
got
something
that
really
hones
in
on
these
different
operational
models
that
we
have
in
most
organizations,
especially
in
big
shops.
A
Okay,
so
steve
says
that's
about
right,
it's
way
more
configurable!
I
totally
believe
it
steve,
there's
probably
a
lot
more
in
here
that
you
can.
You
can
mess
with
and
in
tune
with,
but
hopefully
this
gives
you
all
a
pretty
good
introduction
to
kind
of
how
some
of
those
how
some
of
these
resources
work
together
and,
at
least
for
me,
I
definitely
understand
a
little
bit
more
about
how
all
these
kind
of
apis
linked
together,
because
before
it
was
at
the
initial
onset,
it
was
a
little
little
confusing.
A
A
If
you
said
ingress
route
and
traffic
kind
of
looks
like
http
route
yep-
and
I
think
I
think
that's
probably
what
blew
up
a
lot
of
this
need
right
is
just
you
had
traffic
making
their
own
crd.
We
had
contour
having
their
own
crd,
and
it
was
largely
to
solve
kind
of
problems
like
this,
so
it'll
be
really
interesting.
It'll
be
a
good
test
to
see.
A
Does
this
new
model
give
us
the
extensibility
to
be
generic
enough,
while
also
giving
the
plug
ability
to
be
specific
enough
when
it
comes
down
to
some
of
the
rules
and
capabilities
of
different
load
balancers,
because
all
load,
balancers
or
proxies
really
aren't
made
equal
right?
A
lot
of
them
have
extremely
different
features
that
then
merit
or
demand
their
own
specific
configuration
and
stuff
like
that,
so
pretty
cool
stuff,
okay!
A
Well,
this
was
really
fun,
I'm
gonna
be
sure
to
put
the
diagram
and
all
the
crazy
yaml
files
that
I've
played
with
if
anyone's
watching
this
in
the
github
repo.
In
case
you
wanna
you
wanna
play
around,
but
as
always
thanks
so
much
for
hanging
out
everyone,
steve
gave
some
resources
for
where
we
can
give
feedback
steve
thanks
so
much
and
alex,
and
the
other
folks
from
the
contour
team.
Thank
you
so
much
for
hanging
out
today
and
answering
questions
really
really
appreciate
it.
I
hope
you
all
learned
something
today.
A
I
know
I
definitely
did
and
have
an
awesome
weekend.
Everyone
hope
you
spend
some
time
away
from
your
computers
and
and
do
some
cool
stuff
all
right
thanks.
Everybody
have
an
awesome
weekend
and
we
will
catch
you
next
week
with
what
I'm
sure
will
be.
A
super
super
interesting
topic,
all
right,
I'll
catch
you
next
week.