Kuadrant policies for Gateway API v1 with Project Sail

Kuadrant has recently released v0.6.0. This exciting release significantly enhances single-cluster support by adding DNSPolicy and TLSPolicy alongside the existing RateLimitPolicy and AuthPolicy APIs. It also brings together Gateway API v1 and support for Project Sail. You can now use Gateway API and Project Sail to provide gateways and Kuadrant to better secure, connect, and protect them.

What is Gateway API?

Gateway API is an open source project managed by the SIG-NETWORK community. It models service networking in Kubernetes.

What is Project Sail?

Project Sail is a Red Hat project that offers an operator to manage the installation of an Istio control plane in Red Hat OpenShift or Kubernetes.

What is Kuadrant?

Kuadrant is a Red Hat community project that offers a set of policy-based APIs that integrate with Gateway API via policy attachment to better secure, protect and connect your Gateway API-defined network.

Put it all together

Gateway API reached v1 recently, which is a major milestone for the project and means a core set of stable APIs is available for use with many different gateway providers. Kuadrant and Project Sail (via Istio) now support Gateway API v1.

Gateway API provides an expressive and powerful way to define networking components and configurations like ingress gateways and routing rules. You will need to pick a gateway provider to implement these APIs in your infrastructure. Project Sail helps you install and configure Istio as the gateway provider via a new operator.

However, once you have decided to deploy a gateway, especially an ingress gateway, a set of common concerns immediately arises:

• How do you define and express how external traffic should connect to the ingress gateway?
• How do you protect the infrastructure behind the gateway from being overwhelmed once it is exposed and available?
• How do you empower teams to protect their specific service endpoints with more refined requirements?
• How do you make sure that traffic for all endpoints uses HTTPS and that the certificates are only from a particular certificate authority?
• How do you protect the gateway with authentication and authorization?

With the v0.6 release of Kuadrant and its Gateway API v1 support, the project is now also compatible with Istio installations provided by Project Sail. Kuadrant leverages the policy attachment concept specified by Gateway API to offer a powerful set of Kubernetes CRD-based APIs, allowing you to declaratively define how you want to solve these key connectivity, security and service protection concerns.

Kuadrant has put together a quick start guide for these technologies. It sets you up with a local Kubernetes cluster, Project Sail and Kuadrant components and APIs. We have also put together a walkthrough showing how to use these components to solve common ingress connectivity requirements.

Wrap up

Find out more about what Kuadrant offers for both single and multi-cluster deployments via its DNSPolicy, TLSPolicy, AuthPolicy and RateLimitPolicy APIs on our website. If you are interested in exploring what Kuadrant offers in a multi-cluster environment, look at our multi-cluster quick start guide, which leverages OCM (open cluster management) to manage, deploy and enforce policies and provide features like DNS-based global load balancing and TLS certificate distribution.