Gateway API:Ingress 的下一代替代方案

📅 2026/7/5 3:00:44
Gateway API:Ingress 的下一代替代方案
文章目录前言两者之间相比部署环境操作步骤部署安装 Gateway API CRD Envoy Gateway安装metallb配 MetalLB 的 IP 池安装GatewayClass Gateway示例创建httproute添加dns解析结果展示前言因为ingress在今年3 月就已经停止维护后面不再发布新版本、修复漏洞或更新安全补丁。所以来写一下k8s官方推荐的ingress的下一代替代方案Gateway api两者之间相比对比项IngressGateway API定位早期入口标准已停止功能演进官方钦定的下一代标准路由能力仅 host path原生支持 header/query 匹配、流量权重、重定向、重写高级功能依赖厂商 annotation不可移植标准字段实现跨实现通用协议支持仅 HTTP/HTTPSHTTP、gRPC、TCP、TLS 多协议权限模型单一资源运维/开发职责混杂GatewayClass / Gateway / HTTPRoute 分层角色分离RBAC 更精细灰度发布需 annotation 或多个 Ingress 拼凑原生支持按权重分流跨 namespace本身不支持原生支持跨 namespace 路由生态趋势Ingress NGINX 2026 年 3 月退役官方推荐迁移方向服务网格也在统一部署环境Ip主机名cpu内存192.168.10.12master014c6G192.168.10.13node14c6G192.168.10.14node24c6G192.168.10.100nfs2c2g组件版本UbuntuUbuntu 26.04 servercontainerdv2 2.2.2Kubernetesv1.36.1victoria-metrics-k8s-stackv1.146.0操作步骤部署安装 Gateway API CRD Envoy Gatewaykubectl apply--server-side-f https://github.com/envoyproxy/gateway/releases/download/v1.8.2/install.yaml# 等待几分钟kubectl get crd|grep gateway.networking安装metallbkubectl apply-f https://raw.githubusercontent.com/metallb/metallb/v0.16.1/config/manifests/metallb-native.yaml配 MetalLB 的 IP 池catEOF|kubectl apply-f-apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: name: default-pool namespace: metallb-system spec: addresses:-192.168.10.200-192.168.10.250---apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: default namespace: metallb-system EOF安装GatewayClass GatewaycatEOF|kubectl apply-f-apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: envoy spec: controllerName: gateway.envoyproxy.io/gatewayclass-controller---apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: main-gw namespace: monitoring spec: gatewayClassName: envoy listeners:-name: http protocol: HTTP port: 80 allowedRoutes: namespaces:from: All# 所有命名空间能挂路由EOF kubectl get gateway-n monitoringPROGRAMMED如果为false是因为pod还没有running示例以本地部署的victoria-metrics-k8s-stack举例链接: victoria-metrics-k8s-stack部署victoria-metrics-k8s-stack里需要暴露的是 5 个:grafana(看板)、vmselect(vmui 查询)、vmalert(规则状态)、vmalertmanager(告警管理)、vmagent(抓取目标状态)。其他都是纯接口,不用暴露。创建httproutecatEOF|kubectl apply-f-apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: grafana# httproute名称namespace: monitoring# httproute命名空间spec: parentRefs:-name: main-gw# gateway名称hostnames:[grafana.monitoring.sit.internal]# 域名rules:-backendRefs:-name: vmks-grafana#svc名称port: 80#svc端口---apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: vmui namespace: monitoring spec: parentRefs:-name: main-gw hostnames:[vmui.monitoring.sit.internal]rules:-backendRefs:-name: vmselect-vmks-victoria-metrics-k8s-stack port: 8481---apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: vmalert namespace: monitoring spec: parentRefs:-name: main-gw hostnames:[vmalert.monitoring.sit.internal]rules:-backendRefs:-name: vmalert-vmks-victoria-metrics-k8s-stack port: 8080---apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: alertmanager namespace: monitoring spec: parentRefs:-name: main-gw hostnames:[alertmanager.monitoring.sit.internal]rules:-backendRefs:-name: vmalertmanager-vmks-victoria-metrics-k8s-stack port: 9093---apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: vmagent namespace: monitoring spec: parentRefs:-name: main-gw hostnames:[vmagent.monitoring.sit.internal]rules:-backendRefs:-name: vmagent-vmks-victoria-metrics-k8s-stack port: 8429 EOF可以通过获取httproute来管理域名kubectl get httproute-A添加dns解析win11 host路径C:\Windows\System32\drivers\etc\hosts在最后添加192.168.10.200 grafana.monitoring.sit.internal vmui.monitoring.sit.internal vmalert.monitoring.sit.internal alertmanager.monitoring.sit.internal vmagent.monitoring.sit.internal注:通过本地dns解析时需要把代理关闭不然会访问不到结果展示grafana.monitoring.sit.internal注;vmui有后缀vmui.monitoring.sit.internal/select/0/vmui/vmalert.monitoring.sit.internalalertmanager.monitoring.sit.internalvmagent.monitoring.sit.internal