---
layout: blog
title: "Gateway API v0.8.0：引入服务网格支持"
date: 2023-08-29T10:00:00-08:00
slug: gateway-api-v0-8
---
<!--
layout: blog
title: "Gateway API v0.8.0: Introducing Service Mesh Support"
date: 2023-08-29T10:00:00-08:00
slug: gateway-api-v0-8
-->

<!--
***Authors:*** Flynn (Buoyant), John Howard (Google), Keith Mattix (Microsoft), Michael Beaumont (Kong), Mike Morris (independent), Rob Scott (Google)
-->
**作者：** Flynn (Buoyant), John Howard (Google), Keith Mattix (Microsoft), Michael Beaumont (Kong), Mike Morris (independent), Rob Scott (Google)

**译者：** Xin Li (Daocloud)

<!--
We are thrilled to announce the v0.8.0 release of Gateway API! With this
release, Gateway API support for service mesh has reached [Experimental
status][status]. We look forward to your feedback!

We're especially delighted to announce that Kuma 2.3+, Linkerd 2.14+, and Istio
1.16+ are all fully-conformant implementations of Gateway API service mesh
support.
-->
我们很高兴地宣布 Gateway API 的 v0.8.0 版本发布了！
通过此版本，Gateway API 对服务网格的支持已达到[实验性（Experimental）状态][status]。
我们期待你的反馈！

我们很高兴地宣布 Kuma 2.3+、Linkerd 2.14+ 和 Istio 1.16+ 都是 Gateway API
服务网格支持的完全一致实现。

<!--
## Service mesh support in Gateway API

While the initial focus of Gateway API was always ingress (north-south)
traffic, it was clear almost from the beginning that the same basic routing
concepts should also be applicable to service mesh (east-west) traffic. In
2022, the Gateway API subproject started the [GAMMA initiative][gamma], a
dedicated vendor-neutral workstream, specifically to examine how best to fit
service mesh support into the framework of the Gateway API resources, without
requiring users of Gateway API to relearn everything they understand about the
API.
-->
## Gateway API 中的服务网格支持

虽然 Gateway API 最初的重点一直是入站（南北）流量，但几乎从最开始就比较明确，
相同的基本路由概念也应适用于服务网格（东西）流量。2022 年，Gateway API
子项目启动了 [GAMMA 计划][gamma]，这是一个专门的供应商中立的工作流，
旨在专门研究如何最好地将服务网格支持纳入 Gateway API 资源的框架中，
而不需要 Gateway API 的用户重新学习他们了解的有关 API 的一切。

<!--
Over the last year, GAMMA has dug deeply into the challenges and possible
solutions around using Gateway API for service mesh. The end result is a small
number of [enhancement proposals][geps] that subsume many hours of thought and
debate, and provide a minimum viable path to allow Gateway API to be used for
service mesh.
-->
在过去的一年中，GAMMA 深入研究了使用 Gateway API 用于服务网格的挑战和可能的解决方案。
最终结果是少量的[增强提案][geps]，其中包含了很长时间的思考和辩论，并提供允许使用 Gateway API
用于服务网格的最短可行路径。

<!--
### How will mesh routing work when using Gateway API?

You can find all the details in the [Gateway API Mesh routing
documentation][mesh-routing] and [GEP-1426], but the short version for Gateway
API v0.8.0 is that an HTTPRoute can now have a `parentRef` that is a Service,
rather than just a Gateway. We anticipate future GEPs in this area as we gain
more experience with service mesh use cases -- binding to a Service makes it
possible to use the Gateway API with a service mesh, but there are several
interesting use cases that remain difficult to cover.

As an example, you might use an HTTPRoute to do an A-B test in the mesh as
follows:
-->
### 当使用 Gateway API 时，网格路由将如何工作？

你可以在 [Gateway API Mesh 路由文档][mesh-routing]和 [GEP-1426] 中找到所有详细信息，
但对于 Gateway API v0.8.0 的简短的版本是现在 HTTPRoute 可以设置 `parentRef`，
它是一个 Service，而不仅仅是一个网关。随着我们对服务网格用例的经验不断丰富，我们预计在这个领域会出现更多
GEP -- 绑定到 Service 使得将 Gateway API 与服务网格结合使用成为可能，但仍有几个有趣的用例难以覆盖。

例如，你可以使用 HTTPRoute 在网格中进行 A-B 测试，如下所示：

```yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
  name: bar-route
spec:
  parentRefs:
  - group: ""
    kind: Service
    name: demo-app
    port: 5000
  rules:
  - matches:
    - headers:
      - type: Exact
        name: env
        value: v1
    backendRefs:
    - name: demo-app-v1
      port: 5000
  - backendRefs:
    - name: demo-app-v2
      port: 5000
```

<!--
Any request to port 5000 of the `demo-app` Service that has the header `env:
v1` will be routed to `demo-app-v1`, while any request without that header
will be routed to `demo-app-v2` -- and since this is being handled by the
service mesh, not the ingress controller, the A/B test can happen anywhere in
the application's call graph.
-->
任何对 `demo-app` Service 5000 端口且具有 `env: v1` 表头的请求都将被路由到 `demo-app-v1`，
而没有该标头的请求都将被路由到 `demo-app-v2` -- 并且由于这是由服务网格而不是
Ingress 控制器处理的，A/B 测试可以发生在应用程序的调用图中的任何位置。

<!--
### How do I know this will be truly portable?

Gateway API has been investing heavily in conformance tests across all
features it supports, and mesh is no exception. One of the challenges that the
GAMMA initiative ran into is that many of these tests were strongly tied to
the idea that a given implementation provides an ingress controller. Many
service meshes don't, and requiring a GAMMA-conformant mesh to also implement
an ingress controller seemed impractical at best. This resulted in work
restarting on Gateway API _conformance profiles_, as discussed in [GEP-1709].
-->
### 如何确定这种方案的可移植性是真的？

Gateway API 一直在其支持的所有功能的一致性测试上投入大量资源，网格也不例外。
GAMMA 面临的挑战之一是，许多测试都认为一个给定实现会提供 Ingress 控制器。
许多服务网格不提供 Ingress 控制器，要求符合 GAMMA 标准的网格同时实现 Ingress 控制器似乎并不切实际。
这导致在 Gateway API **一致性配置文件**的工作重新启动，如 [GEP-1709] 中所述。

<!--
The basic idea of conformance profiles is that we can define subsets of the
Gateway API, and allow implementations to choose (and document) which subsets
they conform to. GAMMA is adding a new profile, named `Mesh` and described in
[GEP-1686], which checks only the mesh functionality as defined by GAMMA. At
this point, Kuma 2.3+, Linkerd 2.14+, and Istio 1.16+ are all conformant with
the `Mesh` profile.
-->
一致性配置文件的基本思想是，我们可以定义 Gateway API 的子集，并允许实现选择（并记录）他们符合哪些子集。
GAMMA 正在添加一个名为 `Mesh` 的新配置文件，其描述在 [GEP-1686] 中，仅检查由 GAMMA 定义的网格功能。
此时，Kuma 2.3+、Linkerd 2.14+ 和 Istio 1.16+ 都符合 `Mesh` 配置文件的标准。

<!--
## What else is in Gateway API v0.8.0?

This release is all about preparing Gateway API for the upcoming v1.0 release
where HTTPRoute, Gateway, and GatewayClass will graduate to GA. There are two
main changes related to this: CEL validation and API version changes.
-->
## Gateway API v0.8.0 中还有什么？

这个版本的发布都是为了即将到来的 v1.0 版本做准备，其中
HTTPRoute、Gateway 和 GatewayClass 将进级为 GA。与此相关的有两个主要更改：
CEL 验证和 API 版本更改。

<!--
### CEL Validation

The first major change is that Gateway API v0.8.0 is the start of a transition
from webhook validation to [CEL validation][cel] using information built into
the CRDs. That will mean different things depending on the version of
Kubernetes you're using:
-->
### CEL 验证

第一个重大变化是，Gateway API v0.8.0 起从 Webhook 验证转向使用内置于
CRD 中的信息的 [CEL 验证][cel]。取决于你使用的 Kubernetes 版本，这一转换的影响有些不同：

<!--
#### Kubernetes 1.25+

CEL validation is fully supported, and almost all validation is implemented in
CEL. (The sole exception is that header names in header modifier filters can
only do case-insensitive validation. There is more information in [issue
2277].)

We recommend _not_ using the validating webhook on these Kubernetes versions.
-->
#### Kubernetes 1.25+

CEL 验证得到了完全支持，并且几乎所有验证都是在 CEL 中实现的。
（唯一的例外是，标头修饰符过滤器中的标头名称只能进行不区分大小写的验证，
更多的相关信息，请参见 [issue 2277]。）

我们建议在这些 Kubernetes 版本上不使用验证 Webhook。

<!--
#### Kubernetes 1.23 and 1.24

CEL validation is not supported, but Gateway API v0.8.0 CRDs can still be
installed. When you upgrade to Kubernetes 1.25+, the validation included in
these CRDs will automatically take effect.

We recommend continuing to use the validating webhook on these Kubernetes
versions.
-->
#### Kubernetes 1.23 和 1.24

不支持 CEL 验证，但仍可以安装 Gateway API v0.8.0 CRD。
当你升级到 Kubernetes 1.25+ 时，这些 CRD 中包含的验证将自动生效。

我们建议在这些 Kubernetes 版本上继续使用验证 Webhook。

<!--
#### Kubernetes 1.22 and older

Gateway API only commits to support for [5 most recent versions of
Kubernetes][supported-versions]. As such, these versions are no longer
supported by Gateway API, and unfortunately Gateway API v0.8.0 cannot be
installed on them, since CRDs containing CEL validation will be rejected.
-->
#### Kubernetes 1.22 及更早版本

Gateway API 只承诺支持[最新的 5 个 Kubernetes 版本][supported-versions]。
因此，Gateway API 不再支持这些版本，不幸的是，在这些集群版本中无法安装 Gateway API v0.8.0，
因为包含 CEL 验证的 CRD 将被拒绝。

<!--
### API Version Changes

As we prepare for a v1.0 release that will graduate Gateway, GatewayClass, and
HTTPRoute to the `v1` API Version from `v1beta1`, we are continuing the process
of moving away from `v1alpha2` for resources that have graduated to `v1beta1`.
For more information on this change and everything else included in this
release, refer to the [v0.8.0 release notes][v0.8.0 release notes].
-->
### API 版本更改

在我们所准备的 v1.0 版本中，Gateway、GatewayClass 和 HTTPRoute 都会从
`v1beta1` 升级到 `v1` API 版本，对于已升级到 `v1beta1` 的资源，我们将继续从 `v1alpha2` 迁移的过程。

有关此更改以及此版本中包含的所有其他内容的更多信息，请参见 [v0.8.0 发布说明][v0.8.0 release notes]。

<!--
## How can I get started with Gateway API?

Gateway API represents the future of load balancing, routing, and service mesh
APIs in Kubernetes. There are already more than 20 [implementations][impl]
available (including both ingress controllers and service meshes) and the list
keeps growing.
-->
## 如何开始使用 Gateway API？

Gateway API 代表了 Kubernetes 中负载平衡、路由和服务网格 API 的未来。
已经有超过 20 个[实现][impl]可用（包括入口控制器和服务网格），而这一列表还在不断增长。

<!--
If you're interested in getting started with Gateway API, take a look at the
[API concepts documentation][concepts] and check out some of the
[Guides][guides] to try it out. Because this is a CRD-based API, you can
install the latest version on any Kubernetes 1.23+ cluster.
-->
如果你有兴趣开始使用 Gateway API，请查阅 [API 概念文档][concepts] 和一些[指南][guides]以尝试使用它。
因为这是一个基于 CRD 的 API，所以你可以在任何 Kubernetes 1.23+ 集群上安装最新版本。

<!--
If you're specifically interested in helping to contribute to Gateway API, we
would love to have you! Please feel free to [open a new issue][issue] on the
repository, or join in the [discussions][disc]. Also check out the [community
page][community] which includes links to the Slack channel and community
meetings. We look forward to seeing you!!
-->
如果你有兴趣为 Gateway API 做出贡献，我们非常欢迎你！
请随时在仓库中[报告问题][issue]，或加入[讨论][disc]。
另请查看[社区页面][community]，其中包含 Slack 频道和社区会议的链接。
我们期待你的光临！！

<!--
## Further Reading:

- [GEP-1324] provides an overview of the GAMMA goals and some important
  definitions. This GEP is well worth a read for its discussion of the problem
  space.
- [GEP-1426] defines how to use Gateway API route resources, such as
  HTTPRoute, to manage traffic within a service mesh.
- [GEP-1686] builds on the work of [GEP-1709] to define a _conformance
  profile_ for service meshes to be declared conformant with Gateway API.
-->
## 进一步阅读：

- [GEP-1324] 提供了 GAMMA 目标和一些重要定义的概述。这个 GEP 值得一读，因为它讨论了问题空间。
- [GEP-1426] 定义了如何使用 Gateway API 路由资源（如 HTTPRoute）管理服务网格内的流量。
- [GEP-1686] 在 [GEP-1709] 的工作基础上，为声明符合 Gateway API 的服务网格定义了一个一致性配置文件。

<!--
Although these are [Experimental][status] patterns, note that they are available
in the [`standard` release channel][ch], since the GAMMA initiative has not
needed to introduce new resources or fields to date.
-->
虽然这些都是[实验特性][status]，但请注意，它们可在 [standard 发布频道][ch]使用，
因为 GAMMA 计划迄今为止不需要引入新的资源或字段。

<!--
[gamma]:https://gateway-api.sigs.k8s.io/concepts/gamma/
[status]:https://gateway-api.sigs.k8s.io/geps/overview/#status
[ch]:https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels-eg-experimental-standard
[cel]:/docs/reference/using-api/cel/
[crd]:/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/
[concepts]:https://gateway-api.sigs.k8s.io/concepts/api-overview/
[geps]:https://gateway-api.sigs.k8s.io/contributing/enhancement-requests/
[guides]:https://gateway-api.sigs.k8s.io/guides/getting-started/
[impl]:https://gateway-api.sigs.k8s.io/implementations/
[install-crds]:https://gateway-api.sigs.k8s.io/guides/getting-started/#install-the-crds
[issue]:https://github.com/kubernetes-sigs/gateway-api/issues/new/choose
[disc]:https://github.com/kubernetes-sigs/gateway-api/discussions
[community]:https://gateway-api.sigs.k8s.io/contributing/community/
[mesh-routing]:https://gateway-api.sigs.k8s.io/concepts/gamma/#how-the-gateway-api-works-for-service-mesh
[GEP-1426]:https://gateway-api.sigs.k8s.io/geps/gep-1426/
[GEP-1324]:https://gateway-api.sigs.k8s.io/geps/gep-1324/
[GEP-1686]:https://gateway-api.sigs.k8s.io/geps/gep-1686/
[GEP-1709]:https://gateway-api.sigs.k8s.io/geps/gep-1709/
[issue 2277]:https://github.com/kubernetes-sigs/gateway-api/issues/2277
[supported-versions]:https://gateway-api.sigs.k8s.io/concepts/versioning/#supported-versions
[v0.8.0 release notes]:https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.8.0
[versioning docs]:https://gateway-api.sigs.k8s.io/concepts/versioning/
-->
[gamma]:https://gateway-api.sigs.k8s.io/concepts/gamma/
[status]:https://gateway-api.sigs.k8s.io/geps/overview/#status
[ch]:https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels-eg-experimental-standard
[cel]:/zh-cn/docs/reference/using-api/cel/
[crd]:/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/
[concepts]:https://gateway-api.sigs.k8s.io/concepts/api-overview/
[geps]:https://gateway-api.sigs.k8s.io/contributing/enhancement-requests/
[guides]:https://gateway-api.sigs.k8s.io/guides/getting-started/
[impl]:https://gateway-api.sigs.k8s.io/implementations/
[install-crds]:https://gateway-api.sigs.k8s.io/guides/getting-started/#install-the-crds
[issue]:https://github.com/kubernetes-sigs/gateway-api/issues/new/choose
[disc]:https://github.com/kubernetes-sigs/gateway-api/discussions
[community]:https://gateway-api.sigs.k8s.io/contributing/community/
[mesh-routing]:https://gateway-api.sigs.k8s.io/concepts/gamma/#how-the-gateway-api-works-for-service-mesh
[GEP-1426]:https://gateway-api.sigs.k8s.io/geps/gep-1426/
[GEP-1324]:https://gateway-api.sigs.k8s.io/geps/gep-1324/
[GEP-1686]:https://gateway-api.sigs.k8s.io/geps/gep-1686/
[GEP-1709]:https://gateway-api.sigs.k8s.io/geps/gep-1709/
[issue 2277]:https://github.com/kubernetes-sigs/gateway-api/issues/2277
[supported-versions]:https://gateway-api.sigs.k8s.io/concepts/versioning/#supported-versions
[v0.8.0 release notes]:https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.8.0
[versioning docs]:https://gateway-api.sigs.k8s.io/concepts/versioning/