Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow VPC Lattice service creation for routes not associated with a gateway #691

Open
erikfuller opened this issue Jan 29, 2025 · 2 comments
Open

Allow VPC Lattice service creation for routes not associated with a gateway #691

erikfuller opened this issue Jan 29, 2025 · 2 comments

Comments

@erikfuller
Copy link
Contributor

erikfuller commented Jan 29, 2025
edited
Loading

Today, the controller only processes routes (HTTP, GRPC, etc) which contain a parentRef pointing to a gateway defined against the controller's gateway class. For example:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: my-hotel
spec:
  gatewayClassName: amazon-vpc-lattice <<-- denotes a gateway we're managing in the controller
  listeners:
  ...

and

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: inventory
spec:
  parentRefs:
  - name: my-hotel <<-- links this route to a gateway we're managing
    sectionName: http
  rules:
  ...

When these routes are reconciled, we create VPC Lattice services and associate them to the service network corresponding to the gateway or to the DEFAULT_SERVICE_NETWORK when ENABLE_SERVICE_NETWORK_OVERRIDE is set.

However, there are cases where we want to be able to create standalone VPC Lattice services that are not, by default, associated with a service network. This allows decoupling of service creation and ownership from service network membership, which is desirable in some scenarios.

This should not be a large change, but will require:

  1. A mechanism to denote a "standalone" route should be processed by the controller but not associated to a service network
  2. Look at logic which pulls values or validates the route against the gateway - may need updating
  3. Conditionally execute service network association logic

(edited to focus on requirements not solution)
@gadiener
Copy link

gadiener commented Jan 30, 2025
edited
Loading

For the standalone HTTPRoute idea, I think it’d be helpful to keep using the Gateway and GatewayClass, so we know the HTTPRoute is meant for VPC Lattice. We could then skip linking the Gateway with the VPC Lattice Service Network if a specific annotation or infrastructure annotation is defined on the Gateway resource.

When the annotation is applied to the Gateway, the controller reconciliation process could be adjusted to only create the VPC Lattice Service, without associating it with the VPC Lattice Service Network.

I think this method would help us separate service creation from service network management while following the standard Gateway API specification. What do you think about this approach?

@erikfuller
Copy link
Contributor Author

I agree that sounds better. I've updated the original issue text to reflect the requirements more than the solution. I think we could put annotations either on the gateway or the route (or both, potentially) to provide the functionality.

@gadiener gadiener mentioned this issue Feb 3, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gadiener @erikfuller