当前位置: 首页 > article >正文

Enhancing K8s Gateway API with Easegress Without Changing a Single Line of Code

In the article “Revolutionize Your Kubernetes Experience with Easegress: Kubernetes Gateway API”, we explored the powerful capabilities of the Kubernetes Gateway API. Today, we will present how to use the flexibility of Kubernetes Gateway to enhance its functionalities by using existing filters and resilience policies in Easegress without changing a single line of code.

Through this article, you will learn how to equip the Kubernetes Gateway API with resilient fault-tolerance capabilities without modifying any code.

Why Enhance the K8s Gateway API?

We already know that Easegress possesses robust resilient fault-tolerance features, including circuit breaking, rate limiting, and retries. With these features, Easegress can effectively protect backend services. However, in the current Kubernetes Gateway API standards, the protection mechanisms for backend services are not clearly defined. The standards are more about traffic forwarding, load balancing, redirection, and so on. So, how can we implement protection for backend services in Kubernetes Gateway? How can we equip the Kubernetes Gateway API with capabilities like circuit breaking, rate limiting, and retries? This is the key question we need to explore today.

Kubernetes Gateway ExtensionRef: The Glue Between Kubernetes and Easegress

First, let’s understand how the Kubernetes Gateway API, through the ingenious configuration of ExtensionRef [1], provides a way to implement custom functionalities. Below is an example of an HTTPRoute, demonstrating how to reference resources within a cluster:"

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
  name: httproute-extension
  - matches:
    - path:
        value: /test
    - type: ExtensionRef
      # Referencing the FilterSpec resource through ExtensionRef.
        group: "easegress.megaease.com"
        kind: "FilterSpec"
        name: "rate-limiter"
    - name: service-a
      port: 8080

This ExtensionRef references a ‘FilterSpec’ resource named ‘rate-limiter’ in the ’easegress.megaease.com’ group. This configuration will be recognized by the Easegress Gateway Controller [2] and transformed into the corresponding Easegress settings. This expands the functionality of the Kubernetes Gateway API, enabling the HTTPRoute to have rate limiting capabilities.

Custom Resource Definitions: Balancing Security and Flexibility

To seamlessly integrate the advanced functionalities of Easegress, we chose Custom Resource Definition (CRD) as our solution. Compared to directly using ConfigMap, it has a smaller impact and offers better flexibility. Below is the corresponding CRD configuration:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
  name: filterspecs.easegress.megaease.com
  group: easegress.megaease.com
    - name: v1
      served: true
      storage: true
          type: object
              type: object
                  type: string
                  type: string
                  type: string
  scope: Namespaced
    plural: filterspecs
    singular: filterspec
    kind: FilterSpec

In this CustomResourceDefinition, we defined the ’easegress.megaease.com’ group and the ‘FilterSpec’ kind. Our definition is designed with compatibility in mind, retaining only the three most essential attributes: name, kind, and spec. Where name and kind are common to all Easegress Filters, and spec is the specific configuration of the Filter, where the corresponding yaml configuration can be placed for use.

Practical Exercise

Next, we will take RateLimiter [3] and ResponseAdaptor [4] as examples, which are two of the many Filters provided by Easegress.

First, let’s create the corresponding Kubernetes resources:

apiVersion: easegress.megaease.com/v1
kind: FilterSpec
  name: rate-limiter
  name: rate-limiter
  kind: RateLimiter
  spec: |
    - name: policy
      limitRefreshPeriod: 5000ms
      limitForPeriod: 1
    defaultPolicyRef: policy
    - url:
        prefix: /
      policyRef: policy    


apiVersion: easegress.megaease.com/v1
kind: FilterSpec
  name: response-adaptor
  name: response-adaptor
  kind: ResponseAdaptor
  spec: |
        X-Eg-Response-Adaptor: "true"    

This RateLimiter allows only one request to pass in a 5-second period. The ResponseAdaptor adds an X-Eg-Response-Adaptor header to the HTTP response.

To use these extensions in HTTPRoute, you simply need to reference these Filters when creating the HTTPRoute. A specific example is as follows:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
  name: example-route-2
  - kind: Gateway
    name: example-gateway
    sectionName: example-listener
  - matches:
    - path:
        value: /test
    - type: ExtensionRef
        # use rate-limiter
        group: "easegress.megaease.com"
        kind: "FilterSpec"
        name: "rate-limiter"
    - type: ExtensionRef
        # use response-adaptor
        group: "easegress.megaease.com"
        kind: "FilterSpec"
        name: "response-adaptor"
    - name: hello-service
      port: 60002

Thus, after creating this HTTPRoute, our Easegress Gateway Controller will incorporate the specified rate limiter and response adaptor by reference. This endows the HTTPRoute with the capabilities of rate limiting and response modification.

Next, we perform some simple tests. The environment we use is minikube, and we map the port of the Gateway to nodePort 30081. Then we login for testing using minikube ssh. More details on the configuration can be found in our official documentation [2].

docker@minikube:~$ curl -v 
< Date: Thu, 23 Nov 2023 02:57:59 GMT
< X-Eg-Response-Adaptor: true  # ResponseAdaptor works
< Connection: close
Hello, world!
Version: 2.0.0
Hostname: hello-deployment-688d8666c-xl9sb
* Closing connection 0

docker@minikube:~$ curl -v 
< HTTP/1.1 429 Too Many Requests
< X-Eg-Rate-Limiter: too-many-requests  # RateLimiter works
< Date: Thu, 23 Nov 2023 02:58:00 GMT

Our test results show that the first request is successful and includes the X-Eg-Response-Adaptor header, while the second request is rejected due to the effect of the rate limiter.

Circuit Breaker and Retry Strategies

Furthermore, we have also provided definitions for circuit breakers and retry strategies [5], further enhancing the resilience and reliability of the network.

apiVersion: easegress.megaease.com/v1
kind: FilterSpec
  name: circuit-breaker
  name: circuit-breaker
  kind: CircuitBreaker
  spec: |
    slidingWindowType: TIME_BASED
    failureRateThreshold: 60
    slidingWindowSize: 200    


apiVersion: easegress.megaease.com/v1
kind: FilterSpec
  name: retry
  name: retry
  kind: Retry
  spec: |
    maxAttempts: 3
    waitDuration: 500ms    

Through this method, we can easily acquire various advanced functionalities of Easegress in Kubernetes Gateway.

[1] Kubernetes Gateway ExtensionRef https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.LocalObjectReference
[2] Easegress Gateway Controller https://github.com/megaease/easegress/blob/main/docs/04.Cloud-Native/4.2.Gateway-API.md
[3] Easegress RateLimiter Filter https://github.com/megaease/easegress/blob/main/docs/07.Reference/7.02.Filters.md#ratelimiter
[4] Easegress ResponseAdaptor Filter https://github.com/megaease/easegress/blob/main/docs/07.Reference/7.02.Filters.md#responseadaptor
[5] Easegress Resilience https://github.com/megaease/easegress/blob/main/docs/02.Tutorials/2.4.Resilience.md



  • 【数据结构】通过对比二叉查找树、平衡二叉树和B树,对MySQL中的B+树讲解
  • 企业OA管理系统:Spring Boot技术架构与应用
  • Spring Boot英语知识网站:开发与优化
  • AI服务器核心部件产业链升级分析
  • mac终端配置-支持 git branch
  • 数字图像处理(4):FPGA中的定点数、浮点数
  • wsl2的Ubuntu18.04安装ros和anaconda
  • 后端开发详细学习框架与路线
  • 基于python的机器学习(三)—— 关联规则与推荐算法
  • 3D可视化产品定制,打造“所见即所得”的购物体验!
  • FPGA实现串口升级及MultiBoot(九)BPI FLASH相关实例演示
  • sql工具!好用!爱用!
  • Css—实现3D导航栏
  • conda下载与pip下载的区别
  • 丹摩征文活动|实现Llama3.1大模型的本地部署
  • 第三十八章 IOT 通信协议MQTT协议实现的中间件EMQXDocker安装与验证指南
  • 系统使用杂记
  • 一文理解 Python 编程语言中的 .strip() 方法
  • python oa服务器巡检报告脚本的重构和修改(适应数盾OTP)有空再去改
  • 制造系统中ERP系统与MES管理系统的区别