Login

Recent searches

No recent searches

Search options

Not available on mastodon.xyz.
mastodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance, open to everyone, but mainly English and French speaking.

Administered by:

Server stats:

745
active users

mastodon.xyz: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#GatewayAPI

0 posts0 participants0 posts today
Continued thread
Public *
Mauricio Teixeira 🇺🇸🇧🇷

Okay, this is weird. The ACME HTTP01 validation with Cilium Gateway API, when 301 redirect from 80 to 443 is enabled, some times works, some times doesn't. Apparently it's a coin toss of whoever comes first: the application httproute or the acme solver httproute.

Does anyone have a *working* solution for that scenario?

What the scenario is: Cilium 1.18.1, Gateway API enabled, cert-manager 1.18.2 (numbers coincidence) with HTTP01 ACME solver. The certificate order is issued, the acme solver pod is created, but the ACME challenge gets redirected to HTTPS, so it never completes.

PS: No, I can't use DNS01 due to limitations on my DNS server.

EDIT: according to what I found in GitHub, the PR merged in Cilium *yesterday* might fix the problem. So I either need to wait, or be brave enough to try an unreleased code.

#HomeLab #GatewayAPI #Cilium #Kubernetes #CertManager

github.com/cilium/cilium/pull/

This PR removes the separate reconcilers for each Route type in favor of updating status inside the Gateway reconciler. This also adds new indicies on the Gateway reconciler that should make reconc...
GitHubRefactor Gateway API reconciler by youngnick · Pull Request #41232 · cilium/ciliumBy youngnick
Public
Mauricio Teixeira 🇺🇸🇧🇷

Sometimes I don't know if GatewayAPI is overkill for my home lab use, or if I'm just doing it wrong. The fact is that cert-manager acme http01 validation with http to https redirect is driving me crazy, and I can't figure out an easy way out.

Right now my gut is telling me to tear everything down and start over, because I feel like I did something wrong right at the initial deployment.

Yes, this post is vague on purpose, as I'm not ready to share my shame, I just need to vent. But if you do have a "this is the happy path" tutorial, I would not oppose to reading it.

#HomeLab#GatewayAPI#Kubernetes
Public
Nicolas Fränkel 🇺🇦🇬🇪

Exposing #OTelCollector in #Kubernetes with #GatewayAPI & #mTLS

opentelemetry.io/blog/2025/exp

OpenTelemetry · Exposing OTel Collector in Kubernetes with Gateway API & mTLSThe goal of this blog post is to demonstrate how you can expose an OpenTelemetry (OTel) Collector running inside Kubernetes to the outside world securely, using the Kubernetes Gateway API and mutual TLS (mTLS) for authentication and encryption. As observability becomes increasingly critical in modern distributed systems, centralizing telemetry data via OTel Collectors deployed in one or many Kubernetes clusters is common practice. Often, services or agents running outside your Kubernetes cluster need to send data to these Collectors. Exposing internal services requires careful consideration of security and standardization. This is where the Kubernetes Gateway API and mTLS shine.
Public
Johannes Kastl

In case you want to get your hands dirty with Traefik, Kubernetes and the new GatewayAPI, I got you covered.

Here is another vagrant-libvirt setup that has #k3s, #Traefik and a #Nginx deployment. Instead of using a #Kubernetes #ingress or a Traefik ingressroute, this setup uses the #GatewayAPI resources like Gateways and HTTPRoutes.

codeberg.org/johanneskastl/tra
github.com/johanneskastl/traef

As usual, #Ansible does the heavy lifting and deploys everything in the cluster.

Have a lot of fun.

Codeberg.orgtraefik_gateway-api_on_k3s_vagrant_libvirt_ansibleVagrant-libvirt setup with k3s, Traefik and Nginx, reachable by using the Kubernetes Gateway API resources
#k8s#DevOps#vagrant
Public *
René Dudfield

I'm going to be at #kubecon. At the maintainers summit beforehand, at the contribfest, and at the #headlamp project pavilion.

Contribfest session: kccnceu2025.sched.com/event/1t

I'm looking forward to connecting with folks working on different projects. People have been quite busy building out Headlamp Kubernetes UIs for ecosystem tooling and standards like #gatewayapi #prometheus #keda #flux #minikube #backstage #inspektorgadget #flagger and #certmanager

kccnceu2025.sched.comKubeCon + CloudNativeCon Europe 2025: 🚨 Contribfest: Make Your Own UI for Kube...View more about this event at KubeCon + CloudNativeCon Europe 2025
#Kubernetes#cncf#cloudnativecon
Replied in thread
Public
Joel Bennett

@zas Also, #kong KIC has _great_ support for the #GatewayAPI (even the preview stuff like #grpc) as far as I can tell.

I haven't tried it, because BYOCNI made it harder to switch off #cilium, and I have a talk to do ;-)

docs.konghq.com/kubernetes-ing

Kong DocsInstall KIC - Kong Ingress Controller | Kong DocsDocumentation for Kong, the Cloud Connectivity Company for APIs and Microservices.
Replied in thread
Public
Joel Bennett

@zas Yeah, I've been trying to set up an #AKS #k8s #cluster with #cilium using the #GatewayAPI exclusively instead of my #traefik #ingress and it's tricky, not because of the "BYOCNI" part, but because *most* helm charts still don't support Gateway -- but do support Ingress.

Sadly, the #Ingress2Gateway project got so sidetracked supporting vendor extensions that the current version can't even generate plain HTTP Routes from ingresses unless you're using @istiomesh

ExploreLive feeds
About