The New Way to Expose APIs in a Kubernetes Cluster: Gateway API vs Ingress

Ingress is one of the most widely used resources in Kubernetes, handling infrastructure and application exposure to the outside of the cluster. However, advances in Kubernetes networking have revealed limitations of Ingress for many new use cases.

The Ingress API lacks advanced load‑balancing features that users desire, and managing it becomes impractical. Vendors try to extend functionality with annotations, leading to inconsistent implementations across providers.

Gateway API introduces a new set of resources and APIs that aim to improve and eventually replace Ingress. It separates Ingress functionality into three components—GatewayClass, Gateway, and Route—each responsible for a specific part of traffic handling.

GatewayClass is supplied by the platform (e.g., Istio or Google Cloud). A Gateway is an instance of a GatewayClass defined by a cluster administrator and bound to a LoadBalancer. *Route objects bind routing rules to a Gateway; the API defines HTTPRoute, TLSRoute, TCPRoute, and UDPRoute.

Advantages

Gateway API adds new capabilities such as header‑based matching, header manipulation, weighted traffic splitting, traffic mirroring, and a role‑based resource model.

Header‑based matching

Header operations

Weighted traffic splitting

Traffic mirroring

Role‑based resource model

Gateway API also supports extensions:

Routing to other protocols

Arbitrary backend CRDs (buckets, functions, etc.)

Custom load‑balancer algorithms and matching rules

Decoupling infrastructure from applications

Future Outlook

The API continues to evolve with experimental support from many vendors, and it is expected to become the standard way to expose services in Kubernetes clusters.