Appearance
Difference between Ingress and Gateway API
The difference between Ingress and Gateway API represents an evolution in how Kubernetes manages service networking. While Ingress is the mature, original standard, Gateway API is the officially designated successor designed to address the architectural limitations of Ingress,.
Here is a detailed breakdown of how they differ in architecture, management, and capabilities.
1. Architecture and Resource Model
The most fundamental difference lies in how the resources are structured.
Ingress (Monolithic Model): Ingress combines the definition of the entry point (load balancer configuration) and the routing rules (paths to services) into a single resource object.
- Workflow: A user defines an
Ingressresource. An Ingress Controller (like NGINX or AWS ALB) watches this resource and configures the load balancer,. - Limitation: This tight coupling forces application developers to define infrastructure settings (like TLS secrets or load balancer annotations) inside their application routing configuration.
- Workflow: A user defines an
Gateway API (Decoupled, Role-Oriented Model): Gateway API deconstructs the networking stack into separate resources managed by different personas. This is known as a Role-Oriented design.
GatewayClass: Defines the type of controller available (managed by the Infrastructure Provider).Gateway: Defines the instance of the load balancer and the ports/listeners open on it (managed by the Cluster Operator),.HTTPRoute/GRPCRoute: Defines the logic for mapping traffic from a Gateway listener to a backend Service (managed by the Application Developer),.
Why this matters: Gateway API allows an infrastructure team to provision a Load Balancer (the Gateway) once, and allow independent application teams to attach their own routing rules (HTTPRoute) to it without needing permission to modify the load balancer itself.
2. Expressiveness and Configuration
Ingress was originally designed for simple HTTP/HTTPS routing. As users needed advanced features (like traffic weighting or header matching), they had to rely on vendor-specific annotations, which broke portability.
| Feature | Ingress | Gateway API |
|---|---|---|
| Routing Rules | Limited mostly to Hostname and URI Path matching. | Expressive. Supports matching on Headers, Query Parameters, and Methods natively. |
| Traffic Splitting | Non-Standard. Requires vendor-specific annotations (e.g., canary deployments). | Native. Traffic weighting and splitting are first-class fields in the API. |
| Protocol Support | Primarily HTTP and HTTPS. | Supports HTTP, HTTPS, and has dedicated types like GRPCRoute for gRPC traffic. |
| Portability | Low. Moving from NGINX to AWS ALB often requires rewriting all annotations. | High. Advanced features are part of the core API spec, reducing reliance on custom annotations. |
3. Extensibility and Future Proofing
- Ingress: The API has been frozen. It will remain available for the foreseeable future, but no new features will be added.
- Gateway API: Designed to be extensible. It allows custom resources to be linked at various layers of the API. It uses a "Core" (guaranteed support) and "Extended" (optional support) support level model, allowing vendors to implement advanced features in a standardized way without breaking the API contract.
Summary Comparison
| Ingress | Gateway API | |
|---|---|---|
| Status | Stable, Frozen (Legacy) | Stable (Successor) |
| User Experience | Simple for basic use cases. | structured for multi-tenant / complex use cases. |
| Configuration | Single Ingress object. | Split into GatewayClass, Gateway, and Route objects. |
| Advanced Features | Relies on Annotations. | Native API fields (Header matching, Traffic Mirroring, etc.). |
Recommendation: For new clusters or complex traffic requirements involving traffic splitting, header-based routing, or gRPC, the Kubernetes project recommends using Gateway API.