This content originally appeared on DEV Community and was authored by kelvin manavar
Introduction
When we talk about Kubernetes networking, one of the first things that comes up is Ingress. It’s been the go-to way of exposing applications to the outside world for years. But if you’ve worked with it, you already know the pain points: Ingress mostly focuses on HTTP/S traffic, behaves differently depending on which controller you use, and quickly becomes limiting when you need advanced routing, multi-tenancy, or protocols beyond HTTP.
This is exactly where the Gateway API steps in. Think of it as the next generation of Kubernetes networking—built to be more flexible, more consistent across implementations, and friendlier for different teams to collaborate on. It supports not just HTTP but also TCP, TLS, and gRPC, while giving you cleaner ways to manage policies and traffic routing at scale.
Gateway API aims to solve the issues we face with ingress
What is the Gateway API?
The Gateway API is a set of Kubernetes resources that bring more power and flexibility to how we manage networking. Instead of relying on rigid configurations, it allows you to dynamically provision infrastructure and set up advanced traffic routing in a clean, consistent way.
What makes it stand out is its design: it’s extensible, so it can grow with your needs; role-oriented, so different teams (like platform engineers, infra teams, and app developers) can manage their parts without conflict; and protocol-aware, meaning it works seamlessly across HTTP, TCP, TLS, gRPC, and beyond.
In short, Gateway API makes exposing and managing network services in Kubernetes smarter, more flexible, and ready for modern workloads.
Gateway API design concepts
The Gateway API was built with a few guiding principles that shape how it works and why it’s more powerful than Ingress:
Role-oriented Design: Gateway API kinds are modeled after organizational roles that are responsible for managing Kubernetes service networking:
- Infrastructure Provider: Manages infrastructure that allows multiple isolated clusters to serve multiple tenants, e.g. a cloud provider.
- Cluster Operator: Manages clusters and is typically concerned with policies, network access, application permissions, etc.
- Application Developer: Manages an application running in a cluster and is typically concerned with application-level configuration and service composition. Portable: Gateway API resources are Kubernetes custom resources (CRDs), and they work consistently across different implementations, so you’re not locked into a single vendor.
Expressiveness: In addition to HTTP host/path matching and TLS, Gateway API can express capabilities like HTTP header manipulation, traffic weighting & mirroring, TCP/UDP routing, and other capabilities that were only possible in Ingress through custom annotations.
Extensible: The API is flexible enough to let you plug in custom resources at different layers, giving you fine-grained control and customization possible at the appropriate places within the API structure.
Key Resources in the Gateway API
Gateway API has three stable API kinds:
GatewayClass: These are cluster-wide resources that work like templates for networking. They define the behavior and configuration for Gateways created from them. If you’ve used StorageClasses in Kubernetes, it’s a similar concept—only here it’s applied to the networking data plane instead of storage.
A sample GatewayClass CRD:
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: my-gateway-class
spec:
  controllerName: example.com/gateway-controller
Gateway: These are the actual instances created from a GatewayClass. You can think of them as the “real” networking components that handle traffic. A Gateway could be an in-cluster proxy, a hardware load balancer, or even a cloud provider’s load balancer. It takes the traffic from outside the cluster. Gateways are attached to respective GatewayClass.
A sample Gateway CRD:
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: my-gateway
  namespace: default
spec:
  gatewayClassName: my-gateway-class
  listeners:
    - name: http
      protocol: HTTP
      port: 80
Routes: Which are not a single resource, but represent many different protocol-specific Route resources. The HTTPRoute has matching, filtering, and routing rules that get applied to Gateways that can process HTTP and HTTPS traffic. Similarly, there are TCPRoutes, UDPRoutes, and TLSRoutes which also have protocol-specific semantics. This model also allows the Gateway API to incrementally expand its protocol support in the future.
    apiVersion: gateway.networking.k8s.io/v1
    kind: HTTPRoute
    metadata:
      name: my-httproute
      namespace: default
    spec:
      parentRefs:
        - name: my-gateway
      hostnames:
        - "example.com"
      rules:
        - matches:
            - path:
                type: PathPrefix
                value: /app
          backendRefs:
            - name: my-service
              port: 80
How the Request Flows
Let’s walk through what happens when a request goes through a Gateway acting as a reverse proxy:
- A client tries to reach http://www.example.com.
- The client’s DNS resolver looks up www.example.com and gets back the IP address of the Gateway.
- The client sends the HTTP request to that Gateway IP. The reverse proxy receives it and checks the Host header to find the right configuration defined by the Gateway and its attached HTTPRoute.
- If needed, the proxy can do extra checks like matching headers or paths based on the rules in the HTTPRoute.
- It can also tweak the request, for example by adding or removing headers, using filters defined in the route.
- Finally, the reverse proxy forwards the request to the right backend services.
Note: Gateway API is the successor to the Ingress API. However, it does not include the Ingress kind. As a result, a one-time conversion from your existing Ingress resources to Gateway API resources is necessary.
If you are already using ingress then want to use Gateway API, we require migrating Ingress resources to Gateway API resources.
Common Use Cases for Gateway API:
- Multi-tenant clusters → Perfect for environments where multiple teams share the same cluster but still need isolation and clear boundaries.
- Progressive delivery → Enables deployment strategies like canary releases or blue/green rollouts, making it easier to test changes safely before full rollout.
- Beyond HTTP → Unlike traditional Ingress, Gateway API supports other protocols too—like TCP, gRPC, and WebSockets—making it a versatile choice for modern applications.
Final Thoughts:
Kubernetes has made deploying and scaling applications much easier, but networking has always been one of its tougher challenges. Ingress did the job for simple scenarios, but as apps, teams, and protocols grew more complex, its limits quickly showed.
That’s where the Gateway API comes in. It’s the next generation of Kubernetes networking-flexible, extensible, and designed for today’s workloads. With role-based design, multi-protocol support, and consistency across implementations, it brings infrastructure providers, operators, and developers onto the same page.
Whether you’re just starting with Kubernetes or planning for the future, Gateway API is more than just an upgrade to Ingress-it’s the new foundation for Kubernetes networking.
In the next article, I will write about how to migrate existing Ingress resources to Gateway API resources.
This content originally appeared on DEV Community and was authored by kelvin manavar
 
	
			kelvin manavar | Sciencx (2025-08-26T11:49:21+00:00) Gateway API: The Future of Kubernetes Networking & Successor to the Ingress API. Retrieved from https://www.scien.cx/2025/08/26/gateway-api-the-future-of-kubernetes-networking-successor-to-the-ingress-api/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.
 
		
