正式なドキュメントは英語版であり、この日本語訳はAI支援翻訳により作成された参考用のものです。日本語訳の一部の内容は人間によるレビューがまだ行われていないため、翻訳のタイミングにより英語版との間に差異が生じることがあります。最新かつ正確な情報については、英語版をご参照ください。

Using Envoy Gateway

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab Self-Managed
  • Status: Beta

GitLab chart bundled Envoy Gateway to support migrating from the bundled NGINX Ingress towards Gateway API.

Configuring Envoy Gateway

To configure Envoy Gateway and Envoy Gateway Helm chart for configuration details.

Configuring Gateway API resources

GitLab chart supports deploying a pre-configured Gateway, EnvoyProxy, EnvoyPatchPolicy, and routes for each component.

For more information check the global Gateway API documentation.

Migrating from the bundled NGINX Ingress

This migration results in downtime.

To migrate from (NGINX) Ingress to Gateway API and Envoy Gateway:

  1. Install Envoy and Gateway API CRDs:

    helm template eg-crds oci://docker.io/envoyproxy/gateway-crds-helm \
  --version v1.6.0 \
  --set crds.gatewayAPI.enabled=true \
  --set crds.envoyGateway.enabled=true \
  | kubectl apply --server-side -f -

  2. If not, install the Gateway API CRDs through your cloud provider or manually apply to your cluster.

  3. Disable NGINX Ingress and Ingress resources:

    # Disable bundled NGINX Ingress controller.
nginx-ingress:
  enabled: false

global:
  # Disable rendering of Ingress resources.
  ingress:
    enabled: false

  4. Configure Certmanager for Gateway API:

    # Configure bundled certmanager for Gateway API support.
certmanager:
  config:
    apiVersion: controller.config.cert-manager.io/v1alpha1
    kind: ControllerConfiguration
    enableGatewayAPI: true

global:
  gatewayApi:
    configureCertmanager: true

  5. Enable Envoy and Gateway API resources:

    global:
  # Disable rendering of Ingress resources.
  gatewayApi:
    # Install a Gateway and Routes for each component.
    enabled: true
    # Install the bundled Envoy Gateway chart, a GatewayClass, a EnvoyPatchPolicy, and the EnvoyProxy resources.
    installEnvoy: true
    # Create a Gateway API compatible certmanager Issuer and configure the Gateway to use it.
    class:
      create: true

  6. Optional: Configure the Gateway to bind a static IP address. By default the IP configured via global.hosts.externalIP is reused.

    # Depending on your cloud provider you might to migrate additional annotations.
global:
  hosts:
    # Only used by Envoy if bundled NGINX Ingress is disabled and no custom
    # gateway addresses are defined.
    externalIP: "127.0.0.1"
  gatewayApi:
    addresses:
     - type: IPAddress
       value: "127.1.1.1"

  7. Upgrade your GitLab chart release with the updated values.