GEP-2722: Goals and UX for gwctl¶
- Issue: #2722
- Status: Memorandum
TLDR¶
TLDR: This GEP proposes gwctl, a new command line tool designed to streamline
the experience of working with Gateway API resources. It offers a familiar
kubectl-like interface for viewing resources while providing more detailed and
informative output that is specifically focused on the Gateway API. For
advanced filtering and other in-depth features, gwctl can be effectively
used alongside kubectl.
Motivations¶
- Limited kubectl customizability for CRDs:
- kubectl's customization capabilities for CRDs (through
additionalPrinterColumns) is constrained, limiting the ability to create optimal views for Gateway API resources.
- kubectl's customization capabilities for CRDs (through
- Complex policy attachment management:
- As described in GEP-713, policies present a valuable mechanism for expanding the capabilities of Gateway API resources. However, discoverability poses a challenge due to the absence of a clear connection between resources and their associated policies. There have been growing questions around suitability of policies as a means to provide extensions.
- Challenging multi-resource model navigation:
- Comprehending the relationships between multiple Gateway API resources can be challenging within kubectl.
Goals¶
- Greater control over output formatting and presentation:
- Offer greater control over output formatting and presentation, enhancing visibility and understanding of Gateway API resources.
- Improved policy discoverability, increasing adoption and usability:
- Make policies easily discoverable, aiding in the adoption and fostering broader acceptance of policies as an extension mechanism.
- Simplified multi-resource model navigation:
- Facilitate navigation of the multi-resource model by making connections between Gateway API resources explicit, aiding in configuration, troubleshooting, and issue identification.
- Proactive error detection and reporting:
- Leverage native understanding of resource relationships to proactively detect and report on potential configuration errors, further simplifying issue identification and resolution. This would complement the ability of users to readily pinpoint configuration problems themselves.
- Provide incentive for policy implementations that are consistent across cloud
providers:
- Encourage the adoption of consistent policy implementations across different Gateway API providers, promoting interoperability and predictability.
Commands Specification¶
Milestone 1¶
Supported Commands:¶
- get: Retrieves information about specified resources without including additional information from related resources.
- describe: Provides detailed information about specified resources, including augmented information from related resources.
Supported Resources:¶
- gatewayclass
- gateways
- httproutes
- namespaces
- backends (not a native k8s resource)
- policycrds (not a native k8s resource)
- policies (not a native k8s resource)
Filtering Options:¶
-nNamespace: Filters resources by namespace. Applicable to all resources except cluster-scoped resources.-lLabels: Filters resources by labels. Applicable to all resources.-AAll Namespaces: Fetches resources across all namespaces (redundant for cluster-scoped resources).-tTarget Resource: Filters policies based on the target resource type they apply to. Applicable only to the policies resource.- Syntax:
-t <key1>=<value1>,<key2>=<value2>,... - Supported keys:
- kind: Resource kind (e.g., "httproute", "gateway")
- namespace: Resource namespace
- name: Resource name
- group: Resource API group
- Syntax:
Output Formats:¶
-
describe: Fixed format, not customizable. Shows comprehensive resource information with details from related resources.
-
get:
- One-line format (default): Displays basic resource information in a single line.
- YAML format (-o yaml): Presents resource information in the YAML data format.
- JSON format (-o json): Presents resource information in the JSON data format.
- Wide format (-o wide): Includes additional columns beyond those displayed in the one-line format.
Output columns while using get
| Resource | Output Columns | Description | Visibility (Defaults to always unless specified otherwise) |
|---|---|---|---|
| gatewayclass | NAME | Name of the GatewayClass | |
| CONTROLLER | Controller managing the GatewayClass | ||
| ACCEPTED | Whether the GatewayClass is accepted by the controller | ||
| AGE | Age of the GatewayClass | ||
| GATEWAYS | Count of Gateways using this GatewayClass | -o wide | |
| DESCRIPTION | Description from the GatewayClass | -o wide | |
| gateway | NAME | Name of the Gateway | |
| CLASS | Class of the Gateway | ||
| ADDRESSES | Addresses of the Gateway (displayed using |
||
| PORTS | Ports exposed by the Gateway | ||
| PROGRAMMED | Whether the Gateway is programmed | ||
| AGE | Age of the Gateway | ||
| POLICIES | Count of policies affecting this Gateway | -o wide | |
| HTTPROUTES | Count of HTTPRoutes that are attached to this Gateway | -o wide | |
| httproute | NAMESPACE | Namespace of the HTTPRoute | |
| NAME | Name of the HTTPRoute | ||
| HOSTNAMES | Hostnames associated with the HTTPRoute | ||
| PARENT REFS | Count of parent references of the HTTPRoute (e.g., Gateways) | ||
| AGE | Age of the HTTPRoute | ||
| POLICIES | Count of policies affecting this HTTPRoute | -o wide | |
| namespace | NAME | Name of the namespace | |
| STATUS | Status of the namespace | ||
| AGE | Age of the namespace | ||
| POLICIES | Count of policies affecting this Namespace | -o wide | |
| backend | NAME | Name of the backend | |
| TYPE | Type of the backend (currently only supports Services) | ||
| REFERRED BY ROUTES | HTTPRoutes that refer to the backend (displayed using |
||
| AGE | Age of the backend | ||
| POLICIES | Count of policies affecting this Backend | -o wide | |
| policycrd | NAME | Name of the Policy CRD in the form <kind.group> | |
| POLICY TYPE | Type of policy defined by the CRD (Inherited or Direct) | ||
| SCOPE | Scope of the policy (Namespaced or Cluster) | ||
| POLICIES COUNT | Count of policy resources of this particular type. | -o wide | |
| AGE | Age of the Policy CRD | ||
| policy | NAME | Name of the policy | |
| KIND | The kind of policy in the form <kind.group> | ||
| TARGET NAME | Name of the resource the policy applies to | ||
| TARGET KIND | The kind of target resource in the form | ||
| POLICY TYPE | Type of policy (Inherited or Direct) | ||
| AGE | Age of the Policy CRD |
Additional Notes:¶
- The behavior of
getanddescribecommands is similar to kubectl, withgetfocusing on concise resource information anddescribeproviding comprehensive details. backendsrepresent resources that can be attached as backends to HTTPRoutes (currently limited to k8s services).policycrdsandpoliciesare not native k8s resources but represent subsets of CRDs and custom resource objects related to policies. (policycrdsare identified by PolicyLabelKey)
Examples of commands that should be supported:¶
gwctl get gateways -n foo(Lists basic information about Gateways in the "foo" namespace)gwctl get httproutes -l version=v1,app=myapp(Lists basic information about HTTPRoutes with the labels "version=v1" and "app=myapp")gwctl get gateways -n foo -o yaml(Shows detailed Gateway information in YAML format within the "foo" namespace)gwctl get httproutes -l version=v1,app=myapp -o json(Shows detailed HTTPRoute information in JSON format with specified labels)gwctl describe gateways my-gateway(Provides comprehensive details about the "my-gateway" Gateway, including information from related resources)gwctl describe policies my-policy(Shows detailed information about the "my-policy" policy, encompassing data from relevant any related resources when applicable)gwctl get policies -t kind=httproute(Lists basic information about policies that apply to HTTPRoutes)
Distribution¶
To ensure gwctl is widely accessible and easy to adopt, the following distribution mechanisms will be provided:
- Prebuilt Binaries: Prebuilt binaries for various platforms (Linux, macOS,
Windows) will be made available for download. Tooling like
GoReleaser can be used to streamline some of the
build processes. Binaries will be offered in two variants:
gwctlfor standalone use.kubectl-gwfor use as a kubectl plugin (kubectl gw).
- Kubectl Plugin Integration: gwctl will be integrated with Krew, the kubectl plugin manager. This should immensely help with improving discoverability of the plugin, allowing easier installation, and handling automatic updates for the user.
- Versioning: gwctl versions will be aligned with Gateway API releases (for
the time when gwctl is developed within the same repository as Gateway API)
- As gwctl matures, the need for maintaining it within the primary Gateway API repository will be reassessed. Factors such as a potential divergence in release cadence, independent contributor growth or the desire to reduce the triage workload for Gateway API maintainers could motivate a move to a separate repository.
Future Milestones¶
- Each output of
describewill include an extraAnalysisfield. This field will display any errors or other analysis information associated with the resource. - Investigate the feasibility and any advantages of using Graphviz or webview for visualizing data and presenting information in a visually appealing manner.
- Evaluate how gwctl can be extended to support Mesh use cases
References¶
Sample outputs¶
The example outputs provided below serve as a guideline for the implementation, outlining the range of values that may be presented:
-
gwctl get gatewayclass -o wideNAME CONTROLLER ACCEPTED AGE DESCRIPTION Gateways bar-com-internal-gateway-class bar.baz/internal-gateway-class True 100d Internal Load Balancer 10 foo-com-external-gateway-class foo.com/external-gateway-class True 365d External Load Balancer 25 -
gwctl get gateway -o wideNAME CLASS ADDRESSES PORTS PROGRAMMED AGE POLICIES HTTPROUTES demo-gateway-2 external-class 10.0.0.1 80 True 20d 10 5 abc-gateway-12345 internal-class 192.168.100.5 443,8080 False 5d 2 1 random-gateway regional-internal-class 10.11.12.13 8443 Unknown 3s 3 5 -
gwctl get httproute -o wideNAMESPACE NAME HOSTNAMES PARENT REFS AGE POLICIES default foo-httproute-1 example.com,example2.com + 1 more ns2/demo-gateway-2 5m 2 default qmn-httproute-100 example.com demo-gateway-1 5m 1 ns1 bar-route-21 foo.com,bar.com + 5 more default/demo-gateway-200 5m 3 ns2 bax-httproute-18777 None ns1/demo-gateway-345 5m 4 -
gwctl get namespace -o wideNAME STATUS AGE POLICIES default Active 46d 3 kube-system Active 46d 5 -
gwctl get backend -o wideNAME TYPE REFERRED BY ROUTES AGE POLICIES foo-svc Service foo-httproute-1,abc-httproute-33 + 4 more 45m 5 bar-baz-svc Service bar-httproute 11d 1 -
gwctl get policycrds -o wideNAME POLICY TYPE SCOPE POLICIES COUNT AGE healthcheckpolicies.foo.com Direct Namespaced 1 5d retryonpolicies.foo.com Direct Namespaced 2 4d timeoutpolicies.bar.com Inherited Cluster 1 10m tlsminimumversionpolicies.baz.com Direct Namespaced 3 45s -
gwctl get policies -o wideNAME KIND TARGET NAME TARGET KIND POLICY TYPE AGE demo-timeout-policy-on-gatewayclass TimeoutPolicy.foo.com foo-com-external-gateway-class GatewayClass Inherited 10d demo-timeout-policy-on-namespace TimeoutPolicy.foo.com default Namespace Inherited 10d demo-health-check-1 HealthCheckPolicy.bar.com demo-gateway-1 Gateway Direct 10d demo-retry-policy-1 RetryOnPolicy.baz.com demo-gateway-1 Gateway Direct 10d demo-retry-policy-2 RetryOnPolicy.baz.com demo-httproute-2 HTTPRoute Direct 10d demo-tls-min-version-policy-1 TLSMinimumVersionPolicy.foobar.com demo-gateway-3 Gateway Direct 10d demo-tls-min-version-policy-2 TLSMinimumVersionPolicy.foobar.com demo-gateway-4 Gateway Direct 10d -
gwctl describe gateway demo-gatewayName: demo-gateway Namespace: default Labels: <none> Annotations: annotation.foo: value1 annotation.bar.baz: abcdefghijkl API Version: gateway.networking.k8s.io/v1beta1 Kind: Gateway Metadata: creationTimestamp: "2023-12-01T18:29:41Z" finalizers: - gateway.finalizer.networking.io generation: 4 resourceVersion: "310164667" uid: ed046878-f659-4908-b80f-b88c9617ba8a Spec: gatewayClassName: l7-global-external-managed listeners: - allowedRoutes: namespaces: from: Same name: http port: 80 protocol: HTTP Status: addresses: - type: IPAddress value: 10.0.0.1 conditions: - lastTransitionTime: "2023-12-01T18:49:25Z" message: "" observedGeneration: 3 reason: Programmed status: "True" type: Programmed listeners: - attachedRoutes: 1 conditions: - lastTransitionTime: "2023-12-01T18:49:25Z" message: Some message observedGeneration: 3 reason: Ready status: "True" type: Ready name: http supportedKinds: - group: gateway.networking.k8s.io kind: HTTPRoute AttachedRoutes: Kind Name Namespace ---- ---- --------- HTTPRoute demo-health-check-1 default TCPRoute demo-retry-policy-1 default DirectlyAttachedPolicies: TYPE NAME ---- ---- TimeoutPolicy.foo.com demo-timeout-policy-on-gatewayclass RetryOnPolicy.baz.com demo-retry-policy-1 InheritedPolicies: TYPE NAME TARGET KIND TARGET NAME ---- ---- ----------- ----------- TimeoutPolicy.foo.com demo-timeout-policy-on-gatewayclass GatewayClass abc-gatewayclass EffectivePolicies: HealthCheckPolicy.foo.com: sampleParentField: sampleField: hello RetryOnPolicy.foo.com: sampleParentField: sampleField: namaste TimeoutPolicy.bar.com: timeout1: parent timeout2: child timeout3: parent timeout4: child Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal SYNC 2m12s (x46 over 138m) sc-gateway-controller SYNC on default/demo-gateway was a success -
gwctl describe httproute demo-httprouteName: demo-httproute Namespace: default Labels: <none> Annotations: <none> API Version: gateway.networking.k8s.io/v1beta1 Kind: HTTPRoute Metadata: creationTimestamp: "2023-11-09T09:45:03Z" generation: 1 resourceVersion: "290416533" uid: 716d9e5f-f57a-4e56-81f6-c579d5d17471 Spec: hostnames: - example.com parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: demo-gateway rules: - backendRefs: - group: "" kind: Service name: demo-svc port: 80 weight: 1 matches: - path: type: PathPrefix value: /example Status: parents: - conditions: - lastTransitionTime: "2023-12-01T18:49:14Z" message: "" observedGeneration: 1 reason: ReconciliationSucceeded status: "True" type: Reconciled controllerName: networking.io/gateway parentRef: group: gateway.networking.k8s.io kind: Gateway name: demo-gateway DirectlyAttachedPolicies: TYPE NAME ---- ---- HealthCheckPolicy.foo.com demo-health-check-1 RetryOnPolicy.baz.com demo-retry-policy-1 InheritedPolicies: TYPE NAME TARGET KIND TARGET NAME ---- ---- ----------- ----------- TimeoutPolicy.foo.com demo-timeout-policy-on-gatewayclass GatewayClass abc-gatewayclass RetryOnPolicy.baz.com demo-retry-policy-1 Gateway abc-gateway EffectivePolicies: HealthCheckPolicy.foo.com: sampleParentField: sampleField: hello RetryOnPolicy.foo.com: sampleParentField: sampleField: namaste TimeoutPolicy.bar.com: timeout1: parent timeout2: child timeout3: parent timeout4: child Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal SYNC 2m12s (x46 over 138m) sc-gateway-controller SYNC on default/demo-gateway was a success -
gwctl describe gatewayclass foo-com-external-gateway-className: foo-com-external-gateway-class Labels: <none> Annotations <none> API Version gateway.networking.k8s.io/v1beta1 Kind: GatewayClass Metadata: creationTimestamp: "2023-06-28T17:33:03Z" generation: 1 resourceVersion: "108322484" uid: 80cea521-5416-41c4-b5d1-2ee30f5366a6 ControllerName: foo.com/external-gateway-class Description: Create an external load balancer Status: conditions: - lastTransitionTime: "2023-05-22T17:29:47Z" message: "" observedGeneration: 1 reason: Accepted status: "True" type: Accepted DirectlyAttachedPolicies: TYPE NAME ---- ---- TimeoutPolicy.bar.com demo-timeout-policy-on-gatewayclass