Pingora Gateway Controller¶
Kubernetes controller implementing Gateway API for Pingora proxy.
Route traffic through a high-performance Pingora-based reverse proxy using standard Gateway API resources (Gateway, HTTPRoute, GRPCRoute).
Architecture¶
graph TB
subgraph Kubernetes Cluster
GW[Gateway API Resources<br/>Gateway, HTTPRoute, GRPCRoute]
CTL[pingora-gateway-controller<br/>Go]
PX[pingora-proxy<br/>Rust/Pingora]
SVC[Backend Services]
end
CLIENT[Client Traffic] -->|HTTP/gRPC| PX
GW -->|watches| CTL
CTL -->|gRPC sync| PX
PX -->|proxies| SVCFeatures¶
- Standard Gateway API - GatewayClass, Gateway, HTTPRoute, GRPCRoute support
- High Performance - Built on Pingora, Cloudflare's battle-tested proxy framework
- Dynamic Configuration - Routes synced via gRPC without proxy restarts
- Leader Election - High availability deployments with multiple replicas
- Multi-arch Images - Supports amd64 and arm64 architectures
- Secure by Default - Non-root containers, read-only filesystem, minimal capabilities
Quick Start¶
# 1. Install Gateway API CRDs
kubectl apply --filename https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/standard-install.yaml
# 2. Install the controller with Helm
helm install pingora-gateway-controller \
oci://ghcr.io/lexfrei/pingora-gateway-controller/chart \
--namespace pingora-system \
--create-namespace
# 3. Create HTTPRoute to expose your service
kubectl apply --filename - <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: my-app
spec:
parentRefs:
- name: pingora-gateway
namespace: pingora-system
hostnames:
- app.example.com
rules:
- backendRefs:
- name: my-service
port: 80
EOF
See Getting Started for detailed setup instructions.
Documentation Sections¶
| Section | Description |
|---|---|
| Getting Started | Prerequisites, installation, and quick start guide |
| Configuration | Controller options, Helm values, PingoraConfig CRD |
| Gateway API | Supported resources, examples, and limitations |
| Guides | Cross-namespace routing, monitoring setup |
| Operations | Troubleshooting, metrics, and manual installation |
| Development | Architecture, contributing, and testing |
| Reference | Helm chart, CRD reference, security |
Roadmap¶
Target: Gateway API v1.4.1 Standard Channel Conformance
Milestones¶
| Version | Status | Description |
|---|---|---|
| v0.1.0 | Planned | Core Conformance (RequestHeaderModifier, RequestRedirect) |
| v0.2.0 | Planned | Extended Features (ResponseHeaderModifier, URLRewrite, RequestMirror) |
| v0.3.0 | Planned | Gateway API v1.4 (supportedFeatures, BackendTLSPolicy) |
| v0.4.0 | Planned | Conformance Tests & Registration |
| v1.0.0 | Planned | Production-ready with full conformance |
Gateway API Support¶
Resources¶
| Resource | Status |
|---|---|
| GatewayClass | Supported |
| Gateway | Supported |
| HTTPRoute | Supported |
| GRPCRoute | Supported |
| ReferenceGrant | Supported |
| BackendTLSPolicy | Planned |
HTTPRoute Filters¶
| Filter | Conformance | Status |
|---|---|---|
| RequestHeaderModifier | Core | Planned |
| RequestRedirect | Core | Planned |
| ResponseHeaderModifier | Extended | Planned |
| URLRewrite | Extended | Planned |
| RequestMirror | Extended | Planned |
HTTPRoute Matching (Implemented)¶
| Feature | Conformance | Status |
|---|---|---|
| Path (Exact, Prefix, Regex) | Core | Supported |
| Header matching | Core | Supported |
| Query parameter matching | Extended | Supported |
| Method matching | Extended | Supported |
| Backend weight | Core | Supported |
| Request timeout | Extended | Supported |
See GitHub Milestones for detailed progress.
Project Links¶
License¶
BSD 3-Clause License - see LICENSE for details.