Exploring Gateway API
In this tutorial you will explore the Gateway API set-up in the HavenPlus stack. We'll explore some of the Gateway API resources and how these are used to create the actual gateways which are managed by Istio.
For a more generic description of Gateway API, its purpose and how it relates to Ingress, see this guide.
Prerequisites
- Bootstrap a local cluster as explained in the Getting Started guide.
- Install Cloud Provider Kind so we can loadbalance traffic from localhost.
1. Verify that required CRD's are installed
As HavenPlus standardizes on Gateway API, all required Gateway API CRD's are automatically installed. You can verify this as follows:
kubectl get crd | grep gateway.networking.k8s.io
You should see the following CRD's:
backendtlspolicies.gateway.networking.k8s.io 2025-12-18T18:44:58Z
gatewayclasses.gateway.networking.k8s.io 2025-12-18T18:44:58Z
gateways.gateway.networking.k8s.io 2025-12-18T18:44:58Z
grpcroutes.gateway.networking.k8s.io 2025-12-18T18:44:58Z
httproutes.gateway.networking.k8s.io 2025-12-18T18:44:58Z
referencegrants.gateway.networking.k8s.io 2025-12-18T18:44:58Z
tcproutes.gateway.networking.k8s.io 2025-12-18T18:44:58Z
tlsroutes.gateway.networking.k8s.io 2025-12-18T18:44:58Z
udproutes.gateway.networking.k8s.io 2025-12-18T18:44:58Z
2. Start Cloud Provider Kind
Install Cloud Provider Kind and run the following command to expose services of type LoadBalancer on you local machine:
sudo cloud-provider-kind
3. View the Gateway
On the local environment, an example gateway named public-gateway is automatically deployed:
kubectl get gateway
Will show something like:
NAME CLASS ADDRESS PROGRAMMED AGE
public-gateway istio 172.18.0.3 True 6m6s
The Gateway is assigned an IP address by the Cloud Provider’s Kind load balancer, which you set up in Step 2. While you can access your cluster via this IP in a browser, you’ll see a 404 error since no route is configured to handle such a request on this Gateway.
4. View Istio Gateway pods
Istio fully supports Gateway API and therefore listens to Gateway resources. Once the Istio controller sees a Gateway resource, it will launch the required Istio Gateway pod:
kubectl -n istio-gateway get pods
Result:
NAME READY STATUS RESTARTS AGE
public-gateway-istio-56d4575bc6-bvft8 1/1 Running 0 11m
5. Inspect the pod-info HTTPRoute
In the tenant-demo namespace we've got the pod-info example app deployed:
kubectl -n tenant-demo get pods -l app=podinfo
Result:
NAME READY STATUS RESTARTS AGE
podinfo-55d69c5cc8-8w4gr 1/1 Running 0 13m
podinfo-55d69c5cc8-fclbh 1/1 Running 0 13m
Now this application already contains some HTTPRoutes:
kubectl -n tenant-demo get httproutes.gateway.networking.k8s.io podinfo-http
Result:
NAME HOSTNAMES AGE
podinfo-http ["podinfo.havenplus.local"] 15m
Let's describe this route:
kubectl -n tenant-demo describe httproutes.gateway.networking.k8s.io podinfo-http
In the status field, you should see the following:
Status:
Parents:
Conditions:
Last Transition Time: 2026-01-07T20:14:41Z
Message: Route was valid
The status field should also contain:
Parent Ref:
Group: gateway.networking.k8s.io
Kind: Gateway
Name: public-gateway
Namespace: istio-gateway
Section Name: http
Here you can see which Gateway is handling the route.
6. Accessing the pod-info application
In your /etc/hosts file on your machine, create the following entry:
<IP-ADDRESS-FROM-STEP-2> podinfo.havenplus.local
Next, go to http://podinfo.havenplus.local in your browser. You should now see the podinfo WebUI!
7. Next Steps
Try adding an additional gateway and deploy an alternative HTTPRoute with another domain for the podinfo app. Add the required entry to your local /etc/hosts file and check if you can access the podinfo app via this URL as well.