Open
Description
Opening this draft issue - feel free to suggest changes/add or remove items.
Intro
On 10th January, we met to discuss the current state of Gateway for Mesh (GAMMA) status and its roadmap for 2025. This issue summarizes the key points of discussion, highlights gaps and challenges, and suggests high-level goals and action items for further development and adoption of GAMMA.
Summary of Discussion
The initial work for GAMMA focused on enabling Gateway API to support East/West traffic. While the foundational work has been successful, further improvements and enhancements, particularly in authentication (Authn) and authorization (Authz), are critical for the roadmap.
Proposed Action items
Below are number of action items proposed in the meeting
- Investigate and define use cases for standardizing E/W-specific authentication and authorization. This will be in conjunction with some proposed work in Gather use cases for service accounts as selectors network-policy-api#274 and some of the definitions and work in Add initial draft of Auth GEP 1494 #3500 (although this primarily focuses on N/S right now)
- Think about L4 and L7 AuthZ policies, and the UX/reliability implications with it. Similarly, document the current boundaries with network policies which is a source of confusion for many users
- Expand Gateway API conformance coverage for GAMMA use cases. This would likely include having separate Supported Features for N/S and E/W tests. (Incorrect conformance tests and reporting for Mesh? #3581)
- Add GAMMA-specific section in to the GEP template to capture E/W considerations. (Add Gateway For Mesh section to the GEP template #3577)
- Retry budgets was something identified as nice to have (related GEP 3388 Retry Budget API Design #3573)
- Document clear boundaries and interactions between N/S and E/W traffic. (Define how Gateways should or should not interact with GAMMA routing configuration #1478)
- Think about the multi-cluster story and whether it fits in here (GEP: Define Gateway API Interaction with Multicluster Services #1748)
Other: