- Freeze of the Kubernetes Ingress API
- Introduction of the Gateway API
- Example shows operators responsible for certificates, allowing teams to only HTTPRoutes
- Need for a setup to allow teams to be responsible for their own certificates
- Set up a shared Gateway with a public IP and a wildcard hostname
- ReferenceGrants to allow TLSRoute to a team/app Gateway with a ClusterIP
- Teams have full control over this ClusterIP Gateway, thus control over the TLS certificates used on this Gateway
- Experimental Gateway API needed, subject to change
- Allowing for ClusterIP Gateway is implementation specific, Istio allow this by setting the
networking.istio.io/service-typeannotation toClusterIP