codefresh-io · NimRegev · Aug 18, 2022 · Aug 18, 2022 · Aug 18, 2022 · Aug 21, 2022
@@ -142,7 +142,20 @@ The customer environment that communicates with the Codefresh platform, generall
 
 #### Ingress Controller
 In hybrid runtime environments, the ingress controller implements the ingress traffic rules for the Codefresh Runtime. It is configured on the same Kubernetes cluster as the Codefresh Runtime.  
-See [Ingress controller]({{site.baseurl}}/docs/runtime/requirements/#ingress-controller).
+Alternatively, if implemented and supported, you can use the Gateway API instead of an ingress controller.
+
+See [Hybrid runtime requirements]({{site.baseurl}}/docs/runtime/requirements) and [Ingress controller flags]({{site.baseurl}}/docs/runtime/installation/#ingress-controller-flags).
+
+#### Gateway API
+In hybrid runtime environments, the Gateway API implements rules to route traffic to the Codefresh Runtime. It is configured on the same Kubernetes cluster as the Codefresh Runtime.  
+
+The Gateway API is an open source project managed by the SIG-NETWORK community, currently in beta. The Gateway API aims to "evolve Kubernetes service networking through expressive, extensible, and role-oriented interfaces that are implemented by many vendors and have broad industry support".  
+Codefresh is fully compatible with the current version of the Gatway API, and is vendor-agnostic, supporting different implementations and integrations. 
+See [Hybrid runtime requirements]({{site.baseurl}}/docs/runtime/requirements) and [Gateway API flags]({{site.baseurl}}/docs/runtime/installation/#gateway-api-flags).  
+
+
+For detailed information on the Gateway API, see [Kubernetes Gateway API](https://gateway-api.sigs.k8s.io/) and [Implementations](https://gateway-api.sigs.k8s.io/implementations/).
+
 
 {::nomarkdown}
 <br>

@@ -21,20 +21,13 @@ There are two parts to installing a hybrid runtime:
 
 See also [Codefresh architecture]({{site.baseurl}}/docs/getting-started/architecture).
 
-{::nomarkdown}
-</br>
-{:/}
-
 ### Hybrid runtime installation flags
 This section describes the required and optional flags to install a hybrid runtime.
 For documentation purposes, the flags are grouped into:
 * Runtime flags, relating to runtime, cluster, and namespace requirements
 * Ingress controller flags, relating to ingress controller requirements
 * Git repository flags, relating to Git provider requirements
 
-{::nomarkdown}
-</br>
-{:/}
 
 ####  Runtime flags
 
@@ -46,7 +39,7 @@ The runtime name must start with a lower-case character, and can include up to 6
 
 **Namespace resource labels**  
 Optional.  
-The label of the namespace resource to which you are installing the hybrid runtime. Labels are required to identify the networks that need access during installation, as is the case when using services meshes such as Istio for example.  
+The label of the namespace resource to which you are installing the hybrid runtime. Labels are required to identify the networks that need access during installation, as is the case when using services meshes such as Istio for example. For Gateway APIs, use the namespace label if defined to reference the runtine in the `allowedRoutes.namespaces`. 
 
 * CLI wizard and Silent install: Add the `--namespace-labels` flag, and define the labels in `key=value` format. Separate multiple labels with `commas`.
 
@@ -61,10 +54,6 @@ The cluster defined as the default for `kubectl`. If you have more than one Kube
 The Git repository per runtime account with shared configuration manifests.  
 * CLI wizard and Silent install: Add the `--shared-config-repo` flag and define the path to the shared repo.  
 
-{::nomarkdown}
-</br>
-{:/}
-
 #### Ingress controller flags
 
 **Skip ingress**  
@@ -73,7 +62,7 @@ For unsupported ingress controllers, bypass installing ingress resources with th
 In this case, after completing the installation, manually configure the cluster's routing service, and create and register Git integrations. See the last step in [Install the hybrid runtime](#install-the-hybrid-runtime).
 
 **Ingress class**  
-Required.  
+Required if you have more than one ingress class configured on your cluster.  
 
 * CLI wizard: Select the ingress class for runtime installation from the list displayed.
 * Silent install: Explicitly specify the ingress class through the `--ingress-class` flag. Otherwise, runtime installation fails.  
@@ -102,10 +91,29 @@ For both CLI wizard and Silent install:
 * For existing installations, commit changes to the installation repository by modifying the `app-proxy ingress` and `<runtime-name>.yaml`  
   See [(Optional) Internal ingress host configuration for existing hybrid runtimes](#optional-internal-ingress-host-configuration-for-existing-hybrid-runtimes).
 
+#### Gateway API flags
+
+
+**Gateway name**  
+Required.  
+The name of the gateway for runtime installation. 
+
+* Silent install: Specify the gateway name through the `--gateway-name` flag. 
+
+**Gateway namespace**  
+
+Required.  
+
+The namespace with the **Gateway name**.  
+
+* Silent install: Specify the namespace through the `--gateway-namespace` flag.
+
+**Ingress host**  
+Required.   
+The IP address or host name of the gateway.  
+
+* CLI wizard and Silent install: Specify the gateway host through the `--ingress-host` flag. 
 
-{::nomarkdown}
-</br>
-{:/}
 
 #### Git repository <!---and provider --->flags
 
@@ -122,7 +130,7 @@ The Git token authenticating access to the GitHub installation repository.
 
 
 <!---**Enable Git providers**  
-Optional; required for GitLab, Bitbucket Server, and GitHub Enterprise Git providers.  
+Optional for GitHub; required for GitLab, Bitbucket Server, and GitHub Enterprise Git providers.  
 Enable GitLab, Bitbucket Server, or GitHub Enterprise Server as the Git provider for the runtime and for the account. 
 >The Git provider defined for the first runtime in the account must be used for all the runtimes in the same account.  
 
@@ -154,10 +162,6 @@ The username for the Git account.
 
 * CLI wizard and Silent install: For Bitbucket Server, add the `--git-user` flag, and define the username. For example, `codefresh`  --->
 
-{::nomarkdown}
-</br>
-{:/}
-
 #### Codefresh resource flags
 **Codefresh demo resources**  
 Optional.  
@@ -168,22 +172,11 @@ Install demo pipelines to use as a starting point to create your own pipelines.
 **Insecure flag**  
 For _on-premises installations_, if the Ingress controller does not have a valid SSL certificate, to continue with the installation, add the `--insecure` flag to the installation command.  
 
-{::nomarkdown}
-</br>
-{:/}
-{::nomarkdown}
-</br>
-{:/}
-
 ### Install the Codefresh CLI
 
 Install the Codefresh CLI using the option that best suits you: `curl`, `brew`, or standard download.  
 If you are not sure which OS to select for `curl`, simply select one, and Codefresh automatically identifies and selects the right OS for CLI installation.
 
-{::nomarkdown}
-</br></br>
-{:/}
-
 ### Install the hybrid runtime
 
 **Before you begin**
@@ -199,10 +192,6 @@ If you are not sure which OS to select for `curl`, simply select one, and Codefr
   * [Traefik ingress configuration]({{site.baseurl}}/docs/runtime/requirements/#traefik-ingress-configuration)
 
 
-{::nomarkdown}
-</br>
-{:/}
-
 **How to** 
 
 1. Do one of the following:  
@@ -223,10 +212,6 @@ If you are not sure which OS to select for `curl`, simply select one, and Codefr
   `cf integration git register default --runtime <RUNTIME-NAME> --token <RUNTIME-AUTHENTICATION-TOKEN>`  
 
 
-{::nomarkdown}
-</br>
-{:/}
-
 ### Hybrid runtime components
 
 **Git repositories**
@@ -253,9 +238,6 @@ If you are not sure which OS to select for `curl`, simply select one, and Codefr
 
 Once the hybrid runtime is successfully installed, it is provisioned on the Kubernetes cluster, and displayed in the **Runtimes** page.
 
-{::nomarkdown}
-</br>
-{:/}
 
 ### (Optional) Internal ingress host configuration for existing hybrid runtimes
 

@@ -23,11 +23,14 @@ The requirements listed are the **_minimum_** requirements to provision **_hybri
 | --------------         | --------------           |  
 |Kubernetes cluster      | Server version 1.18 and higher, without Argo Project components. {::nomarkdown}<br><b>Tip</b>:  To check the server version, run:<br> <span style="font-family: var(--font-family-monospace); font-size: 87.5%; color: #ad6800; background-color: #fffbe6">kubectl version --short</span>.{:/}|
 | Ingress controller| Configured on Kubernetes cluster and exposed from the cluster. {::nomarkdown} <br>Supported and tested ingress controllers include: <ul><li>Ambassador</li>{:/}(see [Ambassador ingress configuration](#ambassador-ingress-configuration)){::nomarkdown}<li>AWS ALB (Application Load Balancer)</li>{:/} (see [AWS ALB ingress configuration](#aws-alb-ingress-configuration)){::nomarkdown}<li>Istio</li>{:/} (see [Istio ingress configuration](#istio-ingress-configuration)){::nomarkdown}<li>NGINX Enterprise (nginx.org/ingress-controller)</li>{:/} (see [NGINX Enterprise ingress configuration](#nginx-enterprise-ingress-configuration)){::nomarkdown}<li>NGINX Community (k8s.io/ingress-nginx)</li> {:/} (see [NGINX Community ingress configuration](#nginx-community-version-ingress-configuration)){::nomarkdown}<li>Trafik</li>{:/}(see [Traefik ingress configuration](#traefik-ingress-configuration))|
+|Gateway API| Namespace with the Codefresh runtime in `allowedRoutes.namespaces` |
 |Node requirements| {::nomarkdown}<ul><li>Memory: 5000 MB</li><li>CPU: 2</li></ul>{:/}|
 |Cluster permissions | Cluster admin permissions |
-|Git providers    |{::nomarkdown}<ul><li>GitHub</li><!--<li>GitLab</li><li>Bitbucket Server</li><li>Bitbucket Cloud</li><li>GitHub Enterprise</li>--></ul>{:/}|
+|Git providers    |{::nomarkdown}<!---One of the following:---><ul><li>GitHub</li><!--<li>GitLab</li><li>Bitbucket Server</li><li>Bitbucket Cloud</li><li>GitHub Enterprise</li>--></ul>{:/}|
 |Git access tokens    | {::nomarkdown}Runtime Git token:<ul><li>Valid expiration date</li><li>Scopes: <span style="font-family: var(--font-family-monospace); font-size: 87.5%; color: #ad6800; background-color: #fffbe6">repo</span> and <span style="font-family: var(--font-family-monospace); font-size: 87.5%; color: #ad6800; background-color: #fffbe6">admin-repo.hook</span></li></ul>Personal access Git token:<ul><li>Valid expiration date</li><li>Scopes: <span style="font-family: var(--font-family-monospace); font-size: 87.5%; color: #ad6800; background-color: #fffbe6">repo</span></li></ul></li></ul>{:/}|
 
+
+
 <!---### General ingress configuration
 This section lists the configuration required for _all_ supported ingress controllers, _before_ installing a hybrid runtime. 
 
@@ -60,7 +63,8 @@ This section lists the specific configuration requirements for Codefresh to be c
 
 #### Valid external IP address
 Run `kubectl get svc -A` to get a list of services and verify that the `EXTERNAL-IP` column for your ingress controller shows a valid hostname.  
-  {::nomarkdown}
+
+{::nomarkdown}
 </br>
 {:/}
 
@@ -78,12 +82,13 @@ Configure the ingress controller to handle TCP requests.
 {::nomarkdown}
 </br></br>
 {:/}
+
 
 ### AWS ALB ingress configuration
 
 For detailed configuration information, see the [ALB AWS ingress controller documentation](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4){:target="\_blank"}.  
 
-This table lists the specific configuration requirements for Codefresh.  
+The table below lists the specific configuration requirements for Codefresh.
 
 {: .table .table-bordered .table-hover}
 | What to configure    |   When to configure |   
@@ -173,6 +178,7 @@ If the installation failed, as can happen if the DNS record was not created with
 </br></br>
 {:/}
 
+
 ### Istio ingress configuration
 For detailed configuration information, see [Istio ingress controller documentation](https://istio.io/latest/docs/tasks/traffic-management/ingress/kubernetes-ingress){:target="\_blank}.  
 
@@ -244,6 +250,7 @@ spec:
           port:
             number: 3017
 ```
+
 {::nomarkdown}
 </br>
 {:/}
@@ -271,6 +278,7 @@ spec:
           port:
             number: 80
 ```
+
 {::nomarkdown}
 </br></br>
 {:/}
@@ -291,6 +299,23 @@ The table below lists the specific configuration requirements for Codefresh.
 |NGINX Ingress Operator: Enable report status to cluster| |
 |Patch certificate secret |_After_ installing hybrid runtime  
 
+
+#### Valid external IP address
+Run `kubectl get svc -A` to get a list of services and verify that the `EXTERNAL-IP` column for your ingress controller shows a valid hostname.  
+
+#### Valid TLS certificate  
+For secure runtime installation, the ingress controller must have a valid TLS certificate.  
+> Use the FQDN (Fully Qualified Domain Name) of the ingress controller for the TLS certificate.
+
+#### TCP support  
+Configure the ingress controller to handle TCP requests.   
+
+
+#### NGINX Ingress: Enable report status to cluster
+
+If the ingress controller is not configured to report its status to the cluster, Argo’s health check reports the health status as “progressing” resulting in a timeout error during installation.  
+
+
 {::nomarkdown}
 </br>
 {:/}
@@ -351,10 +376,12 @@ If the ingress controller is not configured to report its status to the cluster,
 1. Make sure you have a certificate secret in the same namespace as the runtime. Copy an existing secret if you don't have one.  
 You will need to add this to the `ingress-master` when you have completed runtime installation.
 
+
 {::nomarkdown}
 </br>
 {:/}
 
+
 #### Patch certificate secret
 >  The certificate secret must be configured _after_ installing the hybrid runtime.
 
@@ -371,15 +398,17 @@ The secret must be in the same namespace as the runtime.
      secretName: <secret_name>
    ```
 
+
 {::nomarkdown}
 </br></br>
 {:/}
 
+
 ### NGINX Community version ingress configuration
 
 Codefresh has been tested with and supports implementations of the major providers. For your convenience, we have provided configuration instructions, both for supported and untested providers in [Provider-specific configuration](#provider-specific-configuration).  
 
-
+  
 This section lists the specific configuration requirements for Codefresh to be completed  _before_ installing the hybrid runtime.  
 * Verify valid external IP address 
 * Valid TLS certificate 
@@ -396,14 +425,17 @@ Run `kubectl get svc -A` to get a list of services, and verify that the `EXTERNA
 </br>
 {:/}
 
+
 #### Valid TLS certificate  
 For secure runtime installation, the ingress controller must have a valid TLS certificate.  
 > Use the FQDN (Fully Qualified Domain Name) of the ingress controller for the TLS certificate.
 
+
 {::nomarkdown}
 </br>
 {:/}
 
+
 #### TCP support  
 Configure the ingress controller to handle TCP requests.   
 
@@ -414,10 +446,12 @@ Verify that the `ingress-nginx-controller` service manifest has either of the fo
 OR  
 `service.beta.kubernetes.io/aws-load-balancer-type: nlb` 
 
+
 {::nomarkdown}
 </br>
 {:/}
 
+
 #### Provider-specific configuration
 
 > The instructions are valid for `k8s.io/ingress-nginx`, the community version of NGINX.
@@ -621,10 +655,12 @@ For additional configuration options, see <a target="_blank" href="https://kuber
 
 </details> 
 
+
 {::nomarkdown}
 </br></br>
 {:/}
 
+
 ### Traefik ingress configuration
 For detailed configuration information, see [Traefik ingress controller documentation](https://doc.traefik.io/traefik/providers/kubernetes-ingress){:target="\_blank}.  
 
@@ -639,9 +675,7 @@ The table below lists the specific configuration requirements for Codefresh.
 |TCP support |  | 
 |Enable report status to cluster|  | 
 
-{::nomarkdown}
-</br>
-{:/}
+
 
 #### Valid external IP address
 Run `kubectl get svc -A` to get a list of services and verify that the `EXTERNAL-IP` column for your ingress controller shows a valid hostname.  
@@ -650,10 +684,13 @@ Run `kubectl get svc -A` to get a list of services and verify that the `EXTERNAL
 </br>
 {:/}
 
+
 #### Valid TLS certificate  
 For secure runtime installation, the ingress controller must have a valid TLS certificate.  
 > Use the FQDN (Fully Qualified Domain Name) of the ingress controller for the TLS certificate.
 
+
+
 {::nomarkdown}
 </br>
 {:/}
@@ -665,6 +702,7 @@ Configure the ingress controller to handle TCP requests.
 </br>
 {:/}
 
+
 #### Enable report status to cluster 
 By default, the Traefik ingress controller is not configured to report its status to the cluster.  If not configured,  Argo’s health check reports the health status as “progressing”, resulting in a timeout error during installation.