Gateway For Mesh - Status, Gaps and goals for 2025

[LiorLieberman]

Opening this draft issue - feel free to suggest changes/add or remove items.

Intro

On 10th January, we met to discuss the current state of Gateway for Mesh (GAMMA) status and its roadmap for 2025. This issue summarizes the key points of discussion, highlights gaps and challenges, and suggests high-level goals and action items for further development and adoption of GAMMA.

Summary of Discussion

The initial work for GAMMA focused on enabling Gateway API to support East/West traffic. While the foundational work has been successful, further improvements and enhancements, particularly in authentication (Authn) and authorization (Authz), are critical for the roadmap.

Proposed Action items

Below are number of action items proposed in the meeting

• Investigate and define use cases for standardizing E/W-specific authentication and authorization. This will be in conjunction with some proposed work in Gather use cases for service accounts as selectors network-policy-api#274 and some of the definitions and work in Add initial draft of Auth GEP 1494 #3500 (although this primarily focuses on N/S right now)
  • Think about L4 and L7 AuthZ policies, and the UX/reliability implications with it. Similarly, document the current boundaries with network policies which is a source of confusion for many users
• Expand Gateway API conformance coverage for GAMMA use cases. This would likely include having separate Supported Features for N/S and E/W tests.
• Add GAMMA-specific section in to the GEP template to capture E/W considerations.
• Retry budgets was something identified as nice to have
• Document clear boundaries and interactions between N/S and E/W traffic.
• Think about the multi-cluster story and whether it fits in here

[LiorLieberman]

/kind documentation

[LiorLieberman]

/cc @howardjohn @kflynn @mikemorris @youngnick @robscott @mlavacca @shaneutt