Cephalon.Edge.KubernetesGateway
เนื้อหานี้ยังไม่ได้แปลเป็นภาษาไทย แสดงเป็นภาษาอังกฤษแทน
Maturity:
M3· Ownership: provider-managed · Family:edge· See audit, matrix.
Cephalon.Edge.KubernetesGateway is the first provider-specific control-plane materializer pack for Cephalon cell traffic automation. It proves that a real gateway/control-plane family can stay outside Cephalon.Engine while still publishing truthful materialization answers on the shared runtime surfaces. The pack now supports configured intent, opt-in live observation, opt-in apply-and-reconcile, opt-in cleanup sweeps, and typed provider materialization conditions on that same shared runtime story.
What it owns
Section titled “What it owns”KubernetesGatewayTrafficMaterializerOptions,KubernetesGatewayTrafficRouteOptions, andKubernetesGatewayTrafficObservationOptionsfor declarative Kubernetes Gateway API projection plus opt-in live observation, apply-and-reconcile, or cleanup sweeps- the
AddKubernetesGatewayTrafficMaterializer(...)registration entry point for attaching the pack to anEngineBuilder - a provider-specific
ICellTrafficAutomationProviderMaterializerimplementation forproviderId = "kubernetes-gateway" - deterministic projection of cell routes into
GatewayClass,Gateway,HTTPRoute,parentRefs, andbackendRefsintent metadata - recurring live
GatewayplusHTTPRouteobservation inobserve-onlyorapply-and-reconcilemode, including freshness, drift, and cleanup metadata - controlled
HTTPRouteapply semantics inapply-and-reconcilemode, including ownership labels and annotations, write-result metadata, and post-apply status reconciliation - namespace-scoped cleanup sweeps in
apply-and-reconcilemode that can delete transferredHTTPRouteresources or prune orphaned Cephalon-owned routes while truthfully reporting aprimary-onlycleanup strategy instead of inventing a second lifecycle registry - the
kubernetes-gateway-traffic-materializationstechnology surface undercell-based-architecture - truthful operator metadata such as
providerRouteId,gatewayNamespace,gatewayName,controllerName,statusSource, projected-or-observed Gateway API conditions, shared ownership/dependency/drift posture, lifecycle action, freshness windows, HTTPRoute write results, typed providerMaterializationConditions, and additive cleanup-sweep summaries such ascleanupState,cleanupObservedAtUtc,cleanup.cleanupStrategy,cleanup.primaryCandidateCount,cleanup.dependencyCandidateCount,cleanup.lifecycleActions,providerMaterialization.conditionCount, andproviderMaterialization.highestConditionSeverity
Main surfaces
Section titled “Main surfaces”Configuration/KubernetesGatewayTrafficMaterializerOptions.csConfiguration/KubernetesGatewayTrafficObservationModes.csConfiguration/KubernetesGatewayTrafficObservationOptions.csConfiguration/KubernetesGatewayTrafficRouteOptions.csModules/KubernetesGatewayTrafficMaterializerModule.csRegistration/KubernetesGatewayEngineBuilderExtensions.csServices/KubernetesGatewayTrafficAutomationMaterializer.csServices/KubernetesGatewayTrafficObservationHostedService.csServices/KubernetesGatewayTrafficObservationSource.csServices/KubernetesGatewayTrafficProjectionBuilder.csServices/KubernetesGatewayTrafficMaterializationRuntimeContributor.cs
How it fits
Section titled “How it fits”This pack sits on top of the shared Phase 13 cell-traffic contract instead of replacing it.
Cephalon.Abstractions still owns ICellTrafficAutomationProviderMaterializer,
ICellTrafficAutomationMaterializationReportSink, CellTrafficAutomationRuntimeDescriptor, and the shared materialization result/state contracts.
Cephalon.Engine still owns route ownership, health-isolation validation, deterministic
materializer selection, startup reconciliation, live materialization merge-back, and the canonical /engine/cell-traffic-automations*
plus snapshot.CellTrafficAutomations truth. Cephalon.Edge.KubernetesGateway only answers one
provider-specific question: how should a provider-managed automation targeting
providerId = "kubernetes-gateway" project into, observe, or reconcile Kubernetes Gateway API
control-plane truth?
The pack now has three truthful operating modes:
- default
configured-intent, which reportsproviderAction = projected-intent,observationMode = configured-intent,statusSource = configured-intent,ownershipState = requested,dependencyState = unknown,driftState = unknown, andlifecycleAction = projectwhile publishing deterministicGatewayplusHTTPRouteintent without claiming live cluster state or a successful apply; the shared provider materialization state stayspending - opt-in
observe-only, which reportsproviderAction = observe-only,statusSource = gateway-api-status, and the same shared ownership/dependency/drift vocabulary while reading liveGatewayplusHTTPRoutestatus back into the same shared runtime catalog without claiming that Cephalon applied resources itself - opt-in
apply-and-reconcile, which reportsproviderAction = apply-and-reconcile, writes only ownedHTTPRouteresources, keepsGatewayas a pre-provisioned dependency, and then merges observedGatewayplusHTTPRoutestatus back into the same shared runtime catalog while preserving write posture throughhttpRouteWriteActionandlifecycleAction = create|replace|transfer - optional cleanup sweeps inside
apply-and-reconcile, which report additivecleanup*metadata after namespace-scoped delete or prune passes while leaving the primary provider lifecycle answer grounded in the selected route’s actual materialization state and truthfully publishingcleanupStrategy = primary-onlywith zero dependency-cleanup counts
What this proves is that one provider-specific pack can publish deterministic projected intent, selected materializer ownership, live provider status, drift, freshness answers, a typed condition taxonomy, and now a narrow owned-resource apply loop back onto the same shared cell runtime story without inventing a second traffic registry or pushing Kubernetes assumptions into the engine core.
When the pack owns an automation answer, operators can inspect the same route through:
/engine/cell-traffic-automations/engine/cell-traffic-automations/providers/kubernetes-gateway/engine/technology-surfaces/cell-based-architecture/engine/snapshot
The technology surface entry lives under surfaceId = "kubernetes-gateway-traffic-materializations"
and carries one provider-facing projection per selected route, including the projected
providerRouteId, parent reference, backend reference, hostname list, controller identity, and
Gateway resource identity. In live modes the same entries also surface condition, drift,
freshness, ownership, dependency, lifecycle-action, write metadata, and additive cleanup-sweep
metadata such as gatewayAcceptedCondition, httpRouteResolvedRefsCondition, driftState,
observationFreshUntilUtc, ownershipState, dependencyState, lifecycleAction,
httpRouteWriteAction, httpRouteAppliedGeneration, cleanupState, cleanup.cleanupStrategy,
cleanup.primaryCandidateCount, cleanup.dependencyCandidateCount, and
cleanup.lifecycleActions. The shared automation answer for the same route now also carries
typed provider conditions through CellTrafficAutomationRuntimeDescriptor.MaterializationConditions
plus additive summaries such as materialization.conditionCount,
materialization.highestConditionSeverity, providerMaterialization.conditionCategories, and
providerMaterialization.conditionBreakdown.
Registration
Section titled “Registration”engine.AddKubernetesGatewayTrafficMaterializer(options =>{ options.ControllerName = "cephalon.io/gateway-controller"; options.GatewayClassName = "cephalon-public"; options.GatewayNamespace = "edge-system"; options.GatewayName = "public-gateway"; options.ListenerName = "https"; options.RouteNamespace = "edge-system";
options.Routes.Add(new KubernetesGatewayTrafficRouteOptions { RouteId = "orders-to-public-ingress", HttpRouteName = "orders-public-ingress", BackendNamespace = "orders-runtime", BackendServiceName = "orders-api", BackendPort = 8443, BackendWeight = 100 });});Opt into live observation when the pack should read Gateway API status from a cluster instead of staying at projected intent:
engine.AddKubernetesGatewayTrafficMaterializer(options =>{ options.Observation.Mode = KubernetesGatewayTrafficObservationModes.ObserveOnly; options.Observation.UseInClusterConfiguration = true; options.Observation.PollingIntervalSeconds = 30; options.Observation.StaleAfterSeconds = 90;});Opt into apply-and-reconcile when the pack should manage owned HTTPRoute resources and then read
the resulting Gateway API status back into the shared runtime surfaces:
engine.AddKubernetesGatewayTrafficMaterializer(options =>{ options.Observation.Mode = KubernetesGatewayTrafficObservationModes.ApplyAndReconcile; options.Observation.UseInClusterConfiguration = true; options.Observation.PollingIntervalSeconds = 30; options.Observation.StaleAfterSeconds = 90;});Enable cleanup sweeps when the same apply-and-reconcile loop should also delete transferred routes or prune orphaned Cephalon-owned routes that no longer map to an active automation:
engine.AddKubernetesGatewayTrafficMaterializer(options =>{ options.Observation.Mode = KubernetesGatewayTrafficObservationModes.ApplyAndReconcile; options.Observation.UseInClusterConfiguration = true; options.Observation.EnableCleanupSweep = true; options.Observation.PollingIntervalSeconds = 30; options.Observation.StaleAfterSeconds = 90;});Use this pack alongside the shared cell baseline:
engine.UseConfiguration(configuration);engine.AddKubernetesGatewayTrafficMaterializer(...);{ "Engine": { "Cells": { "TrafficAutomation": { "Routes": [ { "RouteId": "orders-to-public-ingress", "AutomationMode": "automatic", "TriggerMode": "source-or-target-health", "ActionMode": "shed-load", "MaterializationMode": "provider-managed", "ProviderId": "kubernetes-gateway" } ] } } }}The route must still exist on the shared ICellRouteCatalog, and the engine still decides whether
this pack is the selected provider materializer for that route.
Ownership and apply model
Section titled “Ownership and apply model”apply-and-reconcile is intentionally narrow:
- the pack writes only
HTTPRouteresources Gatewayremains a pre-provisioned dependency and is never created or updated by Cephalon- the pack only replaces an existing
HTTPRoutewhen ownership matches the current automation or when stale or incomplete Cephalon ownership metadata marks the route as an orphaned transfer candidate - existing unmanaged resources and active foreign Cephalon owners fail with an explicit ownership-conflict posture instead of being hijacked silently
- owned routes carry
cephalon.io/managed-by = edge-kubernetes-gatewayplus route and automation annotations so later observation can verify ownership truthfully - merged live observation keeps the last write lifecycle action (
create,replace, ortransfer) visible on the same shared runtime surfaces instead of collapsing every successful reconciliation back toobserve - optional cleanup sweeps run only when
EnableCleanupSweepis true inapply-and-reconcilemode, scan the configured route namespaces, delete stale transferredHTTPRouteresources withlifecycleAction = delete, and prune orphaned Cephalon-owned routes withlifecycleAction = prune - cleanup sweep summaries stay additive through
providerMaterialization.cleanup*and the provider-specific technology surface so operators can inspect delete/prune posture without losing the selected route’s primary materialization answer; those summaries now publishcleanupStrategy = primary-onlyplus primary-resource counts while dependency counts stay0
This pack intentionally does not yet claim:
- multi-route low-code generation beyond the explicitly configured route projections
- control-plane ownership outside
provider-managedorprovider-and-edge-managedroutes - controller-driven policy or dependency semantics beyond the shipped typed readiness, ownership, dependency, lifecycle, and observation condition taxonomy
- broader dependency-aware teardown beyond the current primary-only owned
HTTPRoutesweep baseline;Gatewayand backend dependencies remain observe-only
Those remain later follow-through so the current provider claim stays honest.