Networking
Kupe Cloud uses the Kubernetes Gateway API for traffic routing — the successor to Ingress that provides a more expressive, role-oriented model for exposing services. DNS records and TLS certificates are managed automatically so you can focus on routing logic rather than infrastructure plumbing.
The stack
Section titled “The stack”| Component | Role | What you interact with |
|---|---|---|
| Gateway API | Standard Kubernetes API for traffic routing | Create HTTPRoute resources to expose services |
| Shared Gateway | Platform-managed ingress infrastructure | Reference it in your routes via parentRefs |
| ExternalDNS | Automatic DNS record management | Hostname annotations on your routes create DNS records |
| cert-manager | Automatic TLS certificate issuance and renewal | Certificates are provisioned when you bind a hostname |
How traffic flows
Section titled “How traffic flows”- You create an HTTPRoute that references the shared gateway and defines your hostname and routing rules.
- ExternalDNS watches your route and automatically creates DNS records pointing your hostname to the gateway.
- cert-manager provisions a TLS certificate for your hostname via Let’s Encrypt.
- Traffic arrives at the gateway, which matches the hostname and path rules in your HTTPRoute and forwards requests to your backend service.
Why Gateway API over Ingress
Section titled “Why Gateway API over Ingress”- Role separation: platform teams manage Gateways, application teams manage Routes.
- Richer routing: header-based matching, weighted backends, request redirects, and URL rewrites — all declarative.
- Cross-namespace references: routes in your namespace can attach to a shared gateway in another namespace.
- Standard API: Gateway API is the official Kubernetes standard, replacing the Ingress resource.
What you configure
Section titled “What you configure”- HTTP routing rules for host and path matching — see HTTPRoutes.
- Custom domains with your own hostnames — see Custom Domains.
- DNS automation for record lifecycle — see ExternalDNS.
- TLS certificates and HTTPS behavior — see TLS and Certificates.
Typical setup sequence
Section titled “Typical setup sequence”- Define an
HTTPRoutewith your desired hostname and backend service. - ExternalDNS creates the DNS record automatically.
- cert-manager issues a TLS certificate automatically.
- Traffic flows — no manual DNS or certificate steps required.