Skip to main content

Migration Execution Strategy

Published 2026-02-14Updated 2026-06-264 min read
info

This document is a deep-dive guide for the Gateway API Adoption Guide. It provides a practical migration strategy from NGINX Ingress to Gateway API.

1. Prerequisites: CRD Installationโ€‹

# Gateway API v1.4.0 standard install
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/standard-install.yaml

# Experimental features (optional)
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/experimental-install.yaml

Controller-specific installation: AWS LBC v3 (Helm with enableGatewayAPI=true), NGINX Gateway Fabric, Envoy Gateway, Cilium (already enabled with gatewayAPI.enabled=true).

2. 5-Phase Migration Processโ€‹

3. Phase-by-Phase Detailโ€‹

Phase 1: Preparation โ€” Inventory collection, feature mapping, risk assessment Phase 2: Build โ€” CRD installation, controller deployment, PoC in test environment Phase 3: Parallel Operation โ€” Production Gateway + HTTPRoute creation alongside existing NGINX Ingress Phase 4: Switchover โ€” DNS weighted routing: 10% โ†’ 50% โ†’ 100% Phase 5: Completion โ€” NGINX Ingress backup, resource removal, documentation

๐Ÿ”„ NGINX Ingress โ†’ Gateway API ๋งˆ์ด๊ทธ๋ ˆ์ด์…˜ ๋งคํ•‘
๊ธฐ์กด Ingress ๊ธฐ๋Šฅ์˜ Gateway API ๋Œ€์•ˆ
host: example.comโ†’HTTPRoute.spec.hostnames
์ง์ ‘ ๋งคํ•‘์ง์ ‘ ๋งคํ•‘
path: /apiโ†’HTTPRoute.spec.rules[].matches[].path
์ง์ ‘ ๋งคํ•‘์ง์ ‘ ๋งคํ•‘
pathType: Prefixโ†’path.type: PathPrefix
๋™์ผ๋™์ผ
annotations: rewrite-targetโ†’filters[].type: URLRewrite
ํ‘œ์ค€ํ™”๋จํ‘œ์ค€ํ™”๋จ
annotations: rate-limitโ†’Policy Attachment (๊ตฌํ˜„์ฒด๋ณ„ ์ƒ์ด)
์ง„ํ–‰ ์ค‘ํ‘œ์ค€ํ™” ์ง„ํ–‰ ์ค‘
annotations: cors-*โ†’Policy Attachment
์ง„ํ–‰ ์ค‘ํ‘œ์ค€ํ™” ์ง„ํ–‰ ์ค‘
annotations: auth-*โ†’Policy Attachment ๋˜๋Š” ์™ธ๋ถ€ ์ธ์ฆ
์™ธ๋ถ€OAuth2-Proxy ๋“ฑ ๊ถŒ์žฅ
annotations: ssl-redirectโ†’Gateway TLS ๋ฆฌ์Šค๋„ˆ ์ž๋™ ์ฒ˜๋ฆฌ
์ž๋™ํ™”๋จ์ž๋™ํ™”๋จ

4. Validation Scriptโ€‹

Validation script checks: HTTPRoute existence, Accepted/Programmed conditions, backend service endpoints, Gateway address, and HTTP request test.

5. Troubleshootingโ€‹

๐Ÿ”ง Gateway API ํŠธ๋Ÿฌ๋ธ”์ŠˆํŒ… ๊ฐ€์ด๋“œ
์ผ๋ฐ˜์ ์ธ ๋ฌธ์ œ์™€ ํ•ด๊ฒฐ ๋ฐฉ๋ฒ•
โŒ HTTPRoute Accepted=False
์›์ธ: Gateway๊ฐ€ HTTPRoute๋ฅผ ๊ฑฐ๋ถ€ํ•จ
ํ•ด๊ฒฐ: 1. ReferenceGrant ํ™•์ธ 2. GatewayClass ์˜ฌ๋ฐ”๋ฅธ์ง€ ํ™•์ธ 3. ๋„ค์ž„์ŠคํŽ˜์ด์Šค ์ •์ฑ… ํ™•์ธ
โŒ HTTPRoute Programmed=False
์›์ธ: ๋ฐ์ดํ„ฐํ”Œ๋ ˆ์ธ ๊ตฌ์„ฑ ์‹คํŒจ
ํ•ด๊ฒฐ: 1. ๋ฐฑ์—”๋“œ Service ์กด์žฌ ํ™•์ธ 2. ์ปจํŠธ๋กค๋Ÿฌ ๋กœ๊ทธ ํ™•์ธ 3. TLS Secret ์œ ํšจ์„ฑ ํ™•์ธ
โŒ 503 Service Unavailable
์›์ธ: ๋ฐฑ์—”๋“œ ์—”๋“œํฌ์ธํŠธ ์—†์Œ
ํ•ด๊ฒฐ: 1. Service์˜ Endpoints ํ™•์ธ 2. Pod selector ์ผ์น˜ ์—ฌ๋ถ€ ํ™•์ธ 3. Pod ์ƒํƒœ ํ™•์ธ (Ready)
โŒ TLS ์ธ์ฆ์„œ ์˜ค๋ฅ˜
์›์ธ: Secret์ด ์˜ฌ๋ฐ”๋ฅด์ง€ ์•Š์Œ
ํ•ด๊ฒฐ: 1. Secret ํƒ€์ž… kubernetes.io/tls ํ™•์ธ 2. tls.crt, tls.key ์กด์žฌ ํ™•์ธ 3. ์ธ์ฆ์„œ ์œ ํšจ๊ธฐ๊ฐ„ ํ™•์ธ
โŒ 404 Not Found
์›์ธ: ๊ฒฝ๋กœ ๋งค์นญ ์‹คํŒจ
ํ•ด๊ฒฐ: 1. PathPrefix vs Exact ํƒ€์ž… ํ™•์ธ 2. ๋Œ€์†Œ๋ฌธ์ž ๊ตฌ๋ถ„ ์—ฌ๋ถ€ ํ™•์ธ 3. URL ์ธ์ฝ”๋”ฉ ํ™•์ธ
โŒ Gateway ์ฃผ์†Œ ์—†์Œ
์›์ธ: LoadBalancer ์ƒ์„ฑ ์‹คํŒจ
ํ•ด๊ฒฐ: 1. ํด๋ผ์šฐ๋“œ ์ œ๊ณต์ž ์ฟผํ„ฐ ํ™•์ธ 2. ์„œ๋ธŒ๋„ท IP ๊ณ ๊ฐˆ ์—ฌ๋ถ€ ํ™•์ธ 3. ์–ด๋…ธํ…Œ์ด์…˜ ์˜คํƒ€ ํ™•์ธ

Controller-specific debugging commands provided for: AWS Load Balancer Controller, Cilium Gateway API, NGINX Gateway Fabric, and Envoy Gateway.