I'm planning a migration from Nginx to Gateway API without having any downtime, and I need to maintain the same static IPs. My current architecture consists of three Azure tenants and six AKS clusters, utilizing tools like Helm, Argo, and GitOps, with about ten microservices that see increased traffic during peak periods like Black Friday. I have multiple Nginx annotations including CORS rules, and I'm using Cloudflare as a front door with tunnel pods that also manage SSL. Alongside that, I have Azure load balancers with static IPs that I've preconfigured. I'm considering moving to Gateway API but I'm torn between using Istio (without the service mesh) and sticking to HTTPRoute options. My primary concerns are whether it's possible to migrate smoothly without downtime, as over 300 servers rely on these static IPs, and how to manage the transition without losing connectivity. I'm thinking of installing Gateway API CRDs, preparing the manifests for HTTPRoute, and adding static IPs in Helm values. However, one static IP can't be linked to two load balancers, which might cause downtime. Any advice on managing this transition?
3 Answers
If you're using Cloudflare, you should be able to change IPs on your cluster without affecting your customers too much. I suggest setting up the Gateway API alongside the current ingress. Run both configurations while validating the new setup. Once everything checks out, switch the upstreams in Cloudflare to the new setup. If that’s not an option, try running them both simultaneously on new IPs and adjust your settings gradually. Regarding Istio, if you don't need a service mesh, I’d skip it. For Gateway API implementations, I really like Envoy Gateway.
Honestly, I think achieving this with zero downtime is going to be tricky. We had a similar experience and ended up running scripts to switch from Nginx to HAProxy. We warned our developers in advance about possible delays and session loss since it’s a major transition. It can get messy, especially when you have so many connections active.
When we migrated from Nginx to Traefik, we just switched the ingress controller over, which created a new load balancer in AWS and updated our Route53 records. The total downtime was only a couple of minutes—barely noticeable to users. If you’re concerned, you might want to set a maintenance window just to keep your customers informed. But honestly, if you do it right, most won't even notice!
I’m not sure why there was any downtime with your setup.
That sounds rough! With 300 external stores connected, any downtime could be a real headache.