Need explanation about allowedRoutes: field in spec of gateway

yeoleajinkya1 · April 27, 2025, 7:01am

does allow route field defined services from which namespace can be attached to this gateway while creating http route.

suppose i created

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: nginx-gateway
  namespace: default
spec:
  gatewayClassName: nginx
  listeners:
  - name: http
    protocol: HTTP
    port: 80
    allowedRoutes:
      namespaces:
        from:  same


and created http route as 


apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: basic-route
  namespace: default
spec:
  parentRefs:
  - name: nginx-gateway
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /app
    backendRefs:
    - name: my-app
      port: 80



does service which i am pointing to eg=   backendRefs:  - name: my-app  port: 80
needs to be in same namespace as i have defined in my gateway that  allowedRoutes:
      namespaces:
        from:  same

Alistair_KodeKloud · April 27, 2025, 5:30pm

It defines from which namespaces HTTPRoute (and the other route types) resources can be attached to the listener.

Recall that gateway is designed so people with different job roles control different parts of the gateway…

Cluster operators being responsible for deploying Gateway resources can use this to restrict which groups of app devs (using their own namespaces) can use the gateway.

To get the full explanation you can run

kubectl explain gateway.spec.listeners.allowedRoutes

in the Gateway lab of the CKA course, after the step where you install the gateway artifacts.