https://cervesato.it/tags/gateway-api/Recent content in Gateway-Api on Andrea CervesatoHugoenAndrea CervesatoThu, 23 Apr 2026 00:00:00 +0000https://cervesato.it/posts/gateway-api-listenerset-self-service-tls/Thu, 23 Apr 2026 00:00:00 +0000https://cervesato.it/posts/gateway-api-listenerset-self-service-tls/<p>When we moved from Ingress to Gateway API, I expected the usual migration pain: new resource kinds, different annotations, a few broken routes. What I didn&rsquo;t expect was losing something so basic that I hadn&rsquo;t even thought about it as a feature.</p> <p>With Ingress, a developer dropped a manifest in their namespace, added <code>cert-manager.io/cluster-issuer: letsencrypt</code>, and walked away. cert-manager saw it, issued a certificate, done. The developer never talked to the platform team.</p> <p>With Gateway API, that certificate lives on the Gateway object. Which lives in the platform namespace. Which is managed by the platform team. Want a cert for <code>paste.k8s.one</code>? Open a ticket. Wait for a merge. Hope nobody fat-fingers the shared Gateway config while they&rsquo;re at it.</p> <blockquote> <p><em>I&rsquo;ve been the platform team fielding those tickets. It&rsquo;s not fun for anyone.</em></p> </blockquote>