v2.3.0-beta.6

🎉 Welcome to the v2.3.0-beta.6 release of the kgateway project!

## Release Notes

No release notes generated

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm charts are available at:

• cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.3.0-beta.6
• cr.kgateway.dev/kgateway-dev/sds:v2.3.0-beta.6
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.3.0-beta.6

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.3.0-beta.6 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.3.0-beta.6 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.3.0-beta.5

Release Notes

Changes since v2.3.0-beta.4

New Features

• Add Envoy network RBAC support to ListenerPolicy for IP-based access control at the network layer (#13528)
• Enable parsing and verification of OAuth2/OIDC access and ID tokens as JWT with dynamic metadata support (#13558)
• Expose Envoy's body_format for DirectResponse (#13678)
• Added upstreamProxyProtocol field to BackendConfigPolicy to support sending PROXY protocol headers to upstream backends (#13689)
• Deployments can be scaled to zero. (#13712)
• Add DNS refresh rate and jitter configuration to BackendConfigPolicy (#13722)
• Add fault injection support to TrafficPolicy for chaos engineering and resiliency testing. Supports delay injection, abort injection (HTTP/gRPC), response rate limiting, and per-route disable override. (#13730)
• rustformation: allow default buffering behavior to be bypassed; auto-detect websocket and other tunnel upgrade request to bypass buffering; (#13796)
• kubectl get DirectResponse shows ACCEPTED and ATTACHED columns. (#13834)
• Adds the ability to set request and response dynamic metadata via rustformations (#13835)

Bug Fixes

• Fixed BackendTLSPolicy not being attached when sectionName is specified in targetRefs. (#13780)
• Fix context leak in cliPortForwarder when StdoutPipe or StderrPipe fails (#13781)
• Fixed a TOCTOU race in OIDC provider config discovery that could cause redundant HTTP requests when the cache is refreshed under concurrent access. (#13797)
• Bump github.com/go-jose/go-jose/v4 to v4.1.4 to address GHSA-78h2-9frx-2jm8. (#13821)

Cleanup

• Replace usage of Envoy STRICT_DNS cluster type with DNSCluster (#13710)
• Helm: add controller-scoped overrides for controller deployment pod/scheduling/resource values, and deprecate the equivalent top-level chart values in favor of controller.*. (#13787)

Dependency Updates

• Bumps go to 1.26.2 (#13812)

Contributors

Thanks to all the contributors who made this release possible:

v2.2.3

🎉 Welcome to the v2.2.3 release of the kgateway project!

Release Notes

Changes since v2.2.2

Dependency Updates

• Bumps go to 1.25.9 (#13813)
• Dependencies bump for CVE's (#13837)

Contributors

Thanks to all the contributors who made this release possible:

d

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm charts are available at:

• cr.kgateway.dev/kgateway-dev/charts/kgateway.
• cr.agentgateway.dev/charts/agentgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.2.3
• cr.kgateway.dev/kgateway-dev/sds:v2.2.3
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.2.3
• cr.agentgateway.dev/agentgateway-controller:v2.2.3

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.2.3 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.2.3 --namespace kgateway-system --create-namespace
helm install agentgateway-crds oci://cr.agentgateway.dev/charts/agentgateway-crds --version v2.2.3 --namespace agentgateway-system --create-namespace
helm install agentgateway oci://cr.agentgateway.dev/charts/agentgateway --version v2.2.3 --namespace agentgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.1.3

Release Notes

Changes since v2.2.2

Dependency Updates

• Bumps go to 1.25.9 (#13813)
• Dependencies bump for CVE (#13837)

Contributors

Thanks to all the contributors who made this release possible:

v2.3.0-beta.4

🎉 Welcome to the v2.3.0-beta.4 release of the kgateway project!

Release Notes

Changes since v2.3.0-beta.3

Bug Fixes

• expose http-monitoring port on gateway service (#13614)
• Publish Gateway InsecureFrontendValidationMode status when frontend TLS validation is configured with AllowInsecureFallback. (#13698)
• Revert: exposing http-monitoring port on gateway service (#13704)

Contributors

Thanks to all the contributors who made this release possible:

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm charts are available at:

• cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.3.0-beta.4
• cr.kgateway.dev/kgateway-dev/sds:v2.3.0-beta.4
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.3.0-beta.4

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.3.0-beta.4 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.3.0-beta.4 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.3.0-beta.3

🎉 Welcome to the v2.3.0-beta.3 release of the kgateway project!

Changes since v2.3.0-beta.2

New Features

• Add allow_mode_override and allowed_override_modes support in ExtProc GatewayExtensions (#13394)
• support GRPCRoutes attaching to HTTPS listeners (#13493)
• Support per listener mTLS client cert validation (#13518)
• Support attaching TrafficPolicy to GRPCRoutes (#13519)
• Add loadBalancerSourceRanges support to GatewayParameters.spec.kube.service for the dynamically provisioned gateway service (#13545)
• Support TLS Termination for TLSRoute on TLS listener (#13548)
• Allow setting Envoy's xff_trusted_cidrs and skip_xff_append via ListenerPolicy (#13551)
• Allow configuring Envoy application log format, either as JSON or custom text (#13561)
• Controller helm chart exposes topologySpreadConstraints (#13573)
• Add default OTel resource attributes for listeners (#13585)
• Add default k8s resource identifiers in OTel resource attributes (#13606)
• Add app.kubernetes.io/component labels (controller and proxy) to kgateway deployments (#13619)
• Add per-route tracing configuration to TrafficPolicy, allowing sampling rate overrides, custom attributes, and the ability to disable tracing for specific routes. (#13648)
• ListenerSets pass GWAPI 1.5.1 conformance tests (#13691)

Bug Fixes

• Stop forwarding non-matching preflight cors requests (#13474)
• Fix Rustformations returning HTTP 400 on small JSON request bodies arriving in a single chunk. (#13480)
• Introduce kgateway-base manifests and migrate tests to base gateway for faster tests
  (chore): use native go instead of curl pod to create http reqs for ExtAuth, BackendTLS, Backends, Accesslogs, BasicRouting, DFP, HTTPRoute
  (#13515)
• Fixed no endpoints for services/namespaces without an ingress-use-waypoint label when at least one other has it (#13531)
• Fix cross-namespace extensionRef in TrafficPolicy.spec.jwtAuth resulting in broken requirement_name in Envoy filter config (#13540)
• fix: Deployer deploys RBAC changes etc. first since later changes depend on them (#13552)
• Fix crash when a Waypoint has an AuthorizationPolicy with action CUSTOM (#13607)
• Skip Istio resource watching when KGW_ENABLE_ISTIO_INTEGRATION is disabled (#13611)
• expose http-monitoring port on gateway service (#13614)
• fix nil panic in TrafficPolicy when attaching to redirect rules in HTTPRoute (#13625)
• Fixed DirectResponse policy status reporting to ensure attached policies surface Accepted and Attached conditions without misleading handler registration errors. (#13647)
• Fix stale routing when no endpoints are available by emitting an explicit empty ClusterLoadAssignment so Envoy returns 503 instead of routing to a stale pod IP. (#13670)
• Fixed promoted TLSRoute handling for Gateway API v1.5.1, including status reporting, hostname intersection, and several conformance cases. (#13694)
• Improve Gateway API TLSRoute conformance for TLS passthrough listeners by rejecting unsupported TCPRoute kinds and reporting TLSRoute in listener supportedKinds. (#13696)

Documentation

• GracefulShutdownSpec API doc correction (#13577)

Cleanup

• Removes deprecated Gateway API Inference Extension support, which had already moved to agentgateway (#13514)
• remove classic transformation support (#13651)
• upgrade to envoy v1.37.1 and removed envoy-gloo (#13660)

Dependency Updates

• Upgrade to latest Go 1.26 (#13517)
• Bumps to go version 1.26.1 (#13639)
• Bumped Gateway API to v1.5.1. As part of the upstream schema update, non-spec CORS allowOrigins patterns such as https://a.b* are no longer accepted. Use spec-compliant wildcard origins such as https://*.a.b instead. (#13671)

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm charts are available at:

• cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.3.0-beta.3
• cr.kgateway.dev/kgateway-dev/sds:v2.3.0-beta.3
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.3.0-beta.3

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.3.0-beta.3 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.3.0-beta.3 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

Contributors

Thanks to all the contributors who made this release possible:

v2.2.2

🎉 Welcome to the v2.2.2 release of the kgateway project!

Release Notes

Changes since v2.2.1

Bug Fixes

• add PreRouting phase support for authentication policies (#13544)
• Fixed no endpoints for services/namespaces without an ingress-use-waypoint label when at least one other has it. (#13550)
• fix nil panic in TrafficPolicy when attaching to redirect rules in HTTPRoute (#13625)
• fix nil panic in TrafficPolicy when attaching to redirect rules in HTTPRoute (#13627)

Dependency Updates

• Bumps to go 1.25.8 (#13650)
• bump envoy to v1.36.5 (#13646)

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm charts are available at:

• cr.kgateway.dev/kgateway-dev/charts/kgateway-crds
• cr.kgateway.dev/kgateway-dev/charts/kgateway

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.2.2
• cr.kgateway.dev/kgateway-dev/sds:v2.2.2
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.2.2

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.2.2 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.2.2 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

Contributors

Thanks to all the contributors who made this release possible:

v2.2.1

🎉 Welcome to the v2.2.1 release of the kgateway project!

What's Changed

• backports: from initial v2.2.x cut to commit 1459d34 by @danehans in #13505
• [v2.2.x] fix: AgentgatewayParameters merging bug by @chandler-solo in #13512
• Adds InferencePool Status Management by @danehans in #13501
• [v2.2.x] Update codeowners by @jenshu in #13532
• Fix body to header transformation (#13480) by @andy-fong in #13537
• tooling: fixes release validation job by @danehans in #13536
• [v2.2.x backport] fix: HPA/VPA/PDB support forgot about RBAC by @chandler-solo in #13533

Full Changelog: v2.2.0...v2.2.1

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm charts are available at:

• cr.kgateway.dev/kgateway-dev/charts/kgateway.
• cr.agentgateway.dev/charts/agentgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.2.1
• cr.kgateway.dev/kgateway-dev/sds:v2.2.1
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.2.1
• cr.agentgateway.dev/agentgateway-controller:v2.2.1

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.2.1 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.2.1 --namespace kgateway-system --create-namespace
helm install agentgateway-crds oci://cr.agentgateway.dev/charts/agentgateway-crds --version v2.2.1 --namespace agentgateway-system --create-namespace
helm install agentgateway oci://cr.agentgateway.dev/charts/agentgateway --version v2.2.1 --namespace agentgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.3.0-beta.2

🎉 Welcome to the v2.3.0-beta.2 release of the kgateway project!

Release Notes

Changes since v2.3.0-beta.1

Bug Fixes

• Relaxed CEL rules for BackendConfigPolicy to support Istio Hostname as a target (#13374)
• fix: RBAC is expanded to include VPA, HPA, and PDB because data planes can be configured to come along with these resources since #13266 (#13497)

Contributors

Thanks to all the contributors who made this release possible:

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm charts are available at:

• cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.3.0-beta.2
• cr.kgateway.dev/kgateway-dev/sds:v2.3.0-beta.2
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.3.0-beta.2

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.3.0-beta.2 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.3.0-beta.2 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.3.0-beta.1

🎉 Welcome to the v2.3.0-beta.1 release of the kgateway project!

Release Notes

Changes since v2.2.0-beta.6

Breaking Changes

• Agentgateway ExtAuth policies will now fail closed when the backendRef to the auth server is invalid (#13258)

New Features

• Add RequestID configuration to ListenerPolicy and HTTPListenerPolicy for controlling Envoy's UUID request ID behavior (#13240)
• Envoy data plane configuration via GatewayParameters now allows for strategic-merge-patch (overlays). This includes new envoy data plane support for PodDisruptionBudget, HorizontalPodAutoscaler, and VerticalPodAutoscaler. (#13266)
• Expose filterEnabled and filterEnforced configuration in TrafficPolicy LocalRateLimitPolicy. This allows users to control the percentage of requests for which the rate limit filter is enabled or enforced, useful for testing and gradual rollouts. ``` (#13272)
• Allow skipping controller Service creation via .controller.service.enabled: false.
  Allow full configurability for controller Services.
  (#13274)
• Both controllers' helm charts support HorizontalPodAutoscaler and VerticalPodAutoscaler (#13276)
• Added support for GRPCRoute attached policy. (#13293)
• Support GCP backends to route traffic to Google Cloud Platform services, such as Google Cloud Run (#13308)
• Support loadBalancerClass in envoy proxy service (#13328)
• Add support for priorityClassName to kgateway and agentgateway helm charts. (#13341)
• Add support for commonLabels in kgateway and agentgateway helm charts. (#13342)
• Default udp_max_queries to 100, and allow customizing it using GatewayParameters. (#13348)
• kgateway oauth2 policy: allow disabling set-cookie response
  header for token cookies.
  (#13383)

Bug Fixes

• Fixed the ancestor ref on AgentgatewayPolicy to resolve to Gateway. (#13281)
• For agentgateway controller, correctly merge and handle status from other controllers (#13316)
• (chore): use native go instead of curl pod to create http reqs by 1shubham7 (#13323)
• always add auto host rewrite to gcp route action (#13421)
• fix: AgentgatewayParameters did not merge resources or Istio configuration deeply when present on both GC and GW (#13468)

Deprecations

• Removed obsolete agentgateway configuration API from envoy-only GatewayParameters. (#13102)

Documentation

• Updates API docs regarding server-side apply (SSA) and AgentgatewayParameters (#13300)

Cleanup

• updated to use envoy 1.36.4; prep for multi-arch build (#13242)
• Enable krtequals linter checkUnexported option and fix all violations to ensure Equals() methods compare all relevant fields (#13275)
• Migrate inference pool plugin to use upstream EPP metadata constants from gateway-api-inference-extension package (#13280)
• [rustformation] create per config minijinja env (#13289)
• switch to rustformation by default (#13307)
• Helm charts are now published with both v-prefixed and non-prefixed version
  tags (e.g., v2.1.0 and 2.1.0) for compatibility with SemVer-strict GitOps
  tools.
  (#13372)

Contributors

Thanks to all the contributors who made this release possible:

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm charts are available at:

• cr.kgateway.dev/kgateway-dev/charts/kgateway.
• cr.agentgateway.dev/charts/agentgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.3.0-beta.1
• cr.kgateway.dev/kgateway-dev/sds:v2.3.0-beta.1
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.3.0-beta.1
• cr.agentgateway.dev/agentgateway-controller:v2.3.0-beta.1

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.3.0-beta.1 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.3.0-beta.1 --namespace kgateway-system --create-namespace
helm install agentgateway-crds oci://cr.agentgateway.dev/charts/agentgateway-crds --version v2.3.0-beta.1 --namespace agentgateway-system --create-namespace
helm install agentgateway oci://cr.agentgateway.dev/charts/agentgateway --version v2.3.0-beta.1 --namespace agentgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.