v2.0.0

🎉 Kgateway 2.0.0 – First CNCF Release 🎉

We're proud to announce kgateway v2.0.0, the first official release under the CNCF. Kgateway is a next-generation, open-source API gateway designed for secure, observable, and extensible Kubernetes-native environments.

Built on the Kubernetes Gateway API, kgateway lets you manage ingress and east-west traffic with scalable, policy-driven control—backed by CNCF governance and cloud-native best practices.

🚀 Release Highlights

• Kgateway custom resources to extend the Gateway API
• Advanced traffic management, including ExtProc and route delegation
• Enhanced security capabilities, including local rate limiting and BYO external authorization
• Open-sourced AI Gateway
• Refreshed KRT-based control plane
• Istio Ambient Waypoint integration

Coming from Gloo v1? Kgateway v2 has extensive API, CRD, and other changes.
We recommend following the kgateway quickstart to try it out.

📚 Read more about the 2.0 release details.

v2.0.0-rc.3

🎉 Welcome to the v2.0.0-rc.3 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.0-rc.3
• cr.kgateway.dev/kgateway-dev/sds:v2.0.0-rc.3
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.0-rc.3

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.0-rc.3 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.0-rc.3 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.0.0-rc.2

🎉 Welcome to the v2.0.0-rc.2 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.0-rc.2
• cr.kgateway.dev/kgateway-dev/sds:v2.0.0-rc.2
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.0-rc.2

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.0-rc.2 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.0-rc.2 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.0.0-rc.1

🎉 Welcome to the v2.0.0-rc.1 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.0-rc.1
• cr.kgateway.dev/kgateway-dev/sds:v2.0.0-rc.1
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.0-rc.1

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.0-rc.1 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.0-rc.1 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.0.0-beta3

🎉 Welcome to the v2.0.0-beta3 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.0-beta3
• cr.kgateway.dev/kgateway-dev/sds:v2.0.0-beta3
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.0-beta3

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.0-beta3 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.0-beta3 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.0.0-beta2

🎉 Welcome to the v2.0.0-beta2 release of the kgateway project!

Release Notes

The kgateway v2.0.0-beta2 release includes the following features. For more information and getting started, see the kgateway docs.

AI Gateway: AI Gateway provides a unified interface to access and consume AI service from multiple LLM providers or models.

Istio Waypoint: Initial support to use kgateway as a Waypoint for service mesh traffic when used with Istio in ambient mode.

BackendTLSPolicy: Initial support for the upstream Kubernetes Gateway API BackendTLSPolicy resource, which allows the gateway to originate a TLS connection to a specific backend service.

Standalone CRD Helm Chart: Now, you install the kgateway CRDs as a separate Helm chart from the kgateway controller Helm chart. This change follows better Helm UX standards.

---

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.0-beta2
• cr.kgateway.dev/kgateway-dev/sds:v2.0.0-beta2
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.0-beta2

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.0-beta2 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.0-beta2 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

v2.0.0-beta1

🎉 Welcome to the v2.0.0-beta1 release of the kgateway project!

Release Notes

The kgateway v2.0.0-beta1 release includes the following features. For more information and getting started, see the kgateway docs.

Refreshed kgateway CRDs: When you install kgateway, you get the following CRDs. To check the details, run kubectl describe crd.

• Backend: Backing destinations that are external to the cluster, such as static hostnames or AWS Lambda functions. For destinations within the cluster, continue using Kubernetes Services instead.
• DirectResponse: Configure the gateway proxy to return a direct response.
• GatewayParameters: Customize the behavior of the Gateway, such as to add labels or change the pod template.
• HTTPListenerPolicy: Apply policy to the Envoy HTTP Connection Manager of a gateway proxy, such as to enable access logging.
• ListenerPolicy: Apply policy to the listeners on a Gateway, such as to set connection buffering.
• RoutePolicy: Apply policy to HTTPRoutes, such as transformation.

Native support for Kubernetes Gateway API: kgateway implements the Kubernetes Gateway API to create and configure gateway proxies and routes.

Access logging: Capture traffic requests that pass through your gateway proxies to stdout.

AWS Lambda support: Route traffic to Backends that are served by AWS Lambda functions.

Transformations with RoutePolicy: Apply transformations to your HTTPRoutes, such as to inject response headers, update request paths or methods, extract query parameters, and more.

---

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.0-beta1
• cr.kgateway.dev/kgateway-dev/sds:v2.0.0-beta1
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.0-beta1

Quickstart

Try installing this release:

helm install --create-namespace --namespace kgateway-system kgateway \
  oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.0-beta1

For detailed installation instructions and next steps, please visit our quickstart guide.

v1.18.0-beta34

Dependency Bumps

• golang/go has been upgraded to v1.23.3.
• solo-io/envoy-gloo has been upgraded to 1.31.2-patch3.
• solo-io/k8s-utils has been upgraded to v0.8.1.

New Features

• Add glooctl proxy snapshot command, which can be pointed at a Gloo Gateway instance and will produce a zip archive containing all Envoy state, for the purposes of simplified issue reporting and triage. (https://github.com/solo-io/solo-projects/issues/7131)
• Add listenerTcpStats: true|false to the ListenerOptions API. If true will enable Envoy TCP stats collection for all listeners. This can be useful for L4 debugging. (https://github.com/solo-io/solo-projects/issues/7176)
• Added support for early header manipulation on Gateways. This feature allows headers to be manipulated before significant processing and routing decisions. It affords the ability to add or remove headers that affect request processing and can be used to implement override headers. This can be configured by setting the gateway.spec.httpGateway.options.httpConnectionManagerSettings.earlyHeaderMutation field. The headersToAdd field will add key-value pair headers to the request if not already present or overwrite them unless append is set to true. The headersToRemove field removes the specified headers and is processed after the headers have been added. (solo-io#9604)
• Support exportTo for Istio's DestinationRule. (https://github.com/solo-io/solo-projects/issues/7101)
• Enable modifying the span name for tracing purposes using InjaTemplates in the transformation filter. More information on OpenTelemetry span names can be found here: https://opentelemetry.io/docs/specs/semconv/http/http-spans/ (solo-io#9848)
• Split the validating webhook to allow different failure policies for gloo/non-gloo resources. The split out webhook for kubernetes resources shares all configuration with the existing webhook except for the failure policy, which can be set with gateway.validation.kubeCoreFailurePolicy (solo-io#10247)

Fixes

• Fix issue where Gloo Gateway did not respect the cluster domain for the xds host address. (solo-io#10268)
• Adds basic support for Gateway API TCPRoute. (solo-io#10073)
• Makes the Gateway API TCPRoute controller optional. (solo-io#10304)
• Removes the endpoints resource from Helm RBAC manifest when kubeGateway is enabled. (solo-io#10323)
• Updates the gateway2 project to use EndpointSlice instead of Endpoints for creating upstream endpoints. (https://github.com/solo-io/solo-projects/issues/6910)

v1.17.16

Dependency Bumps

• solo-io/envoy-gloo has been upgraded to 1.30.6-patch5.
• solo-io/envoy-gloo has been upgraded to v1.30.6-patch3.

Helm Changes

• Expose new Helm values kubeGateway.gatewayParameters.glooGateway.service.extraLabels and kubeGateway.gatewayParameters.glooGateway.service.extraAnnotations to set extra labels and extra annotations on the default GatewayParameters. (https://github.com/solo-io/solo-projects/issues/7090)

Fixes

• Added support for early header manipulation on Gateways. This feature allows headers to be manipulated before significant processing and routing decisions. It affords the ability to add or remove headers that affect request processing and can be used to implement override headers. This can be configured by setting the gateway.spec.httpGateway.options.httpConnectionManagerSettings.earlyHeaderMutation field. The headersToAdd field will add key-value pair headers to the request if not already present or overwrite them unless append is set to true. The headersToRemove field removes the specified headers and is processed after the headers have been added. (solo-io#9604)
• Fix glooctl check so that it only checks Proxies in the write namespace (where all proxies are written), instead of checking in each of the watch namespaces. (solo-io#9935)
• When using the Kubernetes Gateway API, the provisioned ServiceAccount's labels and annotations are now configurable via the GatewayParameters fields spec.kube.serviceAccount.extraLabels and spec.kube.serviceAccount.extraAnnotations. These values can also be set on the default GatewayParameters during install/upgrade using the Helm values kubeGateway.gatewayParameters.glooGateway.serviceAccount.extraLabels and kubeGateway.gatewayParameters.glooGateway.serviceAccount.extraAnnotations. (https://github.com/solo-io/solo-projects/issues/6846)
• Enable modifying the span name for tracing purposes using InjaTemplates in the transformation filter. More information on OpenTelemetry span names can be found here: https://opentelemetry.io/docs/specs/semconv/http/http-spans/ (solo-io#9848)
• Add metrics for translatation timing and time for taken to sync served xDS entries.
  skipCI-kube-tests skipCI-docs-build (solo-io#10278)

v1.18.0-beta33

New Features

• Support port level settings for lb and outlier detection in Istio's DestinationRule. (https://github.com/solo-io/solo-projects/issues/7101)