🎉 Welcome to the v2.1.0-rc.1 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.1.0-rc.1
• cr.kgateway.dev/kgateway-dev/sds:v2.1.0-rc.1
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.1.0-rc.1

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.1.0-rc.1 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.1.0-rc.1 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

Changelog

Breaking Changes

• Updates the status API for TrafficPolicy and HTTPListenerPolicy to use Gateway API v1alpha2.PolicyStatus API. (#11141)
• Switching to Envoy's /stats/prometheus?usedonly endpoint to only get statistics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). (#11358)
• Use kgateway.dev/inherited-policy-priority: ShallowMergePreferParent instead of delegation.kgateway.dev/inherited-policy-priority: PreferParent and kgateway.dev/inherited-policy-priority: ShallowMergePreferChild instead of delegation.kgateway.dev/inherited-policy-priority: PreferChild, as annotations to define inherited policy priority for delegated routes. By default, child HTTPRoute policies take precedence over parent HTTPRoute policies for delegated routes. (#11675)
• remove insecureSkipVerify field from Backend and AI ssl validation (#11819)
• Adds disable field to extAuth, extProc, cors, buffer policies to allow disabling the policies per-route. Breaking change: extAuth.enablement has been removed in favor of extAuth.disable. (#11893)
• Inference: Replaces InferencePool v1alpha2 with v1 (#11965)
• Add generic gRPC request timeout to GatewayExtension gRPC services. Add failOpen support to all GatewayExtension external providers. Change ExtProc GatewayExtension provider to failOpen by default. (#12239)
• Rename agentGateway to agentgateway for consistency in helm values. Rename GatewayParameters agentGateway field to agentgateway. (#12293)
• As waypoint functionality is alpha, disable it by default. It can be enabled by setting the waypoint.enabled helm value to true (#12385)

New Features

• Enables kgateway to act as the control plane for agentgateway. (#11151)
• Enables policy attachment using labels using the targetSelectors API for kgateway policy APIs. (#11163)
• Introduce BYO global rate limiting so operators can expose an external rate-limit service through a GatewayExtension resource and reference that extension from a TrafficPolicy. This enables users to configure both local and cluster-wide quotas within the same API surface. (#11169)
• Add a setting to toggle the listener bind address to either ipv4 or ipv6 (#11196)
• Add support for dynamic forward proxy. (#11197)
• Introduce BackendConfigPolicy api to allow configuring envoy clusters. (#11214)
• Enables setting annotations on Deployment generated by kgateway Helm chart. (#11224)
• Adds InferencePool status management to Inference Extension endpointpicker (EPP) Plugin. (#11230)
• Enables multiple kgateway installs in separate namespaces, and implements discoveryNamespaceSelectors to control the namespaces that are considered for config discovery by a kgateway instance based on label selectors. (#11238)
• Respect DestinationRule TCP keepalive settings (#11246)
• CORS support has been added and can be configured in the TrafficPolicy or in HTTPRoute, depending on the desired policy. (#11252)
• Allows a Kubernetes gateway to have more than 64 listeners by implementing ListenerSets defined in https://gateway-api.sigs.k8s.io/geps/gep-1713. Listener Sets can define their own listeners and be mapped to a parent gateway via their parentRef. The Kubernetes gateway will have the merged list of all listeners from itself and attached ListenerSets. This experimental feature requires the xlistenersets.gateway.networking.x-k8s.io CRD to be present. (#11255)
• Invalid durations in our CRDs will now be rejected using CEL, before the CR is admitted. (#11266)
• Allow TrafficPolicy to targetRef using section name. (#11272)
• Add PathOverride and AuthHeaderOverride fields for custom LLM provider endpoints (#11282)
• add TargetSelectors field in BackendConfigPolicySpec to enable selection of resources with matchLabels. (#11289)
• Support for CSRF policy has been added to the TrafficPolicy. (#11302)
• backendconfigpolicy: add ssl config (#11308)
• Support sessionPersistence on HTTPRoute (#11320)
• Add control plane metrics support for observability of controller, collections, and translation operations. (#11342)
• Adds initial InferencePool e2e tests (#11344)
• added support for extended gateway parameters (#11346)
• Support Service appProtocols http2, grpc, and grpc-web. (#11352)
• backendconfigpolicy: add load balancer configuration (#11365)
• Enables configuring the payload transformation mode for AWS Lambda backends. (#11381)
• Allow configuring app protocol on Static Backends. (#11384)
• add health check config to backendconfigpolicy (#11393)
• For kubernetes services, set IgnoreHealthOnHostRemoval to true on the cluster. (#11395)
• Adds support for OpenTelemetry Tracing & Access Log Support. This can be configured via the HTTPListenerPolicy (#11396)
• add http2 protocol options to backendconfigpolicy (#11455)
• Add useRemoteAddress, xffNumTrustedHops, serverHeaderTransformation, and streamIdleTimeout to HTTPListenerPolicy #11231 (#11462)
• Users can now define custom environment variables for the envoy proxy container via the gateway parameters. It can be specified as a list via GatewayParameters.spec.kube.envoyContainer.env. (#11463)
• Added image, security context and resource configuration on GatewayParameters for agentgateway. (#11464)
• Enables sorting of HTTPRoutes using weights assigned with the kgateway.dev/route-weight annotation when KGW_WEIGHTED_ROUTE_PRECEDENCE=true. (#11470)
• Added CEL validation to enforce proper attachment semantics for policy APIs. This ensures that policies can only be attached to valid Gateway API resources. (#11499)
• Allow setting listener-level perConnectionBufferLimitBytes by setting the kgateway.dev/per-connection-buffer-limit annotation on the gateway. (#11505)
• Privileged ports used (< 1024) on a listener are no longer mapped to a higher port. If listeners are using privileged ports before upgrading, there may be down time when the port mapping is updated. (#11508)
• Add support for setting request buffer limit using TrafficPolicy (#11523)
• The TrafficPolicy plugin now respects the route replacement mode setting (KGW_ROUTE_REPLACEMENT_MODE). When in strict mode, the plugin performs additional validation to catch invalid configurations before they reach Envoy. Invalid policies th...

🎉 Welcome to the v2.0.4 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.4
• cr.kgateway.dev/kgateway-dev/sds:v2.0.4
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.4

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.4 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.4 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

🎉 Welcome to the v2.0.3 release of the kgateway project!

Changes

See #11406 for a list of changes included in this release.

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The Docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.3
• cr.kgateway.dev/kgateway-dev/sds:v2.0.3
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.3

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.3 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.3 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

🚀 Rolling main build of kgateway!

It includes the latest changes but may be unstable. Use it for testing and providing feedback.

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.1.0-main
• cr.kgateway.dev/kgateway-dev/sds:v2.1.0-main
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.1.0-main

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.1.0-main --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.1.0-main --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

🎉 Welcome to the v2.0.2 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.2
• cr.kgateway.dev/kgateway-dev/sds:v2.0.2
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.2

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.2 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.2 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

🎉 Welcome to the v2.0.1 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.1
• cr.kgateway.dev/kgateway-dev/sds:v2.0.1
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.1

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.1 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.1 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

🚀 Nightly build of kgateway!

It includes the latest changes but may be unstable. Use it for testing and providing feedback.

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.0-main
• cr.kgateway.dev/kgateway-dev/sds:v2.0.0-main
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.0-main

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.0-main --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.0-main --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

🎉 Kgateway 2.0.0 – First CNCF Release 🎉

We're proud to announce kgateway v2.0.0, the first official release under the CNCF. Kgateway is a next-generation, open-source API gateway designed for secure, observable, and extensible Kubernetes-native environments.

Built on the Kubernetes Gateway API, kgateway lets you manage ingress and east-west traffic with scalable, policy-driven control—backed by CNCF governance and cloud-native best practices.

🚀 Release Highlights

• Kgateway custom resources to extend the Gateway API
• Advanced traffic management, including ExtProc and route delegation
• Enhanced security capabilities, including local rate limiting and BYO external authorization
• Open-sourced AI Gateway
• Refreshed KRT-based control plane
• Istio Ambient Waypoint integration

Coming from Gloo v1? Kgateway v2 has extensive API, CRD, and other changes.
We recommend following the kgateway quickstart to try it out.

📚 Read more about the 2.0 release details.

🎉 Welcome to the v2.0.0-rc.3 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.0-rc.3
• cr.kgateway.dev/kgateway-dev/sds:v2.0.0-rc.3
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.0-rc.3

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.0-rc.3 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.0-rc.3 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

🎉 Welcome to the v2.0.0-rc.2 release of the kgateway project!

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

• cr.kgateway.dev/kgateway-dev/kgateway:v2.0.0-rc.2
• cr.kgateway.dev/kgateway-dev/sds:v2.0.0-rc.2
• cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.0.0-rc.2

Quickstart

Try installing this release:

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.0.0-rc.2 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.0.0-rc.2 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.