github kgateway-dev/kgateway v2.2.0-beta.3
on GitHub

pre-releaseone day ago

🎉 Welcome to the v2.2.0-beta.3 release of the kgateway project!

⚠️ Important ⚠️

This release contains significant changes to the agentgateway component.
Please review the migration guide if you are using kgateway with agentgateway.

Quickstart

Try installing this release: 

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.2.0-beta.3 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.2.0-beta.3 --namespace kgateway-system --create-namespace

helm install agentgateway-crds oci://ghcr.io/kgateway-dev/charts/agentgateway-crds --version v2.2.0-beta.3 --namespace agentgateway-system --create-namespace
helm install agentgateway oci://ghcr.io/kgateway-dev/charts/agentgateway --version v2.2.0-beta.3 --namespace agentgateway-system --create-namespace

Release Notes

Changes between v2.2.0-beta.1 and v2.2.0-beta.3

Breaking Changes

  • Add option to allow missing JWT.
    [Internal break only] Changed the gateway extension API. Providers are now nested within JWT.
    (#12998)
  • Updated agentgateway resources to use new agentgateway.dev GVK. DirectResponse for agentgateway is now only configurable through the AgentgatewayPolicy instead of the separate DirectResponse CRD. (#13013)
  • agentgateway can no longer be configured with GatewayParameters, only with AgentgatewayParameters. (#13054)
  • Split helm UX into dedicated charts for Envoy based kgateway and agentgateway (#13062)
  • Renames controller kgateway.dev/agentgateway to agentgateway.dev/agentgateway, breaking legacy agentgateway installations. The bundled GatewayClass using the agentgateway data plane is renamed from agentgateway to agentgateway-v2. (#13088)

New Features

  • Add multi-network support to agentgateway syncer for cross-network workload discovery and routing in ambient mode. (#12858)
  • Allow configuring cipher suites, ecdh curves, minimum TLS version, maximum TLS version using tls options map. (#12917)
  • add support for remote JWKS (#12939)
  • Add global disable option for JWT policy (#12945)
  • Adds priorityClassName to the Pod struct used in GatewayParameters in order to set the corresponding priorityClassName field in the gateway-proxy pod. (#12949)
  • Add HTTP support for ExtAuth (#12952)
  • Add support for circuit breakers in BackendConfigPolicy. (#12957)
  • Add helm values for setting custom GatewayParameters for bundled gatewayclasses (#12960)
  • Add support for configuring an API key authentication in TrafficPolicy with keys defined in secret(s) (#12962)
  • Added support for MCP authentication for agentgateway. (#12966)
  • Add a ListenerPolicy CRD and ProxyProtocol config in it. (#12979)
  • Add basic auth configuration to TrafficPolicy. (#12983)
  • Add stats matcher config to GatewayPparameters (#12985)
  • Add support for gzip response compression and request decompression in TrafficPolicy. (#12986)
  • Add earlyRequestHeaderModifier to HTTPListenerPolicy. this allows performing header modifications before a route is selected. (#12992)
  • add regex path rewrite (#13001)
  • Added metrics and logs for envoy xDS errors. (#13003)
  • Add PerConnectionBufferLimit to ListenerPolicy
    Deprecate PerConnectionBufferLimit annotation on Gateway resources
    (#13016)
  • Added a new AgentgatewayParameters API in agentgateway.dev/v1alpha1 (#13018)
  • Adds OAuth2 policy to enable OAuth2 and OIDC flows with Envoy as the
    Gateway.
    (#13051)
  • Implement FrontendTLConfig in the Gateway API
    Implementation specific details:
    • Allow multiple caCertificateRefs
    • Allow caCertificateRefs to reference secrets as well as configmaps
    • Added the kgateway.dev/verify-certificate-hash to listener TLS options to allow configuration of validate client certificates.
      (#13064)
  • Added kgateway.dev/verify-subject-alt-names TLS option (#13097)
  • OAuth2: allow customizing cookie settings and denying redirects for
    matching requests.
    (#13099)

Bug Fixes

  • Clear stale TrafficPolicy and HTTPListenerPolicy status after the policy has all invalid TargetRefs (#12883)
  • Enforce ReferenceGrants for cross namespace Secrets references used by XListenerSets (#12954)
  • Fixed agentgateway global ratelimit translation for token unit. (#12959)
  • Fixed issue with stale configuration when changing a service traffic distribution. (#13005)
  • Use TARGETPLATFORM when building envoyinit container (#13048)

Deprecations

  • HTTPListenerPolicy is now deprecated. Use the httpSettings under ListenerPolicy instead. (#13066)

Cleanup

  • Removed enabled from agentgateway in GatewayParameters as it should only use controllerName to know if its agentgateway or envoy (#13017)

Dependency Updates

  • bump envoy-gloo to v1.36.3-patch1 (#13058)

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm chart is available at cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

  • cr.kgateway.dev/kgateway-dev/kgateway:v2.2.0-beta.3
  • cr.kgateway.dev/kgateway-dev/sds:v2.2.0-beta.3
  • cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.2.0-beta.3

For detailed installation instructions and next steps, please visit our quickstart guide.

Check out latest releases or
releases around kgateway-dev/kgateway v2.2.0-beta.3

Don't miss a new kgateway release

NewReleases is sending notifications on new releases.

Get notifications