🎉 Welcome to the v2.2.5 release of the kgateway project!
Release Notes
Changes since v2.2.4
Bug Fixes
- Fixes strict validation on delegating routes (#14003)
- Fix strict BackendConfigPolicy validation when backend TLS uses well-known system CA certificates. (#14064)
- Fix xDS TLS env var name in Helm chart:
KGW_XDS_TLS_ENABLEDis renamed toKGW_XDS_TLSto match the runtime settings key. Users who setcontroller.xds.tls.enabled: truewill now have xDS TLS correctly enabled without requiring a manualextraEnvworkaround. (#14073) - Fix global rate limit descriptor translation: multiple descriptors now correctly produce separate Envoy RateLimit actions instead of being merged into a single combined action. (#14161)
Cleanup
- bump alpine base image used to build images (#14060)
Dependency Updates
- Bump Go module dependencies on v2.2.x to clear open OSV-Scanner findings (golang.org/x/net, golang.org/x/crypto, golang.org/x/sys, containerd, go-git, go-billy, slack-go, in-toto, modelcontextprotocol/registry, goreleaser, and the Go toolchain directive). (#14155)
- upgrade envoy to v1.36.7 (fixes CVE-2026-47774) (#14172)
Installation
The kgateway project is available as a Helm chart and docker images.
Helm Charts
The Helm charts are available at:
- cr.kgateway.dev/kgateway-dev/charts/kgateway.
Docker Images
The docker images are available at:
- cr.kgateway.dev/kgateway-dev/kgateway:v2.2.5
- cr.kgateway.dev/kgateway-dev/sds:v2.2.5
- cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.2.5
Quickstart
Try installing this release:
helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.2.5 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.2.5 --namespace kgateway-system --create-namespace
For detailed installation instructions and next steps, please visit our quickstart guide.