github kgateway-dev/kgateway v2.3.0-beta.3
on GitHub

pre-release5 hours ago

🎉 Welcome to the v2.3.0-beta.3 release of the kgateway project!

Changes since v2.3.0-beta.2

New Features

  • Add allow_mode_override and allowed_override_modes support in ExtProc GatewayExtensions (#13394)
  • support GRPCRoutes attaching to HTTPS listeners (#13493)
  • Support per listener mTLS client cert validation (#13518)
  • Support attaching TrafficPolicy to GRPCRoutes (#13519)
  • Add loadBalancerSourceRanges support to GatewayParameters.spec.kube.service for the dynamically provisioned gateway service (#13545)
  • Support TLS Termination for TLSRoute on TLS listener (#13548)
  • Allow setting Envoy's xff_trusted_cidrs and skip_xff_append via ListenerPolicy (#13551)
  • Allow configuring Envoy application log format, either as JSON or custom text (#13561)
  • Controller helm chart exposes topologySpreadConstraints (#13573)
  • Add default OTel resource attributes for listeners (#13585)
  • Add default k8s resource identifiers in OTel resource attributes (#13606)
  • Add app.kubernetes.io/component labels (controller and proxy) to kgateway deployments (#13619)
  • Add per-route tracing configuration to TrafficPolicy, allowing sampling rate overrides, custom attributes, and the ability to disable tracing for specific routes. (#13648)
  • ListenerSets pass GWAPI 1.5.1 conformance tests (#13691)

Bug Fixes

  • Stop forwarding non-matching preflight cors requests (#13474)
  • Fix Rustformations returning HTTP 400 on small JSON request bodies arriving in a single chunk. (#13480)
  • Introduce kgateway-base manifests and migrate tests to base gateway for faster tests
    (chore): use native go instead of curl pod to create http reqs for ExtAuth, BackendTLS, Backends, Accesslogs, BasicRouting, DFP, HTTPRoute
    (#13515)
  • Fixed no endpoints for services/namespaces without an ingress-use-waypoint label when at least one other has it (#13531)
  • Fix cross-namespace extensionRef in TrafficPolicy.spec.jwtAuth resulting in broken requirement_name in Envoy filter config (#13540)
  • fix: Deployer deploys RBAC changes etc. first since later changes depend on them (#13552)
  • Fix crash when a Waypoint has an AuthorizationPolicy with action CUSTOM (#13607)
  • Skip Istio resource watching when KGW_ENABLE_ISTIO_INTEGRATION is disabled (#13611)
  • expose http-monitoring port on gateway service (#13614)
  • fix nil panic in TrafficPolicy when attaching to redirect rules in HTTPRoute (#13625)
  • Fixed DirectResponse policy status reporting to ensure attached policies surface Accepted and Attached conditions without misleading handler registration errors. (#13647)
  • Fix stale routing when no endpoints are available by emitting an explicit empty ClusterLoadAssignment so Envoy returns 503 instead of routing to a stale pod IP. (#13670)
  • Fixed promoted TLSRoute handling for Gateway API v1.5.1, including status reporting, hostname intersection, and several conformance cases. (#13694)
  • Improve Gateway API TLSRoute conformance for TLS passthrough listeners by rejecting unsupported TCPRoute kinds and reporting TLSRoute in listener supportedKinds. (#13696)

Documentation

  • GracefulShutdownSpec API doc correction (#13577)

Cleanup

  • Removes deprecated Gateway API Inference Extension support, which had already moved to agentgateway (#13514)
  • remove classic transformation support (#13651)
  • upgrade to envoy v1.37.1 and removed envoy-gloo (#13660)

Dependency Updates

  • Upgrade to latest Go 1.26 (#13517)
  • Bumps to go version 1.26.1 (#13639)
  • Bumped Gateway API to v1.5.1. As part of the upstream schema update, non-spec CORS allowOrigins patterns such as https://a.b* are no longer accepted. Use spec-compliant wildcard origins such as https://*.a.b instead. (#13671)

Installation

The kgateway project is available as a Helm chart and docker images.

Helm Charts

The Helm charts are available at:

  • cr.kgateway.dev/kgateway-dev/charts/kgateway.

Docker Images

The docker images are available at:

  • cr.kgateway.dev/kgateway-dev/kgateway:v2.3.0-beta.3
  • cr.kgateway.dev/kgateway-dev/sds:v2.3.0-beta.3
  • cr.kgateway.dev/kgateway-dev/envoy-wrapper:v2.3.0-beta.3

Quickstart

Try installing this release: 

helm install kgateway-crds oci://cr.kgateway.dev/kgateway-dev/charts/kgateway-crds --version v2.3.0-beta.3 --namespace kgateway-system --create-namespace
helm install kgateway oci://cr.kgateway.dev/kgateway-dev/charts/kgateway --version v2.3.0-beta.3 --namespace kgateway-system --create-namespace

For detailed installation instructions and next steps, please visit our quickstart guide.

Contributors

Thanks to all the contributors who made this release possible:

Check out latest releases or
releases around kgateway-dev/kgateway v2.3.0-beta.3

Don't miss a new kgateway release

NewReleases is sending notifications on new releases.

Get notifications