Implementations¶
This document tracks downstream implementations and integrations of Gateway API and provides status and resource references for them.
Implementors and integrators of Gateway API are encouraged to update this document with status information about their implementations, the versions they cover, and documentation to help users get started.
Compare extended supported features across implementations
View a table to quickly compare supported features of projects. These outline Gateway controller implementations that have passed core conformance tests, and focus on extended conformance features that they have implemented.
Gateway Controller Implementation Status ¶
- Acnodal EPIC
- Airlock Microgateway
- Amazon Elastic Kubernetes Service (alpha)
- Apache APISIX (beta)
- Avi Kubernetes Operator (tech preview)
- Azure Application Gateway for Containers (GA)
- Cilium (beta)
- Contour (GA)
- Easegress (GA)
- Emissary-Ingress (Ambassador API Gateway) (alpha)
- Envoy Gateway (GA)
- Flomesh Service Mesh (beta)
- Gloo Gateway (GA)
- Google Kubernetes Engine (GA)
- HAProxy Ingress (alpha)
- HAProxy Kubernetes Ingress Controller (GA)
- HashiCorp Consul
- Istio (GA)
- Kong Ingress Controller (GA)
- Kong Gateway Operator (GA)
- Kuma (GA)
- LiteSpeed Ingress Controller
- LoxiLB (beta)
- NGINX Gateway Fabric (GA)
- ngrok (preview)
- STUNner (beta)
- Traefik Proxy (GA)
- Tyk (work in progress)
- WSO2 APK (GA)
Service Mesh Implementation Status ¶
Integrations ¶
- Flagger (public preview)
- cert-manager (alpha)
- argo-rollouts (alpha)
- Knative (alpha)
- Kuadrant (work in progress)
Implementations¶
In this section you will find specific links to blog posts, documentation and other Gateway API references for specific implementations.
Acnodal EPIC¶
EPIC is an Open Source External Gateway platform designed and built with Kubernetes. It consists of the Gateway Cluster, k8s Gateway controller, a stand alone Linux Gateway controller and the Gateway Service Manager. Together they create a platform for providing Gateway services to cluster users. Each gateway consists of multiple Envoy instances running on the gateway cluster not the workload clusters. The Gateway Service Manager is a simple user management and UI that can be used to implement Gateway-as-a-Service infrastructure for public and private clusters, and integrate non-k8s endpoints.
Airlock Microgateway¶
Airlock Microgateway is a Kubernetes native WAAP (Web Application and API Protection) solution to protect microservices. Modern application security is embedded in the development workflow and follows DevSecOps paradigms. Airlock Microgateway protects your applications and microservices with the tried-and-tested Airlock security features against attacks, while also providing a high degree of scalability.
With Airlock Microgateway 4.4, Airlock Microgateway introduces a sidecarless data plane mode based on Gateway API to avoid the operational complexity of sidecars.
Features¶
- Kubernetes native integration with sidecar injection and Gateway API support
- Reverse proxy functionality with request routing rules, TLS termination and remote IP extraction
- Using native Envoy HTTP filters like Lua scripting, RBAC, ext_authz, JWT authentication
- Content security filters for protecting against known attacks (OWASP Top 10)
- API security features like JSON parsing, OpenAPI specification enforcement or GraphQL schema validation
Documentation and links¶
- Product documentation
- Gateway specific documentation
- Check our Airlock community forum and support process for support.
Amazon Elastic Kubernetes Service¶
Amazon Elastic Kubernetes Service (EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. EKS's implementation of the Gateway API is through AWS Gateway API Controller which provisions Amazon VPC Lattice Resources for gateway(s), HTTPRoute(s) in EKS clusters.
APISIX¶
Apache APISIX is a dynamic, real-time, high-performance API Gateway. APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more.
APISIX currently supports Gateway API v1beta1
version of the specification for its Apache APISIX Ingress Controller.
Avi Kubernetes Operator¶
Avi Kubernetes Operator (AKO) provides L4-L7 load-balancing using VMware NSX Advanced Load Balancer.
Starting with AKO version v1.11.1, Gateway API version v0.6.2 is supported. It implements v1beta1 version of Gateway API specification supporting GatewayClass, Gateway and HTTPRoute objects. AKO Gateway API is currently in Tech Preview.
Documentation to deploy and use AKO Gateway API can be found at Avi Kubernetes Operator Gateway API.
Azure Application Gateway for Containers¶
Application Gateway for Containers is a managed application (layer 7) load balancing solution, providing dynamic traffic management capabilities for workloads running in a Kubernetes cluster in Azure. Follow the quickstart guide to deploy the ALB controller and get started with Gateway API.
Cilium¶
Cilium is an eBPF-based networking, observability and security solution for Kubernetes and other networking environments. It includes Cilium Service Mesh, a highly efficient mesh data plane that can be run in sidecarless mode to dramatically improve performance, and avoid the operational complexity of sidecars. Cilium also supports the sidecar proxy model, offering choice to users. As of Cilium 1.14, Cilium supports Gateway API, passing conformance for v0.7.1.
Cilium is open source and is a CNCF Graduates project.
If you have questions about Cilium Service Mesh the #service-mesh channel on Cilium Slack is a good place to start. For contributing to the development effort, check out the #development channel or join our weekly developer meeting.
Contour¶
Contour is a CNCF open source Envoy-based ingress controller for Kubernetes.
Contour v1.30.0 implements Gateway API v1.1.0. All Standard channel v1 API group resources (GatewayClass, Gateway, HTTPRoute, ReferenceGrant), plus most v1alpha2 API group resources (TLSRoute, TCPRoute, GRPCRoute, ReferenceGrant, and BackendTLSPolicy) are supported. Contour's implementation passes all core and most extended Gateway API conformance tests included in the v1.1.0 release.
See the Contour Gateway API Guide for information on how to deploy and use Contour's Gateway API implementation.
For help and support with Contour's implementation, create an issue or ask for help in the #contour channel on Kubernetes slack.
Easegress¶
Easegress is a Cloud Native traffic orchestration system.
It can function as a sophisticated modern gateway, a robust distributed cluster, a flexible traffic orchestrator, or even an accessible service mesh.
Easegress currently supports Gateway API v1beta1
version of the specification by GatewayController.
Emissary-Ingress (Ambassador API Gateway)¶
Emissary-Ingress (formerly known as Ambassador API Gateway) is an open source CNCF project that provides an ingress controller and API gateway for Kubernetes built on top of Envoy Proxy. See here for more details on using the Gateway API with Emissary.
Envoy Gateway¶
Envoy Gateway is an Envoy subproject for managing Envoy-based application gateways. The supported APIs and fields of the Gateway API are outlined here. Use the quickstart to get Envoy Gateway running with Gateway API in a few simple steps.
Flomesh Service Mesh (FSM)¶
Flomesh Service Mesh is a community driven lightweight service mesh for Kubernetes East-West and North-South traffic management. Flomesh uses ebpf for layer4 and pipy proxy for layer7 traffic management. Flomesh comes bundled with a load balancer, cross-cluster service registration/discovery and it supports multi-cluster networking. It supports Ingress
(and as such is an "Ingress controller") and Gateway API.
FSM support of Gateway API is built on top Flomesh Gateway API and it currently supports Kubernetes Gateway API version v0.7.1 with support for v0.8.0
currently in progress.
Gloo Gateway¶
Gloo Gateway by Solo.io is a feature-rich, Kubernetes-native ingress controller and next-generation API gateway. Gloo Gateway brings the full power and community support of Gateway API to its existing control-plane implementation.
The Gloo Gateway ingress controller passes all the core Gateway API conformance tests in the v1.1.0 release for the GATEWAY_HTTP conformance
profile except HTTPRouteServiceTypes
.
Google Kubernetes Engine¶
Google Kubernetes Engine (GKE) is a managed Kubernetes platform offered by Google Cloud. GKE's implementation of the Gateway API is through the GKE Gateway controller which provisions Google Cloud Load Balancers for Pods in GKE clusters.
The GKE Gateway controller supports weighted traffic splitting, mirroring, advanced routing, multi-cluster load balancing and more. See the docs to deploy private or public Gateways and also multi-cluster Gateways.
The GKE Gateway controller passes all the core Gateway API conformance tests in the
v1.1.0 release for the GATEWAY_HTTP conformance profile except HTTPRouteHostnameIntersection
.
HAProxy Ingress¶
HAProxy Ingress is a community driven ingress controller implementation for HAProxy.
HAProxy Ingress v0.13 partially supports the Gateway API's v1alpha1 specification. See the controller's Gateway API documentation to get informed about conformance and roadmap.
HAProxy Kubernetes Ingress Controller¶
HAProxy Kubernetes Ingress Controller is an open-source project maintained by HAProxy Technologies that provides fast and efficient traffic management, routing, and observability for Kubernetes. It has built-in support for the Gateway API since version 1.10. The same deployment of the ingress controller will allow you to use both the Ingress API and Gateway API. See the documentation for more details. In the GitHub repository, you will also find additional information about supported API resources.
HashiCorp Consul¶
Consul, by HashiCorp, is an open source control plane for multi-cloud networking. A single Consul deployment can span bare metal, VM and container environments.
Consul service mesh works on any Kubernetes distribution, connects multiple clusters, and Consul CRDs provide a Kubernetes native workflow to manage traffic patterns and permissions in the mesh. Consul API Gateway supports Gateway API for managing North-South traffic.
Please see the Consul API Gateway documentation for current information on the supported version and features of the Gateway API.
Istio¶
Istio is an open source service mesh and gateway implementation.
A minimal install of Istio can be used to provide a fully compliant implementation of the Kubernetes Gateway API for cluster ingress traffic control. For service mesh users, Istio also fully supports the GAMMA initiative's experimental Gateway API support for east-west traffic management within the mesh.
Much of Istio's documentation, including all of the ingress tasks and several mesh-internal traffic management tasks, already includes parallel instructions for configuring traffic using either the Gateway API or the Istio configuration API. Check out the Gateway API task for more information about the Gateway API implementation in Istio.
Kong Kubernetes Ingress Controller¶
Kong is an open source API Gateway built for hybrid and multi-cloud environments.
The Kong Kubernetes Ingress Controller (KIC) can be used to configure unmanaged Gateways. See the Gateway API Guide for usage information.. See the Gateway API Guide for usage information.
For help and support with Kong Kubernetes Ingress Controller please feel free to create an issue or a discussion. You can also ask for help in the #kong channel on Kubernetes slack.
Kong Gateway Operator¶
Kong is an open source API Gateway built for hybrid and multi-cloud environments.
The Kong Gateway operator (KGO) can be used to configure managed Gateways and orchestrate instances of Kong Kubernetes Ingress Controllers.
For help and support with Kong Gateway operator please feel free to create an issue or a discussion. You can also ask for help in the #kong channel on Kubernetes slack.
Kuma¶
Kuma is an open source service mesh.
Kuma implements the Gateway API specification for the Kuma built-in, Envoy-based Gateway with a beta stability guarantee. Check the Gateway API Documentation for information on how to setup a Kuma built-in gateway using the Gateway API.
Kuma 2.3 and later support the GAMMA initiative's experimental Gateway API support for east-west traffic management within the mesh.
Linkerd¶
Linkerd is the first CNCF graduated service mesh. It is the only major mesh not based on Envoy, instead relying on a purpose-built Rust micro-proxy to bring security, observability, and reliability to Kubernetes, without the complexity.
Linkerd 2.14 and later support the GAMMA initiative's experimental Gateway API support for east-west traffic management within the mesh.
LiteSpeed Ingress Controller¶
The LiteSpeed Ingress Controller uses the LiteSpeed WebADC controller to operate as an Ingress Controller and Load Balancer to manage your traffic on your Kubernetes cluster. It implements the full core Gateway API including Gateway, GatewayClass, HTTPRoute and ReferenceGrant and the Gateway functions of cert-manager. Gateway is fully integrated into the LiteSpeed Ingress Controller.
- Product documentation.
- Gateway specific documentation.
- Full support is available on the LiteSpeed support web site.
LoxiLB¶
kube-loxilb is LoxiLB's implementation of Gateway API and kubernetes service load-balancer spec which includes support for load-balancer class, advanced IPAM (shared or exclusive) etc. kube-loxilb manages Gateway API resources with LoxiLB as L4 service LB and loxilb-ingress for Ingress(L7) resources.
Follow the quickstart guide to get LoxiLB running with Gateway API in a few simple steps.
NGINX Gateway Fabric¶
NGINX Gateway Fabric is an open-source project that provides an implementation of the Gateway API using NGINX as the data plane. The goal of this project is to implement the core Gateway API to configure an HTTP or TCP/UDP load balancer, reverse-proxy, or API gateway for applications running on Kubernetes. You can find the comprehensive NGINX Gateway Fabric user documentation on the NGINX Documentation website.
For a list of supported Gateway API resources and features, see the Gateway API Compatibility doc.
If you have any suggestions or experience issues with NGINX Gateway Fabric, please create an issue or a discussion on GitHub. You can also ask for help in the #nginx-gateway-fabric channel on NGINX slack.
ngrok Kubernetes Operator¶
ngrok Kubernetes Operator provides an implementation of the Gateway API that uses ngrok's ingress-as-a-service. This project uses the Gateway API to support routing traffic from ngrok's global network to applications running on Kubernetes clusters. This easily adds the benefits of ngrok, like security, network policy, and a global presence with the simplicity of cloud service. The operator contains both a Gateway API implementation as well as a controller using Kubernetes Ingress. The Gateway API implementation is currently under development and supports only the Gateway, GatewayClass and HTTPRoute. As the TLSRoute and TCPRoute move from experimental to stable, they will also be implemented.
You can read our docs for more information. If you have any feature requests or bug reports, please create an issue. You can also reach out for help on Slack
STUNner¶
STUNner is an open source cloud-native WebRTC media gateway for Kubernetes. STUNner is purposed specifically to facilitate the seamless ingestion of WebRTC media streams into a Kubernetes cluster, with simplified NAT traversal and dynamic media routing. Meanwhile, STUNner provides improved security and monitoring for large-scale real-time communications services. The STUNner dataplane exposes a standards compliant TURN service to WebRTC clients, while the control plane supports a subset of the Gateway API.
STUNner currently supports version v1alpha2
of the Gateway API specification. Check the install guide for information on how to deploy and use STUNner for WebRTC media ingestion. Please direct all questions, comments and bug-reports related to STUNner to the STUNner project.
Traefik Proxy¶
Traefik Proxy is an open source cloud-native application proxy.
Traefik Proxy currently supports version v1.2.1
of the Gateway API specification, check the Kubernetes Gateway Provider Documentation for more information on how to deploy and use it.
Traefik Proxy's implementation passes all HTTP core and some extended conformance tests, like GRPCRoute, but also supports TCPRoute and TLSRoute features from the Experimental channel.
For help and support with Traefik Proxy, create an issue or ask for help in the Traefik Labs Community Forum.
Tyk¶
Tyk Gateway is a cloud-native, open source, API Gateway.
The Tyk.io team is working towards an implementation of the Gateway API. You can track progress of this project here.
WSO2 APK¶
WSO2 APK is a purpose-built API management solution tailored for Kubernetes environments, delivering seamless integration, flexibility, and scalability to organizations in managing their APIs.
WSO2 APK implements the Gateway API, encompassing Gateway and HTTPRoute functionalities. Additionally, it provides support for rate limiting, authentication/authorization, and analytics/observability through the use of Custom Resources (CRs).
For up-to-date information on the supported version and features of the Gateway API, please refer to the APK Gateway documentation. If you have any questions or would like to contribute, feel free to create issues or pull requests. Join our Discord channel to connect with us and engage in discussions.
Integrations¶
In this section you will find specific links to blog posts, documentation and other Gateway API references for specific integrations.
Flagger¶
Flagger is a progressive delivery tool that automates the release process for applications running on Kubernetes.
Flagger can be used to automate canary deployments and A/B testing using Gateway API. It supports both the v1alpha2
and v1beta1
spec of Gateway API. You can refer to this tutorial to use Flagger with any implementation of Gateway API.
cert-manager¶
cert-manager is a tool to automate certificate management in cloud native environments.
cert-manager can generate TLS certificates for Gateway resources. This is configured by adding annotations to a Gateway. It currently supports the v1alpha2
spec of Gateway API. You can refer to the cert-manager docs to try it out.
Argo rollouts¶
Argo Rollouts is a progressive delivery controller for Kubernetes. It supports several advanced deployment methods such as blue/green and canaries. Argo Rollouts supports the Gateway API via a plugin.
Knative¶
Knative is a serverless platform built on Kubernetes. Knative Serving provides a simple API for running stateless containers with automatic management of URLs, traffic splitting between revisions, request-based autoscaling (including scale to zero), and automatic TLS provisioning. Knative Serving supports multiple HTTP routers through a plugin architecture, including a gateway API plugin which is currently in alpha as not all Knative features are supported.
Kuadrant¶
Kuadrant is an open source multi cluster Gateway API controller that integrates with and provides policies to other Gateway API providers.
Kuadrant supports Gateway API for defining gateways centrally and attaching policies such as DNS, TLS, Auth and Rate Limiting that apply to all gateway instances in a multi cluster environment. Kuadrant works with Istio as the underlying gateway provider, with plans to work with other gateway providers such as Envoy Gateway.
For help and support with Kuadrant's implementation please feel free to create an issue or ask for help in the #kuadrant channel on Kubernetes slack.