This document tracks downstream implementations and integrations of Gateway API and provides status and resource references for them.
Implementors and integrators of Gateway API are encouraged to update this document with status information about their implementations, the versions they cover, and documentation to help users get started.
Gateway Controller Implementation Status ¶
- Acnodal EPIC
- Amazon Elastic Kubernetes Service (alpha)
- Apache APISIX (beta)
- Avi Kubernetes Operator (tech preview)
- Azure Application Gateway for Containers (preview)
- BIG-IP Kubernetes Gateway (beta)
- Cilium (beta)
- Contour (beta)
- Easegress (GA)
- Emissary-Ingress (Ambassador API Gateway) (alpha)
- Envoy Gateway (beta)
- Flomesh Service Mesh (beta)
- Gloo Gateway 2.0 (beta)
- Google Kubernetes Engine (GA)
- HAProxy Ingress (alpha)
- HAProxy Kubernetes Ingress Controller (GA)
- HashiCorp Consul
- Istio (beta)
- Kong (GA)
- Kuma (beta)
- LiteSpeed Ingress Controller
- NGINX Gateway Fabric (GA)
- STUNner (beta)
- Traefik (alpha)
- Tyk (work in progress)
- WSO2 APK (GA)
Service Mesh Implementation Status ¶
- Flagger (public preview)
- cert-manager (alpha)
- argo-rollouts (alpha)
- Knative (alpha)
- Kuadrant (work in progress)
In this section you will find specific links to blog posts, documentation and other Gateway API references for specific implementations.
EPIC is an Open Source External Gateway platform designed and built with Kubernetes. It consists of the Gateway Cluster, k8s Gateway controller, a stand alone Linux Gateway controller and the Gateway Service Manager. Together they create a platform for providing Gateway services to cluster users. Each gateway consists of multiple Envoy instances running on the gateway cluster not the workload clusters. The Gateway Service Manager is a simple user management and UI that can be used to implement Gateway-as-a-Service infrastructure for public and private clusters, and integrate non-k8s endpoints.
Amazon Elastic Kubernetes Service¶
Amazon Elastic Kubernetes Service (EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. EKS's implementation of the Gateway API is through AWS Gateway API Controller which provisions Amazon VPC Lattice Resources for gateway(s), HTTPRoute(s) in EKS clusters.
Apache APISIX is a dynamic, real-time, high-performance API Gateway. APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more.
APISIX currently supports Gateway API
v1beta1 version of the specification for its Apache APISIX Ingress Controller.
Avi Kubernetes Operator¶
Avi Kubernetes Operator (AKO) provides L4-L7 load-balancing using VMware NSX Advanced Load Balancer.
Starting with AKO version v1.11.1, Gateway API version v0.6.2 is supported. It implements v1beta1 version of Gateway API specification supporting GatewayClass, Gateway and HTTPRoute objects. AKO Gateway API is currently in Tech Preview.
Documentation to deploy and use AKO Gateway API can be found at Avi Kubernetes Operator Gateway API.
Azure Application Gateway for Containers¶
Application Gateway for Containers is a managed application (layer 7) load balancing solution, providing dynamic traffic management capabilities for workloads running in a Kubernetes cluster in Azure. Follow the quickstart guide to deploy the ALB controller and get started with Gateway API.
Application Gateway for Containers implements
v1beta1 specification of Gateway API.
BIG-IP Kubernetes Gateway¶
BIG-IP Kubernetes Gateway is an open-source project that provides an implementation of the Gateway API using F5 BIG-IP as the data plane. It provides enterprises with high-performance Gateway API implementation.
We are actively supporting various features of the Gateway API. For compatibility with the features of the Gateway API, please refer to here. For any questions about this project, welcome to create Issues or PR. Also, you are welcome to connect with us in the slack channel.
Cilium is an eBPF-based networking, observability and security solution for Kubernetes and other networking environments. It includes Cilium Service Mesh, a highly efficient mesh data plane that can be run in sidecarless mode to dramatically improve performance, and avoid the operational complexity of sidecars. Cilium also supports the sidecar proxy model, offering choice to users. As of Cilium 1.14, Cilium supports Gateway API, passing conformance for v0.7.1.
Cilium is open source and is a CNCF Graduates project.
If you have questions about Cilium Service Mesh the #service-mesh channel on Cilium Slack is a good place to start. For contributing to the development effort, check out the #development channel or join our weekly developer meeting.
Contour is a CNCF open source Envoy-based ingress controller for Kubernetes.
Contour v1.28.1 implements Gateway API v1.0.0. All Standard channel v1 API group resources (GatewayClass, Gateway, HTTPRoute, ReferenceGrant), plus most v1alpha2 API group resources (TLSRoute, TCPRoute, GRPCRoute, ReferenceGrant, and BackendTLSPolicy) are supported. Contour's implementation passes all core and most extended Gateway API conformance tests included in the v1.0.0 release.
See the Contour Gateway API Guide for information on how to deploy and use Contour's Gateway API implementation.
Some "extended" functionality is not implemented yet, contributions welcome!.
Easegress is a Cloud Native traffic orchestration system.
It can function as a sophisticated modern gateway, a robust distributed cluster, a flexible traffic orchestrator, or even an accessible service mesh.
Easegress currently supports Gateway API
v1beta1 version of the specification by GatewayController.
Emissary-Ingress (Ambassador API Gateway)¶
Emissary-Ingress (formerly known as Ambassador API Gateway) is an open source CNCF project that provides an ingress controller and API gateway for Kubernetes built on top of Envoy Proxy. See here for more details on using the Gateway API with Emissary.
Envoy Gateway is an Envoy subproject for managing Envoy-based application gateways. The supported APIs and fields of the Gateway API are outlined here. Use the quickstart to get Envoy Gateway running with Gateway API in a few simple steps.
Flomesh Service Mesh (FSM)¶
Flomesh Service Mesh is a community driven lightweight service mesh for Kubernetes East-West and North-South traffic management. Flomesh uses ebpf for layer4 and pipy proxy for layer7 traffic management. Flomesh comes bundled with a load balancer, cross-cluster service registration/discovery and it supports multi-cluster networking. It supports
Ingress (and as such is an "Ingress controller") and Gateway API.
Gloo Gateway by Solo.io is a feature-rich, Kubernetes-native ingress controller and next-generation API gateway. Gloo Gateway 2.0 brings the full power and community support of Gateway API to its existing control-plane implementation.
Google Kubernetes Engine¶
Google Kubernetes Engine (GKE) is a managed Kubernetes platform offered by Google Cloud. GKE's implementation of the Gateway API is through the GKE Gateway controller which provisions Google Cloud Load Balancers for Pods in GKE clusters.
The GKE Gateway controller supports weighted traffic splitting, mirroring, advanced routing, multi-cluster load balancing and more. See the docs to deploy private or public Gateways and also multi-cluster Gateways.
HAProxy Ingress is a community driven ingress controller implementation for HAProxy.
HAProxy Ingress v0.13 partially supports the Gateway API's v1alpha1 specification. See the controller's Gateway API documentation to get informed about conformance and roadmap.
HAProxy Kubernetes Ingress Controller¶
HAProxy Kubernetes Ingress Controller is an open-source project maintained by HAProxy Technologies that provides fast and efficient traffic management, routing, and observability for Kubernetes. It has built-in support for the Gateway API since version 1.10. The same deployment of the ingress controller will allow you to use both the Ingress API and Gateway API. See the documentation for more details. In the GitHub repository, you will also find additional information about supported API resources.
Consul service mesh works on any Kubernetes distribution, connects multiple clusters, and Consul CRDs provide a Kubernetes native workflow to manage traffic patterns and permissions in the mesh. Consul API Gateway supports Gateway API for managing North-South traffic.
Please see the Consul API Gateway documentation for current information on the supported version and features of the Gateway API.
A minimal install of Istio can be used to provide a fully compliant implementation of the Kubernetes Gateway API for cluster ingress traffic control. For service mesh users, Istio also fully supports the GAMMA initiative's experimental Gateway API support for east-west traffic management within the mesh.
Much of Istio's documentation, including all of the ingress tasks and several mesh-internal traffic management tasks, already includes parallel instructions for configuring traffic using either the Gateway API or the Istio configuration API. Check out the Gateway API task for more information about the Gateway API implementation in Istio.
Kong is an open source API Gateway built for hybrid and multi-cloud environments.
Kong also supports Gateway API in the Kong Gateway Operator.
Kuma is an open source service mesh.
Kuma implements the Gateway API specification for the Kuma built-in, Envoy-based Gateway with a beta stability guarantee. Check the Gateway API Documentation for information on how to setup a Kuma built-in gateway using the Gateway API.
Linkerd is the first CNCF graduated service mesh. It is the only major mesh not based on Envoy, instead relying on a purpose-built Rust micro-proxy to bring security, observability, and reliability to Kubernetes, without the complexity.
LiteSpeed Ingress Controller¶
The LiteSpeed Ingress Controller uses the LiteSpeed WebADC controller to operate as an Ingress Controller and Load Balancer to manage your traffic on your Kubernetes cluster. It implements the full core Gateway API including Gateway, GatewayClass, HTTPRoute and ReferenceGrant and the Gateway functions of cert-manager. Gateway is fully integrated into the LiteSpeed Ingress Controller.
- Product documentation.
- Gateway specific documentation.
- Full support is available on the LiteSpeed support web site.
NGINX Gateway Fabric¶
NGINX Gateway Fabric is an open-source project that provides an implementation of the Gateway API using NGINX as the data plane. The goal of this project is to implement the core Gateway API -- Gateway, GatewayClass, HTTPRoute, TCPRoute, TLSRoute, and UDPRoute -- to configure an HTTP or TCP/UDP load balancer, reverse-proxy, or API gateway for applications running on Kubernetes. NGINX Gateway Fabric is currently under development and supports a subset of the Gateway API.
If you have any suggestions or experience issues with NGINX Gateway Fabric, please create an issue or a discussion on GitHub. You can also ask for help in the #nginx-gateway-fabric channel on NGINX slack.
STUNner is an open source cloud-native WebRTC media gateway for Kubernetes. STUNner is purposed specifically to facilitate the seamless ingestion of WebRTC media streams into a Kubernetes cluster, with simplified NAT traversal and dynamic media routing. Meanwhile, STUNner provides improved security and monitoring for large-scale real-time communications services. The STUNner dataplane exposes a standards compliant TURN service to WebRTC clients, while the control plane supports a subset of the Gateway API.
STUNner currently supports version
v1alpha2 of the Gateway API specification. Check the install guide for information on how to deploy and use STUNner for WebRTC media ingestion. Please direct all questions, comments and bug-reports related to STUNner to the STUNner project.
Traefik is an open source cloud-native application proxy.
Traefik currently supports version
v0.4.x) of the Gateway API specification, check the Kubernetes Gateway Documentation for information on how to deploy and use Traefik's Gateway implementation.
Traefik is currently working on implementing UDP, and ReferenceGrant. Status updates and documentation will be provided here as the work progresses.
Tyk Gateway is a cloud-native, open source, API Gateway.
WSO2 APK is a purpose-built API management solution tailored for Kubernetes environments, delivering seamless integration, flexibility, and scalability to organizations in managing their APIs.
WSO2 APK implements the Gateway API, encompassing Gateway and HTTPRoute functionalities. Additionally, it provides support for rate limiting, authentication/authorization, and analytics/observability through the use of Custom Resources (CRs).
For up-to-date information on the supported version and features of the Gateway API, please refer to the APK Gateway documentation. If you have any questions or would like to contribute, feel free to create issues or pull requests. Join our Discord channel to connect with us and engage in discussions.
In this section you will find specific links to blog posts, documentation and other Gateway API references for specific integrations.
Flagger is a progressive delivery tool that automates the release process for applications running on Kubernetes.
Flagger can be used to automate canary deployments and A/B testing using Gateway API. It supports both the
v1beta1 spec of Gateway API. You can refer to this tutorial to use Flagger with any implementation of Gateway API.
cert-manager is a tool to automate certificate management in cloud native environments.
cert-manager can generate TLS certificates for Gateway resources. This is configured by adding annotations to a Gateway. It currently supports the
v1alpha2 spec of Gateway API. You can refer to the cert-manager docs to try it out.
Argo Rollouts is a progressive delivery controller for Kubernetes. It supports several advanced deployment methods such as blue/green and canaries. Argo Rollouts supports the Gateway API via a plugin.
Knative is a serverless platform built on Kubernetes. Knative Serving provides a simple API for running stateless containers with automatic management of URLs, traffic splitting between revisions, request-based autoscaling (including scale to zero), and automatic TLS provisioning. Knative Serving supports multiple HTTP routers through a plugin architecture, including a gateway API plugin which is currently in alpha as not all Knative features are supported.
Kuadrant is an open source multi cluster Gateway API controller that integrates with and provides policies to other Gateway API providers.
Kuadrant supports Gateway API for defining gateways centrally and attaching policies such as DNS, TLS, Auth and Rate Limiting that apply to all gateway instances in a multi cluster environment. Kuadrant works with Istio as the underlying gateway provider, with plans to work with other gateway providers such as Envoy Gateway.