This page lists the capabilities of the GatewayClass resources available on Google Kubernetes Engine (GKE) and their supported specifications.
Table legend
For the various tables in this document, the legend for the tables is as follows:
- indicates that the field is supported.
-indicates that the field is not supported.- If GKE supports some values in the field, the table describes what values are supported.
GatewayClass capabilities
The following table lists the distinguishing features of the GatewayClass resources available on GKE:
| GatewayClass | gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|
| Architecture and components | ||||
| GKE Gateway Controller | Google-hosted Gateway controller | Google-hosted Gateway controller | Google-hosted Gateway controller | Google-hosted Gateway controller |
| Location | Google Cloud infrastructure | Google Cloud infrastructure | Google Cloud infrastructure | Google Cloud infrastructure |
| Platform | GKE | GKE | GKE | GKE |
| Cluster type | GKE Standard | GKE Standard | GKE Standard | GKE Standard |
| Cluster scope | Single cluster | Multi-cluster | Single cluster | Multi-cluster |
| GKE version | GKE 1.24+ | GKE 1.24+ | GKE 1.24+ | GKE 1.24+ |
| API type | CRD | CRD | CRD | CRD |
| API version | gateway.networking.k8s.io/v1beta1 |
gateway.networking.k8s.io/v1beta1 |
gateway.networking.k8s.io/v1beta1 |
gateway.networking.k8s.io/v1beta1 |
| API enablement | GKE Standard: CLI | GKE Standard: CLI | GKE Standard: CLI | GKE Standard: CLI |
| CRD version | 0.5.1 | 0.5.1 | 0.5.1 | 0.5.1 |
| Launch stage | GA | Preview | GA | Preview |
| Multi-Cluster Services | ||||
| Required | ||||
| API version | net.gke.io/v1 |
net.gke.io/v1 |
||
| Resource type | ServiceExport | ServiceExport | ||
| Load balancers | ||||
| Load balancer type | Internal HTTP(S) load balancer | Internal HTTP(S) load balancer | Global external HTTP(S) load balancer (classic) | Global external HTTP(S) load balancer (classic) |
| Load balancer scope | Regional | Regional | Global | Global |
| Container-native load balancing (NEGs) | (Default) | (Default) | (Default) | (Default) |
| VPC | ||||
| Shared VPC support | Load balancer and cluster in the host project | Load balancer and cluster in the host project | Load balancer and cluster in the host project | Load balancer and cluster in the host project |
| Shared Gateway/Ingress for multiple routes | ||||
| Automated VPC firewall lifecycle management | ||||
| Gateway IP Address | ||||
| Gateway IP address assignment | Static or dynamic | Static or dynamic | Static or dynamic | Static or dynamic |
| Gateway IP address reachability | VPC internal | VPC internal | Internet | Internet |
| Same IP address for multiple ports (HTTP, HTTPS) | ||||
| Routing & Traffic Management | ||||
| Cross-namespace routing | ||||
| Cross-project load balancing | ||||
| Host/Path routing | Prefix, Exact match | Prefix, Exact match | Prefix, Exact match | Prefix, Exact match |
| Header-based routing | Exact match | Exact match | Exact match | Exact match |
| Traffic splitting | ||||
| Traffic mirroring | ||||
| Traffic cut over | ||||
| Traffic-based autoscaling | Preview | Preview | ||
| User-defined request headers | ||||
| Frontend Security | ||||
| SSL policy | ||||
| HTTP-to-HTTPS redirect | ||||
| Multiple TLS certificates support | ||||
| Kubernetes Secrets-based certificates | ||||
| Self-managed SSL certificates | ||||
| Google-managed SSL certificates | ||||
| Certificate Manager support | ||||
| Backend service properties | ||||
| Connection draining timeout | ||||
| Session affinity | ||||
| HTTP access logging configuration | ||||
| Backend service timeout | ||||
| Custom load balancer health check configuration | ||||
| TLS to backend services | ||||
| Supported backend services protocols | HTTP, HTTPS, HTTP/2 | HTTP | HTTP, HTTPS, HTTP/2 | HTTP |
| Custom default backend | ||||
| Additional services | ||||
| Cloud CDN | ||||
| Identity-Aware Proxy (IAP) | ||||
| Google Cloud Armor security policy | ||||
Gateway
The following table lists the fields of the Gateway API specification that are supported by GKE:
| Gateway field | GatewayClass | |||
|---|---|---|---|---|
spec.addresses |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
type |
NamedAddress |
|||
value |
Static regional internal address | Static global external address | ||
spec.listeners |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
protocol |
HTTP, HTTPS | |||
port |
Either 80 or 8080, 443 | 80, 8080, 443 | ||
hostname |
||||
routes |
||||
spec.listeners.tls |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
mode |
Terminate |
|||
certificateRef |
||||
spec.listeners.tls.options |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
networking.gke.io/pre-shared-certs |
Regional, self-managed SSL certificate resource reference | Global SSL certificate resource reference (self- or Google-managed) | ||
HTTPRoute
The following table lists the values of the HTTPRoute API specification that are supported by GKE:
| HTTPRoute field | GatewayClass | |||
|---|---|---|---|---|
| gke-l7-rilb | gke-l7-rilb-mc | gke-l7-gxlb | gke-l7-gxlb-mc | |
gateways |
||||
spec.hostnames |
||||
spec.rules.matches |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
path.type |
Exact, Prefix |
|||
path.value |
||||
header.type |
Exact |
|||
header.value |
||||
spec.filters |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
type |
RequestMirror, requestHeaderModifier |
|||
requestMirror |
||||
requestHeaderModifier.add |
||||
requestHeaderModifier.remove |
||||
requestHeaderModifier.set |
||||
spec.rules.forwardTo |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
serviceName |
||||
backendRef.kind |
ServiceImport |
ServiceImport |
||
backendRef.group |
net.gke.io |
net.gke.io |
||
backendRef.name |
||||
port |
||||
weight |
||||
filters |
||||