This page lists the capabilities of the GatewayClass resources available on Google Kubernetes Engine (GKE) and their supported specifications.
Table legend
For the various tables on this page, the legend for the tables is as follows:
- indicates that the field is supported.
-indicates that the field is not supported.- If GKE supports some values in the field, the table describes what values are supported.
GatewayClass capabilities
The following table lists the distinguishing features of the GatewayClass resources available on GKE.
Architecture
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
| GKE Gateway Controller | Google-hosted Gateway controller | |||||||
| Location | Google Cloud infrastructure | |||||||
| Platform | GKE | |||||||
| Cluster type | GKE Autopilot or GKE Standard | |||||||
| Cluster scope | Single cluster | Multi-cluster | Single cluster | Multi-cluster | Single cluster | Multi-cluster | Single cluster | Multi-cluster |
| GKE version | GKE Autopilot: 1.26 and later GKE Standard: 1.24 and later |
|||||||
| API type | CRD | |||||||
| CRD versions | New clusters and cluster upgrades: GKE 1.24 to 1.27.10, 1.28.4, 1.29.0: 0.7.0 GKE 1.27.10 and later, 1.28.4 and later, 1.29.0 to 1.29.2: 0.8.1 GKE 1.29.3 and later, 1.30.0 to 1.30.2: 1.0.0 GKE 1.30.3-gke.1225000 and later: 1.1.0 |
|||||||
| API versions | gateway.networking.k8s.io/v1beta1 (CRD versions: 0.7.0 and later, including 1.0.0)gateway.networking.k8s.io/v1 (CRD versions: 1.0.0 and later) |
|||||||
| API enablement | GKE Autopilot: enabled by default | |||||||
| Launch stage | GA | |||||||
Multi-cluster Services
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
| Required | ||||||||
| API version | net.gke.io/v1 |
net.gke.io/v1 |
net.gke.io/v1 |
net.gke.io/v1 |
||||
| Resource type | ServiceExport | ServiceExport | ServiceExport | ServiceExport |
Load balancer
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
| Type | Global external Application Load Balancer | Regional external Application Load Balancer | Internal Application Load Balancer | Classic Application Load Balancer | ||||
| Load balancer scope | Global | Regional | Regional | Global | ||||
| Container-native load balancing | (Default, using GCE_VM_IP_PORT zonal NEGs) |
|||||||
VPC
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
| Shared VPC support | All clusters and fleet host project in the same Shared VPC host or service project | |||||||
| Shared Gateway/Ingress for multiple routes | ||||||||
| Automated VPC firewall lifecycle management |
Note: You must deploy firewall rules manually for Gateways in a Shared VPC environment. For more information, see required firewall rules for Gateways. |
|||||||
Gateway IP address
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
| Gateway IP address assignment | Static or dynamic | |||||||
| Network Service tier IP address | Premium Tier | Standard Tier | Premium Tier | Premium Tier | ||||
| Gateway IP address reachability | Internet | Internet | VPC internal | Internet | ||||
| Same IP address for multiple ports (HTTP, HTTPS) | ||||||||
Routing and traffic management
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
| Global Access | Implicit for Global load balancers | Implicit for Global load balancers | Implicit for Global load balancers | |||||
| Cross-region backend load balancing | ||||||||
| Cross-project load balancing | Backend services and NEGs must be in the same project (Managed by the GKE Gateway controller) |
|||||||
| Cross-namespace routing | ||||||||
| Host/Path routing | Prefix, Exact match | |||||||
| Header-based routing | Exact match | |||||||
| Path redirects | ||||||||
| URL rewrites | ||||||||
| Traffic splitting | ||||||||
| Traffic mirroring | ||||||||
| Traffic cut over | ||||||||
| Traffic-based autoscaling | Preview | Preview | Preview | Preview | ||||
| Custom request headers | ||||||||
| Custom response headers | ||||||||
Frontend security
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
| SSL policy | ||||||||
| HTTP-to-HTTPS redirect | ||||||||
| Multiple TLS certificates support | ||||||||
| Kubernetes Secrets-based certificates | ||||||||
| Self-managed Compute Engine SSL certificates | ||||||||
| Google-managed Compute Engine SSL certificates | ||||||||
| Self-managed SSL certificates with Certificate Manager | ||||||||
| Google-managed SSL certificates with Certificate Manager | ||||||||
Backend service properties
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
| Connection draining timeout | ||||||||
| Session affinity | ||||||||
| HTTP access logging configuration | ||||||||
| Backend service timeout | ||||||||
| Custom load balancer health check configuration | ||||||||
| TLS to backend services | ||||||||
| Supported backend services protocols | HTTP, HTTPS, HTTP/2 | |||||||
| Custom default backend | ||||||||
Additional Google Cloud services
| Features | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
| Identity-Aware Proxy (IAP) | ||||||||
| Google Cloud Armor backend security policy | ||||||||
| Cloud CDN | ||||||||
Supported Gateway API Fields
The following tables list the fields of the Gateway API specification that are supported by GKE.
Gateway
spec.addresses
For more information, see
spec.addresses
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
type |
NamedAddress |
|||||||
value |
Static global external address | Static regional external address | Static regional internal address | Static global external address | ||||
spec.listeners
For more information, see
spec.listeners
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
protocol |
HTTP, HTTPS | |||||||
port |
80 or 8080 (HTTP), 443 (HTTPS) | |||||||
name |
||||||||
hostname |
||||||||
tls |
||||||||
allowedRoutes |
||||||||
spec.listeners.tls
For more information, see
spec.listeners.tls
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
mode |
Terminate |
|||||||
certificateRefs |
||||||||
spec.listeners.tls.options
For more information, see
spec.listeners.tls.options
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
networking.gke.io/pre-shared-certs |
Global SSL certificate resource reference (self- or Google-managed) | Regional, self-managed SSL certificate resource reference | Regional, self-managed SSL certificate resource reference | Global SSL certificate resource reference (self- or Google-managed) | ||||
HTTPRoute
The following tables list the values of the HTTPRoute API specification that are supported by GKE.
spec.parentRefs
For more information, see
spec.parentRefs
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
parentRefs.group |
||||||||
parentRefs.kind |
||||||||
parentRefs.namespace |
||||||||
parentRefs.name |
||||||||
parentRefs.sectionName |
||||||||
parentRefs.port |
||||||||
spec.hostnames
For more information, see
spec.hostnames
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
precise, wildcard |
||||||||
spec.rules
For more information, see
spec.rules
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
path.type |
Exact, PathPrefix |
|||||||
path.value |
||||||||
headers.type |
Exact |
|||||||
headers.name |
||||||||
headers.value |
||||||||
queryParams |
||||||||
method |
||||||||
spec.rules.backendRefs
For more information, see
spec.rules.backendRefs
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
backendRef.group |
(empty), gateway.networking.k8s.io, net.gke.io |
|||||||
backendRef.kind |
Service |
ServiceImport |
Service |
ServiceImport |
Service |
ServiceImport |
Service |
ServiceImport |
backendRef.name |
||||||||
backendRef.namespace |
||||||||
backendRef.port |
||||||||
backendRef.weight |
||||||||
backendRef.filters |
||||||||
spec.rules.filters
For more information, see
spec.rules.filters
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
type |
requestHeaderModifier, responseHeaderModifier, requestMirror, requestRedirect, urlRewrite |
|||||||
requestHeaderModifier.add |
||||||||
requestHeaderModifier.remove |
||||||||
requestHeaderModifier.set |
||||||||
responseHeaderModifier.add |
||||||||
responseHeaderModifier.remove |
||||||||
responseHeaderModifier.set |
||||||||
requestMirror.backendRef |
||||||||
requestRedirect.scheme |
HTTP, HTTPS |
|||||||
requestRedirect.hostname |
||||||||
requestRedirect.path |
replaceFullPath, replacePrefixMatch |
|||||||
requestRedirect.port |
||||||||
requestRedirect.statusCode |
||||||||
urlRewrite.hostname |
||||||||
urlRewrite.path |
replacePrefixMatch |
|||||||
ReferenceGrant
The following tables list the values of the ReferenceGrant API specification that are supported by GKE.
spec.from
For more information, see
spec.from
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
group |
(empty), gateway.networking.k8s.io, net.gke.io |
|||||||
kind |
Gateway, HTTPRoute |
|||||||
namespace |
||||||||
spec.to
For more information, see
spec.to
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|
group |
(empty), gateway.networking.k8s.io, net.gke.io |
|||||||
kind |
Secret, Service, ServiceImport |
|||||||
name |
||||||||