GatewayClass capabilities


This page lists the capabilities of the GatewayClass resources available on Google Kubernetes Engine (GKE) and their supported specifications.

Table legend

For the various tables on this page, the legend for the tables is as follows:

  • indicates that the field is supported.
  • - indicates that the field is not supported.
  • If GKE supports some values in the field, the table describes what values are supported.

GatewayClass capabilities

The following table lists the distinguishing features of the GatewayClass resources available on GKE.

Architecture

Feature gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
GKE Gateway Controller Google-hosted Gateway controller
Location Google Cloud infrastructure
Platform GKE
Cluster type GKE Autopilot or GKE Standard
Cluster scope Single cluster Multi-cluster Single cluster Multi-cluster Single cluster Multi-cluster Single cluster Multi-cluster
GKE version GKE Autopilot: 1.26 and later
GKE Standard: 1.24 and later
API type CRD
CRD versions New clusters and cluster upgrades:
GKE 1.24 to 1.27.10, 1.28.4, 1.29.0: 0.7.0
GKE 1.27.10 and later, 1.28.4 and later, 1.29.0 to 1.29.2: 0.8.1
GKE 1.29.3 and later, 1.30.0 to 1.30.2: 1.0.0
GKE 1.30.3-gke.1225000 and later: 1.1.0
API versions gateway.networking.k8s.io/v1beta1 (CRD versions: 0.7.0 and later, including 1.0.0)
gateway.networking.k8s.io/v1 (CRD versions: 1.0.0 and later)
API enablement GKE Autopilot: enabled by default
Launch stage GA

Multi-cluster Services

Feature gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
Required
API version net.gke.io/v1 net.gke.io/v1 net.gke.io/v1 net.gke.io/v1
Resource type ServiceExport ServiceExport ServiceExport ServiceExport

Load balancer

Feature gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
Type Global external Application Load Balancer Regional external Application Load Balancer Internal Application Load Balancer Classic Application Load Balancer
Load balancer scope Global Regional Regional Global
Container-native load balancing (Default, using GCE_VM_IP_PORT zonal NEGs)

VPC

Feature gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
Shared VPC support All clusters and fleet host project in the same Shared VPC host or service project
Shared Gateway/Ingress for multiple routes
Automated VPC firewall lifecycle management
Note: You must deploy firewall rules manually for Gateways in a Shared VPC environment.
For more information, see required firewall rules for Gateways.

Gateway IP address

Feature gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
Gateway IP address assignment Static or dynamic
Network Service tier IP address Premium Tier Standard Tier Premium Tier Premium Tier
Gateway IP address reachability Internet Internet VPC internal Internet
Same IP address for multiple ports (HTTP, HTTPS)

Routing and traffic management

Feature gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
Global Access Implicit for Global load balancers Implicit for Global load balancers Implicit for Global load balancers
Cross-region backend load balancing
Cross-project load balancing Backend services and NEGs must be in the same project
(Managed by the GKE Gateway controller)
Cross-namespace routing
Host/Path routing Prefix, Exact match
Header-based routing Exact match
Path redirects
URL rewrites
Traffic splitting
Traffic mirroring
Traffic cut over
Traffic-based autoscaling Preview Preview Preview Preview
Custom request headers
Custom response headers

Frontend security

Feature gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
SSL policy
HTTP-to-HTTPS redirect
Multiple TLS certificates support
Kubernetes Secrets-based certificates
Self-managed Compute Engine SSL certificates
Google-managed Compute Engine SSL certificates
Self-managed SSL certificates with Certificate Manager
Google-managed SSL certificates with Certificate Manager



Backend service properties

Feature gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
Connection draining timeout
Session affinity
HTTP access logging configuration
Backend service timeout
Custom load balancer health check configuration
TLS to backend services
Supported backend services protocols HTTP, HTTPS, HTTP/2
Custom default backend

Additional Google Cloud services

Features gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
Identity-Aware Proxy (IAP)
Google Cloud Armor backend security policy
Cloud CDN

Supported Gateway API Fields

The following tables list the fields of the Gateway API specification that are supported by GKE.

Gateway

spec.addresses

For more information, see spec.addresses in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
type NamedAddress
value Static global external address Static regional external address Static regional internal address Static global external address

spec.listeners

For more information, see spec.listeners in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
protocol HTTP, HTTPS
port 80 or 8080 (HTTP), 443 (HTTPS)
name
hostname
tls
allowedRoutes

spec.listeners.tls

For more information, see spec.listeners.tls in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
mode Terminate
certificateRefs

spec.listeners.tls.options

For more information, see spec.listeners.tls.options in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
networking.gke.io/pre-shared-certs Global SSL certificate resource reference (self- or Google-managed) Regional, self-managed SSL certificate resource reference Regional, self-managed SSL certificate resource reference Global SSL certificate resource reference (self- or Google-managed)

HTTPRoute

The following tables list the values of the HTTPRoute API specification that are supported by GKE.

spec.parentRefs

For more information, see spec.parentRefs in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
parentRefs.group
parentRefs.kind
parentRefs.namespace
parentRefs.name
parentRefs.sectionName
parentRefs.port

spec.hostnames

For more information, see spec.hostnames in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
precise, wildcard

spec.rules

For more information, see spec.rules in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
path.type Exact, PathPrefix
path.value
headers.type Exact
headers.name
headers.value
queryParams
method

spec.rules.backendRefs

For more information, see spec.rules.backendRefs in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
backendRef.group (empty), gateway.networking.k8s.io, net.gke.io
backendRef.kind Service ServiceImport Service ServiceImport Service ServiceImport Service ServiceImport
backendRef.name
backendRef.namespace
backendRef.port
backendRef.weight
backendRef.filters

spec.rules.filters

For more information, see spec.rules.filters in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
type requestHeaderModifier, responseHeaderModifier, requestMirror, requestRedirect, urlRewrite
requestHeaderModifier.add
requestHeaderModifier.remove
requestHeaderModifier.set
responseHeaderModifier.add
responseHeaderModifier.remove
responseHeaderModifier.set
requestMirror.backendRef
requestRedirect.scheme HTTP, HTTPS
requestRedirect.hostname
requestRedirect.path replaceFullPath, replacePrefixMatch
requestRedirect.port
requestRedirect.statusCode
urlRewrite.hostname
urlRewrite.path replacePrefixMatch

ReferenceGrant

The following tables list the values of the ReferenceGrant API specification that are supported by GKE.

spec.from

For more information, see spec.from in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
group (empty), gateway.networking.k8s.io, net.gke.io
kind Gateway, HTTPRoute
namespace

spec.to

For more information, see spec.to in the Gateway documentation.

Fields gke-l7-global-external-managed gke-l7-global-external-managed-mc gke-l7-regional-external-managed gke-l7-regional-external-managed-mc gke-l7-rilb gke-l7-rilb-mc gke-l7-gxlb gke-l7-gxlb-mc
group (empty), gateway.networking.k8s.io, net.gke.io
kind Secret, Service, ServiceImport
name