gateway-api: GRPCRoute silently excluded from Envoy config when listener has explicit allowedRoutes.kinds #44824
Description
Is there an existing issue for this?
- I have searched the existing issues
Version
equal or higher than v1.19.1 and lower than v1.20.0
What happened?
getGatewayKindForObjectinoperator/pkg/gateway-api/helpers.gois missing acase *gatewayv1.GRPCRoute. When a listener sets allowedRoutes.kindsexplicitly (e.g. bothHTTPRouteandGRPCRoute), isKindAllowedcalls this function and gets back"Unknown"for any GRPCRoute, so the route is silently excluded from the generatedCiliumEnvoyConfig. Traffic fails. The route status misleadingly shows Accepted: True`.
How can we reproduce the issue?
- Create a Gateway listener with
allowedRoutes.kindslisting bothHTTPRouteandGRPCRoute. - Attach a GRPCRoute to it. The route status shows accepted but
kubectl get ciliumenvoyconfig -A -o yamlcontains no gRPC routes.
Repository to reproduce with 1.19.1 running on kind may be found here: https://github.com/eufriction/k8s-cilium-gapi
Only the manifests needed are here: https://github.com/eufriction/k8s-cilium-gapi/tree/main/scenarios/23-http-grpc-shared-port-allowed-routes
Cilium Version
1.19.1
Kernel Version
Linux k8s-cilium-gapi-worker3 6.12.72-linuxkit #1 SMP Wed Feb 25 13:21:17 UTC 2026 aarch64 aarch64 aarch64 GNU/Linux
Kubernetes Version
❯ kubectl version
Client Version: v1.35.2
Kustomize Version: v5.7.1
Server Version: v1.35.0
Regression
No response
Sysdump
No response
Relevant log output
Anything else?
No response
Cilium Users Document
- Are you a user of Cilium? Please add yourself to the Users doc
Code of Conduct
- I agree to follow this project's Code of Conduct