bump Gateway API v1.5.0-rc.1#8161
Merged
zirain merged 15 commits intoenvoyproxy:mainfrom Feb 23, 2026
Merged
Conversation
✅ Deploy Preview for cerulean-figolla-1f9435 canceled.
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #8161 +/- ##
==========================================
+ Coverage 73.64% 73.71% +0.07%
==========================================
Files 242 240 -2
Lines 37007 36917 -90
==========================================
- Hits 27255 27215 -40
+ Misses 7831 7774 -57
- Partials 1921 1928 +7 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
5c438ec to
71d124b
Compare
zirain
commented
Feb 4, 2026
b71c336 to
a36af69
Compare
0c478ed to
7ced098
Compare
zirain
commented
Feb 14, 2026
|
|
||
| // GatewayAPI defines an experimental Gateway API resource that can be enabled. | ||
| // +enum | ||
| // +kubebuilder:validation:Enum=XListenerSet;XBackendTrafficPolicy |
Member
Author
There was a problem hiding this comment.
XListenerSet promote to v1 in Gateway API v1.5
Contributor
There was a problem hiding this comment.
guessing this is the breaking change because even if a user wants to stay on XListenerSet, then cant ? and must migrate to ListenerSet when upgrading to v1.8 ?
Member
Author
There was a problem hiding this comment.
yes, If we need rethink about this in the future, do we need to support X API.
There was a problem hiding this comment.
for what it's worth, we (cert-manager) have decided to do a clean cut upgrade to ListenerSet as opposed to keeping both resources. There was a discussion on whether to keep the X resources around in 1.5: https://kubernetes.slack.com/archives/CR0H13KGA/p1770328007249819
Member
There was a problem hiding this comment.
+1 to removing XListenerSet support from 1.8 since we've already set expectations in the GatewayAPISettings that These APIs are experimental today and are subject to change or removal as they mature.
Maintaining both XListenerSet and ListenerSet would add quite a bit of ongoing overhead, and it might not be worth keeping both around.
zirain
commented
Feb 14, 2026
| - attachedRoutes: 0 | ||
| conditions: | ||
| - lastTransitionTime: null | ||
| message: Listener must have TLS set when protocol is TLS. |
Contributor
There was a problem hiding this comment.
should we then add another rejected route rule test here that adds a negative status
f862d52 to
0e211a9
Compare
zirain
commented
Feb 14, 2026
Comment on lines
+19
to
+40
| // TODO: fix following conformance tests | ||
| tests.ListenerSetHostnameConflict, | ||
| tests.ListenerSetProtocolConflict, | ||
| tests.TLSRouteHostnameIntersection, | ||
| tests.TLSRouteInvalidNoMatchingListener, | ||
| tests.TLSRouteInvalidNoMatchingListenerHostname, | ||
| tests.TLSRouteInvalidReferenceGrant, | ||
| tests.TLSRouteListenerTerminateSupportedKinds, | ||
| tests.TLSRouteSimpleSameNamespace, | ||
| tests.TLSRouteTerminateSimpleSameNamespace, | ||
| tests.TLSRouteMixedTerminationSameNamespace, | ||
| tests.GatewayInvalidTLSBackendConfiguration, | ||
| tests.GatewayWithAttachedRoutes, | ||
| tests.GatewayTLSBackendClientCertificate, | ||
| tests.GatewayFrontendClientCertificateValidation, | ||
| tests.GatewayInvalidFrontendClientCertificateValidation, | ||
| tests.GatewayFrontendInvalidDefaultClientCertificateValidation, | ||
| tests.HTTPRouteHTTPSListenerDetectMisdirectedRequests, | ||
| tests.HTTPRoute303Redirect, | ||
| tests.HTTPRoute307Redirect, | ||
| tests.HTTPRoute308Redirect, | ||
| tests.HTTPRouteHostnameIntersection, |
Member
Author
There was a problem hiding this comment.
TODO: Tracked in seperated issue.
arkodg
reviewed
Feb 14, 2026
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
3b38617 to
988ce2d
Compare
Signed-off-by: zirain <zirain2009@gmail.com>
988ce2d to
b9ffa24
Compare
arkodg
reviewed
Feb 22, 2026
| Namespace: namespace, | ||
| }, | ||
| Spec: typedSpec.(gwapiv1a3.TLSRouteSpec), | ||
| Spec: typedSpec.(gwapiv1.TLSRouteSpec), |
Member
Author
There was a problem hiding this comment.
v1alpa3.TLSRoute alias to v1.TLSRoute cause this.
Member
Author
|
/retest |
maelvls
referenced
this pull request
in cert-manager/cert-manager
Feb 22, 2026
Before my changes, the Gateway tests would create a "test" Gateway resource, but the Issuer would have a parentRefs pointing to a common "acmesolver" Gateway. So, there would be a weird split: the Certificate would be created off the annotations coming from the "test" Gateway, but the HTTPRoute would be pointing a different Gateway. But in practice, people will want these two Gateway resources to be the same, as it would make little sense to create a separate Gateway resource for the purpose of solving challenges. To solve this, we no longer have a central "acmesolver" Gateway with the IP 10.0.0.4. Instead, each Gateway will use its own cluster IP and a domain is dynamically added to Bind. Regarding ListenerSet, we could have kept using the shared "acmesolver", which would have worked well. But I've decided to also use dynamic cluster IPs for these for consistency. Signed-off-by: Maël Valais <mael@vls.dev>
arkodg
approved these changes
Feb 22, 2026
zhaohuabing
approved these changes
Feb 23, 2026
Closed
antonio-mazzini
pushed a commit
to antonio-mazzini/gateway
that referenced
this pull request
Mar 5, 2026
* sep e2e gomod Signed-off-by: zirain <zirain2009@gmail.com> * fix cel test Signed-off-by: zirain <zirain2009@gmail.com> * fix e2e Signed-off-by: zirain <zirain2009@gmail.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> * fix lint and gen Signed-off-by: zirain <zirain2009@gmail.com> * fix test Signed-off-by: zirain <zirain2009@gmail.com> * revert Signed-off-by: zirain <zirain2009@gmail.com> * skip ListenerSet Signed-off-by: zirain <zirain2009@gmail.com> * skip more Signed-off-by: zirain <zirain2009@gmail.com> * skip tlsroute Signed-off-by: zirain <zirain2009@gmail.com> * skip more test Signed-off-by: zirain <zirain2009@gmail.com> * fix RunTest Signed-off-by: zirain <zirain2009@gmail.com> * support FailFast Signed-off-by: zirain <zirain2009@gmail.com> * bump golang 1.25.7 Signed-off-by: zirain <zirain2009@gmail.com> * bump Gateway API v1.5.0-rc.1 Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
sigs.k8s.io/gateway-apiandsigs.k8s.io/gateway-api/conformanceinternal/gatewayapi/conformaceundertest, it's not used, and production shouldn't rely on conformance.