kgateway v2.1 Release: Unifying Ingress, API Gateway, Service Mesh, and AI Connectivity

kgateway is an open-source implementation of the Kubernetes Gateway API, designed to unify ingress, API gateway, service mesh, and AI gateway functionalities within a single, modular control plane. Engineered for high performance and flexibility, kgateway efficiently secures and manages traffic across diverse environments, supporting legacy, cloud-native, and AI-driven workloads. We are pleased to announce the release of kgateway v2.1, a significant update packed with new features and improvements.

What's New in kgateway 2.1?

Agentgateway Integration

This release marks a significant milestone with the integration of the open-source agentgateway project. agentgateway is a highly available, scalable data plane providing AI connectivity for Large Language Models (LLMs), Multi-Cloud Platform (MCP) tools, AI agents, and inference workloads. This evolution initiates the deprecation of Envoy-based AI Gateway and Inference Extension functionalities, as agentgateway now natively implements all related features. Envoy-based Gateways remain supported for traditional API Gateway use cases.

agentgateway support is currently in beta. Users adopting the agentgateway GatewayClass are encouraged to monitor the beta release feed for ongoing improvements, bug fixes, and breaking changes. To get started, install kgateway with the following Helm values:

agentgateway:
  enabled: true

Then, create a Gateway using the agentgateway GatewayClass:

kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: agentgateway
  namespace: kgateway-system
  labels:
    app: agentgateway
spec:
  gatewayClassName: agentgateway
  listeners:
    -
      protocol: HTTP
      port: 8080
      name: http
      allowedRoutes:
        namespaces:
          from: All

For routing traffic to LLM providers, MCP tool servers, or AI agents, consult the agentgateway guides. Explore accompanying examples demonstrating agentgateway connections to MCP servers and A2A agents.

Kubernetes Gateway API 1.3.0 and Inference Extension 1.0.0 Conformance

kgateway now fully conforms with Kubernetes Gateway API version 1.3.0 and Inference Extension version 1.0.0. For details, check out the conformance test reports for Kubernetes Gateway API and Inference Extension.

Global Policy Attachment

Previously, policies were limited to resources within the same namespace. With kgateway v2.1, a new feature enables the creation of a global namespace for policies. These global policies can now be attached to resources across any namespace in your cluster using label selectors. For more information, refer to the Global policy attachment documentation.

Deep Merging for External Authentication and Processing Policies

kgateway v2.1 introduces deep merging capabilities for extAuth and extProc policies. Furthermore, the kgateway.dev/policy-weight annotation can now be used to define the merging priority of multiple policies. For more details, see the documentation on Policy priority during merging.

Enhanced Proxy Pod Template Customization

Expanded customization options are now available for the gateway proxies' default pod template. These include configurations for nodeSelectors, affinity, tolerations, topologySpreadConstraints, and externalTrafficPolicy. For further information, consult the documentation on Customizing the Gateway. A comprehensive list of configurable values can be found in the PodTemplate reference within the GatewayParameters API.

Horizontal Pod Autoscaling (HPA)

Users can now integrate their own Horizontal Pod Autoscaler (HPA) plug-ins with kgateway. This allows for automatic scaling of kgateway control and data plane pods based on predefined thresholds such as CPU or memory consumption. For additional information, refer to the Horizontal Pod Autoscaling (HPA) documentation.

Dynamic Forward Proxy (DFP)

kgateway v2.1 enables configuration of the gateway proxy to utilize a Dynamic Forward Proxy (DFP) filter. This filter allows the proxy to function as a generic HTTP(S) forward proxy, eliminating the need for pre-configuring all potential upstream hosts. The DFP dynamically resolves upstream hosts at request time via DNS. More details are available in the Dynamic Forward Proxy (DFP) documentation.

Session Affinity

Envoy-based gateway proxies can now be configured with various types of session affinity:

• Customizable Load Balancing Algorithms: The default 'least requests' algorithm can be replaced with round robin or random algorithms for forwarding requests to backend services.
• Consistent Hashing: Enables soft session affinity between clients and backend services through consistent hashing algorithms.
• Session Persistence: Establishes 'strong' session affinity or sticky sessions, ensuring client traffic consistently routes to the same backend instance throughout a session.

Enhanced Retries and Timeout Capabilities

Envoy-based gateway proxies now feature enhanced retry and timeout capabilities. Detailed information can be found in the guides for:

• Request retries
• Request timeouts
• Per-try timeouts
• Idle timeouts
• Idle stream timeouts

Passive Health Checks with Outlier Detection

kgateway v2.1 allows for the configuration of passive health checks and the removal of unhealthy hosts from the load balancing pool using an outlier detection policy. This policy establishes conditions—such as retry limits and ejection percentages—that kgateway uses to identify unhealthy services. Upon detection, the outlier detection policy dictates the removal process from the pool of healthy destinations, ensuring traffic is directed only to operational services. For more details, refer to the Outlier detection documentation.

New kgateway Operations Dashboard

Upon installing the OpenTelemetry (OTel) stack, users can now utilize a new kgateway operations dashboard for Grafana. This dashboard provides a quick overview of critical metrics, including translation and reconciliation times, total operations, cluster resource count, and latency.

A demo showcasing kgateway's new features in global policy attachment, HPA, monitoring, and observability is also available.

Deprecated Features

AI Gateway and Inference Extension support for Envoy-based gateway proxies are now deprecated and scheduled for removal in version 2.2. For AI capabilities, users are advised to transition to an agentgateway proxy. Further insights into agentgateway's advantages for agentic AI and MCP workloads are available in an accompanying blog post.

Release Notes

For comprehensive details of the kgateway v2.1 release, refer to the official release notes.

Availability

To get started, download the latest release on GitHub. Then, consult the getting started guide for installation instructions.

Acknowledgements

The kgateway v2.1 release was made possible by 602 contributions from 42 individuals. We extend our sincere gratitude to all contributors for their efforts. Project development statistics for the v2.1 release cycle are available.

This release also marks kgateway's inaugural participation in the LFX Mentorship Program. Mentees contributed significantly to various project initiatives, including automated scale tests for kgateway, ecosystem integration documentation enhancements, OpenTelemetry observability for AI Extensions, and agentgateway observability improvements.

Get Involved

To engage with the kgateway community, join our Slack channel and attend our community meetings. We appreciate your continued feedback and support!