# kubernetes-sigs/gateway-api **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/kubernetes-sigs-gateway-api).** 2,661 stars · 668 forks · Go · apache-2.0 ## Links - GitHub: https://github.com/kubernetes-sigs/gateway-api - Homepage: https://gateway-api.sigs.k8s.io - awesome-repositories: https://awesome-repositories.com/repository/kubernetes-sigs-gateway-api.md ## Topics `gateway-api` `k8s-sig-network` `kubernetes` `networking` `sig-network` ## Description The Gateway API is a standardized set of resources for routing HTTP, gRPC, and TCP traffic into and within Kubernetes clusters. It serves as a framework for defining load balancer listeners and routing rules for both Layer 4 and Layer 7 protocols, acting as a specification for ingress and service mesh traffic interfaces. The project utilizes a role-oriented configuration that separates infrastructure provisioning from routing logic. It implements a class-based provider selection system to match requested infrastructure to specific controller implementations and employs a conformance-driven specification to ensure all implementations pass standardized tests. The API covers a broad range of networking domains, including external ingress management, internal service mesh routing, and Layer 4 load balancing. It incorporates security and access control primitives such as backend TLS configuration, hostname ownership delegation to prevent route hijacking, and cross-namespace reference authorization. The project includes a networking conformance suite used to verify that implementations adhere to the official API specifications. ## Tags ### DevOps & Infrastructure - [Ingress Controllers](https://awesome-repositories.com/f/devops-infrastructure/ingress-controllers.md) — Provides a standardized API for routing external web traffic into Kubernetes clusters using role-oriented configuration. - [Service Mesh](https://awesome-repositories.com/f/devops-infrastructure/api-service-management/service-mesh.md) — Manages internal traffic flow between services within a cluster using routing rules associated with service resources. - [Hostname Ownership Delegation](https://awesome-repositories.com/f/devops-infrastructure/hostname-configurations/hostname-configurations/hostname-ownership-delegation.md) — Prevents route hijacking by assigning specific hostnames to dedicated namespaces on gateway listeners. ([source](https://gateway-api.sigs.k8s.io/concepts/security-model)) - [Kubernetes Ingress Specifications](https://awesome-repositories.com/f/devops-infrastructure/kubernetes-ingress-specifications.md) — Implements a role-oriented API that separates infrastructure provisioning from traffic routing for cluster entry points. - [Mesh Traffic Policy Management](https://awesome-repositories.com/f/devops-infrastructure/mesh-traffic-policy-management.md) — Defines routing rules and policies for managing communication between internal services within a cluster. - [Controller Class Selection](https://awesome-repositories.com/f/devops-infrastructure/controller-class-selection.md) — Provides a class-based system to match requested infrastructure to specific controller implementations. - [Selector-Based Rule Filtering](https://awesome-repositories.com/f/devops-infrastructure/label-based-selection/target-selection-rules/selector-based-rule-filtering.md) — Uses label selectors to bind routing rules to gateway listeners and manage namespace influence. ### Networking & Communication - [Ingress Controllers](https://awesome-repositories.com/f/networking-communication/ingress-controllers.md) — Provides a standardized API to define entry points and route external HTTP, gRPC, and TCP traffic into Kubernetes clusters. ([source](https://gateway-api.sigs.k8s.io/docs)) - [Kubernetes Gateway API Standard](https://awesome-repositories.com/f/networking-communication/kubernetes-gateway-api-standard.md) — Provides the standardized set of resources for routing HTTP, gRPC, and TCP traffic in Kubernetes. - [Layer 4 and Layer 7 Proxies](https://awesome-repositories.com/f/networking-communication/layer-4-and-layer-7-proxies.md) — Provides a framework for defining load balancer listeners and routing rules for both Layer 4 and Layer 7 protocols. - [Load Balancers](https://awesome-repositories.com/f/networking-communication/load-balancers.md) — Triggers the automated provisioning of load balancer instances and network addresses based on requested infrastructure classes. ([source](https://gateway-api.sigs.k8s.io/reference/)) - [L4 and L7 Routing Abstractions](https://awesome-repositories.com/f/networking-communication/protocol-abstraction-layers/l4-and-l7-routing-abstractions.md) — Abstracts traffic management into distinct layers for L4 TCP/UDP and L7 HTTP/gRPC routing. - [Traffic Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing.md) — Implements a standardized set of resources for directing HTTP and gRPC traffic to internal services. ([source](https://cdn.jsdelivr.net/gh/kubernetes-sigs/gateway-api@main/README.md)) - [Layer 4 TCP Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing/layer-4-tcp-routing.md) — Directs TCP, UDP, and TLS traffic to expose non-HTTP services through standardized gateway implementations. - [gRPC Traffic Routing](https://awesome-repositories.com/f/networking-communication/grpc-traffic-routing.md) — Directs requests to gRPC services using protocol-specific routing rules to optimize high-performance API communication. ([source](https://gateway-api.sigs.k8s.io/guides/)) ### Software Engineering & Architecture - [Route Binding Permissions](https://awesome-repositories.com/f/software-engineering-architecture/naming-conventions/reserved-names/access-restrictions/service-account-permissions/namespace-access-controls/route-binding-permissions.md) — Implements selector-based controls to define which namespaces are authorized to attach routing rules to a gateway listener. ([source](https://gateway-api.sigs.k8s.io/concepts/security-model)) - [Role-Oriented Resource Separation](https://awesome-repositories.com/f/software-engineering-architecture/role-oriented-resource-separation.md) — Separates infrastructure provisioning from routing logic by dividing configuration into gateway, route, and backend resources. - [Namespace Access Controls](https://awesome-repositories.com/f/software-engineering-architecture/naming-conventions/reserved-names/access-restrictions/service-account-permissions/namespace-access-controls.md) — Grants permission for resources in one namespace to reference objects in another to link services and routes. ([source](https://gateway-api.sigs.k8s.io/concepts/security-model)) ### Testing & Quality Assurance - [Protocol Conformance Testing](https://awesome-repositories.com/f/testing-quality-assurance/software-testing/e2e-integration-testing/distributed-systems-testing/protocol-conformance-testing.md) — Verifies that networking implementations adhere to official specifications via a standardized test suite. - [Protocol Conformance Suites](https://awesome-repositories.com/f/testing-quality-assurance/software-testing/testing-frameworks/end-to-end-testing-suites/test-suite-partitioners/protocol-conformance-suites.md) — Provides a standardized test suite to ensure networking implementations adhere to the official API specifications. ([source](https://cdn.jsdelivr.net/gh/kubernetes-sigs/gateway-api@main/README.md)) - [Specification Conformance Validation](https://awesome-repositories.com/f/testing-quality-assurance/specification-conformance-validation.md) — Defines a rigid set of resource schemas and behaviors verified through standardized conformance tests. ### Security & Cryptography - [Hostname Delegation](https://awesome-repositories.com/f/security-cryptography/access-restrictions/multi-tenant/hostname-delegation.md) — Assigns hostnames and namespaces to specific gateway listeners to prevent route hijacking. - [Cross-Namespace Reference Grants](https://awesome-repositories.com/f/security-cryptography/cross-namespace-reference-grants.md) — Uses explicit permission objects to allow routing resources in one namespace to target services in another. - [TLS Traffic Encryption](https://awesome-repositories.com/f/security-cryptography/tls-traffic-encryption.md) — Defines how gateways communicate with backend services using TLS to secure traffic between the proxy and application. ([source](https://gateway-api.sigs.k8s.io/guides/))