Skip to content
Nantian Gateway

Gateway API Resources

Nantian Gateway implements the Kubernetes Gateway API v1.5.1 specification and declares support for 55 features. This page lists all supported resource types, core fields, and feature coverage.

Resource Inventory

Section titled “Resource Inventory”
ResourceAPI VersionPurpose
GatewayClassgateway.networking.k8s.io/v1Defines the gateway implementation type, claimed by the control plane
Gatewaygateway.networking.k8s.io/v1Defines listeners, configures ports, protocols, and TLS
HTTPRoutegateway.networking.k8s.io/v1HTTP and HTTPS traffic routing
GRPCRoutegateway.networking.k8s.io/v1gRPC traffic routing with method-level matching
TCPRoutegateway.networking.k8s.io/v1alpha2TCP traffic routing
UDPRoutegateway.networking.k8s.io/v1alpha2UDP traffic routing
TLSRoutegateway.networking.k8s.io/v1alpha2TLS passthrough routing
BackendTLSPolicygateway.networking.k8s.io/v1alpha3Backend TLS verification policy
ReferenceGrantgateway.networking.k8s.io/v1beta1Cross-namespace reference authorization

GatewayClass

Section titled “GatewayClass”

GatewayClass is a cluster-scoped resource that defines the gateway implementation type. The Nantian Gateway control plane watches for and claims GatewayClasses whose spec.controllerName is gateway.networking.k8s.io/nantian-gw.

apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: nantian-gw
spec:
  controllerName: gateway.networking.k8s.io/nantian-gw

Once a GatewayClass is claimed by the control plane, status.conditions will show Accepted=True, indicating the GatewayClass is ready and Gateway resources referencing it can be processed.

Gateway

Section titled “Gateway”

Gateway defines a set of listeners, each specifying a port, protocol, and optional TLS configuration. Route resources bind to specific Gateway instances and listeners through the parentRefs field.

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: example-gateway
  namespace: default
spec:
  gatewayClassName: nantian-gw
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: Same
    - name: https
      protocol: HTTPS
      port: 443
      hostname: "*.example.com"
      tls:
        mode: Terminate
        certificateRefs:
          - name: example-tls
      allowedRoutes:
        namespaces:
          from: All

Supported Listener Protocols

Section titled “Supported Listener Protocols”
ProtocolDescription
HTTPHTTP/1.1 and HTTP/2 (h2c)
HTTPSTLS termination + HTTP/1.1 and HTTP/2
TLSTLS passthrough mode
TCPTCP stream proxy
UDPUDP stream proxy

Supported TLS Modes

Section titled “Supported TLS Modes”
ModeDescription
TerminateTerminate TLS at the gateway layer, using keys from certificate references
PassthroughPass TLS traffic through to the backend without decryption at the gateway

HTTPRoute

Section titled “HTTPRoute”

HTTPRoute is the most frequently used route resource, handling routing decisions for HTTP and HTTPS traffic.

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: example-route
  namespace: default
spec:
  parentRefs:
    - name: example-gateway
  hostnames:
    - "api.example.com"
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /v1
          headers:
            - name: x-version
              value: v2
          method: GET
      filters:
        - type: RequestHeaderModifier
          requestHeaderModifier:
            add:
              - name: x-gateway
                value: nantian-gw
        - type: URLRewrite
          urlRewrite:
            hostname: internal.example.com
            path:
              type: ReplacePrefixMatch
              replacePrefixMatch: /api
      backendRefs:
        - name: backend-v1
          port: 8080
          weight: 80
        - name: backend-v2
          port: 8080
          weight: 20
      timeouts:
        request: 30s
        backendRequest: 10s

Supported Route Matches

Section titled “Supported Route Matches”
Match TypeDescription
pathPath matching, supports Exact, PathPrefix, RegularExpression
headersRequest header matching, supports Exact, RegularExpression
queryParamsQuery parameter matching, supports Exact, RegularExpression
methodHTTP method matching (GET, POST, PUT, DELETE, etc.)

Supported Filters

Section titled “Supported Filters”
FilterDescription
RequestHeaderModifierModify request headers (add, set, remove)
ResponseHeaderModifierModify response headers (add, set, remove)
URLRewriteURL rewriting, supports hostname and path rewriting
RequestRedirectRequest redirection, supports 301, 302, 303, 307, 308 status codes
RequestMirrorRequest mirroring, copies a percentage of requests to other backends
ExtensionRefCustom extension filter, can reference Wasm plugins, etc.

Supported Backend Protocols

Section titled “Supported Backend Protocols”
ProtocolDescription
HTTP/1.1Standard HTTP
HTTP/2 (h2c)Cleartext HTTP/2
gRPCgRPC over HTTP/2
WebSocketWebSocket upgrade

GRPCRoute

Section titled “GRPCRoute”

GRPCRoute provides precise routing for gRPC traffic, supporting service name and method name matching.

apiVersion: gateway.networking.k8s.io/v1
kind: GRPCRoute
metadata:
  name: grpc-example
  namespace: default
spec:
  parentRefs:
    - name: example-gateway
  hostnames:
    - "grpc.example.com"
  rules:
    - matches:
        - method:
            service: "example.v1.UserService"
            method: "GetUser"
      backendRefs:
        - name: user-service
          port: 50051
    - matches:
        - method:
            service: "example.v1.OrderService"
      backendRefs:
        - name: order-service
          port: 50051

Supported gRPC Matches

Section titled “Supported gRPC Matches”
Match TypeDescription
serviceExact match on gRPC service name
methodExact match on gRPC method name
headersRequest header matching (gRPC metadata)

TCPRoute and UDPRoute

Section titled “TCPRoute and UDPRoute”

TCPRoute and UDPRoute handle non-HTTP stream traffic. Matching rules are based on port number.

apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TCPRoute
metadata:
  name: tcp-example
  namespace: default
spec:
  parentRefs:
    - name: example-gateway
  rules:
    - backendRefs:
        - name: tcp-backend
          port: 9090
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: UDPRoute
metadata:
  name: udp-example
  namespace: default
spec:
  parentRefs:
    - name: example-gateway
  rules:
    - backendRefs:
        - name: udp-backend
          port: 5353

TLSRoute

Section titled “TLSRoute”

TLSRoute handles TLS passthrough traffic, routing based on SNI hostname.

apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
  name: tls-example
  namespace: default
spec:
  parentRefs:
    - name: example-gateway
  hostnames:
    - "tls.example.com"
  rules:
    - backendRefs:
        - name: tls-backend
          port: 9443

BackendTLSPolicy

Section titled “BackendTLSPolicy”

BackendTLSPolicy defines the TLS connection policy from the gateway to backend services, including certificate verification, SAN validation, and TLS version constraints.

apiVersion: gateway.networking.k8s.io/v1alpha3
kind: BackendTLSPolicy
metadata:
  name: backend-tls
  namespace: default
spec:
  targetRefs:
    - group: ""
      kind: Service
      name: secure-backend
  validation:
    hostname: secure-backend.example.com
    caCertificateRefs:
      - name: backend-ca
        group: ""
        kind: ConfigMap
    wellKnownCACertificates: "System"

Feature Support Matrix

Section titled “Feature Support Matrix”

Nantian Gateway declares support for 55 features in the Gateway API v1.5.1 specification. Key features are listed below by category:

Core Features

Section titled “Core Features”
FeatureStatus
GatewayClassSupported
GatewaySupported
HTTPRouteSupported
ReferenceGrantSupported

Extended Features

Section titled “Extended Features”
FeatureStatus
HTTPRouteQueryParamMatchSupported
HTTPRouteMethodMatchSupported
HTTPRouteRequestMirrorSupported
HTTPRouteRequestTimeoutSupported
HTTPRouteBackendTimeoutSupported
HTTPRouteParentRefPortSupported
HTTPRouteHostRewriteSupported
HTTPRoutePathRewriteSupported
HTTPRouteRequestRedirectSupported
HTTPRouteResponseHeaderModificationSupported
HTTPRouteBackendProtocolH2CSupported
HTTPRouteBackendProtocolWebSocketSupported
GRPCRouteSupported
GRPCRouteMethodMatchSupported
TCPRouteSupported
UDPRouteSupported
TLSRouteSupported
GatewayPort8080Supported
GatewayStaticAddressesSupported
BackendTLSPolicySupported
GatewayInfrastructurePropagationSupported

Mesh Features

Section titled “Mesh Features”
FeatureStatus
MeshRouteSupported
MeshConsumerRouteSupported
MeshClusterIPMatchingSupported

Next Steps

Section titled “Next Steps”