Skip to main content

Version: 3.8.x

Ingress and Gateway API Support

This document outlines the Kubernetes Gateway API and Ingress API resources supported by the API7 Ingress Controller. Use this as a reference to understand which resources are currently implemented.

See the configuration examples to learn when and how to use these resources.

Gateway API

Packages

Resource Support Levels

The table below outlines the support levels for Kubernetes Gateway API resources in the current implementation. Each resource is categorized by its level of core, extended, and implementation-specific support, along with the corresponding API version.

ResourceCoreExtendedImplementation-SpecificAPI Version
GatewayClassSupportedN/ANot supportedv1
GatewayPartially supportedPartially supportedNot supportedv1
HTTPRouteSupportedPartially supportedNot supportedv1
GRPCRouteNot supportedNot supportedNot supportedv1
ReferenceGrantNot supportedNot supportedNot supportedv1beta1
TLSRouteNot supportedNot supportedNot supportedv1alpha2
TCPRouteNot supportedNot supportedNot supportedv1alpha2
UDPRouteNot supportedNot supportedNot supportedv1alpha2
BackendTLSPolicyNot supportedNot supportedNot supportedv1alpha3

For a complete list of configuration options, refer to the Gateway API Reference. Be aware that some fields are not supported, or partially supported.

Unsupported / Partially Supported Fields

The fields below are specified in the Gateway API specification but are either partially implemented or not yet supported in the APISIX Ingress Controller.

HTTPRoute

FieldsStatusNotes
spec.timeoutsNot supportedThe field is unsupported because ADC provides finer-grained timeout configuration (connect, read, write), whereas spec.timeouts only allows a general total timeout and upstream timeout, so it cannot be directly mapped. To configure route timeouts, you can use BackendTrafficPolicy.
spec.retriesNot supportedThe field is unsupported because APISIX does not support the features in retries. To configure route retries, you can use BackendTrafficPolicy.
spec.sessionPersistenceNot supportedAPISIX does not support the configuration of cookie lifetimes. As an alternative, you can use chash load balancer.
spec.rules[].backendRefs[].filters[]Not supportedBackendRef-level filters are not implemented as data plane does not support filtering at this level; only rule-level filters (spec.rules[].filters[]) are supported.

Gateway

FieldsStatusNotes
spec.listeners[].portNot supported*The configuration is required but ignored. This is due to limitations in the data plane: it cannot dynamically open new ports. Since the Ingress Controller does not manage the data plane deployment, it cannot automatically update the configuration or restart the data plane to apply port changes.
spec.listeners[].allowedRoutes.kindsPartially supportedOnly HTTPRoute (group gateway.networking.k8s.io) is accepted; other kinds are rejected.
spec.listeners[].tls.certificateRefs[].groupPartially supportedOnly "" is supported; other group values cause validation failure.
spec.listeners[].tls.certificateRefs[].kindPartially supportedOnly Secret is supported.
spec.listeners[].tls.modePartially supportedTerminate is implemented; Passthrough is effectively unsupported for Gateway listeners.
spec.addressesNot supportedController does not read or act on spec.addresses.

Ingress

Package

  • networking.k8s.io/v1

Supported Resources

The controller supports the standard Kubernetes Ingress API, including:

Basic host- and path-based routing is supported. Advanced annotations or non-standard extensions may not be implemented.

The following Ingress annotations are not supported in the current version but will be supported in a future release:

Annotation
k8s.apisix.apache.org/use-regex
k8s.apisix.apache.org/enable-websocket
k8s.apisix.apache.org/plugin-config-name
k8s.apisix.apache.org/upstream-scheme
k8s.apisix.apache.org/upstream-retries
k8s.apisix.apache.org/upstream-connect-timeout
k8s.apisix.apache.org/upstream-read-timeout
k8s.apisix.apache.org/upstream-send-timeout
k8s.apisix.apache.org/enable-cors
k8s.apisix.apache.org/cors-allow-origin
k8s.apisix.apache.org/cors-allow-headers
k8s.apisix.apache.org/cors-allow-methods
k8s.apisix.apache.org/enable-csrf
k8s.apisix.apache.org/csrf-key
k8s.apisix.apache.org/http-to-https
k8s.apisix.apache.org/http-redirect
k8s.apisix.apache.org/http-redirect-code
k8s.apisix.apache.org/rewrite-target
k8s.apisix.apache.org/rewrite-target-regex
k8s.apisix.apache.org/rewrite-target-regex-template
k8s.apisix.apache.org/enable-response-rewrite
k8s.apisix.apache.org/response-rewrite-status-code
k8s.apisix.apache.org/response-rewrite-body
k8s.apisix.apache.org/response-rewrite-body-base64
k8s.apisix.apache.org/response-rewrite-add-header
k8s.apisix.apache.org/response-rewrite-set-header
k8s.apisix.apache.org/response-rewrite-remove-header
k8s.apisix.apache.org/auth-uri
k8s.apisix.apache.org/auth-ssl-verify
k8s.apisix.apache.org/auth-request-headers
k8s.apisix.apache.org/auth-upstream-headers
k8s.apisix.apache.org/auth-client-headers
k8s.apisix.apache.org/allowlist-source-range
k8s.apisix.apache.org/blocklist-source-range
k8s.apisix.apache.org/http-allow-methods
k8s.apisix.apache.org/http-block-methods
k8s.apisix.apache.org/auth-type
k8s.apisix.apache.org/svc-namespace
API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2025. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation