feat(source/gateway-api)!: migrate Gateway and HTTPRoute to v1#6291
feat(source/gateway-api)!: migrate Gateway and HTTPRoute to v1#6291k8s-ci-robot merged 6 commits intokubernetes-sigs:masterfrom
Conversation
k8s-ci-robot
added
the
do-not-merge/invalid-commit-message
|
Welcome @System-Arch! |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @System-Arch. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
cncf-cla: no
There was a problem hiding this comment.
The API server handles conversion transparently -> if objects were stored as v1beta1 but v1 is served, you can still list/watch via v1 without issue. So storedVersions containing v1beta1 does not prevent ExternalDNS from using v1.
So the documentation's framing of "requires Gateway API v1.0.0" is an approximation. The real requirement is:
The Gateway and HTTPRoute CRDs must have v1 in their spec.versions with served: true.
By any chance could you add to description evidences similar to #5611 (comment) with spec.versions[].served and status.storedVersions
Could you share similar results for this PR #5085 (comment) for beta versions that not working currently?
|
CLA needs signing |
System-Arch
force-pushed
the
gateway-api-v1
branch
from
4aabda5 to
bee3923
Compare
k8s-ci-robot
removed
the
do-not-merge/invalid-commit-message
Hi @ivankatliarchuk , Thank you for reviewing this change. My Gateway and HTTProute CRDs do indeed show 'v1' (and only 'v1') in spec.versions and have served:true. Note this is with the v1.5.0 Gateway API standard CRDs and the v1.4.1 experimental CRD for TLSroute (to keep Cilium 1.19) happy. Regarding your second question, I saw an issue about a week ago when I first started integrating Cilium Gateway API support into a self-hosted v1.35.1 K8s cluster. At that time, I believe I saw error messages similar to those shown in #5611 where ExternalDNS pods were crashing at startup due to not finding v1apha2 CRDs for Gateway and HTTProute. I subsequently created a custom build of External DNS with the change proposed in this PR (and support for v1 TLSroute, which was not included in the PR), which appeared to resolve the issue, and things worked as expected (after working out other kinks). In response to your query, I reverted back to the 0.20.0 version of External DNS and, much to my surprise (but in alignment with your assertions), I was unable to reproduce the issue, and things appear to still be working correctly. Thus, you can close or defer this PR if you feel it is still premature to upgrade External DNS as proposed. If you would like to still consider the change (it's line-for-line the same as what was accepted and reverted two years ago), let me know and I'll complete the CLA. Thanks for your time and assistance. |
|
Thanks for confirming. Whether to support v1beta1 vs v1 - is not about just bumping dependencies. Rest is described in this PR review with evidences has to be provided #6291 (review) |
|
It's true it has been a lonnnng time we are with this v1beta. |
abursavich
left a comment
abursavich
left a comment
There was a problem hiding this comment.
The added empty lines in import blocks bug me, but meh. LGTM.
k8s-ci-robot
added
the
lgtm
|
The PR opener is just completely ignore what being asked
|
|
I can't help with signing the CLA, but... FWIW, this is something we intended to do long ago, but certain cloud providers held us back because they were slow to upgrade their CRDs to include The current CRDs provided in the latest Gateway API release (v1.5.1) still include the served The
/lgtm cancel I would be okay with merging this if TLSRoute was put back on When this first became an issue, I thought about writing an adapter that would monitor and use whichever API version is available in the cluster. It seemed like overkill at the time and I wouldn't be available to work on it for the next two or three weeks, but I'd be down to pick that back up next month since this seems like it may continue to be an issue with the evolution of the Gateway API. |
k8s-ci-robot
added
needs-rebase
|
It's not providers, the Gateway API does not have deprecation with api versions and supported period. Example istio https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases. So basically, nothing forces GCP to actually switch to latest apiversion. I could be wrong |
There was a problem hiding this comment.
Hard blockers before anything else
CLA needs signing and a rebase is needed — k8s-ci-robot flagged both. Nothing else matters until those are done.
On the TLSRoute confusion
@abursavich's /lgtm cancel comment says "I would be okay with merging this if TLSRoute was put back on v1beta1" — but TLSRoute was never at v1beta1 in this repo, it's at v1alpha2, and this PR doesn't touch it. TLSRoute stays at v1alpha2 throughout. I think the concern got mis-stated; the actual concern seems to be about whether cloud providers have caught up to v1 for Gateway and HTTPRoute specifically, which is a separate question. Worth clarifying so the thread doesn't stay unresolved on a misread.
On the evidence request
@ivankatliarchuk's ask is reasonable — for a change that breaks users on old clusters, showing spec.versions[].served output is a fair bar. The author confirmed they couldn't reproduce the original crash on 0.20.0, which weakens the "fixes a regression" framing. But the direction is still correct: the PR description references real user crash reports in #4768, and v1 has been available for 1.5 years (since Gateway API v1.0, October 2023). The original v1beta1 revert was explicitly described as temporary.
On the code
The change is clean. One thing worth noting: removing the explicit cast v1.HTTPRoute(clone) in gateway_httproute.go is correct — in gateway-api, v1beta1.HTTPRoute was always a type alias for v1.HTTPRoute, so the cast was already a no-op. The import cleanup is tidy.
One doc gap
The new docs say TLSRoute "has not yet graduated to v1 in the version of Gateway API used by ExternalDNS" — but TLSRoute did graduate to v1 in Gateway API v1.5.0 (February 26, 2026, three weeks ago). The statement is technically true for ExternalDNS's current dependency version, but a follow-up issue/PR to migrate TLSRoute to v1 should probably be tracked explicitly so it doesn't get forgotten again like Gateway/HTTPRoute did.
Summary
Sign the CLA, rebase, and provide the kubectl get crd gateways.gateway.networking.k8s.io -o yaml evidence @ivankatliarchuk asked for. The change itself is sound.
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
apis
This migrates the Kubernetes API interactions for Gateway and HTTPRoute objects from v1beta1 to v1. The v1beta1 revert was originally made in PR kubernetes-sigs#4610 (July 2024) because GKE clusters were not yet serving v1 CRDs. That is no longer the case: v1 Gateway and HTTPRoute have been available since Gateway API v1.0.0 (October 2023) and all major managed Kubernetes providers now serve them. This change does NOT modify TLSRoute, TCPRoute, or UDPRoute, which remain at v1alpha2. TLSRoute's migration to v1 depends on Gateway API v1.5.0+ and is tracked separately in kubernetes-sigs#6247.
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
System-Arch
force-pushed
the
gateway-api-v1
branch
from
9031a0f to
db483bc
Compare
k8s-ci-robot
added
size/L
Incorporated review suggestions from @mloiseleur
Hi @abursavich, |
mloiseleur
changed the title
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abursavich, mloiseleur The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
Fixes #6290 |
7 participants
Summary
This reverts the Kubernetes API interactions for Gateway and HTTPRoute objects from
v1beta1back tov1, undoing PR #4610 (July 2024).Background
The original revert to
v1beta1was made because GKE clusters were not yet servingv1CRDs, causing crash loops for a significant portion of the user base (#4366). At the time, the maintainer noted:That was nearly two years ago. The situation has now reversed:
v1Gateway API CRDs. The original blocker no longer applies.v1beta1. Gateway API v1.5.0 introduced a ValidatingAdmissionPolicy that prevents downgrades below v1.5. Clusters running current Gateway API CRDs may no longer servev1beta1.failed to sync *v1beta1.Gateway: context deadline exceeded(Not working configuration Gateway API #4768). This is the mirror image of the original 0.14.1 causing crash loopback related to v1.Gateway #4366.Since
v1Gateway and HTTPRoute have been available since Gateway API v1.0.0 (October 2023), this change is safe for any cluster running Gateway API 1.0 or later.Changes
source/gateway.go: imports, informer type, and function signatures changed fromv1beta1tov1source/gateway_httproute.go: informer factory call, embedded informer type, andTypeMetaAPIVersion moved tov1v1beta1.Gatewaytov1.Gateway; client calls fromGatewayV1beta1()toGatewayV1()docs/sources/gateway-api.md: version documentation updatedImpact
This is a breaking change for those sites that only have v1beta1 CRDs for Gateway and HTTPRoute as summarized in the following table:
Scope
This change intentionally covers only Gateway and HTTPRoute. TLSRoute, TCPRoute, and UDPRoute remain at
v1alpha2. TLSRoute's migration tov1depends on Gateway API v1.5.0+ and is tracked separately in #6247.Fixes #6290
Checklist