fix(deps): update module sigs.k8s.io/gateway-api to v1.3.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sigs.k8s.io/gateway-api	v1.1.0 -> v1.3.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

kubernetes-sigs/gateway-api (sigs.k8s.io/gateway-api)

v1.3.0

Compare Source

Changes since v1.3.0-rc.2

• Fixed typo in Retry Budget configuration (#​3762,@​zirain)

Changes since v1.2.1

Noteworthy Changes for Implementors

This section is intended to be a guide for API changes that might inspire or require implementation changes.
None of these API changes represent breaking changes.

OverlappingTLSConfig for Connection Coalescing

A new OverlappingTLSConfig condition has been added to Gateway Listeners to indicate situations where
Connection Coalescing could be problematic. The Gateway specification for handling Hostname and SNI matching for HTTPS
requests has been clarified and now recommends that implementations return 421 HTTP code responses in certain cases.

• Implementation of GEP-3567 - TLS Updates for Connection Coalescing. (#​3630,@​robscott)
• Add GEP-3567: Gateway TLS Updates for HTTP/2 Connection Coalescing. (#​3572,@​robscott)

Move BackendTLSPolicy SubjectAltNames from Core to Extended

• The SubjectAltNames field of BackendTLSPolicy changed from Core to Extended feature. (#​3591,@​mlavacca)

The backendRef filter must send traffic to the correct backends when weighted routing is configured

• A new conformance test was added to ensure backendRef filters don't affect weighted routing. (#​3604,@​dprotaso)

Clarify reasons for certain object status conditions

• Set proper reason for Gateway parametersRef Accepted condition when parametersRef is invalid. (#​3579,@​mlavacca)
• Improve GatewayClass GatewayClassReasonInvalidParameters reason description. (#​3553,@​mlavacca)

BackendTLSPolicy

• CEL validation for target references in BackendTLSPolicy. (#​3496,@​snorwin)

GRPCRoute

• Increase the GRPCRoute match limit from 8 -> 64 (#​3601,@​EyalPazz)

Gateway.Spec.Addresses changes

A new type GatewaySpecAddress replaces GatewayAddress. In GatewayAddress the Value field was required. In
GatewaySpecAddress the Value field is optional. When the Value is unspecified, if an implementation supports that,
it SHOULD automatically assign an address. If an implementation does not support an empty Value, it MUST set the
Programmed condition in status to false with a reason of "AddressNotAssigned". The Addresses field in
Gateway.Spec has changed from type []GatewayAddress to []GatewaySpecAddress.

• Make the value field in Gateway.Spec.Addresses array optional (#​3616,@​EyalPazz)

Standard Channel Additions and Changes

The Standard channel is Gateway API's set of maximally-stable install files.
Only features with the best testing and support are added to the standard
channel. This channel should be considered GA or stable, and future changes will
be fully backwards compatible.

Percentage-Based Request Mirroring 🎉

This feature enhances the existing request mirroring feature
by allowing users to specify a percentage of requests to be mirrored in both HTTPRoute
and GRPCRoute objects.

This feature has graduated to Standard and is now considered GA or Stable.

This feature's name for conformance tests (and GatewayClass status reporting) is
HTTPRouteRequestPercentageMirror.

This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the supportedFeatures field in the status of any GatewayClass.

Relevant PRs:

• Promote percentage-based-request-mirroring GEP-3171 to standard (#​3638,@​LiorLieberman)
• Add conformance tests for percentage-based request mirroring (#​3508,@​LiorLieberman)

Experimental Channel Additions and Changes

The Experimental Channel is Gateway API's channel for testing out changes and
gaining confidence with them before allowing them to go to Standard.

This channel may include features that are changed or removed later!

New experimental resources now start with "X"

This release introduces 2 new experimental resources:

• XBackendTrafficPolicy
• XListenerSet

Both of these resources are described in more detail below. As you may notice,
these resource names start with X and are part of an effort to distinguish
experimental channel resources from standard channel resources.

In addition to the separate names, these resources are also part of the
x-k8s.io API group instead of k8s.io, as a further effort to signal the
experimental nature of these resources.

In practice this means two things:

1. These resources can coexist with standard channel resources
2. Migrating to standard channel will require recreating these resources with
   the standard channel names and API Group (both lacking the "x" prefix)

For more context on this change, refer to the related discussion.

CORS (Cross Origin Resource Sharing) Filter

GEP-1767 describes how to add
configuration of CORS filters on HTTPRoute objects, and in this release, this change
has moved to Experimental.

Please see the GEP reference document or the API reference for the details.

This feature has graduated to Experimental and should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance testing available for this feature
yet, please check your implementation's documentation to see if it is supported.

Relevant PRs:

• Implementing CORS Filter for HTTPRoute (#​3637,@​robscott)
• Change HTTPRouteFilter.CORS.AllowCredentials to expect a boolean and not a string (#​3656,@​EyalPazz)
• Add CORS to HTTPRouteFilterType (#​3668,@​EyalPazz)

XListenerSets (Standard Mechanism to Merge Gateways)

GEP-1713 defines a new mechanism to merge listeners into a single
Gateway, and in this release, this change has moved to Experimental. Following a new naming convention, an
experimental object name is prefaced with an X, thus ListenerSet has changed to XListenerSet.
The object group name has changed from gateway.networking.k8s.io to gateway.networking.x-k8s.io.

Please see the GEP reference document or the API reference for the details.

This feature has graduated to Experimental and should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance testing available for this feature
yet, please check your implementation's documentation to see if it is supported.

Relevant PRs:

• Clarified what it means for Gateway Listeners to be distinct (#​3477,@​youngnick)
• GEP-1713: Standard Mechanism to Merge Multiple Gateways (#​3213),@​dprotaso)
• Update GEP-1713 - Support attaching ListenerSets across namespaces (#​3632,@​dprotaso)
• GEP-1713: Standard Mechanism to Merge Multiple Gateways - move GEP Link to Experimental (#​3664),@​gcs278)
• Refactor codegen scripts to make it easier to generate two clients (#​3589,@​dprotaso)
• Add ListenerSet GEP-1713 to the website (#​3587,@​dprotaso)
• Introduces ListenerSet API & Generate Clients (in the group gateway.networking.k8s-x.io) (#​3588,@​dprotaso)
• The resource ListenerSet has been renamed to XListenerSet. The Resource BackendTrafficPolicy has been renamed to
  XBackendTrafficPolicy. (#​3682,@​mlavacca)

XBackendTrafficPolicy (Retry Budgets)

GEP-3388
specifies the configuration of a "retry budget" across all endpoints of a destination service in order to prevent
additional client-side retries after reaching a configured threshold. The budget can be configured using a maximum
percentage of active requests, or an interval during which requests will be considered. In this release, this change has
moved to Experimental. Following a new naming convention, an experimental object name is prefaced with an X, thus
BackendTrafficPolicy has changed to XBackendTrafficPolicy. The object group name has changed from
gateway.networking.k8s.io to gateway.networking.x-k8s.io.

Please see the GEP reference document or the API reference for the details.

This feature has graduated to Experimental and should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance testing available for this feature
yet, please check your implementation's documentation to see if it is supported.

Relevant PRs:

• Adds a new BackendTrafficPolicy with ability to configure budgeted retries (#​3607,@​ericdbishop)
• Add GEP-3388 HTTP Retry Budget (#​3488,@​ericdbishop)
• The resource ListenerSet has been renamed to XListenerSet. The Resource BackendTrafficPolicy has been renamed to
  XBackendTrafficPolicy. (#​3682,@​mlavacca)
• Retry budget fields are now in their own struct, moving from budgetPercent and budgetInterval to budget.percent
  and budget.interval respectively. (#​3695,@​youngnick)

BackendLBPolicy has been replaced by XBackendTrafficPolicy

In the interest of combining similar concepts in a single policy, we've decided
to merge the contents of BackendLBPolicy (session persistence) into
XBackendTrafficPolicy (retry budgets).

• BackendLBPolicy has been renamed to XBackendTrafficPolicy (#​3692,@​robscott)

GEPs

• Initial draft of Auth GEP-1494 (#​3500,@​youngnick)

Documentation

• For the Gateway infrastructure stanza, the InvalidParameters reason SHOULD be used with the Accepted condition in case the object referenced does not exist, is of an unsupported kind, or is malformed. (#​3579,@​mlavacca)
• Specify default type for sessionPersistence.cookieConfig.lifetimeType (#​3540,@​arkodg)
• Updates docs for the Kuadrant implementation (#​3598,@​jasonmadigan)
• Updates comparison of Gateway API and API Gateway to use the CNCF's definition of the latter (#​3653,@​craigbox)
• Fix 'mkdocs serve' endless build loop (#​3662,@​blake)
• Fix several MkDocs info and warning messages (#​3663,@​blake)
• Fix broken links and spelling (#​3655,@​blake), (#​3615,@​jsoref),
  (#​3657,@​blake),
  (#​3400,@​jsoref),
  (#​3626,@​zirain),
  (#​3565,@​Vaniog),
  (#​3485,@​fatsheep9146)
• GRPCRoute name is not set (#​3639,@​Xunhuo)
• Update GEPs in navbar (#​3634,@​blake)
• Remove experimental callout on GRPCRoute guide (#​3595,@​blake)
• Fix GRPCRoute structure definition error in the document (#​3344,@​0xff-dev)
• Add Gateway For Mesh section to the GEP template (#​3577,@​LiorLieberman)
• Fix group description in LocalObjectReference (empty string infers core API group) (#​3597,@​EyalPazz)
• Remove "experimental" language from gamma implementations (#​3580,@​LiorLieberman)
• Clarify frontend/backend relationship in GEP-91 (#​3571,@​htuch)

Cleanup

• Remove mkdocs-material-extensions from requirements.txt (#​3666, @​gcs278)
• Remove extra newlines and format descriptions of items for code generation (#​3574,@​snorwin)
• Fix mkdocs so at least 3 conformance reports are uploaded before update (#​3549,@​xtineskim)
• Dependencies have been upgraded to Kubernetes v1.32 and Go v1.24 (#​3697,@​robscott)

Bug or Regression

• Sort api versions when updating clientset during code generation (#​3652,@​bentheelder)
• Retry failed calls when waiting for namespace ready in tests (#​3627,@​aojea)
• Some tests are not formatted properly (#​3610,@​EyalPazz)
• Doesn't allow a user to provide both an asterisk and another method/s along with it in HTTPCORSFilter.AllowMethods
  (#​3667,@​EyalPazz)

Dependencies

Added

• github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.25.0
• github.com/Masterminds/goutils: v1.1.1
• github.com/Masterminds/semver: v1.5.0
• github.com/Masterminds/sprig: v2.22.0+incompatible
• github.com/elastic/crd-ref-docs: v0.1.0
• github.com/envoyproxy/go-control-plane/envoy: v1.32.4
• github.com/envoyproxy/go-control-plane/ratelimit: v0.1.0
• github.com/go-playground/locales: v0.13.0
• github.com/go-playground/universal-translator: v0.17.0
• github.com/go-playground/validator/v10: v10.4.1
• github.com/goccy/go-yaml: v1.11.3
• github.com/huandu/xstrings: v1.3.3
• github.com/leodido/go-urn: v1.2.0
• github.com/mitchellh/copystructure: v1.2.0
• github.com/mitchellh/reflectwalk: v1.0.2
• go.opentelemetry.io/auto/sdk: v1.1.0
• go.opentelemetry.io/contrib/detectors/gcp: v1.34.0
• go.opentelemetry.io/otel/sdk/metric: v1.34.0

Changed

• cel.dev/expr: v0.16.0 → v0.19.1
• cloud.google.com/go/compute/metadata: v0.5.0 → v0.6.0
• github.com/cncf/xds/go: 024c85f → cff3c89
• github.com/envoyproxy/go-control-plane: v0.13.0 → v0.13.4
• github.com/envoyproxy/protoc-gen-validate: v1.1.0 → v1.2.1
• github.com/evanphx/json-patch/v5: v5.9.0 → v5.9.11
• github.com/golang/glog: v1.2.2 → v1.2.4
• github.com/google/btree: v1.0.1 → v1.1.3
• github.com/google/cel-go: v0.20.1 → v0.22.0
• github.com/google/pprof: 4bfdf5a → d1b30fe
• github.com/gregjones/httpcache: 9cad4c3 → 901d907
• github.com/imdario/mergo: v0.3.16 → v0.3.11
• github.com/jessevdk/go-flags: v1.4.0 → v1.6.1
• github.com/jonboulle/clockwork: v0.2.2 → v0.4.0
• github.com/miekg/dns: v1.1.62 → v1.1.64
• github.com/moby/spdystream: v0.4.0 → v0.5.0
• github.com/onsi/ginkgo/v2: v2.19.0 → v2.22.0
• github.com/onsi/gomega: v1.34.2 → v1.36.2
• github.com/spf13/pflag: v1.0.5 → v1.0.6
• github.com/stoewer/go-strcase: v1.2.0 → v1.3.0
• github.com/xiang90/probing: 43a291a → a49e3df
• go.etcd.io/bbolt: v1.3.9 → v1.3.11
• go.etcd.io/etcd/api/v3: v3.5.14 → v3.5.16
• go.etcd.io/etcd/client/pkg/v3: v3.5.14 → v3.5.16
• go.etcd.io/etcd/client/v2: v2.305.13 → v2.305.16
• go.etcd.io/etcd/client/v3: v3.5.14 → v3.5.16
• go.etcd.io/etcd/pkg/v3: v3.5.13 → v3.5.16
• go.etcd.io/etcd/raft/v3: v3.5.13 → v3.5.16
• go.etcd.io/etcd/server/v3: v3.5.13 → v3.5.16
• go.opentelemetry.io/otel/metric: v1.28.0 → v1.34.0
• go.opentelemetry.io/otel/sdk: v1.28.0 → v1.34.0
• go.opentelemetry.io/otel/trace: v1.28.0 → v1.34.0
• go.opentelemetry.io/otel: v1.28.0 → v1.34.0
• go.uber.org/zap: v1.26.0 → v1.27.0
• golang.org/x/crypto: v0.29.0 → v0.33.0
• golang.org/x/exp: fe59bbe → 8a7402a
• golang.org/x/mod: v0.21.0 → v0.23.0
• golang.org/x/net: v0.31.0 → v0.35.0
• golang.org/x/oauth2: v0.22.0 → v0.25.0
• golang.org/x/sync: v0.9.0 → v0.11.0
• golang.org/x/sys: v0.27.0 → v0.30.0
• golang.org/x/term: v0.26.0 → v0.29.0
• golang.org/x/text: v0.20.0 → v0.22.0
• golang.org/x/time: v0.5.0 → v0.7.0
• golang.org/x/tools: v0.26.0 → v0.30.0
• golang.org/x/xerrors: 04be3eb → 104605a
• google.golang.org/genproto: b8732ec → ef43131
• google.golang.org/genproto/googleapis/api: ddb44da → 5f5ef82
• google.golang.org/genproto/googleapis/rpc: ddb44da → 1a7da9e
• google.golang.org/grpc: v1.67.1 → v1.71.0
• google.golang.org/protobuf: v1.35.2 → v1.36.5
• k8s.io/api: v0.31.3 → v0.32.2
• k8s.io/apiextensions-apiserver: v0.31.3 → v0.32.2
• k8s.io/apimachinery: v0.31.3 → v0.32.2
• k8s.io/apiserver: v0.31.3 → v0.32.2
• k8s.io/client-go: v0.31.3 → v0.32.2
• k8s.io/code-generator: v0.31.3 → v0.32.2
• k8s.io/component-base: v0.31.3 → v0.32.2
• k8s.io/gengo/v2: 51d4e06 → 2b36238
• k8s.io/kms: v0.31.3 → v0.32.2
  k8s.io/kube-openapi: 8948a66 → 32ad38e
• k8s.io/utils: 18e509b → 3ea5e8c
• sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.30.3 → v0.31.0
• sigs.k8s.io/controller-runtime: v0.19.1 → v0.20.3
• sigs.k8s.io/controller-tools: v0.16.5 → v0.17.2
• sigs.k8s.io/json: bc3834c → 9aa6b5e
• sigs.k8s.io/structured-merge-diff/v4: v4.4.3 → v4.5.0

Removed

• github.com/ahmetb/gen-crd-api-reference-docs: v0.3.0
• github.com/census-instrumentation/opencensus-proto: v0.4.1
• github.com/golang/groupcache: 41bb18b
• github.com/kr/pty: v1.1.1
• github.com/shurcooL/sanitized_anchor_name: v1.0.0
• k8s.io/gengo: 9cce18d
• k8s.io/klog: v0.2.0

v1.2.1

Compare Source

This is a patch release that fixes the backward incompatibility with the SupportedFeatures feature breaking change introduced in v1.2.0.

Bug Fixes

• v1.2.0 introduced a breaking change in the SupportedFeatures field of the GatewayClass API. That broke already existing GatewayClasses using the previous version of the feature. The fix to introduce backward compatibility is in (#​3454, @​LiorLieberman).

v1.2.0

Compare Source

On behalf of Kubernetes SIG Network, we are excited to announce the release of v1.2!
This release includes the graduation of 3 features to the standard channel and the introduction of 4 new features to the experimental channel, along with several improvements in many project areas.

Breaking Changes

GRPCRoute and ReferenceGrant v1alpha2 removal

As per a previous deprecation notice, in this version, both Experimental
and Standard channel CRDs will no longer serve the v1alpha2 versions
of GRPCRoute and ReferenceGrant.

• Disable v1alpha2 versions for GRPCRoute and ReferenceGrant by @​youngnick in
  #​3361

Upgrades

Before upgrading to Gateway API v1.2, you'll want to confirm that any
implementations of Gateway API have been upgraded to support the v1 API
version of these resources instead of the v1alpha2 API version. Note that
even if you've been using v1 in your YAML manifests, a controller may still be
using v1alpha2 which would cause it to fail during this upgrade.

Once you've confirmed that the implementations you're relying on have upgraded
to v1, it's time to install the v1.2 CRDs. In most cases, this will work without
any additional effort.

If you ran into issues installing these CRDs, it likely means that you have
v1alpha2 in the storedVersions of one or both of these CRDs. This field is
used to indicate which API versions have ever been used to persist one of these
resources. Unfortunately, this field is not automatically pruned. To check these
values, you can run the following commands:

kubectl get crd grpcroutes.gateway.networking.k8s.io -ojsonpath="{.status.storedVersions}"
kubectl get crd referencegrants.gateway.networking.k8s.io -ojsonpath="{.status.storedVersions}"

If either of these return a list that includes "v1alpha2", it means that we need
to manually remove that version from storedVersions.

Before doing that, it would be good to ensure that all your ReferenceGrants and
GRPCRoutes have been updated to the latest storage version:

crds=("GRPCRoutes" "ReferenceGrants")

for crd in "${crds[@​]}"; do
  output=$(kubectl get "${crd}" -A -o json)

  echo "$output" | jq -c '.items[]' | while IFS= read -r resource; do
    namespace=$(echo "$resource" | jq -r '.metadata.namespace')
    name=$(echo "$resource" | jq -r '.metadata.name')
    kubectl patch "${crd}" "${name}" -n "${namespace}" --type='json' -p='[{"op": "replace", "path": "/metadata/annotations/migration-time", "value": "'"$(date +%Y-%m-%dT%H:%M:%S)"'" }]'
  done
done

Now that all your ReferenceGrant and GRPCRoute resources have been updated to
use the latest storage version, you can patch the ReferenceGrant and GRPCRoute
CRDs:

kubectl patch customresourcedefinitions referencegrants.gateway.networking.k8s.io --subresource='status' --type='merge' -p '{"status":{"storedVersions":["v1beta1"]}}'
kubectl patch customresourcedefinitions grpcroutes.gateway.networking.k8s.io --subresource='status' --type='merge' -p '{"status":{"storedVersions":["v1"]}}'

With these steps complete, upgrading to the latest GRPCRoute and ReferenceGrant
should work well now.

Experimental Channel: GatewayClass Supported Features

The Experimental supportedFeatures field in GatewayClass status has changed
from being a list of strings to being a list of objects/structs with a name
field.

This is to allow adding in extra information to each entry at a later date.

Relevant PRs:

• SupportedFeatures field in Gateway Class status are now presented as a list of
  objects by @​LiorLieberman in
  #​3200

Changes since v1.2.0-rc2

There was one small change since RC2 - the Gateway Infrastructure conformance
test has been marked as provisional as we're not sure that the same-namespace
requirement imposed by this test is necessary. #​3373

Release Cycle changes

This was our first release using a new release
cycle that is
meant to make Gateway API releases more frequent and predictable.

There are now four phases:

• Scoping: 4-6 weeks, where the maintainers and community determine the set
  of features we want to include in the release. A key deliverable here is
  ensuring that the Experimental channel does not get any bigger than it already
  is; we want to ensure that features make their way to Standard or are removed.
• GEP Iteration and Review: 5-7 weeks, where we work to update GEPs, and
  solidify and meet graduation criteria for in-scope GEPs.
• API Refinement and Documentation: 3-5 weeks, where we translate proposed
  changes from GEPs into changes to both the API specification and
  documentation.
• SIG-Network Review and Release Candidates: 2-4 weeks, where we perform our
  required upstream reviews, get any further required changes in, and release
  our release candidates so that implementations can get started with work on
  the new features asap.

For all the detail about this, please see the Release Cycle
docs.

Relevant PRs:

• Adding Release Cycle Documentation by @​robscott in
  #​3063

Standard Channel Additions and Changes

The Standard channel is Gateway API's set of maximally-stable install files.
Only features with the best testing and support are added to the standard
channel. This channel should be considered GA or stable, and future changes will
be fully backwards compatible.

Infrastructure Labels and Annotations 🎉

GEP-1867 added an
infrastructure stanza to Gateway objects that is intended to carry
infrastructure configuration specific to that Gateway object.

GEP-1762 adds a section for
labels and annotations to this stanza that specifies labels and annotations
to be annotated to all resources created to fulfill that Gateway request.

This feature can be used to affect the labels and annotations created on
LoadBalancer Services by in-cluster implementations to fulfill the Gateway
contract or by Cloud Load Balancing resources created by Cloud Providers.

This feature has graduated to Standard and is now considered GA or Stable.

This feature's name for conformance tests and GatewayClass status reporting is
GatewayInfrastructurePropagation.

This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the supportedFeatures field in the status of any GatewayClass.

Relevant PRs:

• Remove experimental from gateway infrastructure by @​keithmattix in
  #​3272
• Validation for label keys and values according to Kubernetes specification by
  @​snorwin in #​3284

HTTPRoute Timeouts and Durations 🎉

The HTTPRoute Timeouts field on Route Rules has graduated to Standard and is
now considered GA or Stable.

This field allows you to configure overall Request Timeouts as well as Backend
Request Timeouts. For more information, refer to GEP
1742.

The relevant feature names this for conformance tests and GatewayClass status
reporting are:

• HTTPRouteRequestTimeout for httproute.spec.rules[].timeouts.request
• HTTPRouteBackendTimeout for httproute.spec.rules[].timeouts.backendRequest

This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the supportedFeatures field in the status of any GatewayClass.

Relevant PRs:

• Graduate GEP-2257 and GEP-1742 to standard by @​kflynn in
  #​3210
• GEP2257 Duration parsing by @​xtineskim in
  #​3271

BackendProtocol Support 🎉

The previous coordinated work across both Gateway API and upstream Kubernetes
which defined 3 new values for the AppProtocol field on Service Ports has
graduated to Standard and is now considered GA or Stable.

The values are:

• kubernetes.io/h2c - HTTP/2 over cleartext as described in
  RFC7540
• kubernetes.io/ws - WebSocket over cleartext as described in
  RFC6445
• kubernetes.io/wss - WebSocket over TLS as described in
  RFC6455

These can now be used with Gateway API to describe the protocol to use for
connections to Kubernetes Services. For more information, refer to GEP
1911.

The relevant feature names this for conformance tests and GatewayClass status
reporting are:

• HTTPRouteBackendProtocolH2C for H2C support, when
  service.spec.ports[].appProtocol is kubernetes.io/h2c.
• HTTPRouteBackendProtocolWebSocket for Websocket support, when
  service.spec.ports[].appProtocol is kubernetes.io/ws or
  kubernetes.io/wss.

This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the supportedFeatures field in the status of any GatewayClass.

Relevant PRs:

• Backend Protocol Selection is no longer experimental and is now part of
  HTTPRoute Extended Conformance by @​dprotaso in
  #​3108

Other Standard channel changes

• Increased the limit on HTTPRoute matches from 8 to 64 by @​howardjohn in
  #​3205
• Adds the GatewayClassConditionReason "Unsupported" and clarifies when
  GatewayClassConditionReason "InvalidParameters" should be preferred by
  @​mikemorris in
  #​3048
• HTTPRoute - 503 Status Code MAY be returned for Kubernetes Services who don't
  have any healthy endpoints by @​dprotaso in
  #​3121
• Document the route kinds compatible for each protocolType by @​abs007 in
  #​2263
• Move GEP-995 to Implementable by @​guicassolato in
  #​3166
• Add policy label to BackendLBPolicy to make it recognizable in gwctl by
  @​gauravkghildiyal in
  #​3195
• remove unnecessary S in ProtocolType validation by @​spacewander in
  #​3185

Experimental Channel Additions and Changes

The Experimental Channel is Gateway API's channel for testing out changes and
gaining confidence with them before allowing them to go to Standard.

This channel may include features that are changed or removed later!

HTTPRoute Retry support

GEP-1731 described how to add
configuration of retries on HTTPRoute objects, and in this release, this change
has moved to Experimental.

Please see the GEP reference document or the API reference for the details.

This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.

Relevant PRs:

• Adds support for configuring retries in HTTPRoute by @​mikemorris in
  #​3301
• Adds retry stanza within HTTPRouteRule to configure retrying unsuccessful
  requests to backends before sending a response to a client by @​mikemorris in
  #​3199

Percentage-based request mirroring

The existing Request Mirroring feature has been enhanced by allowing users to
specify a percentage of requests they'd like mirrored. These changes are
described in GEP-3171.

Please see the GEP reference document or the API reference for the details.

This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.

Relevant PRs:

• Adding GEP 3171: Percentage-based Request Mirroring by @​jakebennert in
  #​3178
• Add API for GEP-3171 by @​jakebennert in
  #​3283
• Add Additional API Testing for GEP-3171 by @​jakebennert in
  #​3302

Improvements to backend TLS configuration

Some changes have been made to Gateway API's support for configuring TLS
connections between the Gateway and backends.

Gateway has a new Experimental field that contains configuration for the client
certificate Gateways should use when connecting to Backends.

The existing BackendTLSPolicy object has had additions as well:

• Ability to specify SANs on BackendTLSPolicy
• Add TLS options to BackendTLSPolicy to mirror TLS config on Gateways

See GEP-3155 for all the
details.

This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.

Relevant PRs:

• Add GEP-3155: Complete Backend mTLS Configuration by @​mkosieradzki in
  #​3180
• add api changes according to gep-3155 by @​LiorLieberman in
  #​3304

Named Route Rules

All Route Rule types (GRPCRouteRule, HTTPRouteRule, TCPRouteRule, TLSRouteRule
and UDPRouteRule) have had a new, optional name field to support referencing
individual rules by name.

This name, if present, may be used in status and logging to indicate which
route rule is being referenced in messages in a more readable way than an array
index.

This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.

Relevant PRs:

• Implement of GEP-995 by @​howardjohn in
  #​2985
• Docs: route rule name by @​guicassolato in
  3299

Other specification changes

• Fix v1beta1 HTTPHeaderName alias by @​spencerhance in
  #​3127
• make update-codegen.sh runnable on Mac by @​spacewander in
  #​3186
• Add conformance tests for in-cluster Gateway infrastructure by @​keithmattix in
  #​3192
• Remove extra spacing in the API Specification aliases by @​nuno-faria in
  #​3218
• fix: allow the header based session persistence not to have AbsoluteTimeout by
  @​sanposhiho in
  #​3215
• Update GRPCRoute GEP to standard by @​xtineskim in
  #​3227
• The generated conformance report API version is set to v1 instead of v1alpha1
  by @​mlavacca in
  #​3153
• Use GRPCHeaderMatchType in GRPCHeaderMatch structure by @​kevinpollet in
  #​3252
• fix: inconsistent default reason for GatewayClass status (#​3225) by @​snorwin
  in #​3257
• Fixing Mesh version references in docs by @​robscott in
  #​3073
• fix: Add BackendLBPolicy to experimental kustomization by @​krouma in
  #​3083

Leadership changes

In this release timeframe, Gateway API has been working on building our
contributor pool and promoting more contributors up our contributor ladder.

Congratulations to @​mlavacca on being promoted into the core Gateway API
maintainer team!

Thanks to @​keithmattix for all your work as one of the GAMMA leads, and
congratulations to @​mikemorris on being promoted into the GAMMA lead team.

We've added two new GEP Reviewers: @​kflynn and @​arkodg

Also promoted in the conformance team:

• @​LiorLieberman is now an Approver
• @​candita is now a Reviewer

Last but most certainly not least, @​guicassolato has become a reviewer for
gwctl.

Congratulations to everyone on the promotions, and thanks for your continued
contributions to the Gateway API community!

Relevant PRs:

• Replace keithmattix as a mesh lead and replace with mikemorris by @​keithmattix
  in #​3109
• docs: add Mattia Lavacca as Gateway API maintainer by @​shaneutt in
  #​3231
• docs: add Flynn as a GEP reviewer by @​shaneutt in
  #​3253
• docs: promote Lior to conformance approver by @​shaneutt in
  #​3254
• Add Arko as GEP Reviewer by @​shaneutt in
  #​3255
• docs: add candita as conformance reviewer by @​shaneutt in
  #​3296
• docs: add guicassolato as gwctl reviewer by @​shaneutt in
  #​3303

Testing

• Features have been re-arranged to a struct containing metadata and feature
  Name. The API Channel has been set as a field for such a struct in
  #​3287
• Exposing grpc client interface as a option in the conformance suite in
  #​3095

gwctl

In this release, gwctl is moving to a separate repo:
kubernetes-sigs/gwctl. This will
enable a more flexible and independent release process. Significant new updates
are coming to gwctl, follow the new repo for the latest updates on that project.

Although these changes won't be part of Gateway API v1.2 and will instead be
part of the separate gwctl release, we're noting them as they were merged while
the project was part of this repo:

• Describing Gateways and Backends will include a separate field showing
  InheritedPolicies by @​gauravkghildiyal in
  #​3198
• Gwctl allows filtering results to only those related to the specified resource
  (using the --for flag) by @​gauravkghildiyal in
  #​3068
• Show Events and Analysis when describing resources by @​gauravkghildiyal in
  #​3051
• The output of gwctl describe httproute <NAME> now includes more details by
  @​gauravkghildiyal in
  #​3181
• Support wide output format for get commands (-o wide) and Replace Print in
  BackendsPrinter with PrintTable by @​deszhou in
  #​3129
• Optimize print and reduce repeated logic. Maintain agreement with print
  methods of other resources @​deszhou in
  #​3076
• Outputs ns for gateways in gwctl by @​xtineskim in
  #​3136
• gwctl performance improvements by @​gauravkghildiyal in
  #​3145

Documentation Changes

• Update and standardise admonitions by @​craigbox in
  #​3066
• docs: fix Istio version badge by @​howardjohn in
  #​3067
• fix: kind of CACertificateRefs should be ConfigMap by @​reaver-flomesh in
  #​3085
• Providing more detailed upgrade notes for v1.1 by @​robscott in
  #​3084
• Fix rendering of list in GEP-713 by @​craigbox in
  #​3113
• Remove description of GAMMA concepts as "experimental in v0.8". by @​craigbox
  in #​3114
• Correct PR link for GEP-995 implementation by @​craigbox in
  #​3107
• GEP-1324: Fix image path by @​LionelJouin in
  #​3105
• Add missing apiVersion in the referencegrant API docs by @​spacewander in
  #​3135
• Fix the missing example in HTTP rewrite by @​spacewander in
  #​3126
• chore(docs): GRPC and HTTP docs versions cleanup by @​pmalek in
  #​3163
• docs: Fix missing v1beta1, v1alpha3 API versions by @​gcs278 in
  #​3202
• chore: fix typo in gep-713 by @​spacewander in
  #​3236
• fix: deduplicate Declined status by @​xmulligan in
  #​3238
• add link for rfc 3986 by @​whitneygriffith in
  #​3240
• docs: partial reports can be submitted by @​mlavacca in
  #​3179
• issue-3260: Clarify a few points on Development Documentation. by [@&#8203

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 19 additional dependencies were updated

Details:

Package	Change
k8s.io/api	v0.30.2 -> v0.31.1
k8s.io/apiextensions-apiserver	v0.30.2 -> v0.31.1
github.com/go-logr/logr	v1.4.1 -> v1.4.2
github.com/moby/spdystream	v0.2.0 -> v0.4.0
golang.org/x/crypto	v0.24.0 -> v0.26.0
golang.org/x/mod	v0.18.0 -> v0.20.0
golang.org/x/net	v0.26.0 -> v0.28.0
golang.org/x/oauth2	v0.20.0 -> v0.21.0
golang.org/x/sync	v0.7.0 -> v0.8.0
golang.org/x/sys	v0.21.0 -> v0.24.0
golang.org/x/term	v0.21.0 -> v0.23.0
golang.org/x/text	v0.16.0 -> v0.17.0
golang.org/x/tools	v0.22.0 -> v0.24.0
google.golang.org/genproto/googleapis/api	v0.0.0-20240515191416-fc5f0ca64291 -> v0.0.0-20240604185151-ef581f913117
google.golang.org/genproto/googleapis/rpc	v0.0.0-20240624140628-dc46fd24d27d -> v0.0.0-20240701130421-f6361c86f094
google.golang.org/grpc	v1.64.1 -> v1.66.2
k8s.io/apimachinery	v0.30.2 -> v0.31.1
k8s.io/klog/v2	v2.120.1 -> v2.130.1
k8s.io/utils	v0.0.0-20240502163921-fe8a2dddb1d0 -> v0.0.0-20240711033017-18e509b52bc8

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -d -t ./...
go: module sigs.k8s.io/[email protected] requires go >= 1.24.0; switching to go1.24.2
go: downloading go1.24.2 (linux/amd64)
go: download go1.24.2: golang.org/[email protected]: verifying module: checksum database disabled by GOSUMDB=off