Gateway API Support

Cilium supports Gateway API v0.5.1 for below resources, all the Core conformance tests, plus the ReferenceGrant extended tests, are passed.


  • Cilium must be configured with kubeProxyReplacement as partial or strict. Please refer to kube-proxy replacement for more details.

  • Cilium must be configured with the L7 proxy enabled using the --enable-l7-proxy flag (enabled by default).

  • The below CRDs from Gateway API v0.5.1 must be pre-installed. Please refer to this docs for installation steps. Alternatively, the below snippet could be used.

    $ kubectl apply -f
    $ kubectl apply -f
    $ kubectl apply -f
    $ kubectl apply -f
  • Similar to Ingress, Gateway API controller creates a service of LoadBalancer type, so your environment will need to support this.


Cilium Gateway API Controller can be enabled with helm flag gatewayAPI.enabled set as true. Please refer to Installation using Helm for a fresh installation.

$ helm upgrade cilium cilium/cilium --version 1.13.1 \
    --namespace kube-system \
    --reuse-values \
    --set gatewayAPI.enabled=true

$ kubectl -n kube-system rollout restart deployment/cilium-operator
$ kubectl -n kube-system rollout restart ds/cilium

Next you can check the status of the Cilium agent and operator:

$ cilium status

Install the latest version of the Cilium CLI. The Cilium CLI can be used to install Cilium, inspect the state of a Cilium installation, and enable/disable various features (e.g. clustermesh, Hubble).

if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}


Please refer to one of the below examples on how to use and leverage Cilium’s Gateway API features:

More examples can be found upstream repository.