AWS Gateway API Support Goes GA

Kubernetes Networking Evolution

The GA release of AWS Load Balancer Controller with Kubernetes Gateway API support is a substantial advancement, addressing long-standing pain points associated with Kubernetes ingress management. The move from opaque annotation strings to structured, type-safe CRDs is a major win for developer experience, enabling better validation, IDE support, and GitOps workflows. This standardization is crucial for managing complex cloud-native environments, offering a more robust and scalable approach to traffic management for both north-south and east-west traffic. The clear separation of responsibilities defined by the Gateway API—GatewayClass for platform teams, Gateway for cluster operators, and Routes for app developers—aligns well with modern RBAC strategies, empowering developers without granting excessive privileges. Furthermore, the seamless integration with AWS Certificate Manager for automatic TLS certificate management simplifies operational overhead significantly.

However, the reliance on controller feature flags and the need for specific controller version upgrades (v2.13.3+ for L4, v2.14.0+ for L7) might present minor adoption hurdles for teams running older deployments. The mentioned limitation regarding external certificate support, while potentially addressed in future releases, is a notable concern for organizations with existing certificate management strategies outside of AWS Certificate Manager. While the article highlights the portability of core Gateway API resources, the necessity of cloud-specific CRDs for advanced configurations means true portability might still require careful consideration and potential refactoring when migrating between cloud providers. Despite these points, the overall impact is overwhelmingly positive, marking a significant step toward modernizing Kubernetes deployments on AWS and aligning with industry-wide efforts to standardize ingress and service mesh control planes.

Key Points

• AWS Load Balancer Controller now supports Kubernetes Gateway API in General Availability (GA).
• This allows management of ALB and NLB via the Gateway API specification, a successor to the Ingress API.
• Key benefits include moving away from annotation strings to type-safe CRDs, offering better validation, IDE support, and GitOps compatibility.
• The controller handles both Layer 4 (TCP, UDP, TLS via NLB) and Layer 7 (HTTP, gRPC via ALB) routing using Gateway API resources.
• Gateway API enables role separation, allowing platform teams, cluster operators, and app developers to manage different aspects of traffic routing according to RBAC boundaries.
• Cross-namespace routing is now supported, enabling shared Gateways managed by platform teams and referenced by app teams in other namespaces.
• Automatic TLS certificate discovery and rotation from AWS Certificate Manager is integrated with Gateway API listeners.
• Gateway API offers portability, with core routing logic consistent across implementations, while AWS-specific CRDs provide optional cloud-specific features.
• Existing Ingress resources are still supported, but new projects may opt for Gateway API due to improved validation and clarity.
• Teams need to enable Gateway API feature flags and upgrade to specific controller versions for full support.

---

📖 Source: AWS Load Balancer Controller Reaches GA with Kubernetes Gateway API Support