This page lists the capabilities of the GatewayClass resources available on Google Kubernetes Engine (GKE) and their supported specifications.
For the various tables on this page, the legend for the tables is as follows:
- indicates that the field is not supported.The following table lists the distinguishing features of the GatewayClass resources available on GKE.
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
| GKE Gateway Controller | Google-hosted Gateway controller | ||||||||
| Location | Google Cloud infrastructure | ||||||||
| Platform | GKE | ||||||||
| Cluster type | GKE Autopilot or GKE Standard | ||||||||
| Cluster scope | Single cluster | Multi-cluster | Single cluster | Multi-cluster | Single cluster | Multi-cluster | Single cluster | Multi-cluster | |
| Gateway API versions | New clusters and cluster upgrades: GKE 1.35.2-gke.1842000 or later: 1.5.0 GKE 1.34.1-gke.1822000 or later: 1.4.0 GKE 1.33.2-gke.1335000 or later: 1.3.0 GKE 1.32.2-gke.1475000 or later: 1.2.0 GKE 1.30.2-gke.1783000 or later: 1.1.0 |
||||||||
| API enablement | GKE Autopilot: enabled by default | ||||||||
| Launch stage | GA | ||||||||
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
| Required | |||||||||
| API version | net.gke.io/v1 |
net.gke.io/v1 |
net.gke.io/v1 |
net.gke.io/v1 |
net.gke.io/v1 |
||||
| Resource type | ServiceExport | ServiceExport | ServiceExport | ServiceExport | ServiceExport |
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
| Type | Global external Application Load Balancer | Regional external Application Load Balancer | Internal Application Load Balancer | Classic Application Load Balancer | |||||
| Load balancer scope | Global | Regional | Regional | Regional | Global | ||||
| Container-native load balancing | (Default, using GCE_VM_IP_PORT zonal NEGs) |
||||||||
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
| Shared VPC support | All clusters and fleet host project in the same Shared VPC host or service project | ||||||||
| Shared Gateway/Ingress for multiple routes | |||||||||
| Automated VPC firewall lifecycle management | |||||||||
| Note: You must deploy firewall rules manually for Gateways in a
Shared VPC environment. For more information, see required firewall rules for Gateways. |
|||||||||
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
| Gateway IP address assignment | Static or dynamic | ||||||||
| Network Service tier IP address | Premium Tier | Standard Tier or Premium Tier | Standard Tier or Premium Tier | Premium Tier | Premium Tier | ||||
| Gateway IP address reachability | Internet | Internet | VPC internal | Internet | |||||
| Same IP address for multiple ports (HTTP, HTTPS) | |||||||||
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
| Global Access | Implicit for Global load balancers | Implicit for Global load balancers | Implicit for Global load balancers | ||||||
| Cross-region backend load balancing | |||||||||
| Cross-project load balancing | Backend services and NEGs must be in the same project (Managed by the GKE Gateway controller) |
||||||||
| Cross-namespace routing | |||||||||
| Host/Path routing | Prefix, Exact match | ||||||||
| Header-based routing | Exact match | ||||||||
| Path redirects | |||||||||
| URL rewrites | |||||||||
| Traffic splitting | |||||||||
| Traffic mirroring | |||||||||
| Traffic cut over | |||||||||
| Traffic-based autoscaling | |||||||||
| Custom request headers | |||||||||
| Custom response headers | |||||||||
| GCPRoutingExtension | Not supported | Not supported | Not supported | Not supported | |||||
| GCPTrafficExtension | Not supported | Not supported | |||||||
| GCPWasmPlugin | Preview | Not supported | Not supported | Not supported | Not supported | Not supported | Not supported | Not supported | Not supported |
| Feature | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
| SSL policy | |||||||||
| HTTP-to-HTTPS redirect | |||||||||
| Multiple TLS certificates support | |||||||||
| Frontend mTLS | |||||||||
| Kubernetes Secrets-based certificates | |||||||||
| Self-managed Compute Engine SSL certificates | |||||||||
| Google-managed Compute Engine SSL certificates | |||||||||
| Self-managed SSL certificates with Certificate Manager | |||||||||
| Google-managed SSL certificates with Certificate Manager |
gke-l7-global-external-managedgke-l7-global-external-managed-mcgke-l7-regional-external-managedgke-l7-regional-external-managed-mcgke-l7-cross-regional-internal-managed-mcgke-l7-rilbgke-l7-rilb-mcgke-l7-gxlbgke-l7-gxlb-mc| Features | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
| Identity-Aware Proxy (IAP) | |||||||||
| Google Cloud Armor backend security policy | |||||||||
| Cloud CDN | |||||||||
| GCPRoutingExtension Support | |||||||||
| GCPTrafficExtension Support | |||||||||
| GCPWasmPlugin Support |
The following tables list the fields of the Gateway API specification that are supported by GKE.
spec.addressesFor more information, see
spec.addresses
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
type |
NamedAddress |
||||||||
value |
Static global external address | Static regional external address | Static regional internal address | Static global external address | |||||
spec.listenersFor more information, see
spec.listeners
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
protocol |
HTTP, HTTPS | ||||||||
port |
1-65535 | ||||||||
name |
|||||||||
hostname |
|||||||||
tls |
|||||||||
allowedRoutes |
|||||||||
spec.listeners.tlsFor more information, see
spec.listeners.tls
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
mode |
Terminate |
||||||||
certificateRefs |
|||||||||
spec.listeners.tls.optionsFor more information, see
spec.listeners.tls.options
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
networking.gke.io/pre-shared-certs |
Global SSL certificate resource reference (self- or Google-managed) | Regional, self-managed SSL certificate resource reference | Regional, self-managed SSL certificate resource reference | Global SSL certificate resource reference (self- or Google-managed) | |||||
The following tables list the values of the GCPTrafficExtension API specification that are supported by GKE.
spec.targetRefsFor more information, see
spec.targetRefs
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
group |
gateway.networking.k8s.io |
||||||||
kind |
Gateway |
||||||||
name |
|||||||||
spec.extensionChains.extensions.BackendRefFor more information, see
spec.extensionChains.extensions.BackendRef
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
group |
(empty) |
||||||||
kind |
Service, GCPWasmPlugin |
ServiceImport |
Service |
ServiceImport |
ServiceImport |
Service |
ServiceImport |
||
name |
|||||||||
port |
|||||||||
spec.extensionChains.extensions.googleAPIServiceName| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
googleAPIServiceName |
The following tables list the values of the GCPRoutingExtension API specification that are supported by GKE.
spec.targetRefsFor more information, see
spec.targetRefs
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
group |
gateway.networking.k8s.io |
||||||||
kind |
Gateway |
||||||||
name |
|||||||||
spec.extensionChains.extensions.BackendRefFor more information, see
spec.extensionChains.extensions.BackendRef
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
group |
(empty) |
||||||||
kind |
Service |
ServiceImport |
ServiceImport |
Service |
ServiceImport |
||||
name |
|||||||||
port |
|||||||||
The following tables list the values of the HTTPRoute API specification that are supported by GKE.
spec.parentRefsFor more information, see
spec.parentRefs
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
parentRefs.group |
|||||||||
parentRefs.kind |
|||||||||
parentRefs.namespace |
|||||||||
parentRefs.name |
|||||||||
parentRefs.sectionName |
|||||||||
parentRefs.port |
spec.hostnamesFor more information, see
spec.hostnames
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
precise, wildcard |
spec.rulesFor more information, see
spec.rules
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
path.type |
Exact, PathPrefix |
||||||||
path.value |
|||||||||
headers.type |
Exact |
||||||||
headers.name |
|||||||||
headers.value |
|||||||||
queryParams |
|||||||||
method |
|||||||||
spec.rules.backendRefsFor more information, see
spec.rules.backendRefs
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
backendRef.group |
(empty), gateway.networking.k8s.io, net.gke.io |
||||||||
backendRef.kind |
Service |
ServiceImport |
Service |
ServiceImport |
Service |
ServiceImport |
Service |
ServiceImport |
|
backendRef.name |
|||||||||
backendRef.namespace |
|||||||||
backendRef.port |
|||||||||
backendRef.weight |
|||||||||
backendRef.filters |
|||||||||
spec.rules.filtersFor more information, see
spec.rules.filters
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
type |
requestHeaderModifier, responseHeaderModifier, requestMirror, requestRedirect, urlRewrite |
||||||||
requestHeaderModifier.add |
|||||||||
requestHeaderModifier.remove |
|||||||||
requestHeaderModifier.set |
|||||||||
responseHeaderModifier.add |
|||||||||
responseHeaderModifier.remove |
|||||||||
responseHeaderModifier.set |
|||||||||
requestMirror.backendRef |
|||||||||
requestRedirect.scheme |
HTTP, HTTPS |
||||||||
requestRedirect.hostname |
|||||||||
requestRedirect.path |
replaceFullPath, replacePrefixMatch |
||||||||
requestRedirect.port |
|||||||||
requestRedirect.statusCode |
|||||||||
urlRewrite.hostname |
|||||||||
urlRewrite.path |
replacePrefixMatch |
||||||||
The following tables list the values of the ReferenceGrant API specification that are supported by GKE.
spec.fromFor more information, see
spec.from
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
group |
(empty), gateway.networking.k8s.io, net.gke.io |
||||||||
kind |
Gateway, HTTPRoute |
||||||||
namespace |
|||||||||
spec.toFor more information, see
spec.to
in the Gateway documentation.
| Fields | gke-l7-global-external-managed |
gke-l7-global-external-managed-mc |
gke-l7-regional-external-managed |
gke-l7-regional-external-managed-mc |
gke-l7-cross-regional-internal-managed-mc |
gke-l7-rilb |
gke-l7-rilb-mc |
gke-l7-gxlb |
gke-l7-gxlb-mc |
|---|---|---|---|---|---|---|---|---|---|
group |
(empty), gateway.networking.k8s.io, net.gke.io |
||||||||
kind |
Secret, Service, ServiceImport |
||||||||
name |
|||||||||
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-06-09 UTC.