Introduction

The Kubernetes SIG Network community is proud to announce the release of Gateway API v1.5, available since February 27, 2026. This version marks the largest update to date, focusing on moving experimental features into the Standard (GA) release channel. Alongside the main release, the v1.5.1 patch is already available, addressing minor fixes. The v1.5 release brings six widely-requested feature promotions, a revamped release process, and significant improvements for multi-tenant and large-scale deployments.

New Release Process: Moving to a Release Train Model

With Gateway API v1.5, the project adopts a release train model. Under this approach, a feature freeze date is set, and any features that are ready by that deadline are shipped together. This applies to both Experimental and Standard channels, and extends to documentation—if the docs aren't ready, the feature isn't included. The goal is to create a more predictable and reliable release cadence, inspired by SIG Release's successful work on Kubernetes itself.

As part of this change, new roles have been introduced: Release Manager and Release Shadow. Special thanks go to Flynn (Buoyant) and Beka Modebadze (Google) for coordinating the first release under this model and smoothing out initial challenges. Both will continue in their roles for the next release.

New Standard Features

Gateway API v1.5 promotes six experimental features to the Standard channel. Below we highlight each enhancement.

ListenerSet

Leads: Dave Protasowski, David Jumani (GEP-1713)

Prior to ListenerSet, all listeners had to be defined directly on the Gateway object. This worked for simple cases but created hurdles in complex or multi-tenant environments:

• Platform teams and application teams often needed to coordinate changes to the same Gateway.
• Safely delegating ownership of individual listeners was difficult.
• Extending existing Gateways required direct modification of the original resource.

ListenerSet addresses these limitations by allowing listeners to be defined independently and then merged onto a target Gateway. This design also enables attaching more than 64 listeners to a single shared Gateway—critical for large-scale deployments and scenarios with many hostnames per listener.

How it works: A ListenerSet resource attaches to a Gateway and contributes one or more listeners. The Gateway controller merges listeners from both the Gateway resource and any attached ListenerSets. For example, a central infrastructure team can define a Gateway with a default HTTP listener, while two application teams define their own ListenerSet resources in separate namespaces, each contributing additional listeners to the same Gateway.

Note: Even with ListenerSet, the listeners field in the Gateway remains mandatory, and the Gateway must always have at least one valid listener.

TLSRoute

TLSRoute is promoted to Stable, providing a means to route TLS-terminated traffic based on SNI. It decouples TLS handshake from routing, giving operators finer control over encrypted traffic.

HTTPRoute CORS Filter

The CORS (Cross-Origin Resource Sharing) filter for HTTPRoute is now stable, enabling straightforward configuration of CORS headers directly within the API, without needing custom middleware or backend modifications.

Client Certificate Validation

This feature allows Gateway to validate client certificates during TLS handshake, adding an extra layer of security. It previously lived in Experimental and is now ready for production use.

Certificate Selection for Gateway TLS Origination

When a Gateway originates TLS connections to backend services, this feature enables selective certificate assignment based on routes or listeners, improving security and flexibility in mTLS scenarios.

ReferenceGrant

ReferenceGrant, which allows resources across namespaces to reference each other securely, has been promoted. It is essential for multi-tenant setups where a Gateway in one namespace needs to route traffic to services in another.

Conclusion

Gateway API v1.5 represents a significant step forward for Kubernetes networking. The move to a release train model, combined with the promotion of six key features to stable, demonstrates the community's commitment to reliability and scalability. Whether you're managing a small cluster or a multi-tenant platform with hundreds of services, this release provides the tools to simplify and secure your infrastructure. For the full list of changes and migration guides, visit the official Gateway API release notes.