Breaking: Kubernetes Gateway API v1.5 Released
February 27, 2026 – The Kubernetes SIG Network community today released Gateway API v1.5, the largest update yet, promoting six experimental features to the Standard channel. The release includes the highly anticipated ListenerSet, TLSRoute, and HTTPRoute CORS Filter, among others. A patch release v1.5.1 is already available.
“This is our biggest release ever, and it focuses on moving features that have been battle-tested in experimental mode into the stable Standard channel,” said a SIG Network spokesperson. “Users can now rely on these features in production without fear of breakage.”
Six Key Promotions to Standard Channel
- ListenerSet – Enables independent listener definitions merged onto a target Gateway, solving multi-tenant coordination.
- TLSRoute – Provides TLS-specific routing capabilities.
- HTTPRoute CORS Filter – Simplifies CORS configuration for HTTP routes.
- Client Certificate Validation – Enhances mTLS security for Gateway endpoints.
- Certificate Selection for Gateway TLS Origination – Allows granular certificate handling.
- ReferenceGrant – Facilitates cross-namespace resource references securely.
“Special thanks to all Gateway API contributors for their relentless efforts on this release,” the community said in a statement.
New Release Train Model
Starting with v1.5, Gateway API adopts a release train model with a fixed feature freeze date. Only features with complete documentation are shipped. This mirrors the approach used by SIG Release for Kubernetes itself, promising a more predictable cadence.
“We’ve also introduced Release Manager and Release Shadow roles,” noted Flynn (Buoyant) and Beka Modebadze (Google), who coordinated this release. “Both of us will continue in these roles for the next release as we smooth out the process.”
How ListenerSet Works
Before ListenerSet, all listeners had to be defined directly on the Gateway object, creating friction in multi-tenant environments. Platform and application teams often needed to coordinate changes on the same Gateway, and delegating listener ownership was difficult. ListenerSet solves this by allowing listeners to be defined as separate resources and merged onto a shared Gateway. It also supports more than 64 listeners per Gateway, critical for large-scale deployments.
“Even with ListenerSet, the Gateway must still have at least one valid listener defined directly,” explained leads Dave Protasowski and David Jumani. “The Gateway controller merges listeners from both the Gateway resource and attached ListenerSet resources.”
Example: A central infrastructure team defines a Gateway with a default HTTP listener, while two application teams each create their own ListenerSet in separate namespaces. Both attach to the same Gateway, each contributing additional listeners.
Background
The Gateway API project has steadily evolved since its inception, aiming to provide a standardized, role-oriented API for Kubernetes service networking. Previous releases focused on core route types and experimental features. v1.5 marks a turning point by moving several widely-requested capabilities to stable, reducing risk for enterprises adopting these patterns. The shift to a release train model aligns with broader Kubernetes community best practices.
What This Means
For platform engineers, ListenerSet simplifies multi-tenant gateway management and eliminates the need to modify a single Gateway resource for every new listener. TLS features strengthen security posture for ingress traffic. The release train model ensures future updates arrive on schedule, with no half-baked features sneaking in. Organizations can now confidently build production-grade ingress solutions using these standardized APIs.
“This release sets a new baseline for reliability and scalability,” the community emphasized. “We encourage users to upgrade and explore the improved capabilities.”