Gateway API offline .run installer package.
This package is a CRD-only offline installer for Kubernetes Gateway API. Gateway API itself is an API specification and a set of Kubernetes CRDs; it is not a gateway controller and does not run data-plane pods by itself.
- Gateway API:
v1.5.1 - package type: CRD-only / architecture-independent
- included channels:
standard-install.yamlexperimental-install.yaml
The standard channel is the default and is enough for most HTTP/gRPC ingress use cases:
GatewayClassGatewayHTTPRouteGRPCRouteReferenceGrant
The experimental channel contains the standard CRDs plus experimental APIs, for example TCP/TLS/UDP route or policy resources depending on the upstream release.
Build host requirements:
- Linux shell
curltarsha256sum
No jq, Python, Docker, or Helm is required.
Build:
bash build.shUse a different upstream version:
bash build.sh --version 1.5.1Use pre-downloaded release assets under upstream/:
upstream/standard-install.yaml
upstream/experimental-install.yaml
bash build.sh --use-local-assetsArtifacts are written to dist/:
dist/gateway-api-1.5.1.run
dist/gateway-api-1.5.1.run.sha256
Target host requirements:
bash- common Linux base tools:
awk,head,wc,dd,od,tail,tar kubectl- optional
sha256sum, only for checking the.sha256file before running the installer
The target host does not need jq, Python, Docker, Helm, or internet access.
Install standard CRDs:
sha256sum -c gateway-api-1.5.1.run.sha256
chmod +x gateway-api-1.5.1.run
./gateway-api-1.5.1.run install -yInstall experimental CRDs:
./gateway-api-1.5.1.run install --channel experimental -yThe installer uses server-side apply by default because upstream Gateway API release notes recommend it for large CRD manifests, especially the experimental channel.
If there is field ownership conflict during an upgrade:
./gateway-api-1.5.1.run install --channel standard --force-conflicts -y./gateway-api-1.5.1.run statusEquivalent manual checks:
kubectl get crd | grep gateway.networking
kubectl get gatewayclass
kubectl get gateways -A
kubectl get httproutes -ASafe uninstall does not delete CRDs:
./gateway-api-1.5.1.run uninstall -yActually deleting CRDs is dangerous because Kubernetes will also delete all custom resources of those CRD types, such as Gateway, HTTPRoute, and GRPCRoute. Use this only when you are sure:
./gateway-api-1.5.1.run uninstall --channel standard --delete-crds -yGateway API is the API layer. You still need a Gateway API implementation/controller to make traffic actually flow.
Good implementation choices include:
- Envoy Gateway
- Cilium
- Istio
- NGINX Gateway Fabric
- Traefik
- HAProxy Ingress
- Gloo Gateway
- kgateway
The normal order is:
- Install Gateway API CRDs with this package.
- Install a Gateway API implementation/controller.
- Confirm that a
GatewayClassexists. - Create a
Gatewaythat references theGatewayClass. - Create
HTTPRoute,GRPCRoute, or other Route resources that attach to the Gateway.
Check GatewayClass:
kubectl get gatewayclassExample application:
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: traefik/whoami:v1.10
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: whoami
namespace: default
spec:
selector:
app: whoami
ports:
- name: http
port: 80
targetPort: 80Example Gateway. Replace YOUR_GATEWAY_CLASS with the GatewayClass created by your controller:
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: shared-gateway
namespace: default
spec:
gatewayClassName: YOUR_GATEWAY_CLASS
listeners:
- name: http
port: 80
protocol: HTTP
allowedRoutes:
namespaces:
from: AllExample HTTPRoute:
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: whoami
namespace: default
spec:
parentRefs:
- name: shared-gateway
namespace: default
hostnames:
- whoami.example.com
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: whoami
port: 80Apply:
kubectl apply -f whoami.yaml
kubectl apply -f gateway.yaml
kubectl apply -f httproute.yamlCheck whether the route is accepted:
kubectl describe gateway shared-gateway
kubectl describe httproute whoami
kubectl get gateway shared-gateway -o yaml
kubectl get httproute whoami -o yamlFor access, use the external address or NodePort exposed by your chosen Gateway API controller. This package only installs the CRDs, so it does not create a LoadBalancer, NodePort, or proxy pod.
The workflow .github/workflows/offline-run-packages.yml builds gateway-api-<version>.run and .sha256 on:
- push to
main - tag
v* - manual
workflow_dispatch
When a v* tag is pushed, the generated .run and .sha256 files are attached to the GitHub Release.