Skip to content

Unmanaged Gateways not listening to all Routes #7680

New issue
New issue
Open
Open
Unmanaged Gateways not listening to all Routes#7680
Labels
bugSomething isn't working
@yrosemacbs

Description

@yrosemacbs
yrosemacbs
opened on Aug 8, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

According to the documentation (https://developer.konghq.com/kubernetes-ingress-controller/gateway-api/#unmanaged-gateways), when using unmanaged gateways, all routes are sent to all gateway instances with the same controller name.
When using two gateway instances, one with a listener for alpha.example.com and one with a listener for *.example.com, a route with a parentRef set to the first gateway but a different hostname (for example beta.example.com) will lead to a routing error instead of being handled by the wildcard gateway.

Expected Behavior

The beta.example.com route should be handled by the wildcard gateway when using unmanaged mode.

Steps To Reproduce

1. Deploy an unmanaged GatewayClass.
1. Deploy two Gateways, for example

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: example
spec:
  gatewayClassName: kong
  listeners:
    - allowedRoutes:
        namespaces:
          from: All
      hostname: alpha.example.com
      name: tls
      port: 443
      protocol: HTTPS
      tls:
        certificateRefs:
          - group: ''
            kind: Secret
            name: some-certificate
        mode: Terminate
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: example-wildcard
spec:
  gatewayClassName: kong
  listeners:
    - allowedRoutes:
        namespaces:
          from: All
      hostname: *.example.com
      name: tls
      port: 443
      protocol: HTTPS
      tls:
        certificateRefs:
          - group: ''
            kind: Secret
            name: some-certificate
        mode: Terminate

1. Now deploy an HTTPRoute with a parentRef set to example and a hostname set to `beta.example.com`

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: beta-route
spec:
  hostnames:
    - beta.example.com
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: example
  rules:
    - backendRefs:
        - group: ''
          kind: Service
          name: some-service
          port: 80
          weight: 1
      matches:
        - path:
            type: PathPrefix
            value: /

1. Navigate to `beta.example.com` to find a routing error message

Kong Ingress Controller version

v3.9

Kubernetes version

{
  "clientVersion": {
    "major": "1",
    "minor": "31",
    "gitVersion": "v1.31.0",
    "gitCommit": "9edcffcde5595e8a5b1a35f88c421764e575afce",
    "gitTreeState": "clean",
    "buildDate": "2024-08-13T07:37:34Z",
    "goVersion": "go1.22.5",
    "compiler": "gc",
    "platform": "windows/amd64"
  },
  "kustomizeVersion": "v5.4.2",
  "serverVersion": {
    "major": "1",
    "minor": "32",
    "gitVersion": "v1.32.4+rke2r1",
    "gitCommit": "59526cd4867447956156ae3a602fcbac10a2c335",
    "gitTreeState": "clean",
    "buildDate": "2025-04-23T02:45:16Z",
    "goVersion": "go1.23.6 X:boringcrypto",
    "compiler": "gc",
    "platform": "linux/amd64"
  }
}

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions