Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Network - IngressDNS
Labels:

Target Version:
None
Activity Type:
Product / Portfolio Work
Status Summary:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Products:
None
Hierarchy Progress Bar:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
None
PX Impact Score:
PX Impact Range:
None
PX Priority Data:
None
PX Technical Impact:
None
PX Technical Impact Notes:
None
PX Scheduling Request:
None

Proposed Title of this Feature Request

Enable Permanent Opt-Out for Gateway API CRD and Controller Management

What is the nature and description of the request?

The requester is seeking a mechanism to {}fully disable OpenShift's management of Gateway API Custom Resource Definitions (CRDs){}. Currently, an OpenShift validating admission policy (VAP) and webhook prevent the installation of certain Gateway API CRDs (specifically TCP and UDP routes) because they are not yet fully supported or bundled by the platform.

The proposed solution is a "one-way path" configuration override{} that:

Excises all Gateway API logic from the OpenShift platform.

Disables the validating admission policy and platform-managed Gateway API controllers.

Transfers full lifecycle ownership of Gateway API CRDs to the cluster administrator or third-party controllers.

Why does the customer need this? (Business Requirements) :

The requester requires this functionality to support a custom, Envoy-based ingress solution that must remain consistent across diverse environments.

Hybrid Environment Consistency:{} The requester manages clusters across various providers (both OpenShift and non-OpenShift) and needs a unified control plane and consistent API versions across all of them.

Support for Advanced Ingress Features: Their solution requires the use of TCP and UDP routes, which are currently blocked by platform-level webhooks.

Operational Control: They need to manage the CRD lifecycle independently to avoid version incompatibilities or "hidden" platform-managed changes during upgrades.

Production Deadlines: The requester is aiming for a production rollout by May 2026 and requires a supported path to avoid maintaining a long-term fork of platform components.

List any affected packages or components.

Cluster Ingress Operator: Currently manages the lifecycle of the CRDs and would need to be configured to ignore them or scale down.

Gateway API CRDs: Specifically `TCPRoute` and `UDPRoute`.

Validating Admission Policy (VAP) / Webhooks:{} The components currently blocking the installation of non-bundled CRDs.

OpenShift Gateway Controller:{} Would need to be disabled to avoid resource ownership conflicts.

is related to

RFE-7901 Enable customisation of Gateway API versions

Backlog

Assignee:: Mark Schmitt

Reporter:: Novonil Choudhuri

Need Info From:: None

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2026/02/04 4:47 PM

Updated:: 2026/02/11 1:50 PM

Target start:: None

Target end:: None

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates