Skip to content

Agentgateway policy status should use Gateway as Ancestor #12696

New issue
New issue
Open
Bug
#13281
Open
Agentgateway policy status should use Gateway as Ancestor#12696
Bug
#13281
Assignees
npolshakova
Labels
Area: agentgateway
@shashankram

Description

@shashankram
shashankram
opened on Oct 22, 2025

Why is the ancestor an HTTPRoute? We use Gateways as the ancestor with Envoy due to their much lower cardinality with regard to attachments and the ancestors being length bounded in the API:

  ancestors:
  - ancestorRef:
      group: gateway.networking.k8s.io
      kind: HTTPRoute
      name: example-route-for-headers
      namespace: test

targetRef already conveys the same, and it has been established that the policy status is consistent across attached resources due to the resolution happening in the proxy.

Policy statuses should be reported per Gateway.

Originally posted by @shashankram in #12694

From Gateway API:

Almost always, in this hierarchy, the Gateway will be the most
// useful object to place Policy status on, so we recommend that implementations
// SHOULD use Gateway as the PolicyAncestorStatus object unless the designers
// have a _very_ good reason otherwise.

Metadata

Metadata

Assignees

Labels

Area: agentgateway

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions