Skip to content

[chart]: kgateway#360

Open
dylanmtaylor wants to merge 1 commit into
docker-hardened-images:mainfrom
dylanmtaylor:feat/kgateway
Open

[chart]: kgateway#360
dylanmtaylor wants to merge 1 commit into
docker-hardened-images:mainfrom
dylanmtaylor:feat/kgateway

Conversation

@dylanmtaylor

Copy link
Copy Markdown

Description

Add a new hardened KGateway control plane image and Helm charts — a minimal, secure alternative to the upstream KGateway images.

Type of Change

[✓] New image
[✓] New Helm chart
[ ] New package
[ ] Documentation improvement or correction
[ ] Example configuration or use case
[ ] Community tooling or script
[ ] Website or catalog enhancement
[ ] Bug fix
[ ] Other (please describe):

Related Issues

#255

Changes Made

• Added image/kgateway/ with Debian 13 runtime and dev variants
• Packaged kgateway version v2.3.0 built using the DHI Go 1.26 toolchain (CGO disabled for multi-arch compatibility)
• Strictly runs as nonroot user (uid 65532)
• Minimal static container runtime base (dhi.io/static) to reduce attack vectors
• Added chart/kgateway/ Helm chart for the control plane deployment
• Added chart/kgateway-crds/ Helm chart for Gateway API + KGateway CRDs
• Includes info.yaml, overview.md, guides.md, and logo.svg for all components

Testing

[✓] I have tested these changes locally
[✓] All existing tests pass
[ ] I have added new tests (if applicable)

Screenshots (if applicable)

N/A

Checklist

[✓] My changes follow the repository's style and conventions
[✓] I have updated documentation as needed
[✓] My commit messages are clear and descriptive


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@dylanmtaylor dylanmtaylor requested a review from a team as a code owner May 21, 2026 01:25
@dylanmtaylor dylanmtaylor force-pushed the feat/kgateway branch 2 times, most recently from da356d2 to f02d95b Compare May 21, 2026 02:01
Add hardened KGateway image and Helm charts (kgateway + kgateway-crds).

KGateway is a Kubernetes-native gateway implementing the Gateway API with
Envoy Proxy as its data plane. This adds:

- image/kgateway/ with Debian 13 runtime and dev variants (v2.3.0)
- chart/kgateway/ Helm chart for the control plane deployment
- chart/kgateway-crds/ Helm chart for Gateway API + KGateway CRDs

Built using the DHI Go 1.26 toolchain with CGO disabled for multi-arch
compatibility. Runs as nonroot user (uid 65532).

Closes docker-hardened-images#255
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant