diff --git a/website/content/docs/api-gateway/configuration/gateway.mdx b/website/content/docs/api-gateway/configuration/gateway.mdx
index 58f03c7001..a3f8594c65 100644
--- a/website/content/docs/api-gateway/configuration/gateway.mdx
+++ b/website/content/docs/api-gateway/configuration/gateway.mdx
@@ -159,7 +159,7 @@ Specifies the `tls` configurations for the `Gateway`. The `tls` object is requir
| Parameter | Description | Type | Required |
| --- | --- | --- | --- |
-| `certificateRefs` | Specifies Kubernetes `name` and `namespace` objects that contains TLS certificates and private keys.
The certificates establish a TLS handshake for requests that match the `hostname` of the associated `listener`. Each reference must be a Kubernetes Secret. If you are using a Secret in a namespace other than the `Gateway`'s, each reference must also have a corresponding [`ReferencePolicy`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferencePolicy).
| Object or array | Required if `tls` is set |
+| `certificateRefs` | Specifies Kubernetes `name` and `namespace` objects that contains TLS certificates and private keys.
The certificates establish a TLS handshake for requests that match the `hostname` of the associated `listener`. Each reference must be a Kubernetes Secret. If you are using a Secret in a namespace other than the `Gateway`'s, each reference must also have a corresponding [`ReferenceGrant`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferenceGrant).
| Object or array | Required if `tls` is set |
| `mode` | Specifies the TLS Mode. Should always be set to `Terminate` for `HTTPRoutes` | string | Required if `certificateRefs` is set |
| `options` | Specifies additional Consul API Gateway options. | Map of strings | optional |
diff --git a/website/content/docs/api-gateway/configuration/routes.mdx b/website/content/docs/api-gateway/configuration/routes.mdx
index 172a1c8872..58a07758d3 100644
--- a/website/content/docs/api-gateway/configuration/routes.mdx
+++ b/website/content/docs/api-gateway/configuration/routes.mdx
@@ -121,15 +121,15 @@ This field specifies backend services that the `Route` references. The following
| `group` | Specifies the Kubernetes API Group of the referenced backend. You can specify the following values: - `""`: Specifies the core Kubernetes API group. This value must be used when `kind` is set to `Service`. This is the default value if unspecified.
- `api-gateway.consul.hashicorp.com`: This value must be used when `kind` is set to `MeshService`.
| String | Optional |
| `kind` | Specifies the Kubernetes Kind of the referenced backend. You can specify the following values: - `Service` (default): Indicates that the `backendRef` references a Service in the Kubernetes cluster.
- `MeshService`: Indicates that the `backendRef` references a service in the Consul mesh. Refer to the `MeshService` [documentation](/docs/api-gateway/configuration/meshservice) for additional information.
| String | Optional |
| `name` | Specifies the name of the Kubernetes Service or Consul mesh service resource. | String | Required |
-| `namespace` | Specifies the Kubernetes namespace containing the Kubernetes Service or Consul mesh service resource. You must specify a value if the Service or Consul mesh service is defined in a different namespace from the `Route`. Defaults to the namespace of the `Route`.
To create a route for a `backendRef` in a different namespace, you must also create a [ReferencePolicy](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferencePolicy). Refer to the [example route](#example-cross-namespace-backendref) configured to reference across namespaces. | String | Optional |
+| `namespace` | Specifies the Kubernetes namespace containing the Kubernetes Service or Consul mesh service resource. You must specify a value if the Service or Consul mesh service is defined in a different namespace from the `Route`. Defaults to the namespace of the `Route`.
To create a route for a `backendRef` in a different namespace, you must also create a [ReferenceGrant](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferenceGrant). Refer to the [example route](#example-cross-namespace-backendref) configured to reference across namespaces. | String | Optional |
| `port` | Specifies the port number for accessing the Kubernetes or Consul service. | Integer | Required |
| `weight` | Specifies the proportion of requests sent to the backend. Computed as weight divided by the sum of all weights in this `backendRefs` list. Defaults to `1`. A value of `0` indicates that no requests should be sent to the backend. | Integer | Optional |
#### Example cross-namespace backendRef
-The following example creates a route named `example-route` in namespace `gateway-namespace`. This route has a `backendRef` in namespace `service-namespace`. Traffic is allowed because the `ReferencePolicy`, named `reference-policy` in namespace `service-namespace`, allows traffic from `HTTPRoutes` in `gateway-namespace` to `Services` in `service-namespace`.
+The following example creates a route named `example-route` in namespace `gateway-namespace`. This route has a `backendRef` in namespace `service-namespace`. Traffic is allowed because the `ReferenceGrant`, named `reference-grant` in namespace `service-namespace`, allows traffic from `HTTPRoutes` in `gateway-namespace` to `Services` in `service-namespace`.
-
+
```yaml
apiVersion: gateway.networking.k8s.io/v1alpha2
@@ -149,9 +149,9 @@ The following example creates a route named `example-route` in namespace `gatewa
---
apiVersion: gateway.networking.k8s.io/v1alpha2
- kind: ReferencePolicy
+ kind: ReferenceGrant
metadata:
- name: reference-policy
+ name: reference-grant
namespace: service-namespace
spec:
from:
diff --git a/website/content/docs/api-gateway/index.mdx b/website/content/docs/api-gateway/index.mdx
index 2c32c5abdd..6a811fd71b 100644
--- a/website/content/docs/api-gateway/index.mdx
+++ b/website/content/docs/api-gateway/index.mdx
@@ -38,7 +38,7 @@ are used, see the [documentation in our GitHub repo](https://github.com/hashicor
| [`Gateway`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.Gateway) | - Supported protocols: `HTTP`, `HTTPS`, `TCP`
- Header-based hostname matching (no SNI support)
- Supported filters: header addition, removal, and setting
- TLS modes supported: `terminate`
- Certificate types supported: `core/v1/Secret`
- Extended options: TLS version and cipher constraints
|
| [`HTTPRoute`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute) | - Weight-based load balancing
- Supported rules: path, header, query, and method-based matching
- Supported filters: header addition, removal, and setting
- Supported backend types:
- `core/v1/Service` (must map to a registered Consul service)
- `api-gateway.consul.hashicorp.com/v1alpha1/MeshService`
|
| [`TCPRoute`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute) | - Supported backend types:
- `core/v1/Service` (must map to a registered Consul service)
- `api-gateway.consul.hashicorp.com/v1alpha1/MeshService`
|
-| [`ReferencePolicy`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferencePolicy) | - Required to allow any reference from a `Gateway` to a Kubernetes `core/v1/Secret` in a different namespace.
- A Gateway with an unpermitted `certificateRefs` caused by the lack of a` ReferencePolicy` sets a `ResolvedRefs` status to `False` with the reason `InvalidCertificateRef`. The Gateway will not become ready in this case.
- Required to allow any reference from an `HTTPRoute` or `TCPRoute` to a Kubernetes `core/v1/Service` in a different namespace.
- A route with an unpermitted `backendRefs` caused by the lack of a `ReferencePolicy` sets a `ResolvedRefs` status to `False` with the reason `RefNotPermitted`. The gateway listener rejects routes with an unpermitted `backendRefs`.
- WARNING: If a route `backendRefs` becomes unpermitted, the entire route is removed from the gateway listener.
- A `backendRefs` can become unpermitted when you delete a `ReferencePolicy` or add a new unpermitted `backendRefs` to an existing route.
|
+| [`ReferenceGrant`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferenceGrant) | - Required to allow any reference from a `Gateway` to a Kubernetes `core/v1/Secret` in a different namespace.
- A Gateway with an unpermitted `certificateRefs` caused by the lack of a` ReferenceGrant` sets a `ResolvedRefs` status to `False` with the reason `InvalidCertificateRef`. The Gateway will not become ready in this case.
- Required to allow any reference from an `HTTPRoute` or `TCPRoute` to a Kubernetes `core/v1/Service` in a different namespace.
- A route with an unpermitted `backendRefs` caused by the lack of a `ReferenceGrant` sets a `ResolvedRefs` status to `False` with the reason `RefNotPermitted`. The gateway listener rejects routes with an unpermitted `backendRefs`.
- WARNING: If a route `backendRefs` becomes unpermitted, the entire route is removed from the gateway listener.
- A `backendRefs` can become unpermitted when you delete a `ReferenceGrant` or add a new unpermitted `backendRefs` to an existing route.
|
## Additional Resources
diff --git a/website/content/docs/release-notes/consul-api-gateway/v0_4_x.mdx b/website/content/docs/release-notes/consul-api-gateway/v0_4_x.mdx
new file mode 100644
index 0000000000..c14f995598
--- /dev/null
+++ b/website/content/docs/release-notes/consul-api-gateway/v0_4_x.mdx
@@ -0,0 +1,72 @@
+---
+layout: docs
+page_title: 0.4.x
+description: >-
+ Consul API Gateway release notes for version 0.4.x
+---
+
+# Consul API Gateway 0.4.0
+
+## Release Highlights
+
+- **Support for Kubernetes Gateway API Version 0.5.0 and v1beta1 APIs:**
+ The `v0.5.0` release of the Kubernetes Gateway API is significant because it
+ marks the growth in maturity to a beta API version (v1beta1) release for some
+ of the key APIs:
+ - GatewayClass
+ - Gateway
+ - HTTPRoute
+
+ The other APIs (e.g. TCPRoute) are still at the `v1alpha2` stage.
+
+ Reaching `v1beta1` status has several benefits for users, including greater
+ stability and backward compatibility requirements. Existing fields and allowed
+ options can not be removed or renamed except in a new, major version of the
+ API. Once an API reaches `v1beta1` status, future versions must comply with
+ several backward compatibility requirements.
+
+- **URL Path Prefix Rewrite**
+ This release introduces support for rewriting a URL's path prefix when routing
+ HTTP traffic. This is configured by adding a `URLRewrite` filter to a
+ `HTTPRoute`. With this feature, the gateway can rewrite the URL path, in a
+ client's HTTP Request, before sending the request to a service. A simple
+ example of this is changing the path from `//store/checkout` to
+ `//cart/checkout`. Please see the product documentation for details on how to
+ configure this feature.
+
+## What's Changed
+
+- **Reference Policy Renamed to Reference Grant** In v0.5.0 of the Kubernetes
+ Gateway API, `ReferencePolicy` has been renamed to `ReferenceGrant`. This
+ release supports both but `ReferencePolicy` is deprecated and will be removed
+ in a future version of the standard.
+
+ After upgrading to this version of Consul API Gateway, you should rename all
+ existing `ReferencePolicy`y to `ReferenceGrant`s. Please see the upgrading
+ instructions for additional details.
+
+## Supported Software
+
+- Consul 1.11.2+
+- HashiCorp Consul Helm chart 0.47.0+
+- Kubernetes 1.21+
+ - Kubernetes 1.24 is not supported at this time.
+- Kubectl 1.21+
+- Envoy proxy support is determined by the Consul version deployed. Refer to
+ [Envoy Integration](/docs/connect/proxies/envoy) for details.
+
+## Kubernetes Gateway API Specification
+
+Supported version of the [Gateway API](https://gateway-api.sigs.k8s.io/) spec: v0.5.0
+
+## Upgrading
+
+For detailed information on upgrading, please refer to the [Upgrades page](/docs/api-gateway/upgrades)
+
+## Changelogs
+
+The changelogs for this major release version and any maintenance versions are listed below.
+
+~> **Note:** The following link will take you to the changelogs on the GitHub website.
+
+- [0.4.0](https://github.com/hashicorp/consul-api-gateway/releases/tag/v0.4.0)
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 4966878c7a..7f64ed3b45 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -1265,6 +1265,10 @@
{
"title": "Consul API Gateway",
"routes": [
+ {
+ "title": "v0.4.x",
+ "path": "release-notes/consul-api-gateway/v0_4_x"
+ },
{
"title": "v0.3.x",
"path": "release-notes/consul-api-gateway/v0_3_x"