nginx
diff --git a/‎.github/workflows/ci.yml
+1-1 b/‎.github/workflows/ci.yml
+1-1
diff --git a/‎Makefile
+1-1 b/‎Makefile
+1-1
diff --git a/‎README.md
+1-1 b/‎README.md
+1-1
diff --git a/‎apis/v1alpha1/clientsettingspolicy_types.go
+6-6 b/‎apis/v1alpha1/clientsettingspolicy_types.go
+6-6
diff --git a/‎apis/v1alpha1/observabilitypolicy_types.go
+6-6 b/‎apis/v1alpha1/observabilitypolicy_types.go
+6-6
diff --git a/‎apis/v1alpha1/zz_generated.deepcopy.go
+2-2 b/‎apis/v1alpha1/zz_generated.deepcopy.go
+2-2
diff --git a/‎charts/nginx-gateway-fabric/README.md
+3-3 b/‎charts/nginx-gateway-fabric/README.md
+3-3
diff --git a/‎charts/nginx-gateway-fabric/templates/rbac.yaml
+2-2 b/‎charts/nginx-gateway-fabric/templates/rbac.yaml
+2-2
diff --git a/‎cmd/gateway/validation.go
+1-1 b/‎cmd/gateway/validation.go
+1-1
diff --git a/‎config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml
+4-19 b/‎config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml
+4-19
diff --git a/‎config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml
+4-19 b/‎config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml
+4-19
diff --git a/‎conformance/Makefile
+10-8 b/‎conformance/Makefile
+10-8
diff --git a/‎conformance/README.md
+1-1 b/‎conformance/README.md
+1-1
diff --git a/‎conformance/tests/conformance-rbac.yaml
+18 b/‎conformance/tests/conformance-rbac.yaml
+18
@@ -303,7 +303,7 @@ jobs:
           make create-kind-cluster KIND_KUBE_CONFIG=${kube_config}
           echo "KUBECONFIG=${kube_config}" >> "$GITHUB_ENV"
           kind load docker-image ghcr.io/nginxinc/nginx-gateway-fabric:${{ steps.ngf-meta.outputs.version }} ghcr.io/nginxinc/nginx-gateway-fabric/nginx:${{ steps.nginx-meta.outputs.version }}
-          kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
+          kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
 
       - name: Install Chart
         run: >
 
@@ -15,7 +15,7 @@ TELEMETRY_REPORT_PERIOD = 24h
 TELEMETRY_ENDPOINT=# if empty, NGF will report telemetry in its logs at debug level.
 TELEMETRY_ENDPOINT_INSECURE = false
 
-GW_API_VERSION = 1.0.0
+GW_API_VERSION = 1.1.0
 ENABLE_EXPERIMENTAL = false
 NODE_VERSION = $(shell cat .nvmrc)
 
 
@@ -66,7 +66,7 @@ The following table lists the software versions NGINX Gateway Fabric supports.
 
 | NGINX Gateway Fabric | Gateway API | Kubernetes | NGINX OSS | NGINX Plus |
 | -------------------- | ----------- | ---------- | --------- | ---------- |
-| Edge                 | 1.0.0       | 1.25+      | 1.25.5    | R31        |
+| Edge                 | 1.1.0       | 1.25+      | 1.25.5    | R31        |
 | 1.2.0                | 1.0.0       | 1.23+      | 1.25.4    | R31        |
 | 1.1.0                | 1.0.0       | 1.23+      | 1.25.3    | n/a        |
 | 1.0.0                | 0.8.1       | 1.23+      | 1.25.2    | n/a        |
 
@@ -36,12 +36,6 @@ type ClientSettingsPolicyList struct {
 
 // ClientSettingsPolicySpec defines the desired state of ClientSettingsPolicy.
 type ClientSettingsPolicySpec struct {
-	// TargetRef identifies an API object to apply the policy to.
-	// Object must be in the same namespace as the policy.
-	//
-	// Support: Gateway, HTTPRoute
-	TargetRef gatewayv1alpha2.PolicyTargetReference `json:"targetRef"`
-
 	// Body defines the client request body settings.
 	//
 	// +optional
@@ -51,6 +45,12 @@ type ClientSettingsPolicySpec struct {
 	//
 	// +optional
 	KeepAlive *ClientKeepAlive `json:"keepAlive,omitempty"`
+
+	// TargetRef identifies an API object to apply the policy to.
+	// Object must be in the same namespace as the policy.
+	//
+	// Support: Gateway, HTTPRoute
+	TargetRef gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRef"`
 }
 
 // ClientBody contains the settings for the client request body.
 
@@ -37,16 +37,16 @@ type ObservabilityPolicyList struct {
 
 // ObservabilityPolicySpec defines the desired state of the ObservabilityPolicy.
 type ObservabilityPolicySpec struct {
-	// TargetRef identifies an API object to apply the policy to.
-	// Object must be in the same namespace as the policy.
-	//
-	// Support: HTTPRoute
-	TargetRef gatewayv1alpha2.PolicyTargetReference `json:"targetRef"`
-
 	// Tracing allows for enabling and configuring tracing.
 	//
 	// +optional
 	Tracing *Tracing `json:"tracing,omitempty"`
+
+	// TargetRef identifies an API object to apply the policy to.
+	// Object must be in the same namespace as the policy.
+	//
+	// Support: HTTPRoute
+	TargetRef gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRef"`
 }
 
 // Tracing allows for enabling and configuring OpenTelemetry tracing.
 
@@ -40,7 +40,7 @@ This chart deploys the NGINX Gateway Fabric in your Kubernetes cluster.
 > [see the Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric/blob/main/README.md#technical-specifications).
 
 ```shell
-kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
+kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
 ```
 
 ## Installing the Chart
@@ -128,7 +128,7 @@ Gateway Fabric - [see the Technical Specifications](../../README.md#technical-sp
 To upgrade the Gateway CRDs from [the Gateway API repo](https://github.com/kubernetes-sigs/gateway-api), run:
 
 ```shell
-kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
+kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
 ```
 
 ### Upgrading the CRDs
@@ -238,7 +238,7 @@ These commands remove all the Kubernetes components associated with the release
 To delete the Gateway API CRDs from [the Gateway API repo](https://github.com/kubernetes-sigs/gateway-api), run:
 
 ```shell
-kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
+kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
 ```
 
 ## Configuration
 
@@ -90,9 +90,9 @@ rules:
   - gateways
   - httproutes
   - referencegrants
+  - grpcroutes
 {{- if .Values.nginxGateway.gwAPIExperimentalFeatures.enable }}
   - backendtlspolicies
-  - grpcroutes
 {{- end }}
   verbs:
   - list
@@ -103,9 +103,9 @@ rules:
   - httproutes/status
   - gateways/status
   - gatewayclasses/status
+  - grpcroutes/status
 {{- if .Values.nginxGateway.gwAPIExperimentalFeatures.enable }}
   - backendtlspolicies/status
-  - grpcroutes/status
 {{- end }}
   verbs:
   - update
 
@@ -15,7 +15,7 @@ import (
 
 const (
 	// nolint:lll
-	// Regex from: https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/apis/v1/shared_types.go#L640
+	// Regex from: https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/apis/v1/shared_types.go#L647
 	controllerNameRegex = `^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$` //nolint:lll
 )
 
 
@@ -133,16 +133,6 @@ spec:
                     maxLength: 253
                     minLength: 1
                     type: string
-                  namespace:
-                    description: |-
-                      Namespace is the namespace of the referent. When unspecified, the local
-                      namespace is inferred. Even when policy targets a resource in a different
-                      namespace, it MUST only apply to traffic originating from the same
-                      namespace as the policy.
-                    maxLength: 63
-                    minLength: 1
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
-                    type: string
                 required:
                 - group
                 - kind
@@ -257,7 +247,7 @@ spec:
 
 
                             * Gateway (Gateway conformance profile)
-                            * Service (Mesh conformance profile, experimental, ClusterIP Services only)
+                            * Service (Mesh conformance profile, ClusterIP Services only)
 
 
                             Support for other resources is Implementation-Specific.
@@ -343,9 +333,6 @@ spec:
 
 
                             Support: Extended
-
-
-                            <gateway:experimental>
                           format: int32
                           maximum: 65535
                           minimum: 1
@@ -356,14 +343,12 @@ spec:
                             following resources, SectionName is interpreted as the following:
 
 
-                            * Gateway: Listener Name. When both Port (experimental) and SectionName
+                            * Gateway: Listener name. When both Port (experimental) and SectionName
                             are specified, the name and port of the selected listener must match
                             both specified values.
-                            * Service: Port Name. When both Port (experimental) and SectionName
+                            * Service: Port name. When both Port (experimental) and SectionName
                             are specified, the name and port of the selected listener must match
-                            both specified values. Note that attaching Routes to Services as Parents
-                            is part of experimental Mesh support and is not supported for any other
-                            purpose.
+                            both specified values.
 
 
                             Implementations MAY choose to support attaching Routes to other resources.
 
@@ -74,16 +74,6 @@ spec:
                     maxLength: 253
                     minLength: 1
                     type: string
-                  namespace:
-                    description: |-
-                      Namespace is the namespace of the referent. When unspecified, the local
-                      namespace is inferred. Even when policy targets a resource in a different
-                      namespace, it MUST only apply to traffic originating from the same
-                      namespace as the policy.
-                    maxLength: 63
-                    minLength: 1
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
-                    type: string
                 required:
                 - group
                 - kind
@@ -273,7 +263,7 @@ spec:
 
 
                             * Gateway (Gateway conformance profile)
-                            * Service (Mesh conformance profile, experimental, ClusterIP Services only)
+                            * Service (Mesh conformance profile, ClusterIP Services only)
 
 
                             Support for other resources is Implementation-Specific.
@@ -359,9 +349,6 @@ spec:
 
 
                             Support: Extended
-
-
-                            <gateway:experimental>
                           format: int32
                           maximum: 65535
                           minimum: 1
@@ -372,14 +359,12 @@ spec:
                             following resources, SectionName is interpreted as the following:
 
 
-                            * Gateway: Listener Name. When both Port (experimental) and SectionName
+                            * Gateway: Listener name. When both Port (experimental) and SectionName
                             are specified, the name and port of the selected listener must match
                             both specified values.
-                            * Service: Port Name. When both Port (experimental) and SectionName
+                            * Service: Port name. When both Port (experimental) and SectionName
                             are specified, the name and port of the selected listener must match
-                            both specified values. Note that attaching Routes to Services as Parents
-                            is part of experimental Mesh support and is not supported for any other
-                            purpose.
+                            both specified values.
 
 
                             Implementations MAY choose to support attaching Routes to other resources.
 
@@ -3,9 +3,9 @@ VERSION = 1.2.0 # NGF version
 PREFIX = nginx-gateway-fabric
 NGINX_PREFIX = $(PREFIX)/nginx
 NGINX_PLUS_PREFIX ?= $(PREFIX)/nginx-plus
-GW_API_VERSION ?= 1.0.0
+GW_API_VERSION ?= 1.1.0
 GATEWAY_CLASS = nginx
-SUPPORTED_FEATURES = HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRoutePortRedirect,HTTPRouteSchemeRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,GatewayPort8080,HTTPRouteResponseHeaderModification
+SUPPORTED_FEATURES = HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRoutePortRedirect,HTTPRouteSchemeRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,GatewayPort8080,HTTPRouteResponseHeaderModification,GRPCExactMethodMatching,GRPCRouteListenerHostnameMatching,GRPCRouteHeaderMatching
 KIND_IMAGE ?= $(shell grep -m1 'FROM kindest/node' <tests/Dockerfile | awk -F'[ ]' '{print $$2}')
 KIND_KUBE_CONFIG=$${HOME}/.kube/kind/config
 CONFORMANCE_TAG = latest
@@ -16,10 +16,6 @@ PROVISIONER_MANIFEST=provisioner/provisioner.yaml
 ENABLE_EXPERIMENTAL ?= false
 .DEFAULT_GOAL := help
 
-ifeq ($(ENABLE_EXPERIMENTAL),true)
-    SUPPORTED_FEATURES +=,GRPCExactMethodMatching,GRPCRouteListenerHostnameMatching,GRPCRouteHeaderMatching
-endif
-
 .PHONY: help
 help: Makefile ## Display this help
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "; printf "Usage:\n\n    make \033[36m<target>\033[0m\n\nTargets:\n\n"}; {printf "    \033[36m%-30s\033[0m %s\n", $$1, $$2}'
@@ -108,8 +104,14 @@ run-conformance-tests: ## Run conformance tests
 	bash scripts/check-pod-exit-code.sh
 	sed -e '1,/CONFORMANCE PROFILE/d' output.txt > conformance-profile.yaml
 	rm output.txt
-	[ $(shell cat conformance-profile.yaml | yq '.profiles[0].core.result') != "failure" ] \
-		&& [ $(shell cat conformance-profile.yaml | yq '.profiles[0].extended.result') != "failure" ] || exit 2
+	grpc_core_result=`yq '.profiles[0].core.result' conformance-profile.yaml`; \
+	http_core_result=`yq '.profiles[1].core.result' conformance-profile.yaml`; \
+	http_extended_result=`yq '.profiles[1].extended.result' conformance-profile.yaml`; \
+	if [ "$$grpc_core_result" != "failure" ] && [ "$$http_core_result" != "failure" ] && [ "$$http_extended_result" != "failure" ] ; then \
+		exit 0; \
+	else \
+		exit 2; \
+	fi
 
 .PHONY: cleanup-conformance-tests
 cleanup-conformance-tests: ## Clean up conformance tests fixtures
 
@@ -50,7 +50,7 @@ update-ngf-manifest                  Update the NGF deployment manifest image na
 | CONFORMANCE_PREFIX   | conformance-test-runner                                                                                       | The prefix for the conformance test image                                                                                                     |
 | TAG                  | edge                                                                                                          | The tag for the locally built NGF image                                                                                                       |
 | PREFIX               | nginx-gateway-fabric                                                                                          | The prefix for the locally built NGF image                                                                                                    |
-| GW_API_VERSION       | 1.0.0                                                                                                         | Tag for the Gateway API version to check out. Set to `main` to get the latest version                                                         |
+| GW_API_VERSION       | 1.1.0                                                                                                         | Tag for the Gateway API version to check out. Set to `main` to get the latest version                                                         |
 | KIND_IMAGE           | Latest kind image, as defined in the tests/Dockerfile                                                         | The kind image to use                                                                                                                         |
 | KIND_KUBE_CONFIG     | ~/.kube/kind/config                                                                                           | The location of the kubeconfig                                                                                                                |
 | GATEWAY_CLASS        | nginx                                                                                                         | The gateway class that should be used for the tests                                                                                           |
 
@@ -11,6 +11,7 @@ rules:
 - apiGroups:
   - ""
   resources:
+  - configmaps
   - namespaces
   - pods
   - secrets
@@ -35,6 +36,7 @@ rules:
   resources:
   - gateways
   - httproutes
+  - grpcroutes
   - referencegrants
   - gatewayclasses
   verbs:
@@ -43,6 +45,22 @@ rules:
   - get
   - list
   - patch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - list
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ import (`
`15`	`15`
`16`	`16`	`const (`
`17`	`17`	`// nolint:lll`
`18`		`- // Regex from: https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/apis/v1/shared_types.go#L640`
	`18`	`+ // Regex from: https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/apis/v1/shared_types.go#L647`
`19`	`19`	controllerNameRegex = `^[a-z0-9]([-a-z0-9][a-z0-9])?(\.[a-z0-9]([-a-z0-9][a-z0-9])?)\/[A-Za-z0-9\/\-._~%!$&'()+,;=:]+$` //nolint:lll
`20`	`20`	`)`
`21`	`21`