BackendTLSPolicy Expands Gateway API Transport Security
Red Hat, Friday, July 3rd, 2026
OpenShift 4.22 adds BackendTLSPolicy for end-to-end TLS encryption between gateways and backend pods.
BackendTLSPolicy is a Kubernetes resource now available in Red Hat OpenShift 4.22 that enables TLS encryption between gateways and backend pods within the Gateway API framework. Championed by Red Hat in the open source community, it provides end-to-end encryption while observing gateway routing configuration by combining edge and backend TLS termination.
This lets OpenShift users achieve the same security level previously available only through OpenShift routes. It supports flexible certificate validation via hostname matching, subject alternative names, and certificate bundle specifications.