Red Hat SummitChapter 1. Red Hat Connectivity Link 1.4 release notes
Welcome to the Red Hat Connectivity Link release notes, where you can learn about what is new and what is fixed.
Red Hat Connectivity Link 1.4.0 is deprecated. OpenShift Container Platform clusters running Connectivity Link 1.4.0 might experience authentication failures, API key management errors, gateway instability, or gateway pod memory pressure because of integration changes that are not fully compatible on all supported OpenShift Container Platform and OpenShift Service Mesh combinations.
Until a patch is released, take one of the two actions, depending on your scenario:
- If you are a new customer, do not install Red Hat Connectivity Link 1.4.0.
- If you are an upgrade customer, pin Connectivity Link and its dependent Operators to the latest Red Hat Connectivity Link 1.3.z release. Prevent upgrades to Connectivity Link 1.4.0.
1.1. Red Hat Connectivity Link 1.4 release notes
Connectivity Link is a modular and flexible solution for application connectivity, policy management, and API management in multicloud and hybrid cloud environments. You can use Connectivity Link to secure, protect, connect, and observe your APIs, applications, and infrastructure.
Connectivity Link is based on the Kuadrant community project, providing a control plane for you to configure and deploy ingress gateways and policies based on the Kubernetes Gateway API standard. Connectivity Link supports OpenShift Service Mesh 3.2 as the Gateway API provider, which is based on the Istio community project.
1.2. About this release
Red Hat Connectivity Link 1.4, RHBA-2026:25234, is now available. This release includes the MCP gateway 0.7.0 as a Technology Preview feature. New features, changes, and known issues that pertain to Connectivity Link 1.4 are included in this topic.
Starting with Connectivity Link 1.4, full support ends with the release of the next minor version. Maintenance support ends with the minor version after that. See the Red Hat Connectivity Link Life Cycle Policy for details about version support and OpenShift Container Platform compatibility.
- Important lifecycle update for Connectivity Link 1.3
- With this release, the maintenance support lifecycle for Connectivity Link 1.3 is updated. Maintenance Support for version 1.3 ends with the release of Connectivity Link 1.5. The maintenance lifecycle of 1.3 was announced before as ending with Connectivity Link 1.6.
1.2.1. New features and enhancements
You can use the new features and enhancements that are available with Red Hat Connectivity Link 1.4.
- X.509 cryptographic identity verification now available
- With this Connectivity Link release, you can use X.509 client certificate authentication with for strong cryptographic identity verification. The X.509 format creates a two-layer authentication process that requires both cryptographic proof and context-aware validation before a request authenticates.
For more information, see Using X.509 cryptographic identity verification.
- MCP gateway: MCP prompt federation is now available
MCP gateway adds support for federating MCP prompts through the
Gatewayobject as a Generally Available feature. MCP prompt federation makes it much easier to supply your large language models (LLMs) with the exact context and steering instructions they need, no matter which server originally hosted the template.With this update, you can now access and run prompt templates from your upstream MCP servers through a single, central
Gatewayconnection. Instead of managing separate connections to multiple backend servers, you can query theGatewayobject to see a unified, prefixed list of every available prompt across your network. When you find the prompt template that you need, you can plug in your custom variables. TheGatewayobject automatically routes the request to the right place.
For more information, see Registering on-prem MCP servers.
- MCP gateway: Vault documentation now included
- Now you can learn how to use HashiCorp Vault (Vault) to retrieve and inject authentication credentials into your MCP server request flow with the MCP gateway.
For more information see Using credentials to access external APIs with Vault.
- MCP gateway audit trail documentation is now available
- The MCP gateway documentation now includes configuration instructions for creating an audit trail for compliance and accountability that captures caller identity, tool names, and MCP session context through the MCP gateway.
For more information, see Understanding an MCP gateway audit trail.
- Notable technical changes
Connectivity Link: The gateway integration has been migrated from an Istio
WasmPlugintoEnvoyFiltercustom resources (CRs). WASM injection now usesEnvoyFilterpatches. This enables native support for image pull secrets and allows for embedded plugin configurations directly within the patches. This is an internal Operator change. No user action is required during an update. Existing CRs might remain in your cluster as orphans.Connectivity Link: To improve performance and scalability, the Kuadrant CR lookup is cached within the reconciliation state. This internal optimization reduces redundant
getrequests to the Kubernetes API server during reconciliation loops. This change reduces control plane utilization and consumption, reduces Operator resource usage, and makes policy reconciliation times faster.MCP gateway: The
toolPrefixfield on theMCPServerRegistrationCR is renamedprefix. This field has always been a server-level namespace, not tool-specific, and the rename aligns the API with its actual semantics now that it applies to both tools and prompts.Migration: You must replace
toolPrefixwithprefixin yourMCPServerRegistrationCRs. Existing CRs must be deleted and recreated, not patched in-place. For bulk updates, you can use asedone-liner oryq editon these manifest files before you run theoc applycommand.
1.2.2. Technology Preview features
You can try the Technology Preview features that are available with Red Hat Connectivity Link 1.4.
Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production.
Technology Preview features give you early access to upcoming product features, enabling you to test functionality and provide feedback during the development process. For more information, see Red Hat Technology Preview Features - Scope of Support.
- Support for
GRPCRoutepolicy attachment -
With this Connectivity Link release,
GRPCRoutepolicy attachment support is available as a Technology Preview feature. You can attachAuthPolicyandRateLimitPolicycustom resources (CRs) toGRPCRouteCRs, enabling authentication and rate-limiting controls for gRPC services with nativeserviceandmethodmatching.
For more information, see About GRPCRoute policy attachment support.
- Disconnected installation documentation added
- The Connectivity Link documentation now includes procedures for installing in a disconnected environment. You can apply cloud-like traffic management within your private, secure network.
For more information, see Installing Connectivity Link in a disconnected environment.
- Connectivity Link OpenShift Container Platform web console plugin adds API management
- With this Connectivity Link release, you can use the OpenShift Container Platform web console to manage your APIs and access to them with the OpenShift web console. You can manage an API catalog and role-based access. You can also see the relationships between your API products and attached resources, such as policies and routes, in a dynamic graph view.
For more information, see Create, share, and consume APIs across teams.
1.2.3. Known issues
Connectivity Link 1.4 has a known issue.
-
When either the
RedisorRedisCachedstorage option is set in aLimitadorCR and thelimitadorpod gets restarted for any reason, the first request to the gateway is never rate-limited. Allhttprequests after this are rate-limited. (CONNLINK-856)
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}