l7 documentation, correct some warnings in other docs #4352
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: zac-nixon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
approved
|
@zac-nixon: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| onUnauthenticatedRequest: "authenticate/deny/allow" | ||
| ``` | ||
| **Important** When specifying the secret, the secret name must exist within the namespace of the ListenerRuleConfiguration. |
There was a problem hiding this comment.
Lets also add the link on how to configure RBAC on secrets customer wishes to use so that they can find this.
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/examples/secrets_access/
| * **L7 Listener Materialization:** The controller processes the `my-http-app-route` resource. Given that the `HTTPRoute` validly references the `my-alb-gateway` and its `http` and `https` listeners, two **Listeners** are materialized on the ALB. The listeners accept HTTP traffic on port 80 and HTTPS traffic on port 443 and forward them to the service hosted on the HTTPRoute. | ||
| * **Target Group Creation:** An **AWS Target Group** is created that contains the cluster nodes with the configured NodePort of the service. | ||
|
|
||
| #### Feature Comparison: ALB Gateways vs. Standard Gateway API |
There was a problem hiding this comment.
Thanks for this. This is fantastic.
There was a problem hiding this comment.
wow those charts are really good
| | HTTPRouteRule - HTTPRouteMatch - HTTPQueryParamMatch | Core | ✅ | | ||
| | HTTPRouteRule - HTTPRouteMatch - HTTPMethod | Core | ✅ | | ||
| | HTTPRouteRule - HTTPRouteFilter - Type | Core | ❌ -- Partial support | | ||
| | HTTPRouteRule - HTTPRouteFilter - RequestHeaderModifier | Core | ❌-- [Limited Support](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/header-modification.html) | |
There was a problem hiding this comment.
Should we explain this partial support more by providing the examples?
|
|
||
| For a comprehensive overview of the CRD, please refer to the [ListenerRuleConfiguration CRD documentation](./listenerruleconfig.md). | ||
|
|
||
| **Example: Adding source IP routing conditions** |
There was a problem hiding this comment.
we provide them with more flexibility here with matchIndexes
- if user does not specify
matchIndexes, this source ip will be applied to all listener rules within same match
rules:
- backendRefs:
- name: echoserver2
port: 80
filters:
- type: ExtensionRef
extensionRef:
group: "gateway.k8s.aws"
kind: "ListenerRuleConfiguration"
name: "custom-rule-config-source-ip"
matches:
- path: # Path Pattern
type: Exact
value: /pathExactMatch
queryParams: # Query String
- name: "user"
value: "john"
method: GET # HTTP Request Method
- path: # Regex path match
type: RegularExpression
value: "/firstRule/some?/users"
for example, here will have 2 rules, and source ip will be applied to all of them
- if user specify matchIndexes, then it will be applied to corresponding index
i give examples in PR description: [feat gw-api]support source ip and handle grpc filter #4335
| * **`TargetGroupConfiguration` (LBC CRD)**: A Custom Resource Definition used for service-specific customizations of AWS Target Groups. This CRD is associated with a Kubernetes `Service`. For more info, please refer [How customization works](../customization) | ||
| * **`ReferenceGrant`**: Defines cross-namespace access. For more information [see](https://gateway-api.sigs.k8s.io/api-types/referencegrant/) | ||
| * **`LoadBalancerConfiguration` (LBC CRD)**: A Custom Resource Definition utilized for fine-grained customization of the provisioned NLB. This CRD can be attached to a `Gateway` or its `GatewayClass`. For more info, please refer [How customization works](customization.md#customizing-the-gateway-load-balancer-using-loadbalancerconfiguration-crd) | ||
| * **`TargetGroupConfiguration` (LBC CRD)**: A Custom Resource Definition used for service-specific customizations of AWS Target Groups. This CRD is associated with a Kubernetes `Service`. For more info, please refer [How customization works](customization.md#customizing-services-target-groups-using-targetgroupconfiguration-crd) |
There was a problem hiding this comment.
i forgot did we explicitly check/validate rule CRD cannot be used in L4?
| - 10.0.0.0/5 | ||
| ``` | ||
| Adds Source IP conditions into the routing rules. For granular control of which rules to apply the LRC to, use the matchIndex field. |
There was a problem hiding this comment.
ah i saw it here, but maybe we can just provide example above.
| @@ -0,0 +1,202 @@ | |||
| # Gateway API for Layer 7 (ALB) Implementation | |||
There was a problem hiding this comment.
i feel like did not see any mention about multi-header support with comma? i had example here in PR #4321
| ## Controller command line flags | ||
| !!!warning "" |
There was a problem hiding this comment.
did we cover default behavior change somewhere?
Description
Adds in L7 documentation, that details the basic flow (style taken from L4 documentation). Also provides details on how to use the newly introduced ListenerRuleConfiguration.
make docs-previewChecklist
README.md, or thedocsdirectory)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯