diff --git a/site/content/how-to/traffic-management/securing-backend-traffic.md b/site/content/how-to/traffic-management/securing-backend-traffic.md index 7073143591..7fac297ca6 100644 --- a/site/content/how-to/traffic-management/securing-backend-traffic.md +++ b/site/content/how-to/traffic-management/securing-backend-traffic.md @@ -12,9 +12,15 @@ Learn how to encrypt HTTP traffic between NGINX Gateway Fabric and your backend In this guide, we will show how to specify the TLS configuration of the connection from the Gateway to a backend pod/s via the Service API object using a [BackendTLSPolicy](https://gateway-api.sigs.k8s.io/api-types/backendtlspolicy/). This covers the use-case where the service or backend owner is doing their own TLS and NGINX Gateway Fabric needs to know how to connect to this backend pod that has its own certificate over HTTPS. +## Note on Gateway API Experimental Features + +{{< important >}} BackendTLSPolicy is a Gateway API resource from the experimental release channel. {{< /important >}} + +{{}} + ## Before you begin -- [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric. Please note that the Gateway APIs from the experimental channel are required, and NGF must be deployed with the `--gateway-api-experimental-features` flag. +- [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric with experimental features enabled. - Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text diff --git a/site/content/how-to/traffic-management/tls-passthrough.md b/site/content/how-to/traffic-management/tls-passthrough.md index 53395fbc20..8ade7ff8bb 100644 --- a/site/content/how-to/traffic-management/tls-passthrough.md +++ b/site/content/how-to/traffic-management/tls-passthrough.md @@ -11,9 +11,15 @@ Learn how to use TLSRoutes to configure TLS Passthrough load-balancing with NGIN In this guide, we will show how to configure TLS passthrough for your application, using a [TLSRoute](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.TLSRoute). +## Note on Gateway API Experimental Features + +{{< important >}} TLSRoute is a Gateway API resource from the experimental release channel. {{< /important >}} + +{{}} + ## Before you begin -- [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric. +- [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric with experimental features enabled. - Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text diff --git a/site/content/includes/installation/install-gateway-api-experimental-features.md b/site/content/includes/installation/install-gateway-api-experimental-features.md new file mode 100644 index 0000000000..27e1170027 --- /dev/null +++ b/site/content/includes/installation/install-gateway-api-experimental-features.md @@ -0,0 +1,24 @@ +--- +title: "Install NGINX Gateway Fabric with experimental features" +docs: "DOCS-000" +--- + +To use Gateway API experimental resources, the Gateway API resources from the experimental channel must be installed before deploying NGINX Gateway Fabric. Additionally, NGINX Gateway Fabric must have experimental features enabled. + +{{< caution >}}As noted in the [Gateway API documentation](https://gateway-api.sigs.k8s.io/guides/#install-experimental-channel), future releases of the Gateway API can include breaking changes to experimental resources and fields. {{}} + +To install the Gateway API resources from the experimental channel, run the following: + +```shell +kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.4.0" | kubectl apply -f - +``` + +{{< note >}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`. {{}} + +To enable experimental features on NGINX Gateway Fabric: + +Using Helm: Set `nginxGateway.gwAPIExperimentalFeatures.enable` to true. An example can be found +in the [Installation with Helm]({{< relref "installation/installing-ngf/helm.md#custom-installation-options" >}}) guide. + +Using Kubernetes manifests: Add the `--gateway-api-experimental-features` command-line flag to the deployment manifest args. +An example can be found in the [Installation with Kubernetes manifests]({{< relref "installation/installing-ngf/manifests.md#3-deploy-nginx-gateway-fabric" >}}) guide. diff --git a/site/content/includes/installation/install-gateway-api-resources.md b/site/content/includes/installation/install-gateway-api-resources.md index 68af60d99e..109b6f4fd6 100644 --- a/site/content/includes/installation/install-gateway-api-resources.md +++ b/site/content/includes/installation/install-gateway-api-resources.md @@ -2,7 +2,7 @@ docs: "DOCS-1438" --- -{{}}The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.4.0/README.md#technical-specifications).{{}} +{{< note >}} The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.4.0/README.md#technical-specifications). {{}} To install the Gateway API resources, run the following: @@ -10,11 +10,15 @@ To install the Gateway API resources, run the following: kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.4.0" | kubectl apply -f - ``` -{{}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`.{{}} +{{< note >}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`.{{}} -Alternatively, you can install the Gateway API resources from the experimental channel. We support a subset of the -additional features provided by the experimental channel. To install from the experimental channel, run the following: +Alternatively, you can install the Gateway API resources from the experimental channel. +Installing Gateway API resources from the experimental channel includes everything in the standard release channel plus additional experimental resources and fields. +NGINX Gateway Fabric currently supports a subset of the additional features provided by the experimental channel. +To install from the experimental channel, run the following: ```shell kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.4.0" | kubectl apply -f - ``` + +{{< note >}} To learn more about what Gateway API resources NGINX Gateway Fabric currently supports, visit our [Gateway API Compatibility]({{< relref "overview/gateway-api-compatibility.md" >}}) document. {{}} diff --git a/site/content/overview/gateway-api-compatibility.md b/site/content/overview/gateway-api-compatibility.md index e7405e5a47..b0a344e0a6 100644 --- a/site/content/overview/gateway-api-compatibility.md +++ b/site/content/overview/gateway-api-compatibility.md @@ -10,18 +10,20 @@ Learn which Gateway API resources NGINX Gateway Fabric supports and to which lev ## Summary {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -|---------------------------------------|--------------------|------------------------|---------------------------------------|-------------| -| [GatewayClass](#gatewayclass) | Supported | Not supported | Supported | v1 | -| [Gateway](#gateway) | Supported | Partially supported | Not supported | v1 | -| [HTTPRoute](#httproute) | Supported | Partially supported | Not supported | v1 | -| [ReferenceGrant](#referencegrant) | Supported | N/A | Not supported | v1beta1 | -| [GRPCRoute](#grpcroute) | Supported | Partially supported | Not supported | v1 | -| [TLSRoute](#tlsroute) | Supported | Not supported | Not supported | v1alpha2 | -| [TCPRoute](#tcproute) | Not supported | Not supported | Not supported | N/A | -| [UDPRoute](#udproute) | Not supported | Not supported | Not supported | N/A | -| [BackendTLSPolicy](#backendtlspolicy) | Supported | Supported | Not supported | v1alpha3 | -| [Custom policies](#custom-policies) | N/A | N/A | Supported | N/A | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|---------------------------------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| [GatewayClass](#gatewayclass) | Supported | Not supported | Supported | v1 | Standard | +| [Gateway](#gateway) | Supported | Partially supported | Not supported | v1 | Standard | +| [HTTPRoute](#httproute) | Supported | Partially supported | Not supported | v1 | Standard | +| [GRPCRoute](#grpcroute) | Supported | Partially supported | Not supported | v1 | Standard | +| [ReferenceGrant](#referencegrant) | Supported | N/A | Not supported | v1beta1 | Standard | +| [TLSRoute](#tlsroute) | Supported | Not supported | Not supported | v1alpha2 | Experimental | +| [TCPRoute](#tcproute) | Not supported | Not supported | Not supported | v1alpha2 | Experimental | +| [UDPRoute](#udproute) | Not supported | Not supported | Not supported | v1alpha2 | Experimental | +| [BackendTLSPolicy](#backendtlspolicy) | Supported | Supported | Not supported | v1alpha3 | Experimental | +| [Custom policies](#custom-policies) | N/A | N/A | Supported | N/A | N/A | + {{< /bootstrap-table >}} --- @@ -36,7 +38,7 @@ Gateway API features has three [support levels](https://gateway-api.sigs.k8s.io/ - _Not supported_. The resource or field is not yet supported. It will become partially or fully supported in future releases. -{{< note >}} It's possible that NGINX Gateway Fabric will never support some resources or fields of the Gateway API. They will be documented on a case by case basis. NGINX Gateway Fabric doesn't support any features from the experimental release channel. {{< /note >}} +{{< note >}} It's possible that NGINX Gateway Fabric will never support some resources or fields of the Gateway API. They will be documented on a case by case basis. {{< /note >}} --- @@ -49,9 +51,11 @@ For a description of each field, visit the [Gateway API documentation](https://g ### GatewayClass {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level| API Version | -| ------------ | ------------------ | ---------------------- | ----------------------------------- | ----------- | -| GatewayClass | Supported | Not supported | Supported | v1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|--------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| GatewayClass | Supported | Not supported | Supported | v1 | Standard | + {{< /bootstrap-table >}} NGINX Gateway Fabric supports a single GatewayClass resource configured with the `--gatewayclass` flag of the [static-mode]({{< relref "/reference/cli-help.md#static-mode">}}) command. @@ -77,9 +81,11 @@ NGINX Gateway Fabric supports a single GatewayClass resource configured with the ### Gateway {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| -------- | ------------------ | -----------------------------| ------------------------------------- | ----------- | -| Gateway | Supported | Partially supported | Not supported | v1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| Gateway | Supported | Partially supported | Not supported | v1 | Standard | + {{< /bootstrap-table >}} NGINX Gateway Fabric supports a single Gateway resource. The Gateway resource must reference NGINX Gateway Fabric's corresponding GatewayClass. @@ -140,9 +146,11 @@ See the [static-mode]({{< relref "/reference/cli-help.md#static-mode">}}) comman ### HTTPRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| --------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| HTTPRoute | Supported | Partially supported | Not supported | v1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|-----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| HTTPRoute | Supported | Partially supported | Not supported | v1 | Standard | + {{< /bootstrap-table >}} **Fields**: @@ -190,9 +198,11 @@ See the [static-mode]({{< relref "/reference/cli-help.md#static-mode">}}) comman ### GRPCRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| --------- | ------------------- | -----------------------------| ------------------------------------- | ----------- | -| GRPCRoute | Supported | Partially supported | Not supported | v1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|-----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| GRPCRoute | Supported | Partially supported | Not supported | v1 | Standard | + {{< /bootstrap-table >}} **Fields**: @@ -234,9 +244,11 @@ See the [static-mode]({{< relref "/reference/cli-help.md#static-mode">}}) comman ### ReferenceGrant {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| -------------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| ReferenceGrant | Supported | N/A | Not supported | v1beta1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| ReferenceGrant | Supported | N/A | Not supported | v1beta1 | Standard | + {{< /bootstrap-table >}} Fields: @@ -256,9 +268,11 @@ Fields: ### TLSRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -|----------|--------------------|------------------------|---------------------------------------|-------------| -| TLSRoute | Supported | Not supported | Not supported | v1alpha2 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| TLSRoute | Supported | Not supported | Not supported | v1alpha2 | Experimental | + {{< /bootstrap-table >}} **Fields**: @@ -294,9 +308,11 @@ Fields: ### TCPRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| -------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| TCPRoute | Not supported | Not supported | Not supported | N/A | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| TCPRoute | Not supported | Not supported | Not supported | v1alpha2 | Experimental | + {{< /bootstrap-table >}} --- @@ -304,9 +320,11 @@ Fields: ### UDPRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| -------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| UDPRoute | Not supported | Not supported | Not supported | N/A | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| UDPRoute | Not supported | Not supported | Not supported | v1alpha2 | Experimental | + {{< /bootstrap-table >}} --- @@ -314,9 +332,11 @@ Fields: ### BackendTLSPolicy {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| ---------------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| BackendTLSPolicy | Supported | Supported | Not supported | v1alpha3 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|------------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| BackendTLSPolicy | Supported | Supported | Not supported | v1alpha3 | Experimental | + {{< /bootstrap-table >}} Fields: @@ -346,9 +366,11 @@ Fields: ### Custom Policies {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| --------------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| Custom policies | N/A | N/A | Supported | N/A | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|-----------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| Custom policies | N/A | N/A | Supported | N/A | N/A | + {{< /bootstrap-table >}} Custom policies are NGINX Gateway Fabric-specific CRDs (Custom Resource Definitions) that support features such as tracing, and client connection settings. These important data-plane features are not part of the Gateway API specifications.