Core API: AllowedRoutes #475

kate-osborn · 2023-03-17T19:35:56Z

As a Cluster Admin I want to restrict what elements of my system have access to Gateway ingress, I want to create predictable isolation across GatewayClasses and dataplanes, I want to help App Devs by restricting Route binding so they see predictable attachments and not unintentional or unexpected traffic routing.

Conversely, I want to allow App Devs in different organizations access to my Gateway controller by specifying All namespaces, a selection, or only same namespaces are supported.

AllowedRoutes allows admins to shape the traffic of their system. Deploying multiple GatewayClasses, Gateways, and dataplanes, then shape which Gateways serve the App Dev routes; a TLS only Gateway, a test and dev set, specific namespaces having exposure to ingress.

Acceptance Criteria

Support AllowedRoutes; Namespace specification, Namespace selection.
- FromNamespaces:
  - All, Same, Selector
Routes by Kind
- Support kinds field.
Add SupportedKinds ListenerStatus for every listener in a Gateway.
Gateway updates require a re-binding reconciliation; new routes will be allowed, old routes will be disallowed.
If HTTPRoute is not allowed, set RouteStatus to Accepted/False/NotAllowedByListeners (condition/value/reason)
Update documentation
- Update gateway compatibility doc
- Add example for Selector FromNamespaces
Make sure any relevant conformance tests would pass

Aha! Link: https://nginx.aha.io/features/NKG-59

The text was updated successfully, but these errors were encountered:

kate-osborn added the proposal label Mar 17, 2023

github-project-automation bot added this to NGINX Gateway Fabric Mar 17, 2023

github-project-automation bot moved this to 🆕 New in NGINX Gateway Fabric Mar 17, 2023

kate-osborn closed this as completed Mar 17, 2023

github-project-automation bot moved this from 🆕 New to ✅ Done in NGINX Gateway Fabric Mar 17, 2023

kate-osborn reopened this Mar 17, 2023

github-project-automation bot moved this from ✅ Done to 📋 Backlog in NGINX Gateway Fabric Mar 17, 2023

kate-osborn changed the title ~~API Surface: AllowedRoutes~~ Core API: AllowedRoutes Mar 17, 2023

kate-osborn added enhancement New feature or request area/httproute/core Relates to all Core features of HTTPRoute and removed proposal labels Mar 21, 2023

kate-osborn added this to the v1.0.0 milestone Mar 21, 2023

kate-osborn self-assigned this Mar 21, 2023

kate-osborn added the refined Requirements are refined and the issue is ready to be implemented. label Mar 24, 2023

kate-osborn removed their assignment Mar 24, 2023

kate-osborn added the area/gateway/core Relates to all Core features of Gateway label Mar 24, 2023

mpstefan mentioned this issue May 5, 2023

Gateway Core Support #612

Closed

mpstefan removed the area/httproute/core Relates to all Core features of HTTPRoute label May 10, 2023

mpstefan modified the milestones: v1.0.0, v0.5.0 May 17, 2023

mpstefan moved this to 🆕 New in NGINX Gateway Fabric May 17, 2023

sjberman self-assigned this May 31, 2023

sjberman moved this from 🆕 New to 🔖 To Do in NGINX Gateway Fabric May 31, 2023

sjberman assigned sjberman and unassigned sjberman Jun 1, 2023

sjberman moved this from 🔖 To Do to 🏗 In Progress in NGINX Gateway Fabric Jun 2, 2023

sjberman mentioned this issue Jun 6, 2023

AllowedRoutes support for Listeners #721

Merged

6 tasks

sjberman moved this from 🏗 In Progress to 👀 In Review in NGINX Gateway Fabric Jun 6, 2023

sjberman closed this as completed in #721 Jun 9, 2023

github-project-automation bot moved this from 👀 In Review to ✅ Done in NGINX Gateway Fabric Jun 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Core API: AllowedRoutes #475

Core API: AllowedRoutes #475

kate-osborn commented Mar 17, 2023 •

edited

Loading

Core API: AllowedRoutes #475

Core API: AllowedRoutes #475

Comments

kate-osborn commented Mar 17, 2023 • edited Loading

kate-osborn commented Mar 17, 2023 •

edited

Loading