Merge branch 'docs/capigw-v0.4.0' into docs/capigw-040-route-details-prefix-rewrite

2022-08-15 12:01:19 -04:00 · 2022-08-15 12:01:19 -04:00 · 0d432e66ff
parent c10464fc0b b6e1962265
commit 0d432e66ff
5 changed files with 83 additions and 7 deletions
--- a/website/content/docs/api-gateway/configuration/gateway.mdx
+++ b/website/content/docs/api-gateway/configuration/gateway.mdx
@ -159,7 +159,7 @@ Specifies the `tls` configurations for the `Gateway`. The `tls` object is requir
 | Parameter | Description | Type | Required |
 | ---       | ---         | ---  | ---      |
-| `certificateRefs` | <div style={{width:480}}>Specifies Kubernetes `name` and `namespace` objects that contains TLS certificates and private keys. <br/>The certificates establish a TLS handshake for requests that match the `hostname` of the associated `listener`. Each reference must be a Kubernetes Secret. If you are using a Secret in a namespace other than the `Gateway`'s, each reference must also have a corresponding [`ReferencePolicy`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferencePolicy).</div>  | Object or array | Required if `tls` is set |
+| `certificateRefs` | <div style={{width:480}}>Specifies Kubernetes `name` and `namespace` objects that contains TLS certificates and private keys. <br/>The certificates establish a TLS handshake for requests that match the `hostname` of the associated `listener`. Each reference must be a Kubernetes Secret. If you are using a Secret in a namespace other than the `Gateway`'s, each reference must also have a corresponding [`ReferenceGrant`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferenceGrant).</div>  | Object or array | Required if `tls` is set |
 | `mode` | Specifies the TLS Mode. Should always be set to `Terminate` for `HTTPRoutes` | string | Required if `certificateRefs` is set |
 | `options` | Specifies additional Consul API Gateway options. | Map of strings | optional |
--- a/website/content/docs/api-gateway/configuration/routes.mdx
+++ b/website/content/docs/api-gateway/configuration/routes.mdx
@ -121,15 +121,15 @@ This field specifies backend services that the `Route` references. The following
 | `group` | Specifies the Kubernetes API Group of the referenced backend. You can specify the following values: <ul><li>`""`: Specifies the core Kubernetes API group. This value must be used when `kind` is set to `Service`. This is the default value if unspecified.</li><li>`api-gateway.consul.hashicorp.com`: This value must be used when `kind` is set to `MeshService`.</li></ul> | String | Optional |
 | `kind` |  Specifies the Kubernetes Kind of the referenced backend. You can specify the following values: <ul><li>`Service` (default): Indicates that the `backendRef` references a Service in the Kubernetes cluster. </li><li>`MeshService`: Indicates that the `backendRef` references a service in the Consul mesh. Refer to the `MeshService` [documentation](/docs/api-gateway/configuration/meshservice) for additional information.</li></ul> | String | Optional |
 | `name` | Specifies the name of the Kubernetes Service or Consul mesh service resource. | String | Required |
-| `namespace` | Specifies the Kubernetes namespace containing the Kubernetes Service or Consul mesh service resource. You must specify a value if the Service or Consul mesh service is defined in a different namespace from the `Route`. Defaults to the namespace of the `Route`. <br/>To create a route for a `backendRef` in a different namespace, you must also create a [ReferencePolicy](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferencePolicy). Refer to the [example route](#example-cross-namespace-backendref) configured to reference across namespaces. | String | Optional |
+| `namespace` | Specifies the Kubernetes namespace containing the Kubernetes Service or Consul mesh service resource. You must specify a value if the Service or Consul mesh service is defined in a different namespace from the `Route`. Defaults to the namespace of the `Route`. <br/>To create a route for a `backendRef` in a different namespace, you must also create a [ReferenceGrant](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferenceGrant). Refer to the [example route](#example-cross-namespace-backendref) configured to reference across namespaces. | String | Optional |
 | `port` | Specifies the port number for accessing the Kubernetes or Consul service. | Integer | Required |
 | `weight` | Specifies the proportion of requests sent to the backend. Computed as weight divided by the sum of all weights in this `backendRefs` list. Defaults to `1`. A value of `0` indicates that no requests should be sent to the backend. | Integer | Optional |
 #### Example cross-namespace backendRef
-The following example creates a route named `example-route` in namespace `gateway-namespace`. This route has a `backendRef` in namespace `service-namespace`. Traffic is allowed because the `ReferencePolicy`, named `reference-policy` in namespace `service-namespace`, allows traffic from `HTTPRoutes` in `gateway-namespace` to `Services` in `service-namespace`.
+The following example creates a route named `example-route` in namespace `gateway-namespace`. This route has a `backendRef` in namespace `service-namespace`. Traffic is allowed because the `ReferenceGrant`, named `reference-grant` in namespace `service-namespace`, allows traffic from `HTTPRoutes` in `gateway-namespace` to `Services` in `service-namespace`.
-<CodeBlockConfig filename="route_with_referencepolicy.yaml">
+<CodeBlockConfig filename="route_with_referencegrant.yaml">
  ```yaml
  apiVersion: gateway.networking.k8s.io/v1alpha2
@ -149,9 +149,9 @@ The following example creates a route named `example-route` in namespace `gatewa
  ---
  apiVersion: gateway.networking.k8s.io/v1alpha2
-  kind: ReferencePolicy
+  kind: ReferenceGrant
  metadata:
-    name: reference-policy
+    name: reference-grant
    namespace: service-namespace
  spec:
    from:
--- a/website/content/docs/api-gateway/index.mdx
+++ b/website/content/docs/api-gateway/index.mdx
@ -38,7 +38,7 @@ are used, see the [documentation in our GitHub repo](https://github.com/hashicor
 | [`Gateway`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.Gateway) | <ul><li>Supported protocols: `HTTP`, `HTTPS`, `TCP`</li><li>Header-based hostname matching (no SNI support)</li><li>Supported filters: header addition, removal, and setting</li><li>TLS modes supported: `terminate`</li><li>Certificate types supported: `core/v1/Secret`</li><li>Extended options: TLS version and cipher constraints</li></ul> |
 | [`HTTPRoute`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.HTTPRoute) | <ul><li>Weight-based load balancing</li><li>Supported rules: path, header, query, and method-based matching</li><li>Supported filters: header addition, removal, and setting</li><li>Supported backend types: <ol><li>`core/v1/Service` (must map to a registered Consul service)</li><li>`api-gateway.consul.hashicorp.com/v1alpha1/MeshService`</li></ol></li></ul> |
 | [`TCPRoute`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.TCPRoute) | <ul><li>Supported backend types: <ol><li>`core/v1/Service` (must map to a registered Consul service)</li><li>`api-gateway.consul.hashicorp.com/v1alpha1/MeshService`</li></ol></li></ul> |
-| [`ReferencePolicy`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferencePolicy) | <ul><li>Required to allow any reference from a `Gateway` to a Kubernetes `core/v1/Secret` in a different namespace.</li><ul><li>A Gateway with an unpermitted `certificateRefs` caused by the lack of a` ReferencePolicy` sets a `ResolvedRefs` status to `False` with the reason `InvalidCertificateRef`. The Gateway will not become ready in this case.</li></ul><li>Required to allow any reference from an `HTTPRoute` or `TCPRoute` to a Kubernetes `core/v1/Service` in a different namespace.</li><ul><li>A route with an unpermitted `backendRefs` caused by the lack of a `ReferencePolicy` sets a `ResolvedRefs` status to `False` with the reason `RefNotPermitted`. The gateway listener rejects routes with an unpermitted `backendRefs`.</li><li>WARNING: If a route `backendRefs` becomes unpermitted, the entire route is removed from the gateway listener. <ul><li>A `backendRefs` can become unpermitted when you delete a `ReferencePolicy` or add a new unpermitted `backendRefs` to an existing route.</li></ul></li></ul></ul> |
+| [`ReferenceGrant`](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.ReferenceGrant) | <ul><li>Required to allow any reference from a `Gateway` to a Kubernetes `core/v1/Secret` in a different namespace.</li><ul><li>A Gateway with an unpermitted `certificateRefs` caused by the lack of a` ReferenceGrant` sets a `ResolvedRefs` status to `False` with the reason `InvalidCertificateRef`. The Gateway will not become ready in this case.</li></ul><li>Required to allow any reference from an `HTTPRoute` or `TCPRoute` to a Kubernetes `core/v1/Service` in a different namespace.</li><ul><li>A route with an unpermitted `backendRefs` caused by the lack of a `ReferenceGrant` sets a `ResolvedRefs` status to `False` with the reason `RefNotPermitted`. The gateway listener rejects routes with an unpermitted `backendRefs`.</li><li>WARNING: If a route `backendRefs` becomes unpermitted, the entire route is removed from the gateway listener. <ul><li>A `backendRefs` can become unpermitted when you delete a `ReferenceGrant` or add a new unpermitted `backendRefs` to an existing route.</li></ul></li></ul></ul> |
 ## Additional Resources
--- a/website/content/docs/release-notes/consul-api-gateway/v0_4_x.mdx
+++ b/website/content/docs/release-notes/consul-api-gateway/v0_4_x.mdx
@ -0,0 +1,72 @@
 ---
 layout: docs
 page_title: 0.4.x
 description: >-
  Consul API Gateway release notes for version 0.4.x
 ---
 # Consul API Gateway 0.4.0
 ## Release Highlights
 - **Support for Kubernetes Gateway API Version 0.5.0 and v1beta1 APIs:**
  The `v0.5.0` release of the Kubernetes Gateway API is significant because it
  marks the growth in maturity to a beta API version (v1beta1) release for some
  of the key APIs:
  - GatewayClass
  - Gateway
  - HTTPRoute
  The other APIs (e.g. TCPRoute) are still at the `v1alpha2` stage.
  Reaching `v1beta1` status has several benefits for users, including greater
  stability and backward compatibility requirements. Existing fields and allowed
  options can not be removed or renamed except in a new, major version of the
  API. Once an API reaches `v1beta1` status, future versions must comply with
  several backward compatibility requirements.
 - **URL Path Prefix Rewrite**
  This release introduces support for rewriting a URL's path prefix when routing
  HTTP traffic. This is configured by adding a `URLRewrite` filter to a
  `HTTPRoute`. With this feature, the gateway can rewrite the URL path, in a
  client's HTTP Request, before sending the request to a service. A simple
  example of this is changing the path from `//store/checkout` to
  `//cart/checkout`. Please see the product documentation for details on how to
  configure this feature.
 ## What's Changed
 - **Reference Policy Renamed to Reference Grant** In v0.5.0 of the Kubernetes
  Gateway API, `ReferencePolicy` has been renamed to `ReferenceGrant`. This
  release supports both but `ReferencePolicy` is deprecated and will be removed
  in a future version of the standard.
  After upgrading to this version of Consul API Gateway, you should rename all
  existing `ReferencePolicy`y to `ReferenceGrant`s. Please see the upgrading
  instructions for additional details.
 ## Supported Software
 - Consul 1.11.2+
 - HashiCorp Consul Helm chart 0.47.0+
 - Kubernetes 1.21+
  - Kubernetes 1.24 is not supported at this time.
 - Kubectl 1.21+
 - Envoy proxy support is determined by the Consul version deployed. Refer to
  [Envoy Integration](/docs/connect/proxies/envoy) for details.
 ## Kubernetes Gateway API Specification
 Supported version of the [Gateway API](https://gateway-api.sigs.k8s.io/) spec: v0.5.0
 ## Upgrading
 For detailed information on upgrading, please refer to the [Upgrades page](/docs/api-gateway/upgrades)
 ## Changelogs
 The changelogs for this major release version and any maintenance versions are listed below.
 ~> **Note:** The following link will take you to the changelogs on the GitHub website.
 - [0.4.0](https://github.com/hashicorp/consul-api-gateway/releases/tag/v0.4.0)
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@ -1265,6 +1265,10 @@
      {
        "title": "Consul API Gateway",
        "routes": [
          {
            "title": "v0.4.x",
            "path": "release-notes/consul-api-gateway/v0_4_x"
          },
          {
            "title": "v0.3.x",
            "path": "release-notes/consul-api-gateway/v0_3_x"