diff --git a/docs/api-types/target-group-policy.md b/docs/api-types/target-group-policy.md index 93acfc0c..69877cc1 100644 --- a/docs/api-types/target-group-policy.md +++ b/docs/api-types/target-group-policy.md @@ -28,9 +28,9 @@ However, the policy will not take effect unless the target is valid. ### Limitations and Considerations -- Attaching TargetGroupPolicy to a Service that is already referenced by a route will result in a replacement +- Attaching TargetGroupPolicy to an existing Service that is already referenced by a route will result in a replacement of VPC Lattice TargetGroup resource, except for health check updates. -- Attaching TargetGroupPolicy to a ServiceExport will result in a replacement of VPC Lattice TargetGroup resource, except for health check updates. +- Attaching TargetGroupPolicy to an existing ServiceExport will result in a replacement of VPC Lattice TargetGroup resource, except for health check updates. - Removing TargetGroupPolicy of a resource will roll back protocol configuration to default setting. (HTTP1/HTTP plaintext) ## Example Configuration diff --git a/docs/api-types/tls-route.md b/docs/api-types/tls-route.md index 0f0fd77f..f1642274 100644 --- a/docs/api-types/tls-route.md +++ b/docs/api-types/tls-route.md @@ -5,20 +5,12 @@ With integration of the Gateway API, AWS Gateway API Controller supports `TLSRoute`. This allows you to define and manage end-to-end TLS encrypted traffic routing to your Kubernetes clusters. -### TLSRoute Key Features & Limitations - -**Features**: - -- **Routing Traffic**: Enables routing end-to-end TLS encrypted traffic from your client workload to server workload. - - -**Limitations**: - -- **Listener Protocol**: The `TLSRoute` sectionName must refer to an TLS protocol listener with mode: Passthrough in the parent `Gateway`. +### Considerations +- `TLSRoute` sectionName must refer to an TLS protocol listener with mode: Passthrough in the parentRef `Gateway`. - `TLSRoute` only supports to have one rule. -- `TLSRoute` don't support `matches` field in the rule. -- The `hostnames` field with exactly one host name is required. This domain name is used as a vpc lattice's Service Name Indication (SNI) match. +- `TLSRoute` don't support any rule matching condition. +- The `hostnames` field with exactly one host name is required. This domain name is used as a vpc lattice's Service Name Indication (SNI) match to route the traffic to the correct backend service. ## Example Configuration @@ -57,6 +49,10 @@ In this example: - The `TLSRoute` is configured to route traffic to a k8s service named `nginx-tls` on port 443. - The `hostnames` field is set to `nginx-test.my-test.com`. The customer must use this domain name to send traffic to the nginx service. -This `TLSRoute` documentation provides a detailed introduction, feature set, and a basic example of how to configure -and use the resource within AWS Gateway API Controller project. For in-depth details and specifications, you can refer to the -official [Gateway API documentation](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.TLSRoute). \ No newline at end of file + +For the detailed tls passthrough traffic connectivity setup by the controller, you can refer the user guide [here](../guides/tls-passthrough.md). + +For the detailed Gateway API `TLSRoute` resource specifications, you can refer to the +Kubernetes official [documentation](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.TLSRoute). + +For the VPC Lattice tls passthrough Listener configuration details, you can refer to the VPC Lattice [documentation](https://docs.aws.amazon.com/vpc-lattice/latest/ug/tls-listeners.html). \ No newline at end of file