docs: add guide for excluding traffic from transparent proxy redirection #2219
Conversation
- Added a guide on how to exclude specific traffic from transparent proxy redirection - Included configuration examples for better clarity Signed-off-by: Bart Smykla <[email protected]>
bartsmykla
requested review from
johncowen and
Icarus9913
and removed request for
a team
…-transparent-proxy-guide
✅ Deploy Preview for kuma ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for kuma ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
Note that #2216 affects this PR |
…-transparent-proxy-guide
Signed-off-by: Bart Smykla <[email protected]>
…-transparent-proxy-guide Signed-off-by: Bart Smykla <[email protected]>
…-transparent-proxy-guide
|
|
||
| Use this guide to control which traffic the transparent proxy intercepts and which it allows through directly. | ||
|
|
||
| ## Terminology overview |
There was a problem hiding this comment.
should we split this terminology overview between kubernetes and universal? Do we even need it, I guess these are core concepts of Kubernetes and users should be familiar with them when they start playing with service mesh
There was a problem hiding this comment.
I noticed that the three concepts "Workload", "ConfigMap", "Service" aren't mentioned in the following guides, do we really need this paragraph ?
| Follow the [Kubernetes Quickstart]({{ docs }}/quickstart/kubernetes-demo/) guide to set up a zone control plane and demo application. | ||
| {% endtab %} | ||
| {% tab Universal %} | ||
| Confirm that all necessary components are up and running. The following resources may be useful: |
There was a problem hiding this comment.
wouldn't it be enought. to just link to universal quickstart or docker quickstart?
|
I am still not sure if this fits well with guides, there are no steps to follow here and you cannot easily try this, maybe we need new concept for such docs, like |
| 1. **Familiarity with transparent proxy:** You should already understand what a transparent proxy is, how to install it, and how to configure its settings. | ||
|
|
There was a problem hiding this comment.
We should add a link that jumps to transparent section
|
|
||
| ## Exclude traffic on certain ports | ||
|
|
||
| This example shows how to exclude incoming traffic on port `1234` and outgoing traffic on ports `5678` and `8900`. |
There was a problem hiding this comment.
I'd recommend emphasize the intercept concept, same as the latter "Exclude traffic to and from specific IP addresses" section
| This example shows how to exclude incoming traffic on port `1234` and outgoing traffic on ports `5678` and `8900`. | |
| This example demonstrates how to configure the transparent proxy to exclude incoming traffic on port 1234 and outgoing traffic on ports 5678 and 8900 from being intercepted. |
| You can add these annotations manually in your Kubernetes manifests or by using below command: | ||
|
|
||
| ```sh | ||
| kubectl annotate pods example-app \ | ||
| "traffic.kuma.io/exclude-inbound-ports=1234" \ | ||
| "traffic.kuma.io/exclude-outbound-ports=5678,8900" | ||
| ``` |
There was a problem hiding this comment.
I suggest removing these because the user would edit the annotations in controller(deployment, statefulset) in the main use cases.
With the above Pod yaml, it's enough to make the user understand the usage of our annotations.
|
|
||
| Use this guide to control which traffic the transparent proxy intercepts and which it allows through directly. | ||
|
|
||
| ## Terminology overview |
There was a problem hiding this comment.
I noticed that the three concepts "Workload", "ConfigMap", "Service" aren't mentioned in the following guides, do we really need this paragraph ?
Preview: https://deploy-preview-2219--kuma.netlify.app/docs/2.9.x/guides/excluding-traffic-from-transparent-proxy-redirection/
Did you sign your commit? Instructions: 👍
Have you read Contributing guidelines?: 👍