diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 78f680a1ad5b..c411f4d054a2 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -1647,14 +1647,18 @@ Topics: Dir: ingress_load_balancing Distros: openshift-enterprise,openshift-origin Topics: - - Name: Configuring Routes + - Name: Routes Dir: routes Distros: openshift-enterprise,openshift-origin Topics: - - Name: Route configuration - File: route-configuration - - Name: Secured routes - File: secured-routes + - Name: Creating basic routes + File: creating-basic-routes + - Name: Securing routes + File: securing-routes + - Name: Configuring routes + File: nw-configuring-routes + - Name: Creating advanced routes + File: creating-advanced-routes - Name: Configuring ingress cluster traffic Dir: configuring_ingress_cluster_traffic Distros: openshift-enterprise,openshift-origin diff --git a/_topic_maps/_topic_map_osd.yml b/_topic_maps/_topic_map_osd.yml index 620dd3ea35d9..769f01305ebd 100644 --- a/_topic_maps/_topic_map_osd.yml +++ b/_topic_maps/_topic_map_osd.yml @@ -787,13 +787,17 @@ Topics: Dir: ingress_load_balancing Distros: openshift-dedicated Topics: - - Name: Configuring Routes + - Name: Routes Dir: routes Topics: - - Name: Route configuration - File: route-configuration - - Name: Secured routes - File: secured-routes + - Name: Creating basic routes + File: creating-basic-routes + - Name: Securing routes + File: securing-routes + - Name: Configuring Routes + File: nw-configuring-routes + - Name: Creating advanced Routes + File: creating-advanced-routes --- Name: Building applications Dir: applications diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml index 1d710e4ec229..b70a4665de0a 100644 --- a/_topic_maps/_topic_map_rosa.yml +++ b/_topic_maps/_topic_map_rosa.yml @@ -1013,14 +1013,18 @@ Topics: Dir: ingress_load_balancing Distros: openshift-rosa Topics: - - Name: Configuring Routes - Dir: routes - Distros: openshift-rosa - Topics: - - Name: Route configuration - File: route-configuration - - Name: Secured routes - File: secured-routes + - Name: Routes + Dir: routes + Distros: openshift-rosa + Topics: + - Name: Creating basic routes + File: creating-basic-routes + - Name: Securing routes + File: securing-routes + - Name: Configuring Routes + File: nw-configuring-routes + - Name: Creating advanced Routes + File: creating-advanced-routes --- Name: Building applications Dir: applications diff --git a/_topic_maps/_topic_map_rosa_hcp.yml b/_topic_maps/_topic_map_rosa_hcp.yml index 70caaf3fb52e..198bb4499212 100644 --- a/_topic_maps/_topic_map_rosa_hcp.yml +++ b/_topic_maps/_topic_map_rosa_hcp.yml @@ -1052,14 +1052,18 @@ Topics: Dir: ingress_load_balancing Distros: openshift-rosa-hcp Topics: - - Name: Configuring Routes + - Name: Routes Dir: routes Distros: openshift-rosa-hcp Topics: - - Name: Route configuration - File: route-configuration - - Name: Secured routes - File: secured-routes + - Name: Creating basic routes + File: creating-basic-routes + - Name: Securing routes + File: securing-routes + - Name: Configuring Routes + File: nw-configuring-routes + - Name: Creating advanced Routes + File: creating-advanced-routes --- Name: Nodes Dir: nodes diff --git a/applications/deployments/route-based-deployment-strategies.adoc b/applications/deployments/route-based-deployment-strategies.adoc index 430db58f6b11..8a451f324bff 100644 --- a/applications/deployments/route-based-deployment-strategies.adoc +++ b/applications/deployments/route-based-deployment-strategies.adoc @@ -34,11 +34,9 @@ include::modules/deployments-blue-green.adoc[leveloffset=+1] include::modules/deployments-ab-testing.adoc[leveloffset=+1] include::modules/deployments-ab-testing-lb.adoc[leveloffset=+2] -ifndef::openshift-rosa-hcp[] // Remove conditionals when Networking content is in ROSA HCP [role="_additional-resources"] [id="additional-resources_{context}"] == Additional resources -* xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#nw-route-specific-annotations_route-configuration[Route-specific annotations]. -endif::[] +* xref:../../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#nw-route-specific-annotations[Route-specific annotations] \ No newline at end of file diff --git a/applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc b/applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc index 8634c24da8f7..6d031451f3a1 100644 --- a/applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc +++ b/applications/odc-monitoring-project-and-application-metrics-using-developer-perspective.adoc @@ -1,8 +1,10 @@ :_mod-docs-content-type: ASSEMBLY [id="odc-monitoring-project-and-application-metrics-using-developer-perspective"] = Monitoring project and application metrics using the Developer perspective + include::_attributes/common-attributes.adoc[] -:context: monitoring-project-and-application-metrics-using-developer-perspective + +:context: odc-monitoring-project-and-application-metrics-using-developer-perspective toc::[] diff --git a/cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc b/cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc index 036fc1bf304c..4531be16bb3d 100644 --- a/cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc +++ b/cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc @@ -22,7 +22,7 @@ include::snippets/mobb-support-statement.adoc[leveloffset=+1] [TIP] ==== -Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../networking/ingress_load_balancing/routes/route-configuration.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route. +Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route. ==== The link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/[AWS Load Balancer Controller] manages AWS Elastic Load Balancers for a {product-title} cluster. The controller provisions link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html[AWS Application Load Balancers (ALB)] when you create Kubernetes Ingress resources and link:https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html[AWS Network Load Balancers (NLB)] when implementing Kubernetes Service resources with a type of LoadBalancer. diff --git a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-openshift-concepts.adoc b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-openshift-concepts.adoc index a1c4c6180493..37e57e7c623c 100644 --- a/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-openshift-concepts.adoc +++ b/cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-openshift-concepts.adoc @@ -127,7 +127,7 @@ An individual route can override some defaults by providing specific configurati [role="_additional-resources"] .Additional resources -* xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#nw-route-specific-annotations_route-configuration[Route-specific annotations] +* xref:../../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#nw-route-specific-annotations[Route-specific-annotations] [id="cloud-experts-getting-started-openshift-concepts-imagestreams"] == Image streams diff --git a/modules/odc-deleting-applications-using-developer-perspective.adoc b/modules/odc-deleting-applications-using-developer-perspective.adoc index e1c7021953ed..e475ab0676e8 100644 --- a/modules/odc-deleting-applications-using-developer-perspective.adoc +++ b/modules/odc-deleting-applications-using-developer-perspective.adoc @@ -1,3 +1,8 @@ +// Module included in the following assemblies: +// +// odc-deleting-applications.adoc + +:_mod-docs-content-type: PROCEDURE [id="odc-deleting-applications-using-developer-perspective_{context}"] = Deleting applications using the Developer perspective diff --git a/networking/ingress_load_balancing/routes/creating-advanced-routes.adoc b/networking/ingress_load_balancing/routes/creating-advanced-routes.adoc new file mode 100644 index 000000000000..103c98ae7ec8 --- /dev/null +++ b/networking/ingress_load_balancing/routes/creating-advanced-routes.adoc @@ -0,0 +1,25 @@ +:_mod-docs-content-type: ASSEMBLY +[id="creating-advanced-routes"] += Creating advanced routes +include::_attributes/common-attributes.adoc[] +:context: creating-advanced-routes + +toc::[] + +You can create secure routes with the ability to use several types of TLS termination to serve certificates to the client. The following sections describe how to create re-encrypt, edge, and passthrough routes with custom certificates. + + +//Creating an edge route with a custom certificate +include::modules/nw-ingress-creating-an-edge-route-with-a-custom-certificate.adoc[leveloffset=+1] + +//Creating a reencrypt route with a custom certificate +include::modules/nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate.adoc[leveloffset=+1] + +//Creating a passthrough route +include::modules/nw-ingress-creating-a-passthrough-route.adoc[leveloffset=+1] + +//Creating a route using the destination CA certificate +include::modules/nw-ingress-reencrypt-route-custom-cert.adoc[leveloffset=+1] + +//Creating a route with externally managed certificates +include::modules/nw-ingress-route-secret-load-external-cert.adoc[leveloffset=+1] \ No newline at end of file diff --git a/networking/ingress_load_balancing/routes/creating-basic-routes.adoc b/networking/ingress_load_balancing/routes/creating-basic-routes.adoc new file mode 100644 index 000000000000..52bdc636858b --- /dev/null +++ b/networking/ingress_load_balancing/routes/creating-basic-routes.adoc @@ -0,0 +1,13 @@ +:_mod-docs-content-type: ASSEMBLY +[id="creating-basic-routes"] += Creating basic routes +include::_attributes/common-attributes.adoc[] +:context: creating-basic-routes + +toc::[] + +If you have unencrypted HTTP, you can create a basic route with a route object. + +include::modules/nw-creating-a-route.adoc[leveloffset=+1] + +include::modules/nw-path-based-routes.adoc[leveloffset=+1] \ No newline at end of file diff --git a/networking/ingress_load_balancing/routes/nw-configuring-routes.adoc b/networking/ingress_load_balancing/routes/nw-configuring-routes.adoc new file mode 100644 index 000000000000..acf4742e3a16 --- /dev/null +++ b/networking/ingress_load_balancing/routes/nw-configuring-routes.adoc @@ -0,0 +1,27 @@ +:_mod-docs-content-type: ASSEMBLY +[id="nw-configuring-routes"] += Configuring routes +include::_attributes/common-attributes.adoc[] +:context: configuring-routes + +toc::[] + +You can use annotations, headers, cookies, and more to customize your route configuration. + +//Configuring route timeouts +include::modules/nw-configuring-route-timeouts.adoc[leveloffset=+1] + +//HTTP header configuration +include::modules/nw-http-header-configuration.adoc[leveloffset=+1] + +//Setting or deleting http headers +include::modules/nw-route-set-or-delete-http-headers.adoc[leveloffset=+1] + +//Using cookies to keep route statefulness +include::modules/nw-using-cookies-keep-route-statefulness.adoc[leveloffset=+1] + +//Annotating a route with a cookie name +include::modules/nw-annotating-a-route-with-a-cookie-name.adoc[leveloffset=+2] + +//Additional annotations (to be separated into modules with more detail at a later date) +include::modules/nw-route-specific-annotations.adoc[leveloffset=+1] \ No newline at end of file diff --git a/networking/ingress_load_balancing/routes/route-configuration.adoc b/networking/ingress_load_balancing/routes/route-configuration.adoc index 8f769472338e..9421532de76a 100644 --- a/networking/ingress_load_balancing/routes/route-configuration.adoc +++ b/networking/ingress_load_balancing/routes/route-configuration.adoc @@ -1,6 +1,4 @@ :_mod-docs-content-type: ASSEMBLY -// Assembly filename:route-configuration.adoc -// Explains route configuration. [id="route-configuration"] = Route configuration include::_attributes/common-attributes.adoc[] diff --git a/networking/ingress_load_balancing/routes/securing-routes.adoc b/networking/ingress_load_balancing/routes/securing-routes.adoc new file mode 100644 index 000000000000..a87c61405782 --- /dev/null +++ b/networking/ingress_load_balancing/routes/securing-routes.adoc @@ -0,0 +1,21 @@ +:_mod-docs-content-type: ASSEMBLY +[id="securing-routes"] += Securing routes +include::_attributes/common-attributes.adoc[] +:context: securing-routes + +toc::[] + +You can secure a route with HTTP strict transport security (HSTS). + +//HTTP Strict Transport Security +include::modules/nw-enabling-hsts.adoc[leveloffset=+1] + +//Enabling HTTP strict transport security per-route +include::modules/nw-enabling-hsts-per-route.adoc[leveloffset=+2] + +//Disabling HTTP strict transport security per-route +include::modules/nw-disabling-hsts.adoc[leveloffset=+2] + +//Enforcing HTTP strict transport security per-domain +include::modules/nw-enforcing-hsts-per-domain.adoc[leveloffset=+2] diff --git a/networking/networking_operators/aws-load-balancer-operator.adoc b/networking/networking_operators/aws-load-balancer-operator.adoc index 882d06845e9a..6101d736dfe8 100644 --- a/networking/networking_operators/aws-load-balancer-operator.adoc +++ b/networking/networking_operators/aws-load-balancer-operator.adoc @@ -10,7 +10,7 @@ The AWS Load Balancer Operator is an Operator supported by Red{nbsp}Hat that use [IMPORTANT] ==== -Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route. +Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../../networking/ingress_load_balancing/routes/creating-basic-routes.adoc#creating-basic-routes[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route. ==== The link:https://github.com/openshift/aws-load-balancer-operator[AWS Load Balancer Operator] is used to install, manage and configure the link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/[AWS Load Balancer Controller] in a {product-title} cluster. diff --git a/security/cert_manager_operator/cert-manager-securing-routes.adoc b/security/cert_manager_operator/cert-manager-securing-routes.adoc index b9665cf905c4..ce30ce8e11e9 100644 --- a/security/cert_manager_operator/cert-manager-securing-routes.adoc +++ b/security/cert_manager_operator/cert-manager-securing-routes.adoc @@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[] toc::[] -In the {product-title}, the route API is extended to provide a configurable option to reference TLS certificates via secrets. With xref:../../networking/ingress_load_balancing/routes/secured-routes.adoc#nw-ingress-route-secret-load-external-cert_secured-routes[externally managed certificates] enabled, you can minimize errors from manual intervention, streamline the certificate management process, and enable the {product-title} router to promptly serve the referenced certificate. +In the {product-title}, the route API is extended to provide a configurable option to reference TLS certificates via secrets. With xref:../../networking/ingress_load_balancing/routes/creating-advanced-routes.adoc#nw-ingress-route-secret-load-external-cert_secured-routes[externally managed certificates] enabled, you can minimize errors from manual intervention, streamline the certificate management process, and enable the {product-title} router to promptly serve the referenced certificate. include::modules/cert-manager-configuring-routes.adoc[leveloffset=+1] @@ -14,6 +14,6 @@ include::modules/cert-manager-configuring-routes.adoc[leveloffset=+1] [id="additional-resources_{context}"] == Additional resources -* xref:../../networking/ingress_load_balancing/routes/secured-routes.adoc#nw-ingress-route-secret-load-external-cert_secured-routes[Creating a route with externally managed certificate] +* xref:../../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#nw-ingress-route-secret-load-external-cert_secured-routes[Creating a route with externally managed certificate] * xref:../../security/cert_manager_operator/cert-manager-operator-issuer-acme.adoc#cert-manager-operator-issuer-acme[Configuring an ACME issuer] \ No newline at end of file diff --git a/security/certificates/service-serving-certificate.adoc b/security/certificates/service-serving-certificate.adoc index c8775cb82ab3..694a8ae161e9 100644 --- a/security/certificates/service-serving-certificate.adoc +++ b/security/certificates/service-serving-certificate.adoc @@ -12,7 +12,7 @@ include::modules/customize-certificates-add-service-serving.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources -* You can use a service certificate to configure a secure route using reencrypt TLS termination. For more information, see xref:../../networking/ingress_load_balancing/routes/secured-routes.adoc#nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate_secured-routes[Creating a re-encrypt route with a custom certificate]. +* You can use a service certificate to configure a secure route using reencrypt TLS termination. For more information, see xref:../../networking/ingress_load_balancing/routes/creating-advanced-routes.adoc#nw-ingress-creating-a-reencrypt-route-with-a-custom-certificate_secured-routes[Creating a re-encrypt route with a custom certificate]. include::modules/customize-certificates-add-service-serving-configmap.adoc[leveloffset=+1] diff --git a/service_mesh/v2x/ossm-route-migration.adoc b/service_mesh/v2x/ossm-route-migration.adoc index 1889def677b6..97a3fa25c904 100644 --- a/service_mesh/v2x/ossm-route-migration.adoc +++ b/service_mesh/v2x/ossm-route-migration.adoc @@ -14,5 +14,5 @@ include::modules/ossm-migrating-from-ior-to-explicitly-managed-routes.adoc[level [id="additional-resources_{context}"] == Additional resources -* xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#nw-creating-a-route_route-configuration[Creating an HTTP-based Route] +* xref:../../networking/ingress_load_balancing/routes/creating-basic-routes.adoc#nw-creating-a-route_route-configuration[Creating an HTTP-based Route] * xref:../../service_mesh/v2x/ossm-traffic-manage.adoc#ossm-auto-route_traffic-management[Understanding automatic routes] diff --git a/service_mesh/v2x/ossm-traffic-manage.adoc b/service_mesh/v2x/ossm-traffic-manage.adoc index 8c375a9c292b..e8cb9d760d5c 100644 --- a/service_mesh/v2x/ossm-traffic-manage.adoc +++ b/service_mesh/v2x/ossm-traffic-manage.adoc @@ -57,7 +57,7 @@ include::modules/ossm-auto-route-annotations.adoc[leveloffset=+2] ifdef::openshift-enterprise[] .Additional resources -* xref:../../networking/ingress_load_balancing/routes/route-configuration.adoc#nw-route-specific-annotations_route-configuration[Route-specific annotations]. +* xref:../../networking/ingress_load_balancing/routes/nw-configuring-routes.adoc#nw-route-specific-annotations[Route-specific annotations]. endif::[] include::modules/ossm-auto-route-enable.adoc[leveloffset=+2]