docs: add ssl passthrough note in FAQ (#844)

* docs: note about SSL passthrough in gateway godoc * docs: add FAQ entry about SSL passthrough * Apply suggestions from code review Co-authored-by: Rob Scott <rob.scott87@gmail.com> * Update site-src/faq.md Co-authored-by: Rob Scott <rob.scott87@gmail.com>
kubernetes-sigs · Sep 2, 2021 · 817f1b6 · 817f1b6
1 parent 11c196d
commit 817f1b6
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/apis/v1alpha2/gateway_types.go b/apis/v1alpha2/gateway_types.go
@@ -334,9 +334,12 @@ const (
 	// In this mode, TLS session between the downstream client
 	// and the Gateway is terminated at the Gateway.
 	TLSModeTerminate TLSModeType = "Terminate"
+
 	// In this mode, the TLS session is NOT terminated by the Gateway. This
 	// implies that the Gateway can't decipher the TLS stream except for
 	// the ClientHello message of the TLS protocol.
+	//
+	// Note that SSL passthrough is only supported by TLSRoute.
 	TLSModePassthrough TLSModeType = "Passthrough"
 )
 

diff --git a/site-src/faq.md b/site-src/faq.md
@@ -66,5 +66,15 @@
   AppProtocol depend on Kubernetes 1.18 (opt-in) or 1.19 (on by default). 
   There are not any other exceptions to the 1.16+ guideline right now.
 
+* **Q: Is SSL Passthrough supported?**
+  A: SSL Passthrough (wherein a Gateway routes traffic with the [Transport
+  Layer Security (TLS)][tls] encryption _intact_ to a backend service instead of
+  terminating it) is supported by [TLSRoutes][tlsroute]. See the
+  [TLS Guide][tlsguide] for more details about passthrough and other TLS
+  configurations.
+
 [1]: https://github.com/kubernetes-sigs/gateway-api
 [2]: https://github.com/kubernetes-sigs/gateway-api/releases
+[tls]:https://en.wikipedia.org/wiki/Transport_Layer_Security
+[tlsroute]:/concepts/api-overview.md#tlsroute
+[tlsguide]:/guides/tls.md