agentgateway: map frontend TLS annotations to frontend policy#96
Merged
agentgateway: map frontend TLS annotations to frontend policy#96
Conversation
Parse ingress-nginx ssl-handshake-timeout and ssl-alpn annotations, carry them through provider and emitter IR, and emit AgentgatewayPolicy spec.frontend.tls settings for affected routes. Add integration and e2e test fixtures for frontend TLS policy projection and update ingress-nginx and agentgateway README feature documentation. Refs #59 Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>
Emit frontend TLS settings as a dedicated Gateway-targeted AgentgatewayPolicy so agentgateway validation accepts the resource. Keep the existing HTTPRoute-scoped policy path for traffic features, add focused unit coverage for Gateway targeting and conflict detection, and refresh docs plus golden output to match the new attachment model. Refs #59 Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>
danehans
added a commit
that referenced
this pull request
Mar 18, 2026
Ingress NGINX does not document the frontend TLS listener knobs\nthat PR #96 treated as per-Ingress annotations. Related upstream TLS\ncontrols exist, but they do not map cleanly to agentgateway's\nfrontend.tls handshake timeout or ALPN fields.\n\nRemove the unsupported provider and emitter mapping, delete the\nrelated fixtures and tests, and update the ingress-nginx and\nagentgateway docs to reflect that these frontend TLS settings are not\ncurrently projected from ingress-nginx inputs.\n\nRefs #59 Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind feature
/kind test
/kind documentation
What this PR does / why we need it:
nginx.ingress.kubernetes.io/ssl-handshake-timeoutnginx.ingress.kubernetes.io/ssl-alpnAgentgatewayPolicy.spec.frontend.tlsfor affected HTTPRoutes in the agentgateway emitter
Which issue(s) this PR fixes:
Refs #59
Does this PR introduce a user-facing change?: