TLS Routes¶
To use TLSRoute:
- Install your traffic provider
- Install GatewayAPI CRD if your traffic provider doesn't do it by default
- Install Argo Rollouts
- Install Argo Rollouts GatewayAPI plugin
- Create stable and canary services
- Create TLSRoute resource according to the GatewayAPI and your traffic provider documentation
apiVersion: gateway.networking.k8s.io/v1alpha2 kind: TLSRoute metadata: name: first-tlsroute namespace: default spec: parentRefs: - name: traefik-gateway # read documentation of your traffic provider to understand what you need to specify here sectionName: tls namespace: default kind: Gateway hostnames: - "example.com" # SNI hostname for TLS traffic routing rules: - backendRefs: - name: argo-rollouts-stable-service # stable service you have created on the 5th step port: 443 - name: argo-rollouts-canary-service # canary service you have created on the 5th step port: 443 - Create Rollout resource
apiVersion: argoproj.io/v1alpha1 kind: Rollout metadata: name: rollouts-demo namespace: default spec: replicas: 2 strategy: canary: canaryService: argo-rollouts-canary-service stableService: argo-rollouts-stable-service trafficRouting: plugins: argoproj-labs/gatewayAPI: tlsRoute: first-tlsroute # tlsroute you have created on the 6th step namespace: default # namespace where your tlsroute is steps: - setWeight: 30 - pause: { duration: 2 } revisionHistoryLimit: 1 selector: matchLabels: app: rollouts-demo template: metadata: labels: app: rollouts-demo spec: containers: - name: rollouts-demo image: argoproj/rollouts-demo:red ports: - name: https containerPort: 8080 protocol: TCP resources: requests: memory: 32Mi cpu: 5m
Traffic Provider Support¶
TLSRoute is part of the Gateway API experimental channel. Ensure your traffic provider supports TLSRoute before using it in production. Check the Gateway API implementations list for TLSRoute support.