feat(meshpassthrough): add new limitations for MeshPassthrough (#2114)

* feat(meshpassthrough): add new limitations for MeshPassthrough Wildcard domains with L7 protocol and all ports doesn't work. It's because envoy doesn't support *.domain.com:* in a virtual host Signed-off-by: Icarus Wu <[email protected]> * review Signed-off-by: Icarus Wu <[email protected]> --------- Signed-off-by: Icarus Wu <[email protected]>
kumahq · Dec 11, 2024 · 376d703 · 376d703
1 parent e2bedc8
commit 376d703
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/app/_src/policies/meshpassthrough.md b/app/_src/policies/meshpassthrough.md
@@ -92,6 +92,7 @@ If you rely on tags in the top-level `targetRef` you might consider securing the
 
 * Due to the nature of some traffic, it is not possible to combine certain protocols on the same port. You can create a `MeshPassthrough` policy that handles `tcp`, `tls`, and one of `http`, `http2`, or `grpc` traffic on the same port. Layer 7 protocols cannot be distinguished, which could introduce unexpected behavior.
 * It is currently not possible to route passthrough traffic through the [zone egress](/docs/{{ page.release }}/production/cp-deployment/zoneegress/#zone-egress). However, this feature will be implemented in the future.
+* Wildcard domains with L7 protocol and all ports is not supported.
 * {% if_version gte:2.9.x %}Builtin gateway is not supported.{% endif_version %}{% if_version lte:2.8.x %}Gateways are currently not supported.{% endif_version %}
 
 ## Examples