Request Filtering Between Gateways and Namespaced Routes #634
Description
What would you like to be added:
A method for Gateway administrators to use routing rules to filter which traffic can be forwarded to downstream routes.
As a Gateway administrator managing an HTTP load balancer I would like to delegate particular path prefixes to namespaced HTTPRoutes to prevent namespace administrators from writing rules that conflict with the rules from other namespaces.
For example, I should be able to delegate /cats to the cats namespace and /dogs to the dogs namespace. Then the administrators for each of those namespaces can safely write any rule they want, but with the expectation that the path
rules are prefixed with /cats or /dogs. /cats/food and /dogs/food would never collide because the Gateway administrator had already pre-filtered the traffic.
Why is this needed:
Currently the API allows request filtering for HTTPRoutes and TCPRoutes. Gateway administrators can delegate traffic routing down to those routes which should be owned by individual namespace administrators (Think Hub and Spoke).
This immediately raises the issue of how can a central administrator prevent multiple namespaces from writing conflicting routing rules. Current documentation states that if namespace A and namespace B create the same routes the conflict will be resolved via timestamp (HTTPRouteRule).