TLS Passthrough

[mpstefan]

trafficstars

As a user of NGF who is hosting their applications on a shared cluster I want NGF to send traffic to my applications without decrypting traffic in NGF So that all my traffic is encrypted during transit within the cluster.

Background

As part of our expanding our Gateway API surface, TLS connections, especially TLS passthrough, will likely be the most common use case next to HTTPRoutes. This epic should simply include the stories required to deliver TLS passthrough for NGF.

Acceptance Criteria

• Users can setup a route with TLS passthrough to their service.
• Guide is created to demonstrate how to setup TLS passthrough
• Functionality is covered by a functional or conformance test.

### Tasks
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2115
- [ ] #686
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2139
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2285
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2286
- [ ] https://github.com/nginxinc/nginx-gateway-fabric/issues/2184

Links

• The TLSRoute specification: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2.TLSRoute

For Discussion

• Do we need to split up the work to implement a TLSRoute?
• Are there any modifications we can do to traffic that we would need to account for in the case of a TLS passthrough?