Improve documentations for tolerate-non-existent-backend-{service,action} (#3442)

guessi · web-flow · commit 3c6281acce42 · 2023-12-11T16:10:15.000-08:00
diff --git a/docs/deploy/configurations.md b/docs/deploy/configurations.md
@@ -101,8 +101,8 @@ Currently, you can set only 1 namespace to watch in this flag. See [this Kuberne
 |[sync-period](#sync-period)                            | duration                        | 10h0m0s         | Period at which the controller forces the repopulation of its local object stores|
 |targetgroupbinding-max-concurrent-reconciles | int                       | 3               | Maximum number of concurrently running reconcile loops for targetGroupBinding |
 |targetgroupbinding-max-exponential-backoff-delay | duration              | 16m40s          | Maximum duration of exponential backoff for targetGroupBinding reconcile failures |
-|tolerate-non-existent-backend-service  | boolean                         | true            | Whether to allow rules which refer to backend services that do not exist |
-|tolerate-non-existent-backend-action  | boolean                         | true            | Whether to allow rules which refer to backend actions that do not exist |
+|tolerate-non-existent-backend-service  | boolean                         | true            | Whether to allow rules which refer to backend services that do not exist (When enabled, it will return 503 error if backend service not exist) |
+|tolerate-non-existent-backend-action  | boolean                         | true            | Whether to allow rules which refer to backend actions that do not exist (When enabled, it will return 503 error if backend action not exist) |
 |watch-namespace                        | string                          |                 | Namespace the controller watches for updates to Kubernetes objects, If empty, all namespaces are watched. |
 |webhook-bind-port                      | int                             | 9443            | The TCP port the Webhook server binds to |
 |webhook-cert-dir                       | string                          | /tmp/k8s-webhook-server/serving-certs | The directory that contains the server key and certificate |
@@ -139,7 +139,7 @@ By default, the controller assumes sole ownership of the WAF addons associated t
 And the users should disable them accordingly if they want a third party like AWS Firewall Manager to associate or remove the WAF-ACL of the ALBs.
 Once disabled, the controller shall not take any actions on the waf addons of the provisioned ALBs.
 
-###  throttle config
+### throttle config
 
 Controller uses the following default throttle config:
 
diff --git a/helm/aws-load-balancer-controller/README.md b/helm/aws-load-balancer-controller/README.md
@@ -233,6 +233,8 @@ The default values set by the application itself can be confirmed [here](https:/
 | `watchNamespace`                               | Namespace the controller watches for updates to Kubernetes objects, If empty, all namespaces are watched                                                                                                               | None                                              |
 | `disableIngressClassAnnotation`                | Disables the usage of kubernetes.io/ingress.class annotation                                                                                                                                                           | None                                              |
 | `disableIngressGroupNameAnnotation`            | Disables the usage of alb.ingress.kubernetes.io/group.name annotation                                                                                                                                                  | None                                              |
+| `tolerateNonExistentBackendService`            | whether to allow rules that reference a backend service that does not exist. (When enabled, it will return 503 error if backend service not exist)                                                                     | `true`                                            |
+| `tolerateNonExistentBackendAction`             | whether to allow rules that reference a backend action that does not exist. (When enabled, it will return 503 error if backend action not exist)                                                                       | `true`                                            |
 | `defaultSSLPolicy`                             | Specifies the default SSL policy to use for HTTPS or TLS listeners                                                                                                                                                     | None                                              |
 | `externalManagedTags`                          | Specifies the list of tag keys on AWS resources that are managed externally                                                                                                                                            | `[]`                                              |
 | `livenessProbe`                                | Liveness probe settings for the controller                                                                                                                                                                             | (see `values.yaml`)                               |
diff --git a/helm/aws-load-balancer-controller/test.yaml b/helm/aws-load-balancer-controller/test.yaml
@@ -209,10 +209,10 @@ disableIngressClassAnnotation:
 # disableIngressGroupNameAnnotation disables the usage of alb.ingress.kubernetes.io/group.name annotation, false by default
 disableIngressGroupNameAnnotation:
 
-# tolerateNonExistentBackendService permits rules which specify backend services that don't exist, true by default
+# tolerateNonExistentBackendService permits rules which specify backend services that don't exist, true by default (When enabled, it will return 503 error if backend service not exist)
 tolerateNonExistentBackendService:
 
-# tolerateNonExistentBackendAction permits rules which specify backend actions that don't exist, true by default
+# tolerateNonExistentBackendAction permits rules which specify backend actions that don't exist, true by default (When enabled, it will return 503 error if backend action not exist)
 tolerateNonExistentBackendAction:
 
 # defaultSSLPolicy specifies the default SSL policy to use for TLS/HTTPS listeners
diff --git a/helm/aws-load-balancer-controller/values.yaml b/helm/aws-load-balancer-controller/values.yaml
@@ -227,10 +227,10 @@ disableIngressClassAnnotation:
 # disableIngressGroupNameAnnotation disables the usage of alb.ingress.kubernetes.io/group.name annotation, false by default
 disableIngressGroupNameAnnotation:
 
-# tolerateNonExistentBackendService permits rules which specify backend services that don't exist, true by default
+# tolerateNonExistentBackendService permits rules which specify backend services that don't exist, true by default (When enabled, it will return 503 error if backend service not exist)
 tolerateNonExistentBackendService:
 
-# tolerateNonExistentBackendAction permits rules which specify backend actions that don't exist, true by default
+# tolerateNonExistentBackendAction permits rules which specify backend actions that don't exist, true by default (When enabled, it will return 503 error if backend action not exist)
 tolerateNonExistentBackendAction:
 
 # defaultSSLPolicy specifies the default SSL policy to use for TLS/HTTPS listeners
