From c10a457672ba93e2a9e7c1482669dbc86e2c7f8d Mon Sep 17 00:00:00 2001 From: Jamil Date: Fri, 27 Sep 2024 17:19:41 -0700 Subject: [PATCH] docs: Add note on resource address match order (#6818) Documents how overlapping addresses are matched. Draft until #6809 is merged and published. --------- Signed-off-by: Jamil Co-authored-by: Thomas Eizinger --- .../src/app/kb/deploy/resources/readme.mdx | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/website/src/app/kb/deploy/resources/readme.mdx b/website/src/app/kb/deploy/resources/readme.mdx index 61b2f5126..ec01bdc7a 100644 --- a/website/src/app/kb/deploy/resources/readme.mdx +++ b/website/src/app/kb/deploy/resources/readme.mdx @@ -46,6 +46,26 @@ From there, you can select the type of Resource you want to create: Resource. +#### Routing order for overlapping addresses + +When multiple Resources' addresses overlap, the Resource with the more specific +address will be used. + +For CIDR Resources, an address with a longer prefix is more specific than a +shorter one. For example: `10.0.0.0/16` is more specific than `10.0.0.0/8`. IP +Resources are essentially addresses with `/32` prefix and thus always more +specific than any other CIDR. + +For DNS Resources, more specific loosely translates to less wildcards. In +particular: + +- Resources without wildcards are always prioritized over wildcard domains: For + example, `app.example.com` is checked before `*.example.com`. +- Single-char wildcards (`?`) take priority over label wildcards (`*`): For + example, `???.example.com` is checked before `*.example.com`. +- Label wildcards (`*`) take priority over catch-all wildcards (`**`): For + example, `*.example.com` is checked before `**.example.com`. + ### Address description When creating a Resource, you'll be given the option to add an