ACP-53275 Add Envoy Gateway external auth KB

[woodgear]

Summary

• Add an English LB solution KB for configuring HTTP external authorization with Envoy Gateway on ACP 4.3+
• Document YAML-first usage for Envoy Gateway 1.7 CRDs, mock authorization server, companion EnvoyProxy, SecurityPolicy, ClientTrafficPolicy, body forwarding, explicit headers, failOpen, health checks, and gRPC/WebSocket route split

Verification

• Checked the new KB has tags: LB and does not manually set a KB id
• Checked Markdown code fences are balanced
• Checked no Chinese text, customer-specific names, or automation-case commands remain in the KB

[coderabbitai]

Walkthrough

A new documentation file is added describing how to configure HTTP external authorization for Envoy Gateway on ACP 4.3.x and later. The guide covers infrastructure setup (mock auth server, Gateway, HTTPRoute), ten SecurityPolicy scenario chapters, and concludes with a field reference table mapping requirements to Envoy Gateway API fields.

Changes

HTTP External Authorization Guide

Layer / File(s)	Summary
Document introduction, overview, and prerequisites docs/en/solutions/How_to_Configure_HTTP_External_Authorization_for_Envoy_Gateway_on_ACP.md	Introduces the document with ACP/Envoy Gateway version context, the end-to-end traffic flow, prerequisites, and an example naming table that parameterizes the walkthrough.
Infrastructure setup: mock auth server and Gateway/HTTPRoute docs/en/solutions/How_to_Configure_HTTP_External_Authorization_for_Envoy_Gateway_on_ACP.md	Chapter 1 deploys the nginx-based mock authorization server (allow/deny/healthz handlers via ConfigMap) and a sample echo backend. Chapter 2 creates the Gateway, companion EnvoyProxy, application HTTPRoute, and provides address retrieval commands.
Core SecurityPolicy scenarios (Chapters 3–7) docs/en/solutions/How_to_Configure_HTTP_External_Authorization_for_Envoy_Gateway_on_ACP.md	Chapters 3–7 cover: basic allow flow with forwarded auth-response headers, body forwarding via bodyToExtAuth.maxRequestBytes with 413 precedence over failOpen, dynamic header injection via ClientTrafficPolicy, explicit headersToExtAuth selection, and authorization rejection via non-2xx responses. Each chapter includes YAML and curl-based verification.
Resilience, health checks, protocol routing, and field reference (Chapters 8–10 + table) docs/en/solutions/How_to_Configure_HTTP_External_Authorization_for_Envoy_Gateway_on_ACP.md	Chapters 8–9 document failOpen bypass behavior and active health check configuration under backendSettings.healthCheck. Chapter 10 demonstrates splitting routes to skip external authorization for gRPC/WebSocket traffic. The Field Reference table maps all requirements to relevant Envoy Gateway API fields.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• oilbeater
• fanzy618
• black89757

Poem

🐇 Hop, hop through the gateway wide,
Auth checks each request with pride,
Allow or deny, the mock decides,
failOpen lets some traffic slide,
The rabbit's docs are your trusty guide! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly references the main change: adding a knowledge base article about Envoy Gateway external authorization configuration for ACP. It is concise, specific, and clearly summarizes the primary contribution of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}