WAF/Shield support for Gateway API implementation #4262
Description
Describe the feature you are requesting
I would like a way to configure a Gateway that provisions an ALB to have a WAF ACL associated with it, and so that Shield can be enabled as well.
Motivation
Ingresses can have annotations applied to them like
annotations:
alb.ingress.kubernetes.io/wafv2-acl-arn: arn:aws:wafv2:us-west-2:xxx:regional/webacl/xxx/xxx
alb.ingress.kubernetes.io/shield-advanced-protection: true
The gateway stuff should be able to as well. This will move the Gateway implementation towards full feature parity with Ingress.
Describe the proposed solution you'd like
I don't mind having annotations on the Gateway like they are on the Ingress, but I'm open to anything.
Ideally, there would be documentation too, so that this wouldn't be a hidden mystery feature. :-)
Describe alternatives you've considered
There seems to be no workaround to this, though perhaps I could plug the WAF into the ALB by hand. I haven't tried, because we want to have everything be done with code.
Contribution Intention (Optional)
-[ ] Yes, I am willing to contribute a PR to implement this feature
-[ ] No, I cannot work on a PR at this time
-[X] Maybe, I don't know the codebase very well, so if I can figure it out, I will.