Summary

• New /devguide/ how-to page (deploy-apps/identity-aware-routing.html) covering the developer workflow for identity-aware routing (per-domain mTLS for the Gorouter): creating an identity-aware domain, mapping a route, managing route policies (cf add-route-policy / route-policies / remove-route-policy), making the app-to-app call with the instance identity cert, and consuming the client-certificate (XFCC) header. Leads with the CF app-to-app workflow; covers the external-mTLS variant briefly.
• Adds the page to the routing index, documents --enforce-route-policies at shared/private domain creation in routes-domains, and adds a clarifying note in custom-per-route-options.

Implements the developer-facing part of the outstanding CF Docs deliverable of RFC-0055.

References

• RFC-0055: https://github.com/cloudfoundry/community/blob/main/toc/rfc/rfc-0055-identity-aware-routing-for-gorouter.md
• Tracking issue: [RFC0055] Identity-Aware Routing for GoRouter community#1481
• Concepts (anchor) PR: Docs: identity-aware routing concepts (RFC-0055) docs-cloudfoundry-concepts#216

Notes

• Cross-links to the concepts page (sequence 1) and the operator setup page (docs-deploying-cf, sequence 3, forthcoming).
• Opened as draft for review.