diff --git a/apis/v1alpha1/clientsettingspolicy_types.go b/apis/v1alpha1/clientsettingspolicy_types.go
new file mode 100644
index 0000000000..b2a783c4ec
--- /dev/null
+++ b/apis/v1alpha1/clientsettingspolicy_types.go
@@ -0,0 +1,129 @@
+package v1alpha1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:categories=nginx-gateway-fabric,shortName=cspolicy
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=inherited"
+
+// ClientSettingsPolicy is an Inherited Attached Policy. It provides a way to configure the behavior of the connection
+// between the client and NGINX Gateway Fabric.
+type ClientSettingsPolicy struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ // Spec defines the desired state of the ClientSettingsPolicy.
+ Spec ClientSettingsPolicySpec `json:"spec"`
+
+ // Status defines the state of the ClientSettingsPolicy.
+ Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// ClientSettingsPolicyList contains a list of ClientSettingsPolicies.
+type ClientSettingsPolicyList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []ClientSettingsPolicy `json:"items"`
+}
+
+// ClientSettingsPolicySpec defines the desired state of ClientSettingsPolicy.
+type ClientSettingsPolicySpec struct {
+ // TargetRef identifies an API object to apply the policy to.
+ // Object must be in the same namespace as the policy.
+ //
+ // Support: Gateway, HTTPRoute
+ TargetRef gatewayv1alpha2.PolicyTargetReference `json:"targetRef"`
+
+ // Body defines the client request body settings.
+ //
+ // +optional
+ Body *ClientBody `json:"body,omitempty"`
+
+ // KeepAlive defines the keep-alive settings.
+ //
+ // +optional
+ KeepAlive *ClientKeepAlive `json:"keepAlive,omitempty"`
+}
+
+// ClientBody contains the settings for the client request body.
+type ClientBody struct {
+ // MaxSize sets the maximum allowed size of the client request body.
+ // If the size in a request exceeds the configured value,
+ // the 413 (Request Entity Too Large) error is returned to the client.
+ // Setting size to 0 disables checking of client request body size.
+ // Default: https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size.
+ //
+ // +optional
+ MaxSize *Size `json:"maxSize,omitempty"`
+
+ // Timeout defines a timeout for reading client request body. The timeout is set only for a period between
+ // two successive read operations, not for the transmission of the whole request body.
+ // If a client does not transmit anything within this time, the request is terminated with the
+ // 408 (Request Time-out) error.
+ // Default: https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout.
+ //
+ // +optional
+ Timeout *Duration `json:"timeout,omitempty"`
+}
+
+// ClientKeepAlive defines the keep-alive settings for clients.
+type ClientKeepAlive struct {
+ // Requests sets the maximum number of requests that can be served through one keep-alive connection.
+ // After the maximum number of requests are made, the connection is closed. Closing connections periodically
+ // is necessary to free per-connection memory allocations. Therefore, using too high maximum number of requests
+ // is not recommended as it can lead to excessive memory usage.
+ // Default: https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests.
+ //
+ // +optional
+ // +kubebuilder:validation:Minimum=0
+ Requests *int32 `json:"requests,omitempty"`
+
+ // Time defines the maximum time during which requests can be processed through one keep-alive connection.
+ // After this time is reached, the connection is closed following the subsequent request processing.
+ // Default: https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_time.
+ //
+ // +optional
+ Time *Duration `json:"time,omitempty"`
+
+ // Timeout defines the keep-alive timeouts for clients.
+ //
+ // +optional
+ Timeout *ClientKeepAliveTimeout `json:"timeout,omitempty"`
+}
+
+// ClientKeepAliveTimeout defines the timeouts related to keep-alive client connections.
+// Default: Default: https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout.
+type ClientKeepAliveTimeout struct {
+ // Server sets the timeout during which a keep-alive client connection will stay open on the server side.
+ // Setting this value to 0 disables keep-alive client connections.
+ //
+ // +optional
+ Server *Duration `json:"server,omitempty"`
+
+ // Header sets the timeout in the "Keep-Alive: timeout=time" response header field.
+ //
+ // +optional
+ Header *Duration `json:"header,omitempty"`
+}
+
+// Duration is a string value representing a duration in time.
+// Duration can be specified in milliseconds (ms) or seconds (s) A value without a suffix is seconds.
+// Examples: 120s, 50ms.
+//
+// +kubebuilder:validation:Pattern=`^\d{1,4}(ms|s)?$`
+type Duration string
+
+// Size is a string value representing a size. Size can be specified in bytes, kilobytes (k), megabytes (m),
+// or gigabytes (g).
+// Examples: 1024, 8k, 1m.
+//
+// +kubebuilder:validation:Pattern=`^\d{1,4}(k|m|g)?$`
+type Size string
diff --git a/apis/v1alpha1/nginxgateway_types.go b/apis/v1alpha1/nginxgateway_types.go
index 4a64a04984..ad1e57b4c0 100644
--- a/apis/v1alpha1/nginxgateway_types.go
+++ b/apis/v1alpha1/nginxgateway_types.go
@@ -5,6 +5,8 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:object:root=true
// +kubebuilder:storageversion
// +kubebuilder:subresource:status
+// +kubebuilder:resource:categories=nginx-gateway-fabric
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
// NginxGateway represents the dynamic configuration for an NGINX Gateway Fabric control plane.
type NginxGateway struct {
diff --git a/apis/v1alpha1/register.go b/apis/v1alpha1/register.go
index f3f36d27da..16947b8a6d 100644
--- a/apis/v1alpha1/register.go
+++ b/apis/v1alpha1/register.go
@@ -34,6 +34,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&NginxGateway{},
&NginxGatewayList{},
+ &ClientSettingsPolicy{},
+ &ClientSettingsPolicyList{},
)
// AddToGroupVersion allows the serialization of client types like ListOptions.
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go
index fc8962cf32..18511c38b7 100644
--- a/apis/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/v1alpha1/zz_generated.deepcopy.go
@@ -9,6 +9,171 @@ import (
"k8s.io/apimachinery/pkg/runtime"
)
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientBody) DeepCopyInto(out *ClientBody) {
+ *out = *in
+ if in.MaxSize != nil {
+ in, out := &in.MaxSize, &out.MaxSize
+ *out = new(Size)
+ **out = **in
+ }
+ if in.Timeout != nil {
+ in, out := &in.Timeout, &out.Timeout
+ *out = new(Duration)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientBody.
+func (in *ClientBody) DeepCopy() *ClientBody {
+ if in == nil {
+ return nil
+ }
+ out := new(ClientBody)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientKeepAlive) DeepCopyInto(out *ClientKeepAlive) {
+ *out = *in
+ if in.Requests != nil {
+ in, out := &in.Requests, &out.Requests
+ *out = new(int32)
+ **out = **in
+ }
+ if in.Time != nil {
+ in, out := &in.Time, &out.Time
+ *out = new(Duration)
+ **out = **in
+ }
+ if in.Timeout != nil {
+ in, out := &in.Timeout, &out.Timeout
+ *out = new(ClientKeepAliveTimeout)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientKeepAlive.
+func (in *ClientKeepAlive) DeepCopy() *ClientKeepAlive {
+ if in == nil {
+ return nil
+ }
+ out := new(ClientKeepAlive)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientKeepAliveTimeout) DeepCopyInto(out *ClientKeepAliveTimeout) {
+ *out = *in
+ if in.Server != nil {
+ in, out := &in.Server, &out.Server
+ *out = new(Duration)
+ **out = **in
+ }
+ if in.Header != nil {
+ in, out := &in.Header, &out.Header
+ *out = new(Duration)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientKeepAliveTimeout.
+func (in *ClientKeepAliveTimeout) DeepCopy() *ClientKeepAliveTimeout {
+ if in == nil {
+ return nil
+ }
+ out := new(ClientKeepAliveTimeout)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientSettingsPolicy) DeepCopyInto(out *ClientSettingsPolicy) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientSettingsPolicy.
+func (in *ClientSettingsPolicy) DeepCopy() *ClientSettingsPolicy {
+ if in == nil {
+ return nil
+ }
+ out := new(ClientSettingsPolicy)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClientSettingsPolicy) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientSettingsPolicyList) DeepCopyInto(out *ClientSettingsPolicyList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ClientSettingsPolicy, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientSettingsPolicyList.
+func (in *ClientSettingsPolicyList) DeepCopy() *ClientSettingsPolicyList {
+ if in == nil {
+ return nil
+ }
+ out := new(ClientSettingsPolicyList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClientSettingsPolicyList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientSettingsPolicySpec) DeepCopyInto(out *ClientSettingsPolicySpec) {
+ *out = *in
+ in.TargetRef.DeepCopyInto(&out.TargetRef)
+ if in.Body != nil {
+ in, out := &in.Body, &out.Body
+ *out = new(ClientBody)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.KeepAlive != nil {
+ in, out := &in.KeepAlive, &out.KeepAlive
+ *out = new(ClientKeepAlive)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientSettingsPolicySpec.
+func (in *ClientSettingsPolicySpec) DeepCopy() *ClientSettingsPolicySpec {
+ if in == nil {
+ return nil
+ }
+ out := new(ClientSettingsPolicySpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Logging) DeepCopyInto(out *Logging) {
*out = *in
diff --git a/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml
new file mode 100644
index 0000000000..652ccac459
--- /dev/null
+++ b/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml
@@ -0,0 +1,508 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ labels:
+ gateway.networking.k8s.io/policy: inherited
+ name: clientsettingspolicies.gateway.nginx.org
+spec:
+ group: gateway.nginx.org
+ names:
+ categories:
+ - nginx-gateway-fabric
+ kind: ClientSettingsPolicy
+ listKind: ClientSettingsPolicyList
+ plural: clientsettingspolicies
+ shortNames:
+ - cspolicy
+ singular: clientsettingspolicy
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ClientSettingsPolicy is an Inherited Attached Policy. It provides a way to configure the behavior of the connection
+ between the client and NGINX Gateway Fabric.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the desired state of the ClientSettingsPolicy.
+ properties:
+ body:
+ description: Body defines the client request body settings.
+ properties:
+ maxSize:
+ description: |-
+ MaxSize sets the maximum allowed size of the client request body.
+ If the size in a request exceeds the configured value,
+ the 413 (Request Entity Too Large) error is returned to the client.
+ Setting size to 0 disables checking of client request body size.
+ Default: https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size.
+ pattern: ^\d{1,4}(k|m|g)?$
+ type: string
+ timeout:
+ description: |-
+ Timeout defines a timeout for reading client request body. The timeout is set only for a period between
+ two successive read operations, not for the transmission of the whole request body.
+ If a client does not transmit anything within this time, the request is terminated with the
+ 408 (Request Time-out) error.
+ Default: https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout.
+ pattern: ^\d{1,4}(ms|s)?$
+ type: string
+ type: object
+ keepAlive:
+ description: KeepAlive defines the keep-alive settings.
+ properties:
+ requests:
+ description: |-
+ Requests sets the maximum number of requests that can be served through one keep-alive connection.
+ After the maximum number of requests are made, the connection is closed. Closing connections periodically
+ is necessary to free per-connection memory allocations. Therefore, using too high maximum number of requests
+ is not recommended as it can lead to excessive memory usage.
+ Default: https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests.
+ format: int32
+ minimum: 0
+ type: integer
+ time:
+ description: |-
+ Time defines the maximum time during which requests can be processed through one keep-alive connection.
+ After this time is reached, the connection is closed following the subsequent request processing.
+ Default: https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_time.
+ pattern: ^\d{1,4}(ms|s)?$
+ type: string
+ timeout:
+ description: Timeout defines the keep-alive timeouts for clients.
+ properties:
+ header:
+ description: 'Header sets the timeout in the "Keep-Alive:
+ timeout=time" response header field.'
+ pattern: ^\d{1,4}(ms|s)?$
+ type: string
+ server:
+ description: |-
+ Server sets the timeout during which a keep-alive client connection will stay open on the server side.
+ Setting this value to 0 disables keep-alive client connections.
+ pattern: ^\d{1,4}(ms|s)?$
+ type: string
+ type: object
+ type: object
+ targetRef:
+ description: |-
+ TargetRef identifies an API object to apply the policy to.
+ Object must be in the same namespace as the policy.
+
+
+ Support: Gateway, HTTPRoute
+ properties:
+ group:
+ description: Group is the group of the target resource.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the target resource.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the target resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, the local
+ namespace is inferred. Even when policy targets a resource in a different
+ namespace, it MUST only apply to traffic originating from the same
+ namespace as the policy.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ required:
+ - targetRef
+ type: object
+ status:
+ description: Status defines the state of the ClientSettingsPolicy.
+ properties:
+ ancestors:
+ description: |-
+ Ancestors is a list of ancestor resources (usually Gateways) that are
+ associated with the policy, and the status of the policy with respect to
+ each ancestor. When this policy attaches to a parent, the controller that
+ manages the parent and the ancestors MUST add an entry to this list when
+ the controller first sees the policy and SHOULD update the entry as
+ appropriate when the relevant ancestor is modified.
+
+
+ Note that choosing the relevant ancestor is left to the Policy designers;
+ an important part of Policy design is designing the right object level at
+ which to namespace this status.
+
+
+ Note also that implementations MUST ONLY populate ancestor status for
+ the Ancestor resources they are responsible for. Implementations MUST
+ use the ControllerName field to uniquely identify the entries in this list
+ that they are responsible for.
+
+
+ Note that to achieve this, the list of PolicyAncestorStatus structs
+ MUST be treated as a map with a composite key, made up of the AncestorRef
+ and ControllerName fields combined.
+
+
+ A maximum of 16 ancestors will be represented in this list. An empty list
+ means the Policy is not relevant for any ancestors.
+
+
+ If this slice is full, implementations MUST NOT add further entries.
+ Instead they MUST consider the policy unimplementable and signal that
+ on any related resources such as the ancestor that would be referenced
+ here. For example, if this list was full on BackendTLSPolicy, no
+ additional Gateways would be able to reference the Service targeted by
+ the BackendTLSPolicy.
+ items:
+ description: |-
+ PolicyAncestorStatus describes the status of a route with respect to an
+ associated Ancestor.
+
+
+ Ancestors refer to objects that are either the Target of a policy or above it
+ in terms of object hierarchy. For example, if a policy targets a Service, the
+ Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and
+ the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most
+ useful object to place Policy status on, so we recommend that implementations
+ SHOULD use Gateway as the PolicyAncestorStatus object unless the designers
+ have a _very_ good reason otherwise.
+
+
+ In the context of policy attachment, the Ancestor is used to distinguish which
+ resource results in a distinct application of this policy. For example, if a policy
+ targets a Service, it may have a distinct result per attached Gateway.
+
+
+ Policies targeting the same resource may have different effects depending on the
+ ancestors of those resources. For example, different Gateways targeting the same
+ Service may have different capabilities, especially if they have different underlying
+ implementations.
+
+
+ For example, in BackendTLSPolicy, the Policy attaches to a Service that is
+ used as a backend in a HTTPRoute that is itself attached to a Gateway.
+ In this case, the relevant object for status is the Gateway, and that is the
+ ancestor object referred to in this status.
+
+
+ Note that a parent is also an ancestor, so for objects where the parent is the
+ relevant object for status, this struct SHOULD still be used.
+
+
+ This struct is intended to be used in a slice that's effectively a map,
+ with a composite key made up of the AncestorRef and the ControllerName.
+ properties:
+ ancestorRef:
+ description: |-
+ AncestorRef corresponds with a ParentRef in the spec that this
+ PolicyAncestorStatus struct describes the status of.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Gateway
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, experimental, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
+
+
+
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ sectionName:
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener Name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port Name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values. Note that attaching Routes to Services as Parents
+ is part of experimental Mesh support and is not supported for any other
+ purpose.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - name
+ type: object
+ conditions:
+ description: Conditions describes the status of the Policy with
+ respect to the given Ancestor.
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource.\n---\nThis struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 8
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ controllerName:
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
+ type: string
+ required:
+ - ancestorRef
+ - controllerName
+ type: object
+ maxItems: 16
+ type: array
+ required:
+ - ancestors
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/crd/bases/gateway.nginx.org_nginxgateways.yaml b/config/crd/bases/gateway.nginx.org_nginxgateways.yaml
index 7376ec089f..6ccf90680f 100644
--- a/config/crd/bases/gateway.nginx.org_nginxgateways.yaml
+++ b/config/crd/bases/gateway.nginx.org_nginxgateways.yaml
@@ -8,13 +8,19 @@ metadata:
spec:
group: gateway.nginx.org
names:
+ categories:
+ - nginx-gateway-fabric
kind: NginxGateway
listKind: NginxGatewayList
plural: nginxgateways
singular: nginxgateway
scope: Namespaced
versions:
- - name: v1alpha1
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
schema:
openAPIV3Schema:
description: NginxGateway represents the dynamic configuration for an NGINX
diff --git a/docs/proposals/client-settings.md b/docs/proposals/client-settings.md
index b595d79731..ab476af348 100644
--- a/docs/proposals/client-settings.md
+++ b/docs/proposals/client-settings.md
@@ -70,7 +70,7 @@ type ClientSettingsPolicy struct {
Spec ClientSettingsPolicySpec `json:"spec"`
// Status defines the state of the ClientSettingsPolicy.
- Status ClientSettingsPolicyStatus `json:"status,omitempty"`
+ Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"`
}
type ClientSettingsPolicySpec struct {
@@ -79,18 +79,6 @@ type ClientSettingsPolicySpec struct {
// Support: Gateway and HTTPRoute
TargetRef gatewayv1alpha2.PolicyTargetReference `json:"targetRef"`
- // Default defines default policy configuration for the targeted resource.
- // +optional
- Default *ClientSettingsPolicyConfig `json:"default,omitempty"`
-}
-
-type ClientSettingsPolicyStatus struct {
- // Conditions describe the current conditions of the ClientSettingsPolicy.
- // +optional
- Conditions []metav1.Condition `json:"conditions,omitempty"`
-}
-
-type ClientSettingsPolicyConfig struct {
// Body defines the client request body settings.
// +optional
Body *ClientBody `json:"body,omitempty"`
@@ -249,18 +237,23 @@ spec:
group: gateway.networking.k8s.io
kind: Gateway
name: example-gateway
- default:
- body:
- maxSize: 10m
- timeout: 30s
- keepAlive:
- requests: 100
- time: 5m
- timeout:
- server: 2m
- header: 1m
+ body:
+ maxSize: 10m
+ timeout: 30s
+ keepAlive:
+ requests: 100
+ time: 5m
+ timeout:
+ server: 2m
+ header: 1m
status:
- conditions:
+ ancestors:
+ ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: example-gateway
+ namespace: default
+ conditions:
- type: Accepted
status: "True"
reason: Accepted