From 4fa47644ef3095c3985c2c5e195b773f82cfe89d Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Thu, 5 Sep 2024 14:12:46 -0700 Subject: [PATCH 01/10] Add upstream settings policy crd --- apis/v1alpha1/register.go | 2 + apis/v1alpha1/upstreamsettingspolicy_types.go | 96 ++++ apis/v1alpha1/zz_generated.deepcopy.go | 124 +++++ ...ay.nginx.org_upstreamsettingspolicies.yaml | 443 ++++++++++++++++++ docs/proposals/upstream-settings.md | 2 +- 5 files changed, 666 insertions(+), 1 deletion(-) create mode 100644 apis/v1alpha1/upstreamsettingspolicy_types.go create mode 100644 config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml diff --git a/apis/v1alpha1/register.go b/apis/v1alpha1/register.go index bacf47d737..3249da3808 100644 --- a/apis/v1alpha1/register.go +++ b/apis/v1alpha1/register.go @@ -40,6 +40,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ObservabilityPolicyList{}, &ClientSettingsPolicy{}, &ClientSettingsPolicyList{}, + &UpstreamSettingsPolicy{}, + &UpstreamSettingsPolicyList{}, ) // AddToGroupVersion allows the serialization of client types like ListOptions. metav1.AddToGroupVersion(scheme, SchemeGroupVersion) diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go new file mode 100644 index 0000000000..9660355de6 --- /dev/null +++ b/apis/v1alpha1/upstreamsettingspolicy_types.go @@ -0,0 +1,96 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" +) + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:resource:categories=nginx-gateway-fabric,scope=Namespaced,shortName=uspolicy +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct" + +// UpstreamSettingsPolicy is a Direct Attached Policy. It provides a way to configure the behavior of +// the connection between NGINX and the upstream applications. +type UpstreamSettingsPolicy struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of the UpstreamSettingsPolicy. + Spec UpstreamSettingsPolicySpec `json:"spec"` + + // Status defines the state of the UpstreamSettingsPolicy. + Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// UpstreamSettingsPolicyList contains a list of UpstreamSettingsPolicies. +type UpstreamSettingsPolicyList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []UpstreamSettingsPolicy `json:"items"` +} + +// UpstreamSettingsPolicySpec defines the desired state of the UpstreamSettingsPolicy. +type UpstreamSettingsPolicySpec struct { + // ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share + // the upstream configuration between nginx worker processes. The more servers that an upstream has, + // the larger memory zone is required. + // Default: OSS: 512k, Plus: 1m. + // Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone + // + // +optional + ZoneSize *Size `json:"zoneSize,omitempty"` + + // KeepAlive defines the keep-alive settings. + // + // +optional + KeepAlive *UpstreamKeepAlive `json:"keepAlive,omitempty"` + + // TargetRefs identifies API object(s) to apply the policy to. + // Objects must be in the same namespace as the policy. + // Support: Service + // + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.exists(t, t.kind=='Service')" + // +kubebuilder:validation:XValidation:message="TargetRefs Group must be gateway.networking.k8s.io.",rule="self.all(t, t.group=='gateway.networking.k8s.io')" + //nolint:lll + TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` +} + +// UpstreamKeepAlive defines the keep-alive settings for upstreams. +type UpstreamKeepAlive struct { + // Connections sets the maximum number of idle keep-alive connections to upstream servers that are preserved + // in the cache of each nginx worker process. When this number is exceeded, the least recently used + // connections are closed. + // Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive + // + // +optional + // +kubebuilder:validation:Minimum=0 + Connections *int32 `json:"connections,omitempty"` + + // Requests sets the maximum number of requests that can be served through one keep-alive connection. + // After the maximum number of requests are made, the connection is closed. + // Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests + // + // +optional + // +kubebuilder:validation:Minimum=0 + Requests *int32 `json:"requests,omitempty"` + + // Time defines the maximum time during which requests can be processed through one keep-alive connection. + // After this time is reached, the connection is closed following the subsequent request processing. + // Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time + // + // +optional + Time *Duration `json:"time,omitempty"` + + // Timeout defines the keep-alive timeout for upstreams. + // Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout + // + // +optional + Timeout *Duration `json:"timeout,omitempty"` +} diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index bffbb7dfdb..e62949cb3a 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -622,3 +622,127 @@ func (in *Tracing) DeepCopy() *Tracing { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpstreamKeepAlive) DeepCopyInto(out *UpstreamKeepAlive) { + *out = *in + if in.Connections != nil { + in, out := &in.Connections, &out.Connections + *out = new(int32) + **out = **in + } + if in.Requests != nil { + in, out := &in.Requests, &out.Requests + *out = new(int32) + **out = **in + } + if in.Time != nil { + in, out := &in.Time, &out.Time + *out = new(Duration) + **out = **in + } + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(Duration) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamKeepAlive. +func (in *UpstreamKeepAlive) DeepCopy() *UpstreamKeepAlive { + if in == nil { + return nil + } + out := new(UpstreamKeepAlive) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpstreamSettingsPolicy) DeepCopyInto(out *UpstreamSettingsPolicy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamSettingsPolicy. +func (in *UpstreamSettingsPolicy) DeepCopy() *UpstreamSettingsPolicy { + if in == nil { + return nil + } + out := new(UpstreamSettingsPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UpstreamSettingsPolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpstreamSettingsPolicyList) DeepCopyInto(out *UpstreamSettingsPolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]UpstreamSettingsPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamSettingsPolicyList. +func (in *UpstreamSettingsPolicyList) DeepCopy() *UpstreamSettingsPolicyList { + if in == nil { + return nil + } + out := new(UpstreamSettingsPolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UpstreamSettingsPolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpstreamSettingsPolicySpec) DeepCopyInto(out *UpstreamSettingsPolicySpec) { + *out = *in + if in.TargetRefs != nil { + in, out := &in.TargetRefs, &out.TargetRefs + *out = make([]v1alpha2.LocalPolicyTargetReference, len(*in)) + copy(*out, *in) + } + if in.ZoneSize != nil { + in, out := &in.ZoneSize, &out.ZoneSize + *out = new(Size) + **out = **in + } + if in.KeepAlive != nil { + in, out := &in.KeepAlive, &out.KeepAlive + *out = new(UpstreamKeepAlive) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamSettingsPolicySpec. +func (in *UpstreamSettingsPolicySpec) DeepCopy() *UpstreamSettingsPolicySpec { + if in == nil { + return nil + } + out := new(UpstreamSettingsPolicySpec) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml new file mode 100644 index 0000000000..a77ff0c4b6 --- /dev/null +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -0,0 +1,443 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + labels: + gateway.networking.k8s.io/policy: direct + name: upstreamsettingspolicies.gateway.nginx.org +spec: + group: gateway.nginx.org + names: + categories: + - nginx-gateway-fabric + kind: UpstreamSettingsPolicy + listKind: UpstreamSettingsPolicyList + plural: upstreamsettingspolicies + shortNames: + - uspolicy + singular: upstreamsettingspolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + UpstreamSettingsPolicy is a Direct Attached Policy. It provides a way to configure the behavior of + the connection between NGINX and the upstream applications. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of the UpstreamSettingsPolicy. + properties: + keepAlive: + description: KeepAlive defines the keep-alive settings. + properties: + connections: + description: |- + Connections sets the maximum number of idle keep-alive connections to upstream servers that are preserved + in the cache of each nginx worker process. When this number is exceeded, the least recently used + connections are closed. + Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive + format: int32 + minimum: 0 + type: integer + requests: + description: |- + Requests sets the maximum number of requests that can be served through one keep-alive connection. + After the maximum number of requests are made, the connection is closed. + Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests + format: int32 + minimum: 0 + type: integer + time: + description: |- + Time defines the maximum time during which requests can be processed through one keep-alive connection. + After this time is reached, the connection is closed following the subsequent request processing. + Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time + pattern: ^\d{1,4}(ms|s)?$ + type: string + timeout: + description: |- + Timeout defines the keep-alive timeout for upstreams. + Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout + pattern: ^\d{1,4}(ms|s)?$ + type: string + type: object + targetRefs: + description: |- + TargetRefs identifies API object(s) to apply the policy to. + Objects must be in the same namespace as the policy. + Support: Service + items: + description: |- + LocalPolicyTargetReference identifies an API object to apply a direct or + inherited policy to. This should be used as part of Policy resources + that can target Gateway API resources. For more information on how this + policy attachment model works, and a sample Policy resource, refer to + the policy attachment documentation for Gateway API. + properties: + group: + description: Group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: Kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + required: + - group + - kind + - name + type: object + maxItems: 16 + type: array + x-kubernetes-validations: + - message: 'TargetRefs Kind must be: Service' + rule: self.exists(t, t.kind=='Service') + - message: TargetRefs Group must be gateway.networking.k8s.io. + rule: self.all(t, t.group=='gateway.networking.k8s.io') + zoneSize: + description: |- + ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share + the upstream configuration between nginx worker processes. The more servers that an upstream has, + the larger memory zone is required. + Default: OSS: 512k, Plus: 1m. + Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone + pattern: ^\d{1,4}(k|m|g)?$ + type: string + required: + - targetRefs + type: object + status: + description: Status defines the state of the UpstreamSettingsPolicy. + properties: + ancestors: + description: |- + Ancestors is a list of ancestor resources (usually Gateways) that are + associated with the policy, and the status of the policy with respect to + each ancestor. When this policy attaches to a parent, the controller that + manages the parent and the ancestors MUST add an entry to this list when + the controller first sees the policy and SHOULD update the entry as + appropriate when the relevant ancestor is modified. + + Note that choosing the relevant ancestor is left to the Policy designers; + an important part of Policy design is designing the right object level at + which to namespace this status. + + Note also that implementations MUST ONLY populate ancestor status for + the Ancestor resources they are responsible for. Implementations MUST + use the ControllerName field to uniquely identify the entries in this list + that they are responsible for. + + Note that to achieve this, the list of PolicyAncestorStatus structs + MUST be treated as a map with a composite key, made up of the AncestorRef + and ControllerName fields combined. + + A maximum of 16 ancestors will be represented in this list. An empty list + means the Policy is not relevant for any ancestors. + + If this slice is full, implementations MUST NOT add further entries. + Instead they MUST consider the policy unimplementable and signal that + on any related resources such as the ancestor that would be referenced + here. For example, if this list was full on BackendTLSPolicy, no + additional Gateways would be able to reference the Service targeted by + the BackendTLSPolicy. + items: + description: |- + PolicyAncestorStatus describes the status of a route with respect to an + associated Ancestor. + + Ancestors refer to objects that are either the Target of a policy or above it + in terms of object hierarchy. For example, if a policy targets a Service, the + Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and + the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most + useful object to place Policy status on, so we recommend that implementations + SHOULD use Gateway as the PolicyAncestorStatus object unless the designers + have a _very_ good reason otherwise. + + In the context of policy attachment, the Ancestor is used to distinguish which + resource results in a distinct application of this policy. For example, if a policy + targets a Service, it may have a distinct result per attached Gateway. + + Policies targeting the same resource may have different effects depending on the + ancestors of those resources. For example, different Gateways targeting the same + Service may have different capabilities, especially if they have different underlying + implementations. + + For example, in BackendTLSPolicy, the Policy attaches to a Service that is + used as a backend in a HTTPRoute that is itself attached to a Gateway. + In this case, the relevant object for status is the Gateway, and that is the + ancestor object referred to in this status. + + Note that a parent is also an ancestor, so for objects where the parent is the + relevant object for status, this struct SHOULD still be used. + + This struct is intended to be used in a slice that's effectively a map, + with a composite key made up of the AncestorRef and the ControllerName. + properties: + ancestorRef: + description: |- + AncestorRef corresponds with a ParentRef in the spec that this + PolicyAncestorStatus struct describes the status of. + properties: + group: + default: gateway.networking.k8s.io + description: |- + Group is the group of the referent. + When unspecified, "gateway.networking.k8s.io" is inferred. + To set the core API group (such as for a "Service" kind referent), + Group must be explicitly set to "" (empty string). + + Support: Core + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: |- + Kind is kind of the referent. + + There are two kinds of parent resources with "Core" support: + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + Support for other resources is Implementation-Specific. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + Name is the name of the referent. + + Support: Core + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the referent. When unspecified, this refers + to the local namespace of the Route. + + Note that there are specific rules for ParentRefs which cross namespace + boundaries. Cross-namespace references are only valid if they are explicitly + allowed by something in the namespace they are referring to. For example: + Gateway has the AllowedRoutes field, and ReferenceGrant provides a + generic way to enable any other kind of cross-namespace reference. + + + ParentRefs from a Route to a Service in the same namespace are "producer" + routes, which apply default routing rules to inbound connections from + any namespace to the Service. + + ParentRefs from a Route to a Service in a different namespace are + "consumer" routes, and these routing rules are only applied to outbound + connections originating from the same namespace as the Route, for which + the intended destination of the connections are a Service targeted as a + ParentRef of the Route. + + + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port is the network port this Route targets. It can be interpreted + differently based on the type of parent resource. + + When the parent resource is a Gateway, this targets all listeners + listening on the specified port that also support this kind of Route(and + select this Route). It's not recommended to set `Port` unless the + networking behaviors specified in a Route must apply to a specific port + as opposed to a listener(s) whose port(s) may be changed. When both Port + and SectionName are specified, the name and port of the selected listener + must match both specified values. + + + When the parent resource is a Service, this targets a specific port in the + Service spec. When both Port (experimental) and SectionName are specified, + the name and port of the selected port must match both specified values. + + + Implementations MAY choose to support other parent resources. + Implementations supporting other types of parent resources MUST clearly + document how/if Port is interpreted. + + For the purpose of status, an attachment is considered successful as + long as the parent resource accepts it partially. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + from the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, + the Route MUST be considered detached from the Gateway. + + Support: Extended + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: |- + SectionName is the name of a section within the target resource. In the + following resources, SectionName is interpreted as the following: + + * Gateway: Listener name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + * Service: Port name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + + Implementations MAY choose to support attaching Routes to other resources. + If that is the case, they MUST clearly document how SectionName is + interpreted. + + When unspecified (empty string), this will reference the entire resource. + For the purpose of status, an attachment is considered successful if at + least one section in the parent resource accepts it. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, the + Route MUST be considered detached from the Gateway. + + Support: Core + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + conditions: + description: Conditions describes the status of the Policy with + respect to the given Ancestor. + items: + description: Condition contains details for one aspect of + the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllerName: + description: |- + ControllerName is a domain/path string that indicates the name of the + controller that wrote this status. This corresponds with the + controllerName field on GatewayClass. + + Example: "example.net/gateway-controller". + + The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are + valid Kubernetes names + (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + Controllers MUST populate this field when writing status. Controllers should ensure that + entries to status populated with their ControllerName are cleaned up when they are no + longer necessary. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + type: string + required: + - ancestorRef + - controllerName + type: object + maxItems: 16 + type: array + required: + - ancestors + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/docs/proposals/upstream-settings.md b/docs/proposals/upstream-settings.md index a56b3346f3..7928220c5b 100644 --- a/docs/proposals/upstream-settings.md +++ b/docs/proposals/upstream-settings.md @@ -89,7 +89,7 @@ type UpstreamKeepAlive struct { // Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive // // +optional - Connections *int32 `json"connections,omitempty"` + Connections *int32 `json:"connections,omitempty"` // Requests sets the maximum number of requests that can be served through one keep-alive connection. // After the maximum number of requests are made, the connection is closed. From fea6edb0d200f448def9d981f1096f87f6effefa Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Thu, 5 Sep 2024 14:14:25 -0700 Subject: [PATCH 02/10] Move around formatting --- apis/v1alpha1/zz_generated.deepcopy.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index e62949cb3a..d6f0f198c8 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -720,11 +720,6 @@ func (in *UpstreamSettingsPolicyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UpstreamSettingsPolicySpec) DeepCopyInto(out *UpstreamSettingsPolicySpec) { *out = *in - if in.TargetRefs != nil { - in, out := &in.TargetRefs, &out.TargetRefs - *out = make([]v1alpha2.LocalPolicyTargetReference, len(*in)) - copy(*out, *in) - } if in.ZoneSize != nil { in, out := &in.ZoneSize, &out.ZoneSize *out = new(Size) @@ -735,6 +730,11 @@ func (in *UpstreamSettingsPolicySpec) DeepCopyInto(out *UpstreamSettingsPolicySp *out = new(UpstreamKeepAlive) (*in).DeepCopyInto(*out) } + if in.TargetRefs != nil { + in, out := &in.TargetRefs, &out.TargetRefs + *out = make([]v1alpha2.LocalPolicyTargetReference, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamSettingsPolicySpec. From 01130783cdc6b4a0851dc50b7af8063bb26e842b Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Thu, 5 Sep 2024 14:53:03 -0700 Subject: [PATCH 03/10] Change connections minimum to 1 --- apis/v1alpha1/upstreamsettingspolicy_types.go | 2 +- .../crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go index 9660355de6..3e309f3cac 100644 --- a/apis/v1alpha1/upstreamsettingspolicy_types.go +++ b/apis/v1alpha1/upstreamsettingspolicy_types.go @@ -70,7 +70,7 @@ type UpstreamKeepAlive struct { // Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive // // +optional - // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Minimum=1 Connections *int32 `json:"connections,omitempty"` // Requests sets the maximum number of requests that can be served through one keep-alive connection. diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml index a77ff0c4b6..4b0e4b6b98 100644 --- a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -61,7 +61,7 @@ spec: connections are closed. Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive format: int32 - minimum: 0 + minimum: 1 type: integer requests: description: |- From 5c4f1b5249c8ec9634b776a19799c75ae905f94e Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Fri, 6 Sep 2024 09:23:17 -0700 Subject: [PATCH 04/10] Adjust TargetRefs group validation and add MinItems validation --- apis/v1alpha1/observabilitypolicy_types.go | 1 + apis/v1alpha1/upstreamsettingspolicy_types.go | 4 ++-- .../bases/gateway.nginx.org_upstreamsettingspolicies.yaml | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/apis/v1alpha1/observabilitypolicy_types.go b/apis/v1alpha1/observabilitypolicy_types.go index 6e95d28ccf..99b09e4ff9 100644 --- a/apis/v1alpha1/observabilitypolicy_types.go +++ b/apis/v1alpha1/observabilitypolicy_types.go @@ -47,6 +47,7 @@ type ObservabilityPolicySpec struct { // Objects must be in the same namespace as the policy. // Support: HTTPRoute, GRPCRoute. // + // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // +kubebuilder:validation:XValidation:message="TargetRef Kind must be: HTTPRoute or GRPCRoute",rule="(self.exists(t, t.kind=='HTTPRoute') || self.exists(t, t.kind=='GRPCRoute'))" // +kubebuilder:validation:XValidation:message="TargetRef Group must be gateway.networking.k8s.io.",rule="self.all(t, t.group=='gateway.networking.k8s.io')" diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go index 3e309f3cac..82d2851b0b 100644 --- a/apis/v1alpha1/upstreamsettingspolicy_types.go +++ b/apis/v1alpha1/upstreamsettingspolicy_types.go @@ -56,8 +56,8 @@ type UpstreamSettingsPolicySpec struct { // Support: Service // // +kubebuilder:validation:MaxItems=16 - // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.exists(t, t.kind=='Service')" - // +kubebuilder:validation:XValidation:message="TargetRefs Group must be gateway.networking.k8s.io.",rule="self.all(t, t.group=='gateway.networking.k8s.io')" + // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.all(t, t.kind=='Service')" + // +kubebuilder:validation:XValidation:message="TargetRefs Group must be core.",rule="self.exists(t, t.group=='') || self.exists(t, t.group=='core')" //nolint:lll TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` } diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml index 4b0e4b6b98..adf80c2063 100644 --- a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -123,9 +123,9 @@ spec: type: array x-kubernetes-validations: - message: 'TargetRefs Kind must be: Service' - rule: self.exists(t, t.kind=='Service') - - message: TargetRefs Group must be gateway.networking.k8s.io. - rule: self.all(t, t.group=='gateway.networking.k8s.io') + rule: self.all(t, t.kind=='Service') + - message: TargetRefs Group must be core. + rule: self.exists(t, t.group=='') || self.exists(t, t.group=='core') zoneSize: description: |- ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share From 426aa4b7294d4b7758d4bca0101a52312e8c0108 Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Fri, 6 Sep 2024 09:24:25 -0700 Subject: [PATCH 05/10] Revert "Adjust TargetRefs group validation and add MinItems validation" This reverts commit 5876f593459c527b047bcf11d8e39f540af35dab. --- apis/v1alpha1/observabilitypolicy_types.go | 1 - apis/v1alpha1/upstreamsettingspolicy_types.go | 4 ++-- .../bases/gateway.nginx.org_upstreamsettingspolicies.yaml | 6 +++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/apis/v1alpha1/observabilitypolicy_types.go b/apis/v1alpha1/observabilitypolicy_types.go index 99b09e4ff9..6e95d28ccf 100644 --- a/apis/v1alpha1/observabilitypolicy_types.go +++ b/apis/v1alpha1/observabilitypolicy_types.go @@ -47,7 +47,6 @@ type ObservabilityPolicySpec struct { // Objects must be in the same namespace as the policy. // Support: HTTPRoute, GRPCRoute. // - // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // +kubebuilder:validation:XValidation:message="TargetRef Kind must be: HTTPRoute or GRPCRoute",rule="(self.exists(t, t.kind=='HTTPRoute') || self.exists(t, t.kind=='GRPCRoute'))" // +kubebuilder:validation:XValidation:message="TargetRef Group must be gateway.networking.k8s.io.",rule="self.all(t, t.group=='gateway.networking.k8s.io')" diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go index 82d2851b0b..3e309f3cac 100644 --- a/apis/v1alpha1/upstreamsettingspolicy_types.go +++ b/apis/v1alpha1/upstreamsettingspolicy_types.go @@ -56,8 +56,8 @@ type UpstreamSettingsPolicySpec struct { // Support: Service // // +kubebuilder:validation:MaxItems=16 - // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.all(t, t.kind=='Service')" - // +kubebuilder:validation:XValidation:message="TargetRefs Group must be core.",rule="self.exists(t, t.group=='') || self.exists(t, t.group=='core')" + // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.exists(t, t.kind=='Service')" + // +kubebuilder:validation:XValidation:message="TargetRefs Group must be gateway.networking.k8s.io.",rule="self.all(t, t.group=='gateway.networking.k8s.io')" //nolint:lll TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` } diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml index adf80c2063..4b0e4b6b98 100644 --- a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -123,9 +123,9 @@ spec: type: array x-kubernetes-validations: - message: 'TargetRefs Kind must be: Service' - rule: self.all(t, t.kind=='Service') - - message: TargetRefs Group must be core. - rule: self.exists(t, t.group=='') || self.exists(t, t.group=='core') + rule: self.exists(t, t.kind=='Service') + - message: TargetRefs Group must be gateway.networking.k8s.io. + rule: self.all(t, t.group=='gateway.networking.k8s.io') zoneSize: description: |- ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share From 9592cc957f0016dae1618b8a3a622cde9128242a Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Fri, 6 Sep 2024 09:26:37 -0700 Subject: [PATCH 06/10] Adjust TargetRefs group validation and add MinItems validation --- apis/v1alpha1/upstreamsettingspolicy_types.go | 5 +++-- .../bases/gateway.nginx.org_upstreamsettingspolicies.yaml | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go index 3e309f3cac..1d0defc432 100644 --- a/apis/v1alpha1/upstreamsettingspolicy_types.go +++ b/apis/v1alpha1/upstreamsettingspolicy_types.go @@ -55,9 +55,10 @@ type UpstreamSettingsPolicySpec struct { // Objects must be in the same namespace as the policy. // Support: Service // + // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 - // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.exists(t, t.kind=='Service')" - // +kubebuilder:validation:XValidation:message="TargetRefs Group must be gateway.networking.k8s.io.",rule="self.all(t, t.group=='gateway.networking.k8s.io')" + // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.all(t, t.kind=='Service')" + // +kubebuilder:validation:XValidation:message="TargetRefs Group must be core.",rule="self.exists(t, t.group=='') || self.exists(t, t.group==`core`)" //nolint:lll TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` } diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml index 4b0e4b6b98..708e16a1ce 100644 --- a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -120,12 +120,13 @@ spec: - name type: object maxItems: 16 + minItems: 1 type: array x-kubernetes-validations: - message: 'TargetRefs Kind must be: Service' - rule: self.exists(t, t.kind=='Service') - - message: TargetRefs Group must be gateway.networking.k8s.io. - rule: self.all(t, t.group=='gateway.networking.k8s.io') + rule: self.all(t, t.kind=='Service') + - message: TargetRefs Group must be core. + rule: self.exists(t, t.group=='') || self.exists(t, t.group==`core`) zoneSize: description: |- ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share From c13d4f90ac0e3074c5dfbf369325f8d2b100755d Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Fri, 6 Sep 2024 09:28:35 -0700 Subject: [PATCH 07/10] Remove period from validation message --- apis/v1alpha1/upstreamsettingspolicy_types.go | 2 +- .../crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go index 1d0defc432..585befcf92 100644 --- a/apis/v1alpha1/upstreamsettingspolicy_types.go +++ b/apis/v1alpha1/upstreamsettingspolicy_types.go @@ -58,7 +58,7 @@ type UpstreamSettingsPolicySpec struct { // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.all(t, t.kind=='Service')" - // +kubebuilder:validation:XValidation:message="TargetRefs Group must be core.",rule="self.exists(t, t.group=='') || self.exists(t, t.group==`core`)" + // +kubebuilder:validation:XValidation:message="TargetRefs Group must be core",rule="self.exists(t, t.group=='') || self.exists(t, t.group==`core`)" //nolint:lll TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` } diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml index 708e16a1ce..fb44e96f3f 100644 --- a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -125,7 +125,7 @@ spec: x-kubernetes-validations: - message: 'TargetRefs Kind must be: Service' rule: self.all(t, t.kind=='Service') - - message: TargetRefs Group must be core. + - message: TargetRefs Group must be core rule: self.exists(t, t.group=='') || self.exists(t, t.group==`core`) zoneSize: description: |- From e892095303dfe15bbeafc32644d0f06aabb9e5d0 Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Fri, 6 Sep 2024 09:49:36 -0700 Subject: [PATCH 08/10] Fix validation typo --- apis/v1alpha1/upstreamsettingspolicy_types.go | 2 +- .../crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go index 585befcf92..f3276d0f69 100644 --- a/apis/v1alpha1/upstreamsettingspolicy_types.go +++ b/apis/v1alpha1/upstreamsettingspolicy_types.go @@ -58,7 +58,7 @@ type UpstreamSettingsPolicySpec struct { // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.all(t, t.kind=='Service')" - // +kubebuilder:validation:XValidation:message="TargetRefs Group must be core",rule="self.exists(t, t.group=='') || self.exists(t, t.group==`core`)" + // +kubebuilder:validation:XValidation:message="TargetRefs Group must be core",rule="self.exists(t, t.group=='') || self.exists(t, t.group=='core')" //nolint:lll TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` } diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml index fb44e96f3f..dbe0462862 100644 --- a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -126,7 +126,7 @@ spec: - message: 'TargetRefs Kind must be: Service' rule: self.all(t, t.kind=='Service') - message: TargetRefs Group must be core - rule: self.exists(t, t.group=='') || self.exists(t, t.group==`core`) + rule: self.exists(t, t.group=='') || self.exists(t, t.group=='core') zoneSize: description: |- ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share From 9c53d99b2674761643b7db579eced31783b91f2c Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Mon, 9 Sep 2024 16:24:45 -0700 Subject: [PATCH 09/10] Add example policy --- examples/upstream-settings-policy/README.md | 4 ++++ .../upstream-settings-policy.yaml | 15 +++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 examples/upstream-settings-policy/README.md create mode 100644 examples/upstream-settings-policy/upstream-settings-policy.yaml diff --git a/examples/upstream-settings-policy/README.md b/examples/upstream-settings-policy/README.md new file mode 100644 index 0000000000..a6ad17a087 --- /dev/null +++ b/examples/upstream-settings-policy/README.md @@ -0,0 +1,4 @@ +# UpstreamSettingsPolicy + +This directory contains example YAMLs for testing the UpstreamSettingsPolicy CRD. Eventually, this will be converted +into a how-to-guide. diff --git a/examples/upstream-settings-policy/upstream-settings-policy.yaml b/examples/upstream-settings-policy/upstream-settings-policy.yaml new file mode 100644 index 0000000000..e49ed1dffd --- /dev/null +++ b/examples/upstream-settings-policy/upstream-settings-policy.yaml @@ -0,0 +1,15 @@ +apiVersion: gateway.nginx.org/v1alpha1 +kind: UpstreamSettingsPolicy +metadata: + name: upstream-settings-policy +spec: + zoneSize: 512k + targetRefs: + - group: core + kind: Service + name: service + keepAlive: + connections: 32 + requests: 1001 + time: 300s + timeout: 60s From 186f2bf8c3a5df6f5cf63ed0d24cd1f3f79ffbd1 Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Tue, 10 Sep 2024 09:35:59 -0700 Subject: [PATCH 10/10] Fix rebase issues --- site/content/reference/api.md | 280 +++++++++++++++++++++++++++++++++- 1 file changed, 278 insertions(+), 2 deletions(-) diff --git a/site/content/reference/api.md b/site/content/reference/api.md index d5b191193b..c96741cd33 100644 --- a/site/content/reference/api.md +++ b/site/content/reference/api.md @@ -25,6 +25,8 @@ Resource Types: NginxProxy
  • ObservabilityPolicy +
  • +UpstreamSettingsPolicy

    • ClientSettingsPolicy @@ -467,6 +469,131 @@ sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyStatus +

    UpstreamSettingsPolicy + +

    +

    +

    UpstreamSettingsPolicy is a Direct Attached Policy. It provides a way to configure the behavior of +the connection between NGINX and the upstream applications.

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +gateway.nginx.org/v1alpha1 + +
    +kind
    +string +    		UpstreamSettingsPolicy
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +spec
    + + +UpstreamSettingsPolicySpec + + +    		 +

    Spec defines the desired state of the UpstreamSettingsPolicy.

    +
    +
    + + + + + + + + + + + + + +
    +zoneSize
    + + +Size + + +    		 +(Optional) +

    ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share +the upstream configuration between nginx worker processes. The more servers that an upstream has, +the larger memory zone is required. +Default: OSS: 512k, Plus: 1m. +Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone

    +
    +keepAlive
    + + +UpstreamKeepAlive + + +    		 +(Optional) +

    KeepAlive defines the keep-alive settings.

    +
    +targetRefs
    + + +[]sigs.k8s.io/gateway-api/apis/v1alpha2.LocalPolicyTargetReference + + +    		 +

    TargetRefs identifies API object(s) to apply the policy to. +Objects must be in the same namespace as the policy. +Support: Service

    +
    +
    +status
    + + +sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyStatus + + +    		 +

    Status defines the state of the UpstreamSettingsPolicy.

    +

    Address

    @@ -808,7 +935,8 @@ Support: Gateway, HTTPRoute, GRPCRoute.

    ClientBody, ClientKeepAlive, ClientKeepAliveTimeout, -TelemetryExporter) +TelemetryExporter, +UpstreamKeepAlive)

    Duration is a string value representing a duration in time. @@ -1226,7 +1354,8 @@ IP address in the X-Forwarded-For HTTP header.

    (Appears on: -ClientBody) +ClientBody, +UpstreamSettingsPolicySpec)

    Size is a string value representing a size. Size can be specified in bytes, kilobytes (k), megabytes (m), @@ -1561,6 +1690,153 @@ Examples of invalid names: some-$value, quoted-“value”-name, unescap +

    UpstreamKeepAlive + +

    +

    +(Appears on: +UpstreamSettingsPolicySpec) +

    +

    +

    UpstreamKeepAlive defines the keep-alive settings for upstreams.

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +connections
    + +int32 + +    		 +(Optional) +

    Connections sets the maximum number of idle keep-alive connections to upstream servers that are preserved +in the cache of each nginx worker process. When this number is exceeded, the least recently used +connections are closed. +Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive

    +
    +requests
    + +int32 + +    		 +(Optional) +

    Requests sets the maximum number of requests that can be served through one keep-alive connection. +After the maximum number of requests are made, the connection is closed. +Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests

    +
    +time
    + + +Duration + + +    		 +(Optional) +

    Time defines the maximum time during which requests can be processed through one keep-alive connection. +After this time is reached, the connection is closed following the subsequent request processing. +Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time

    +
    +timeout
    + + +Duration + + +    		 +(Optional) +

    Timeout defines the keep-alive timeout for upstreams. +Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout

    +
    +

    UpstreamSettingsPolicySpec + +

    +

    +(Appears on: +UpstreamSettingsPolicy) +

    +

    +

    UpstreamSettingsPolicySpec defines the desired state of the UpstreamSettingsPolicy.

    +

    + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +zoneSize
    + + +Size + + +    		 +(Optional) +

    ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share +the upstream configuration between nginx worker processes. The more servers that an upstream has, +the larger memory zone is required. +Default: OSS: 512k, Plus: 1m. +Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone

    +
    +keepAlive
    + + +UpstreamKeepAlive + + +    		 +(Optional) +

    KeepAlive defines the keep-alive settings.

    +
    +targetRefs
    + + +[]sigs.k8s.io/gateway-api/apis/v1alpha2.LocalPolicyTargetReference + + +    		 +

    TargetRefs identifies API object(s) to apply the policy to. +Objects must be in the same namespace as the policy. +Support: Service

    +

    Generated with gen-crd-api-reference-docs