Skip to content

Commit

Permalink
Add UpstreamSettingsPolicy CRD (#2515)
Browse files Browse the repository at this point in the history
Problem: Users want to configure the behavior of the connection between NGINX and their upstream applications.

Solution: Add the UpstreamSettingsPolicy CRD, which is a direct policy that will attach to a Service that is referenced in an HTTPRoute or GRPCRoute.

Testing: Tested that validation works.
  • Loading branch information
bjee19 authored and kate-osborn committed Dec 20, 2024
1 parent 938b7ff commit 0a8a78a
Show file tree
Hide file tree
Showing 8 changed files with 965 additions and 3 deletions.
2 changes: 2 additions & 0 deletions apis/v1alpha1/register.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&ClientSettingsPolicyList{},
&SnippetsFilter{},
&SnippetsFilterList{},
&UpstreamSettingsPolicy{},
&UpstreamSettingsPolicyList{},
)
// AddToGroupVersion allows the serialization of client types like ListOptions.
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
Expand Down
97 changes: 97 additions & 0 deletions apis/v1alpha1/upstreamsettingspolicy_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
package v1alpha1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)

// +genclient
// +kubebuilder:object:root=true
// +kubebuilder:storageversion
// +kubebuilder:subresource:status
// +kubebuilder:resource:categories=nginx-gateway-fabric,scope=Namespaced,shortName=uspolicy
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
// +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct"

// UpstreamSettingsPolicy is a Direct Attached Policy. It provides a way to configure the behavior of
// the connection between NGINX and the upstream applications.
type UpstreamSettingsPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

// Spec defines the desired state of the UpstreamSettingsPolicy.
Spec UpstreamSettingsPolicySpec `json:"spec"`

// Status defines the state of the UpstreamSettingsPolicy.
Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"`
}

// +kubebuilder:object:root=true

// UpstreamSettingsPolicyList contains a list of UpstreamSettingsPolicies.
type UpstreamSettingsPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []UpstreamSettingsPolicy `json:"items"`
}

// UpstreamSettingsPolicySpec defines the desired state of the UpstreamSettingsPolicy.
type UpstreamSettingsPolicySpec struct {
// ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share
// the upstream configuration between nginx worker processes. The more servers that an upstream has,
// the larger memory zone is required.
// Default: OSS: 512k, Plus: 1m.
// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone
//
// +optional
ZoneSize *Size `json:"zoneSize,omitempty"`

// KeepAlive defines the keep-alive settings.
//
// +optional
KeepAlive *UpstreamKeepAlive `json:"keepAlive,omitempty"`

// TargetRefs identifies API object(s) to apply the policy to.
// Objects must be in the same namespace as the policy.
// Support: Service
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
// +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.all(t, t.kind=='Service')"
// +kubebuilder:validation:XValidation:message="TargetRefs Group must be core",rule="self.exists(t, t.group=='') || self.exists(t, t.group=='core')"
//nolint:lll
TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"`
}

// UpstreamKeepAlive defines the keep-alive settings for upstreams.
type UpstreamKeepAlive struct {
// Connections sets the maximum number of idle keep-alive connections to upstream servers that are preserved
// in the cache of each nginx worker process. When this number is exceeded, the least recently used
// connections are closed.
// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
//
// +optional
// +kubebuilder:validation:Minimum=1
Connections *int32 `json:"connections,omitempty"`

// Requests sets the maximum number of requests that can be served through one keep-alive connection.
// After the maximum number of requests are made, the connection is closed.
// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests
//
// +optional
// +kubebuilder:validation:Minimum=0
Requests *int32 `json:"requests,omitempty"`

// Time defines the maximum time during which requests can be processed through one keep-alive connection.
// After this time is reached, the connection is closed following the subsequent request processing.
// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time
//
// +optional
Time *Duration `json:"time,omitempty"`

// Timeout defines the keep-alive timeout for upstreams.
// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout
//
// +optional
Timeout *Duration `json:"timeout,omitempty"`
}
124 changes: 124 additions & 0 deletions apis/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 0a8a78a

Please sign in to comment.