Add UpstreamSetttingsPolicy (#2941)

Problem: As a user, I want to be able to configure the upstream settings for a Service referenced by a HTTP or GRPCRoute. Solution: Add UpstreamSettingsPolicy CRD. This is a direct policy that can be attached to one or more Services. The Service must be referenced by an HTTP or GRPCRoute that is owned by the "winning" NGF Gateway. Co-authored-by: bjee19 <139261241+bjee19@users.noreply.github.com> Co-authored-by: salonichf5 <146118978+salonichf5@users.noreply.github.com>
nginxinc · Dec 20, 2024 · 6fad005 · 6fad005
1 parent 938b7ff
commit 6fad005
Show file tree

Hide file tree

Showing 74 changed files with 5,219 additions and 554 deletions.
diff --git a/apis/v1alpha1/policy_methods.go b/apis/v1alpha1/policy_methods.go
@@ -31,3 +31,15 @@ func (p *ObservabilityPolicy) GetPolicyStatus() v1alpha2.PolicyStatus {
 func (p *ObservabilityPolicy) SetPolicyStatus(status v1alpha2.PolicyStatus) {
 	p.Status = status
 }
+
+func (p *UpstreamSettingsPolicy) GetTargetRefs() []v1alpha2.LocalPolicyTargetReference {
+	return p.Spec.TargetRefs
+}
+
+func (p *UpstreamSettingsPolicy) GetPolicyStatus() v1alpha2.PolicyStatus {
+	return p.Status
+}
+
+func (p *UpstreamSettingsPolicy) SetPolicyStatus(status v1alpha2.PolicyStatus) {
+	p.Status = status
+}
diff --git a/apis/v1alpha1/register.go b/apis/v1alpha1/register.go
@@ -42,6 +42,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&ClientSettingsPolicyList{},
 		&SnippetsFilter{},
 		&SnippetsFilterList{},
+		&UpstreamSettingsPolicy{},
+		&UpstreamSettingsPolicyList{},
 	)
 	// AddToGroupVersion allows the serialization of client types like ListOptions.
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)

diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go
@@ -0,0 +1,97 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+// +genclient
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:categories=nginx-gateway-fabric,scope=Namespaced,shortName=uspolicy
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct"
+
+// UpstreamSettingsPolicy is a Direct Attached Policy. It provides a way to configure the behavior of
+// the connection between NGINX and the upstream applications.
+type UpstreamSettingsPolicy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec defines the desired state of the UpstreamSettingsPolicy.
+	Spec UpstreamSettingsPolicySpec `json:"spec"`
+
+	// Status defines the state of the UpstreamSettingsPolicy.
+	Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// UpstreamSettingsPolicyList contains a list of UpstreamSettingsPolicies.
+type UpstreamSettingsPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []UpstreamSettingsPolicy `json:"items"`
+}
+
+// UpstreamSettingsPolicySpec defines the desired state of the UpstreamSettingsPolicy.
+type UpstreamSettingsPolicySpec struct {
+	// ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share
+	// the upstream configuration between nginx worker processes. The more servers that an upstream has,
+	// the larger memory zone is required.
+	// Default: OSS: 512k, Plus: 1m.
+	// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone
+	//
+	// +optional
+	ZoneSize *Size `json:"zoneSize,omitempty"`
+
+	// KeepAlive defines the keep-alive settings.
+	//
+	// +optional
+	KeepAlive *UpstreamKeepAlive `json:"keepAlive,omitempty"`
+
+	// TargetRefs identifies API object(s) to apply the policy to.
+	// Objects must be in the same namespace as the policy.
+	// Support: Service
+	//
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=16
+	// +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.all(t, t.kind=='Service')"
+	// +kubebuilder:validation:XValidation:message="TargetRefs Group must be core",rule="self.exists(t, t.group=='') || self.exists(t, t.group=='core')"
+	//nolint:lll
+	TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"`
+}
+
+// UpstreamKeepAlive defines the keep-alive settings for upstreams.
+type UpstreamKeepAlive struct {
+	// Connections sets the maximum number of idle keep-alive connections to upstream servers that are preserved
+	// in the cache of each nginx worker process. When this number is exceeded, the least recently used
+	// connections are closed.
+	// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
+	//
+	// +optional
+	// +kubebuilder:validation:Minimum=1
+	Connections *int32 `json:"connections,omitempty"`
+
+	// Requests sets the maximum number of requests that can be served through one keep-alive connection.
+	// After the maximum number of requests are made, the connection is closed.
+	// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests
+	//
+	// +optional
+	// +kubebuilder:validation:Minimum=0
+	Requests *int32 `json:"requests,omitempty"`
+
+	// Time defines the maximum time during which requests can be processed through one keep-alive connection.
+	// After this time is reached, the connection is closed following the subsequent request processing.
+	// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time
+	//
+	// +optional
+	Time *Duration `json:"time,omitempty"`
+
+	// Timeout defines the keep-alive timeout for upstreams.
+	// Directive: https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout
+	//
+	// +optional
+	Timeout *Duration `json:"timeout,omitempty"`
+}
diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/nginx-gateway-fabric/templates/clusterrole.yaml b/charts/nginx-gateway-fabric/templates/clusterrole.yaml
@@ -104,6 +104,7 @@ rules:
   - nginxproxies
   - clientsettingspolicies
   - observabilitypolicies
+  - upstreamsettingspolicies
   {{- if .Values.nginxGateway.snippetsFilters.enable }}
   - snippetsfilters
   {{- end }}
@@ -116,6 +117,7 @@ rules:
   - nginxgateways/status
   - clientsettingspolicies/status
   - observabilitypolicies/status
+  - upstreamsettingspolicies/status
   {{- if .Values.nginxGateway.snippetsFilters.enable }}
   - snippetsfilters/status
   {{- end }}