Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client Settings Policy Attachment #1878

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions apis/v1alpha1/clientsettingspolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,11 @@ type ClientKeepAlive struct {

// Timeout defines the keep-alive timeouts for clients.
//
// +kubebuilder:validation:XValidation:message="header can only be specified if server is specified",rule="!(has(self.header) && !has(self.server))"
//
//
// +optional
//nolint:lll
Timeout *ClientKeepAliveTimeout `json:"timeout,omitempty"`
}

Expand Down
20 changes: 20 additions & 0 deletions apis/v1alpha1/policy_methods.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package v1alpha1

import (
"sigs.k8s.io/gateway-api/apis/v1alpha2"
)

// FIXME(kate-osborn): Figure out a way to generate these methods for all our policies.
// These methods implement the policies.Policy interface which extends client.Object to add the following methods.

func (p *ClientSettingsPolicy) GetTargetRef() v1alpha2.PolicyTargetReference {
return p.Spec.TargetRef
}

func (p *ClientSettingsPolicy) GetPolicyStatus() v1alpha2.PolicyStatus {
return p.Status
}

func (p *ClientSettingsPolicy) SetPolicyStatus(status v1alpha2.PolicyStatus) {
p.Status = status
}
6 changes: 6 additions & 0 deletions charts/nginx-gateway-fabric/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,8 @@ spec:
mountPath: /etc/nginx/secrets
- name: nginx-run
mountPath: /var/run/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
{{- with .Values.nginxGateway.extraVolumeMounts -}}
{{ toYaml . | nindent 8 }}
{{- end }}
Expand Down Expand Up @@ -157,6 +159,8 @@ spec:
mountPath: /var/cache/nginx
- name: nginx-lib
mountPath: /var/lib/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
{{- with .Values.nginx.extraVolumeMounts -}}
{{ toYaml . | nindent 8 }}
{{- end }}
Expand Down Expand Up @@ -189,6 +193,8 @@ spec:
emptyDir: {}
- name: nginx-lib
emptyDir: {}
- name: nginx-includes
emptyDir: {}
{{- with .Values.extraVolumes -}}
{{ toYaml . | nindent 6 }}
{{- end }}
Expand Down
2 changes: 2 additions & 0 deletions charts/nginx-gateway-fabric/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways
- clientsettingspolicies
verbs:
- get
- list
Expand All @@ -119,6 +120,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways/status
- clientsettingspolicies/status
verbs:
- update
{{- if .Values.nginxGateway.leaderElection.enable }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,9 @@ spec:
pattern: ^\d{1,4}(ms|s)?$
type: string
type: object
x-kubernetes-validations:
- message: header can only be specified if server is specified
rule: '!(has(self.header) && !has(self.server))'
type: object
targetRef:
description: |-
Expand Down
6 changes: 6 additions & 0 deletions conformance/provisioner/static-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ spec:
mountPath: /etc/nginx/secrets
- name: nginx-run
mountPath: /var/run/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
Expand Down Expand Up @@ -102,6 +104,8 @@ spec:
mountPath: /var/cache/nginx
- name: nginx-lib
mountPath: /var/lib/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
terminationGracePeriodSeconds: 30
serviceAccountName: nginx-gateway
shareProcessNamespace: true
Expand All @@ -119,3 +123,5 @@ spec:
emptyDir: {}
- name: nginx-lib
emptyDir: {}
- name: nginx-includes
emptyDir: {}
8 changes: 8 additions & 0 deletions deploy/manifests/nginx-gateway-experimental.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways
- clientsettingspolicies
verbs:
- get
- list
Expand All @@ -101,6 +102,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways/status
- clientsettingspolicies/status
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -217,6 +219,8 @@ spec:
mountPath: /etc/nginx/secrets
- name: nginx-run
mountPath: /var/run/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
Expand Down Expand Up @@ -245,6 +249,8 @@ spec:
mountPath: /var/cache/nginx
- name: nginx-lib
mountPath: /var/lib/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
terminationGracePeriodSeconds: 30
serviceAccountName: nginx-gateway
shareProcessNamespace: true
Expand All @@ -262,6 +268,8 @@ spec:
emptyDir: {}
- name: nginx-lib
emptyDir: {}
- name: nginx-includes
emptyDir: {}
---
# Source: nginx-gateway-fabric/templates/gatewayclass.yaml
apiVersion: gateway.networking.k8s.io/v1
Expand Down
8 changes: 8 additions & 0 deletions deploy/manifests/nginx-gateway.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways
- clientsettingspolicies
verbs:
- get
- list
Expand All @@ -98,6 +99,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways/status
- clientsettingspolicies/status
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -213,6 +215,8 @@ spec:
mountPath: /etc/nginx/secrets
- name: nginx-run
mountPath: /var/run/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
- image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge
imagePullPolicy: Always
name: nginx
Expand Down Expand Up @@ -241,6 +245,8 @@ spec:
mountPath: /var/cache/nginx
- name: nginx-lib
mountPath: /var/lib/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
terminationGracePeriodSeconds: 30
serviceAccountName: nginx-gateway
shareProcessNamespace: true
Expand All @@ -258,6 +264,8 @@ spec:
emptyDir: {}
- name: nginx-lib
emptyDir: {}
- name: nginx-includes
emptyDir: {}
---
# Source: nginx-gateway-fabric/templates/gatewayclass.yaml
apiVersion: gateway.networking.k8s.io/v1
Expand Down
8 changes: 8 additions & 0 deletions deploy/manifests/nginx-plus-gateway-experimental.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways
- clientsettingspolicies
verbs:
- get
- list
Expand All @@ -107,6 +108,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways/status
- clientsettingspolicies/status
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -224,6 +226,8 @@ spec:
mountPath: /etc/nginx/secrets
- name: nginx-run
mountPath: /var/run/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
- image: nginx-gateway-fabric/nginx-plus:edge
imagePullPolicy: Always
name: nginx
Expand Down Expand Up @@ -252,6 +256,8 @@ spec:
mountPath: /var/cache/nginx
- name: nginx-lib
mountPath: /var/lib/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
terminationGracePeriodSeconds: 30
serviceAccountName: nginx-gateway
shareProcessNamespace: true
Expand All @@ -269,6 +275,8 @@ spec:
emptyDir: {}
- name: nginx-lib
emptyDir: {}
- name: nginx-includes
emptyDir: {}
---
# Source: nginx-gateway-fabric/templates/gatewayclass.yaml
apiVersion: gateway.networking.k8s.io/v1
Expand Down
8 changes: 8 additions & 0 deletions deploy/manifests/nginx-plus-gateway.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways
- clientsettingspolicies
verbs:
- get
- list
Expand All @@ -104,6 +105,7 @@ rules:
- gateway.nginx.org
resources:
- nginxgateways/status
- clientsettingspolicies/status
verbs:
- update
- apiGroups:
Expand Down Expand Up @@ -220,6 +222,8 @@ spec:
mountPath: /etc/nginx/secrets
- name: nginx-run
mountPath: /var/run/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
- image: nginx-gateway-fabric/nginx-plus:edge
imagePullPolicy: Always
name: nginx
Expand Down Expand Up @@ -248,6 +252,8 @@ spec:
mountPath: /var/cache/nginx
- name: nginx-lib
mountPath: /var/lib/nginx
- name: nginx-includes
mountPath: /etc/nginx/includes
terminationGracePeriodSeconds: 30
serviceAccountName: nginx-gateway
shareProcessNamespace: true
Expand All @@ -265,6 +271,8 @@ spec:
emptyDir: {}
- name: nginx-lib
emptyDir: {}
- name: nginx-includes
emptyDir: {}
---
# Source: nginx-gateway-fabric/templates/gatewayclass.yaml
apiVersion: gateway.networking.k8s.io/v1
Expand Down
5 changes: 5 additions & 0 deletions examples/client-settings-policy/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
TODO(kate-osborn): remove before merging to main

# Client Settings Policy

This contains examples for testing Client Settings Policy.
43 changes: 43 additions & 0 deletions examples/client-settings-policy/cafe-routes.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: coffee
spec:
parentRefs:
- name: gateway
sectionName: http
- name: gateway
sectionName: http2
hostnames:
- "cafe.example.com"
- "cafe.example.org"
rules:
- matches:
- path:
type: PathPrefix
value: /coffee
backendRefs:
- name: coffee
port: 80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: tea
spec:
parentRefs:
- name: gateway
sectionName: http
- name: gateway
sectionName: http2
hostnames:
- "cafe.example.com"
- "cafe.example.org"
rules:
- matches:
- path:
type: Exact
value: /tea
backendRefs:
- name: tea
port: 80
65 changes: 65 additions & 0 deletions examples/client-settings-policy/cafe.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: coffee
spec:
replicas: 1
selector:
matchLabels:
app: coffee
template:
metadata:
labels:
app: coffee
spec:
containers:
- name: coffee
image: nginxdemos/nginx-hello:plain-text
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: coffee
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app: coffee
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tea
spec:
replicas: 1
selector:
matchLabels:
app: tea
template:
metadata:
labels:
app: tea
spec:
containers:
- name: tea
image: nginxdemos/nginx-hello:plain-text
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: tea
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app: tea
Loading
Loading