From 2ea899a064487d5c9e35204fb2c815638484ad96 Mon Sep 17 00:00:00 2001 From: Kate Osborn <50597707+kate-osborn@users.noreply.github.com> Date: Thu, 9 Jan 2025 10:55:31 -0700 Subject: [PATCH 1/4] Add guide for UpstreamSettingsPolicy (#2987) Problem: As a user, I want an example of how to configure upstream settings for my application. Solution: Add a how-to guide describing how to configure upstream zone size and keepalives for services. Also adds UpstreamSettingsPolicy to the table in the custom policies document and moves the custom policies document closer to the top of the overview page to increase visibility. --- .../1m-zone-size.yaml | 13 + examples/upstream-settings-policy/README.md | 3 +- .../{cafe.yaml => app.yaml} | 0 .../{cafe-routes.yaml => httproutes.yaml} | 2 +- ...s-policy.yaml => upstream-keepalives.yaml} | 6 +- site/content/how-to/monitoring/tracing.md | 2 +- .../traffic-management/client-settings.md | 2 +- .../traffic-management/upstream-settings.md | 395 ++++++++++++++++++ site/content/overview/custom-policies.md | 12 +- site/content/overview/nginx-plus.md | 2 +- site/content/overview/resource-validation.md | 2 +- 11 files changed, 422 insertions(+), 17 deletions(-) create mode 100644 examples/upstream-settings-policy/1m-zone-size.yaml rename examples/upstream-settings-policy/{cafe.yaml => app.yaml} (100%) rename examples/upstream-settings-policy/{cafe-routes.yaml => httproutes.yaml} (95%) rename examples/upstream-settings-policy/{upstream-settings-policy.yaml => upstream-keepalives.yaml} (65%) create mode 100644 site/content/how-to/traffic-management/upstream-settings.md diff --git a/examples/upstream-settings-policy/1m-zone-size.yaml b/examples/upstream-settings-policy/1m-zone-size.yaml new file mode 100644 index 0000000000..1b22d9e2d3 --- /dev/null +++ b/examples/upstream-settings-policy/1m-zone-size.yaml @@ -0,0 +1,13 @@ +apiVersion: gateway.nginx.org/v1alpha1 +kind: UpstreamSettingsPolicy +metadata: + name: 1m-zone-size +spec: + targetRefs: + - group: core + kind: Service + name: tea + - group: core + kind: Service + name: coffee + zoneSize: 1m diff --git a/examples/upstream-settings-policy/README.md b/examples/upstream-settings-policy/README.md index a6ad17a087..e2f1d2e59b 100644 --- a/examples/upstream-settings-policy/README.md +++ b/examples/upstream-settings-policy/README.md @@ -1,4 +1,3 @@ # UpstreamSettingsPolicy -This directory contains example YAMLs for testing the UpstreamSettingsPolicy CRD. Eventually, this will be converted -into a how-to-guide. +This directory contains the YAML files used in the [UpstreamSettingsPolicy](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/upstream-settings/) guide. diff --git a/examples/upstream-settings-policy/cafe.yaml b/examples/upstream-settings-policy/app.yaml similarity index 100% rename from examples/upstream-settings-policy/cafe.yaml rename to examples/upstream-settings-policy/app.yaml diff --git a/examples/upstream-settings-policy/cafe-routes.yaml b/examples/upstream-settings-policy/httproutes.yaml similarity index 95% rename from examples/upstream-settings-policy/cafe-routes.yaml rename to examples/upstream-settings-policy/httproutes.yaml index 67927335cb..8fa04758fe 100644 --- a/examples/upstream-settings-policy/cafe-routes.yaml +++ b/examples/upstream-settings-policy/httproutes.yaml @@ -11,7 +11,7 @@ spec: rules: - matches: - path: - type: PathPrefix + type: Exact value: /coffee backendRefs: - name: coffee diff --git a/examples/upstream-settings-policy/upstream-settings-policy.yaml b/examples/upstream-settings-policy/upstream-keepalives.yaml similarity index 65% rename from examples/upstream-settings-policy/upstream-settings-policy.yaml rename to examples/upstream-settings-policy/upstream-keepalives.yaml index 95e8a34e6d..16f916922c 100644 --- a/examples/upstream-settings-policy/upstream-settings-policy.yaml +++ b/examples/upstream-settings-policy/upstream-keepalives.yaml @@ -1,15 +1,11 @@ apiVersion: gateway.nginx.org/v1alpha1 kind: UpstreamSettingsPolicy metadata: - name: upstream-settings-policy + name: upstream-keepalives spec: - zoneSize: 512k targetRefs: - group: core kind: Service name: coffee keepAlive: connections: 32 - requests: 1001 - time: 300s - timeout: 60s diff --git a/site/content/how-to/monitoring/tracing.md b/site/content/how-to/monitoring/tracing.md index 6083afbd57..2820c7f187 100644 --- a/site/content/how-to/monitoring/tracing.md +++ b/site/content/how-to/monitoring/tracing.md @@ -64,7 +64,7 @@ To enable tracing, you must configure two resources: The `NginxProxy` resource contains configuration for the collector, and applies to all Gateways and routes under the GatewayClass. It does not enable tracing, but is a prerequisite to the next piece of configuration. -- `ObservabilityPolicy`: This resource is a [Direct PolicyAttachment](https://gateway-api.sigs.k8s.io/reference/policy-attachment/) that targets HTTPRoutes or GRPCRoutes. It is created by the [application developer](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/) and enables tracing for a specific route or routes. It requires the `NginxProxy` resource to exist in order to complete the tracing configuration. +- `ObservabilityPolicy`: This resource is a [Direct Policy Attachment](https://gateway-api.sigs.k8s.io/reference/policy-attachment/) that targets HTTPRoutes or GRPCRoutes. It is created by the [application developer](https://gateway-api.sigs.k8s.io/concepts/roles-and-personas/) and enables tracing for a specific route or routes. It requires the `NginxProxy` resource to exist in order to complete the tracing configuration. For all the possible configuration options for these resources, see the [API reference]({{< relref "reference/api.md" >}}). diff --git a/site/content/how-to/traffic-management/client-settings.md b/site/content/how-to/traffic-management/client-settings.md index 6b42489461..4d7b93c0e7 100644 --- a/site/content/how-to/traffic-management/client-settings.md +++ b/site/content/how-to/traffic-management/client-settings.md @@ -19,7 +19,7 @@ The settings in `ClientSettingsPolicy` correspond to the following NGINX directi - [`keepalive_time`]() - [`keepalive_timeout`]() -`ClientSettingsPolicy` is an [Inherited PolicyAttachment](https://gateway-api.sigs.k8s.io/reference/policy-attachment/) that can be applied to a Gateway, HTTPRoute, or GRPCRoute in the same namespace as the `ClientSettingsPolicy`. +`ClientSettingsPolicy` is an [Inherited Policy Attachment](https://gateway-api.sigs.k8s.io/reference/policy-attachment/) that can be applied to a Gateway, HTTPRoute, or GRPCRoute in the same namespace as the `ClientSettingsPolicy`. When applied to a Gateway, the settings specified in the `ClientSettingsPolicy` affect all HTTPRoutes and GRPCRoutes attached to the Gateway. This allows Cluster Operators to set defaults for all applications using the Gateway. diff --git a/site/content/how-to/traffic-management/upstream-settings.md b/site/content/how-to/traffic-management/upstream-settings.md new file mode 100644 index 0000000000..55ae6b4d36 --- /dev/null +++ b/site/content/how-to/traffic-management/upstream-settings.md @@ -0,0 +1,395 @@ +--- +title: "Upstream Settings Policy API" +weight: 900 +toc: true +docs: "DOCS-000" +--- + +Learn how to use the `UpstreamSettingsPolicy` API. + +## Overview + +The `UpstreamSettingsPolicy` API allows Application Developers to configure the behavior of a connection between NGINX and the upstream applications. + +The settings in `UpstreamSettingsPolicy` correspond to the following NGINX directives: + +- [`zone`]() +- [`keepalive`]() +- [`keepalive_requests`]() +- [`keepalive_time`]() +- [`keepalive_timeout`]() + +`UpstreamSettingsPolicy` is a [Direct Policy Attachment](https://gateway-api.sigs.k8s.io/reference/policy-attachment/) that can be applied to one or more services in the same namespace as the policy. +`UpstreamSettingsPolicies` can only be applied to HTTP or gRPC services, in other words, services that are referenced by an HTTPRoute or GRPCRoute. + +See the [custom policies]({{< relref "overview/custom-policies.md" >}}) document for more information on policies. + +This guide will show you how to use the `UpstreamSettingsPolicy` API to configure the upstream zone size and keepalives for your applications. + +For all the possible configuration options for `UpstreamSettingsPolicy`, see the [API reference]({{< relref "reference/api.md" >}}). + +--- + +## Before you begin + +- [Install]({{< relref "/installation/" >}}) NGINX Gateway Fabric. +- Save the public IP address and port of NGINX Gateway Fabric into shell variables: + + ```text + GW_IP=XXX.YYY.ZZZ.III + GW_PORT= + ``` + +- Lookup the name of the NGINX Gateway Fabric pod and save into shell variable: + + ```text + NGF_POD_NAME= + ``` + + {{< note >}}In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for.{{< /note >}} + +--- + +## Setup + +Create the `coffee` and `tea` example applications: + +```yaml +kubectl apply -f - < 80/TCP 23h +service/tea ClusterIP 10.244.0.15 80/TCP 23h + +NAME READY STATUS RESTARTS AGE +pod/coffee-676c9f8944-n9g6n 1/1 Running 0 23h +pod/tea-6fbfdcb95d-cf84d 1/1 Running 0 23h +``` + +Create a Gateway: + +```yaml +kubectl apply -f - < +``` + +Next, verify that the policy has been applied to the `coffee` and `tea` upstreams by inspecting the NGINX configuration: + +```shell +kubectl exec -it -n nginx-gateway $NGF_POD_NAME -c nginx -- nginx -T +``` + +You should see the `zone` directive in the `coffee` and `tea` upstreams both specify the size `1m`: + +```text +upstream default_coffee_80 { + random two least_conn; + zone default_coffee_80 1m; + + server 10.244.0.14:8080; +} + +upstream default_tea_80 { + random two least_conn; + zone default_tea_80 1m; + + server 10.244.0.15:8080; +} +``` + +## Enable keepalive connections + +To enable keepalive connections for the `coffee` service, create the following `UpstreamSettingsPolicy`: + +```yaml +kubectl apply -f - < +``` + +Next, verify that the policy has been applied to the `coffee` upstreams, by inspecting the NGINX configuration: + +```shell +kubectl exec -it -n nginx-gateway $NGF_POD_NAME -c nginx -- nginx -T +``` + +You should see that the `coffee` upstream has the `keepalive` directive set to 32: + +```text +upstream default_coffee_80 { + random two least_conn; + zone default_coffee_80 1m; + + server 10.244.0.14:8080; + keepalive 32; +} +``` + +Notice, that the `tea` upstream does not contain the `keepalive` directive, since the `upstream-keepalives` policy does not target the `tea` service: + +```text +upstream default_tea_80 { + random two least_conn; + zone default_tea_80 1m; + + server 10.244.0.15:8080; +} +``` + +--- + +## Further reading + +- [Custom policies]({{< relref "overview/custom-policies.md" >}}): learn about how NGINX Gateway Fabric custom policies work. +- [API reference]({{< relref "reference/api.md" >}}): all configuration fields for the `UpstreamSettingsPolicy` API. diff --git a/site/content/overview/custom-policies.md b/site/content/overview/custom-policies.md index ca362a06bb..3926d5aa91 100644 --- a/site/content/overview/custom-policies.md +++ b/site/content/overview/custom-policies.md @@ -1,6 +1,6 @@ --- title: "Custom policies" -weight: 600 +weight: 300 toc: true docs: "DOCS-000" --- @@ -15,10 +15,12 @@ The following table summarizes NGINX Gateway Fabric custom policies: {{< bootstrap-table "table table-striped table-bordered" >}} -| Policy | Description | Attachment Type | Supported Target Object(s) | Supports Multiple Target Refs | Mergeable | API Version | -|---------------------------------------------------------------------------------------|---------------------------------------------------------|-----------------|-------------------------------|-------------------------------|-----------|-------------| -| [ClientSettingsPolicy]({{}}) | Configure connection behavior between client and NGINX | Inherited | Gateway, HTTPRoute, GRPCRoute | No | Yes | v1alpha1 | -| [ObservabilityPolicy]({{}}) | Define settings related to tracing, metrics, or logging | Direct | HTTPRoute, GRPCRoute | Yes | No | v1alpha1 | +| Policy | Description | Attachment Type | Supported Target Object(s) | Supports Multiple Target Refs | Mergeable | API Version | +|-------------------------------------------------------------------------------------------|-----------------------------------------------------------------------|-----------------|-------------------------------|-------------------------------|-----------|-------------| +| [ClientSettingsPolicy]({{}}) | Configure connection behavior between client and NGINX | Inherited | Gateway, HTTPRoute, GRPCRoute | No | Yes | v1alpha1 | +| [ObservabilityPolicy]({{}}) | Define settings related to tracing, metrics, or logging | Direct | HTTPRoute, GRPCRoute | Yes | No | v1alpha1 | +| [UpstreamSettingsPolicy]({{}}) | Configure connection behavior between NGINX and upstream applications | Direct | Service | Yes | Yes | v1alpha1 | + {{}} diff --git a/site/content/overview/nginx-plus.md b/site/content/overview/nginx-plus.md index 4d25c19687..8e50c0b0e4 100644 --- a/site/content/overview/nginx-plus.md +++ b/site/content/overview/nginx-plus.md @@ -1,6 +1,6 @@ --- title: "Advanced features with NGINX Plus" -weight: 300 +weight: 400 toc: true docs: "DOCS-1415" --- diff --git a/site/content/overview/resource-validation.md b/site/content/overview/resource-validation.md index 382bf9cf2d..fba7b42a7d 100644 --- a/site/content/overview/resource-validation.md +++ b/site/content/overview/resource-validation.md @@ -1,6 +1,6 @@ --- title: "Resource validation" -weight: 400 +weight: 600 toc: true docs: "DOCS-1414" --- From 26c420cdfb83659ba46d6f4bdb49e697075cbeb7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 11:26:39 -0700 Subject: [PATCH 2/4] Update docker/build-push-action action to v6.11.0 (#2994) | datasource | package | from | to | | ----------- | ------------------------ | ------- | ------- | | github-tags | docker/build-push-action | v6.10.0 | v6.11.0 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- .github/workflows/conformance.yml | 6 +++--- .github/workflows/functional.yml | 4 ++-- .github/workflows/helm.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bcda5bfdb4..e4547200eb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -132,7 +132,7 @@ jobs: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index - name: Build Docker Image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: file: build/Dockerfile${{ inputs.image == 'nginx' && '.nginx' || '' }}${{ inputs.image == 'plus' && '.nginxplus' || '' }} context: "." diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 16f46f6586..cf67ec744c 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -93,7 +93,7 @@ jobs: TELEMETRY_ENDPOINT_INSECURE: "false" - name: Build NGF Docker Image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: file: build/Dockerfile tags: ${{ steps.ngf-meta.outputs.tags }} @@ -104,7 +104,7 @@ jobs: pull: true - name: Build NGINX Docker Image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: file: build/Dockerfile${{ inputs.image == 'nginx' && '.nginx' || '' }}${{ inputs.image == 'plus' && '.nginxplus' || ''}} tags: ${{ steps.nginx-meta.outputs.tags }} @@ -123,7 +123,7 @@ jobs: working-directory: ./tests - name: Build Test Docker Image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: file: tests/conformance/Dockerfile tags: conformance-test-runner:${{ github.sha }} diff --git a/.github/workflows/functional.yml b/.github/workflows/functional.yml index 719685e6f2..a604a65976 100644 --- a/.github/workflows/functional.yml +++ b/.github/workflows/functional.yml @@ -80,7 +80,7 @@ jobs: TELEMETRY_ENDPOINT_INSECURE: "true" - name: Build NGF Docker Image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: file: build/Dockerfile tags: ${{ steps.ngf-meta.outputs.tags }} @@ -91,7 +91,7 @@ jobs: target: goreleaser - name: Build NGINX Docker Image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: file: build/Dockerfile${{ inputs.image == 'nginx' && '.nginx' || '' }}${{ inputs.image == 'plus' && '.nginxplus' || ''}} tags: ${{ steps.nginx-meta.outputs.tags }} diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 156ead43eb..c6fb3b8960 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -60,7 +60,7 @@ jobs: type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') }} - name: Build NGF Docker Image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: file: build/Dockerfile tags: ${{ steps.ngf-meta.outputs.tags }} @@ -71,7 +71,7 @@ jobs: pull: true - name: Build NGINX Docker Image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: file: build/Dockerfile${{ inputs.image == 'nginx' && '.nginx' || '' }}${{ inputs.image == 'plus' && '.nginxplus' || ''}} tags: ${{ steps.nginx-meta.outputs.tags }} From 58e8b07b9b96c112e30e343d3284405a78c0ac41 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 23:02:37 +0000 Subject: [PATCH 3/4] Update docker/setup-qemu-action action to v3.3.0 (#2995) | datasource | package | from | to | | ----------- | ------------------------ | ------ | ------ | | github-tags | docker/setup-qemu-action | v3.2.0 | v3.3.0 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e4547200eb..e1a9856f22 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -51,7 +51,7 @@ jobs: driver-opts: network=host - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm64 From 2be5b0c7bd005ed9cbfa4d2a26d4a29b4aafd590 Mon Sep 17 00:00:00 2001 From: bjee19 <139261241+bjee19@users.noreply.github.com> Date: Thu, 9 Jan 2025 15:27:46 -0800 Subject: [PATCH 4/4] Add validation to ensure no duplicate TargetRefs in policies (#2998) Validate that there are no duplicate TargetRefs in the UpstreamSettingsPolicy and ObservabilityPolicy. Additionally, since this change strengthens the validation rules on the ObservabilityPolicy API, we are bumping the ObservabilityPolicy API version from v1alpha1 to v1alpha2. Problem: It's possible to create an ObservabilityPolicy or UpstreamSettingsPolicy with duplicate targetRefs. This is not a valid configuration and should be prevented. Solution: Add CEL validation to prevent this. Testing: Manually deployed both the UpstreamSettingsPolicy and ObservabilityPolicy and verified that duplicate targetRefs are invalid. --- apis/v1alpha1/observabilitypolicy_types.go | 5 +- apis/v1alpha1/upstreamsettingspolicy_types.go | 3 + apis/v1alpha2/doc.go | 6 + apis/v1alpha2/observabilitypolicy_types.go | 139 ++++++ apis/v1alpha2/policy_methods.go | 21 + apis/v1alpha2/register.go | 42 ++ apis/v1alpha2/zz_generated.deepcopy.go | 130 +++++ ...teway.nginx.org_observabilitypolicies.yaml | 467 ++++++++++++++++- ...ay.nginx.org_upstreamsettingspolicies.yaml | 4 + deploy/crds.yaml | 471 +++++++++++++++++- docs/proposals/observability.md | 2 +- internal/mode/static/manager.go | 36 +- internal/mode/static/manager_test.go | 47 +- .../policies/clientsettings/generator_test.go | 77 +-- .../policies/observability/generator.go | 12 +- .../policies/observability/generator_test.go | 77 +-- .../policies/observability/validator.go | 32 +- .../policies/observability/validator_test.go | 65 +-- .../upstreamsettings/processor_test.go | 137 ++--- .../mode/static/state/change_processor.go | 17 +- .../static/state/change_processor_test.go | 96 ++-- .../static/state/dataplane/configuration.go | 25 +- .../state/dataplane/configuration_test.go | 333 +++++++------ .../state/graph/policy_ancestor_test.go | 4 +- site/content/how-to/monitoring/tracing.md | 2 +- site/content/overview/custom-policies.md | 3 +- site/content/reference/api.md | 327 +++++++++++- .../manifests/tracing/policy-multiple.yaml | 2 +- .../manifests/tracing/policy-single.yaml | 2 +- tests/suite/system_suite_test.go | 6 +- tests/suite/tracing_test.go | 7 +- 31 files changed, 2108 insertions(+), 489 deletions(-) create mode 100644 apis/v1alpha2/doc.go create mode 100644 apis/v1alpha2/observabilitypolicy_types.go create mode 100644 apis/v1alpha2/policy_methods.go create mode 100644 apis/v1alpha2/register.go create mode 100644 apis/v1alpha2/zz_generated.deepcopy.go diff --git a/apis/v1alpha1/observabilitypolicy_types.go b/apis/v1alpha1/observabilitypolicy_types.go index 99b09e4ff9..2366a1fff5 100644 --- a/apis/v1alpha1/observabilitypolicy_types.go +++ b/apis/v1alpha1/observabilitypolicy_types.go @@ -7,11 +7,12 @@ import ( // +genclient // +kubebuilder:object:root=true -// +kubebuilder:storageversion +// +kubebuilder:deprecatedversion:warning="The 'v1alpha1' version of ObservabilityPolicy API is deprecated, please migrate to 'v1alpha2'." // +kubebuilder:subresource:status // +kubebuilder:resource:categories=nginx-gateway-fabric,scope=Namespaced // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct" +//nolint:lll // ObservabilityPolicy is a Direct Attached Policy. It provides a way to configure observability settings for // the NGINX Gateway Fabric data plane. Used in conjunction with the NginxProxy CRD that is attached to the @@ -50,7 +51,7 @@ type ObservabilityPolicySpec struct { // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // +kubebuilder:validation:XValidation:message="TargetRef Kind must be: HTTPRoute or GRPCRoute",rule="(self.exists(t, t.kind=='HTTPRoute') || self.exists(t, t.kind=='GRPCRoute'))" - // +kubebuilder:validation:XValidation:message="TargetRef Group must be gateway.networking.k8s.io.",rule="self.all(t, t.group=='gateway.networking.k8s.io')" + // +kubebuilder:validation:XValidation:message="TargetRef Group must be gateway.networking.k8s.io",rule="self.all(t, t.group=='gateway.networking.k8s.io')" //nolint:lll TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` } diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go index f3276d0f69..158776491e 100644 --- a/apis/v1alpha1/upstreamsettingspolicy_types.go +++ b/apis/v1alpha1/upstreamsettingspolicy_types.go @@ -55,10 +55,13 @@ type UpstreamSettingsPolicySpec struct { // Objects must be in the same namespace as the policy. // Support: Service // + // TargetRefs must be _distinct_. The `name` field must be unique for all targetRef entries in the UpstreamSettingsPolicy. + // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 // +kubebuilder:validation:XValidation:message="TargetRefs Kind must be: Service",rule="self.all(t, t.kind=='Service')" // +kubebuilder:validation:XValidation:message="TargetRefs Group must be core",rule="self.exists(t, t.group=='') || self.exists(t, t.group=='core')" + // +kubebuilder:validation:XValidation:message="TargetRef Name must be unique",rule="self.all(p1, self.exists_one(p2, p1.name == p2.name))" //nolint:lll TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` } diff --git a/apis/v1alpha2/doc.go b/apis/v1alpha2/doc.go new file mode 100644 index 0000000000..6e93a89ac7 --- /dev/null +++ b/apis/v1alpha2/doc.go @@ -0,0 +1,6 @@ +// Package v1alpha2 contains API Schema definitions for the +// gateway.nginx.org API group. +// +// +kubebuilder:object:generate=true +// +groupName=gateway.nginx.org +package v1alpha2 diff --git a/apis/v1alpha2/observabilitypolicy_types.go b/apis/v1alpha2/observabilitypolicy_types.go new file mode 100644 index 0000000000..d46b64ddd3 --- /dev/null +++ b/apis/v1alpha2/observabilitypolicy_types.go @@ -0,0 +1,139 @@ +package v1alpha2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" +) + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:resource:categories=nginx-gateway-fabric,scope=Namespaced +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct" + +// ObservabilityPolicy is a Direct Attached Policy. It provides a way to configure observability settings for +// the NGINX Gateway Fabric data plane. Used in conjunction with the NginxProxy CRD that is attached to the +// GatewayClass parametersRef. +type ObservabilityPolicy struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of the ObservabilityPolicy. + Spec ObservabilityPolicySpec `json:"spec"` + + // Status defines the state of the ObservabilityPolicy. + Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ObservabilityPolicyList contains a list of ObservabilityPolicies. +type ObservabilityPolicyList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ObservabilityPolicy `json:"items"` +} + +// ObservabilityPolicySpec defines the desired state of the ObservabilityPolicy. +type ObservabilityPolicySpec struct { + // Tracing allows for enabling and configuring tracing. + // + // +optional + Tracing *Tracing `json:"tracing,omitempty"` + + // TargetRefs identifies the API object(s) to apply the policy to. + // Objects must be in the same namespace as the policy. + // Support: HTTPRoute, GRPCRoute. + // + // TargetRefs must be _distinct_. This means that the multi-part key defined by `kind` and `name` must + // be unique across all targetRef entries in the ObservabilityPolicy. + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:message="TargetRef Kind must be: HTTPRoute or GRPCRoute",rule="(self.exists(t, t.kind=='HTTPRoute') || self.exists(t, t.kind=='GRPCRoute'))" + // +kubebuilder:validation:XValidation:message="TargetRef Group must be gateway.networking.k8s.io",rule="self.all(t, t.group=='gateway.networking.k8s.io')" + // +kubebuilder:validation:XValidation:message="TargetRef Kind and Name combination must be unique",rule="self.all(p1, self.exists_one(p2, (p1.name == p2.name) && (p1.kind == p2.kind)))" + //nolint:lll + TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` +} + +// Tracing allows for enabling and configuring OpenTelemetry tracing. +// +// +kubebuilder:validation:XValidation:message="ratio can only be specified if strategy is of type ratio",rule="!(has(self.ratio) && self.strategy != 'ratio')" +// +//nolint:lll +type Tracing struct { + // Strategy defines if tracing is ratio-based or parent-based. + Strategy TraceStrategy `json:"strategy"` + + // Ratio is the percentage of traffic that should be sampled. Integer from 0 to 100. + // By default, 100% of http requests are traced. Not applicable for parent-based tracing. + // If ratio is set to 0, tracing is disabled. + // + // +optional + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=100 + Ratio *int32 `json:"ratio,omitempty"` + + // Context specifies how to propagate traceparent/tracestate headers. + // Default: https://nginx.org/en/docs/ngx_otel_module.html#otel_trace_context + // + // +optional + Context *TraceContext `json:"context,omitempty"` + + // SpanName defines the name of the Otel span. By default is the name of the location for a request. + // If specified, applies to all locations that are created for a route. + // Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\' + // Examples of invalid names: some-$value, quoted-"value"-name, unescaped\ + // + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:Pattern=`^([^"$\\]|\\[^$])*$` + SpanName *string `json:"spanName,omitempty"` + + // SpanAttributes are custom key/value attributes that are added to each span. + // + // +optional + // +listType=map + // +listMapKey=key + // +kubebuilder:validation:MaxItems=64 + SpanAttributes []ngfAPIv1alpha1.SpanAttribute `json:"spanAttributes,omitempty"` +} + +// TraceStrategy defines the tracing strategy. +// +// +kubebuilder:validation:Enum=ratio;parent +type TraceStrategy string + +const ( + // TraceStrategyRatio enables ratio-based tracing, defaulting to 100% sampling rate. + TraceStrategyRatio TraceStrategy = "ratio" + + // TraceStrategyParent enables tracing and only records spans if the parent span was sampled. + TraceStrategyParent TraceStrategy = "parent" +) + +// TraceContext specifies how to propagate traceparent/tracestate headers. +// +// +kubebuilder:validation:Enum=extract;inject;propagate;ignore +type TraceContext string + +const ( + // TraceContextExtract uses an existing trace context from the request, so that the identifiers + // of a trace and the parent span are inherited from the incoming request. + TraceContextExtract TraceContext = "extract" + + // TraceContextInject adds a new context to the request, overwriting existing headers, if any. + TraceContextInject TraceContext = "inject" + + // TraceContextPropagate updates the existing context (combines extract and inject). + TraceContextPropagate TraceContext = "propagate" + + // TraceContextIgnore skips context headers processing. + TraceContextIgnore TraceContext = "ignore" +) diff --git a/apis/v1alpha2/policy_methods.go b/apis/v1alpha2/policy_methods.go new file mode 100644 index 0000000000..8fc6dc768d --- /dev/null +++ b/apis/v1alpha2/policy_methods.go @@ -0,0 +1,21 @@ +package v1alpha2 + +import ( + "sigs.k8s.io/gateway-api/apis/v1alpha2" +) + +// FIXME(kate-osborn): https://github.com/nginxinc/nginx-gateway-fabric/issues/1939. +// Figure out a way to generate these methods for all our policies. +// These methods implement the policies.Policy interface which extends client.Object to add the following methods. + +func (p *ObservabilityPolicy) GetTargetRefs() []v1alpha2.LocalPolicyTargetReference { + return p.Spec.TargetRefs +} + +func (p *ObservabilityPolicy) GetPolicyStatus() v1alpha2.PolicyStatus { + return p.Status +} + +func (p *ObservabilityPolicy) SetPolicyStatus(status v1alpha2.PolicyStatus) { + p.Status = status +} diff --git a/apis/v1alpha2/register.go b/apis/v1alpha2/register.go new file mode 100644 index 0000000000..23601e280e --- /dev/null +++ b/apis/v1alpha2/register.go @@ -0,0 +1,42 @@ +package v1alpha2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName specifies the group name used to register the objects. +const GroupName = "gateway.nginx.org" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // SchemeBuilder collects functions that add things to a scheme. It's to allow + // code to compile without explicitly referencing generated types. You should + // declare one in each package that will have generated deep copy or conversion + // functions. + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + + // AddToScheme applies all the stored functions to the scheme. A non-nil error + // indicates that one function failed and the attempt was abandoned. + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &ObservabilityPolicy{}, + &ObservabilityPolicyList{}, + ) + // AddToGroupVersion allows the serialization of client types like ListOptions. + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + + return nil +} diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go new file mode 100644 index 0000000000..a8f1a87f93 --- /dev/null +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -0,0 +1,130 @@ +//go:build !ignore_autogenerated + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + "k8s.io/apimachinery/pkg/runtime" + apisv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObservabilityPolicy) DeepCopyInto(out *ObservabilityPolicy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObservabilityPolicy. +func (in *ObservabilityPolicy) DeepCopy() *ObservabilityPolicy { + if in == nil { + return nil + } + out := new(ObservabilityPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ObservabilityPolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObservabilityPolicyList) DeepCopyInto(out *ObservabilityPolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ObservabilityPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObservabilityPolicyList. +func (in *ObservabilityPolicyList) DeepCopy() *ObservabilityPolicyList { + if in == nil { + return nil + } + out := new(ObservabilityPolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ObservabilityPolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObservabilityPolicySpec) DeepCopyInto(out *ObservabilityPolicySpec) { + *out = *in + if in.Tracing != nil { + in, out := &in.Tracing, &out.Tracing + *out = new(Tracing) + (*in).DeepCopyInto(*out) + } + if in.TargetRefs != nil { + in, out := &in.TargetRefs, &out.TargetRefs + *out = make([]apisv1alpha2.LocalPolicyTargetReference, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObservabilityPolicySpec. +func (in *ObservabilityPolicySpec) DeepCopy() *ObservabilityPolicySpec { + if in == nil { + return nil + } + out := new(ObservabilityPolicySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Tracing) DeepCopyInto(out *Tracing) { + *out = *in + if in.Ratio != nil { + in, out := &in.Ratio, &out.Ratio + *out = new(int32) + **out = **in + } + if in.Context != nil { + in, out := &in.Context, &out.Context + *out = new(TraceContext) + **out = **in + } + if in.SpanName != nil { + in, out := &in.SpanName, &out.SpanName + *out = new(string) + **out = **in + } + if in.SpanAttributes != nil { + in, out := &in.SpanAttributes, &out.SpanAttributes + *out = make([]v1alpha1.SpanAttribute, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing. +func (in *Tracing) DeepCopy() *Tracing { + if in == nil { + return nil + } + out := new(Tracing) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml b/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml index 8a27d84594..ff3d67c9b0 100644 --- a/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml @@ -22,6 +22,9 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date + deprecated: true + deprecationWarning: The 'v1alpha1' version of ObservabilityPolicy API is deprecated, + please migrate to 'v1alpha2'. name: v1alpha1 schema: openAPIV3Schema: @@ -90,7 +93,7 @@ spec: x-kubernetes-validations: - message: 'TargetRef Kind must be: HTTPRoute or GRPCRoute' rule: (self.exists(t, t.kind=='HTTPRoute') || self.exists(t, t.kind=='GRPCRoute')) - - message: TargetRef Group must be gateway.networking.k8s.io. + - message: TargetRef Group must be gateway.networking.k8s.io rule: self.all(t, t.group=='gateway.networking.k8s.io') tracing: description: Tracing allows for enabling and configuring tracing. @@ -471,6 +474,468 @@ spec: - spec type: object served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: |- + ObservabilityPolicy is a Direct Attached Policy. It provides a way to configure observability settings for + the NGINX Gateway Fabric data plane. Used in conjunction with the NginxProxy CRD that is attached to the + GatewayClass parametersRef. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of the ObservabilityPolicy. + properties: + targetRefs: + description: |- + TargetRefs identifies the API object(s) to apply the policy to. + Objects must be in the same namespace as the policy. + Support: HTTPRoute, GRPCRoute. + + TargetRefs must be _distinct_. This means that the multi-part key defined by `kind` and `name` must + be unique across all targetRef entries in the ObservabilityPolicy. + items: + description: |- + LocalPolicyTargetReference identifies an API object to apply a direct or + inherited policy to. This should be used as part of Policy resources + that can target Gateway API resources. For more information on how this + policy attachment model works, and a sample Policy resource, refer to + the policy attachment documentation for Gateway API. + properties: + group: + description: Group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: Kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + required: + - group + - kind + - name + type: object + maxItems: 16 + minItems: 1 + type: array + x-kubernetes-validations: + - message: 'TargetRef Kind must be: HTTPRoute or GRPCRoute' + rule: (self.exists(t, t.kind=='HTTPRoute') || self.exists(t, t.kind=='GRPCRoute')) + - message: TargetRef Group must be gateway.networking.k8s.io + rule: self.all(t, t.group=='gateway.networking.k8s.io') + - message: TargetRef Kind and Name combination must be unique + rule: self.all(p1, self.exists_one(p2, (p1.name == p2.name) && (p1.kind + == p2.kind))) + tracing: + description: Tracing allows for enabling and configuring tracing. + properties: + context: + description: |- + Context specifies how to propagate traceparent/tracestate headers. + Default: https://nginx.org/en/docs/ngx_otel_module.html#otel_trace_context + enum: + - extract + - inject + - propagate + - ignore + type: string + ratio: + description: |- + Ratio is the percentage of traffic that should be sampled. Integer from 0 to 100. + By default, 100% of http requests are traced. Not applicable for parent-based tracing. + If ratio is set to 0, tracing is disabled. + format: int32 + maximum: 100 + minimum: 0 + type: integer + spanAttributes: + description: SpanAttributes are custom key/value attributes that + are added to each span. + items: + description: SpanAttribute is a key value pair to be added to + a tracing span. + properties: + key: + description: |- + Key is the key for a span attribute. + Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\' + maxLength: 255 + minLength: 1 + pattern: ^([^"$\\]|\\[^$])*$ + type: string + value: + description: |- + Value is the value for a span attribute. + Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\' + maxLength: 255 + minLength: 1 + pattern: ^([^"$\\]|\\[^$])*$ + type: string + required: + - key + - value + type: object + maxItems: 64 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + spanName: + description: |- + SpanName defines the name of the Otel span. By default is the name of the location for a request. + If specified, applies to all locations that are created for a route. + Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\' + Examples of invalid names: some-$value, quoted-"value"-name, unescaped\ + maxLength: 255 + minLength: 1 + pattern: ^([^"$\\]|\\[^$])*$ + type: string + strategy: + description: Strategy defines if tracing is ratio-based or parent-based. + enum: + - ratio + - parent + type: string + required: + - strategy + type: object + x-kubernetes-validations: + - message: ratio can only be specified if strategy is of type ratio + rule: '!(has(self.ratio) && self.strategy != ''ratio'')' + required: + - targetRefs + type: object + status: + description: Status defines the state of the ObservabilityPolicy. + properties: + ancestors: + description: |- + Ancestors is a list of ancestor resources (usually Gateways) that are + associated with the policy, and the status of the policy with respect to + each ancestor. When this policy attaches to a parent, the controller that + manages the parent and the ancestors MUST add an entry to this list when + the controller first sees the policy and SHOULD update the entry as + appropriate when the relevant ancestor is modified. + + Note that choosing the relevant ancestor is left to the Policy designers; + an important part of Policy design is designing the right object level at + which to namespace this status. + + Note also that implementations MUST ONLY populate ancestor status for + the Ancestor resources they are responsible for. Implementations MUST + use the ControllerName field to uniquely identify the entries in this list + that they are responsible for. + + Note that to achieve this, the list of PolicyAncestorStatus structs + MUST be treated as a map with a composite key, made up of the AncestorRef + and ControllerName fields combined. + + A maximum of 16 ancestors will be represented in this list. An empty list + means the Policy is not relevant for any ancestors. + + If this slice is full, implementations MUST NOT add further entries. + Instead they MUST consider the policy unimplementable and signal that + on any related resources such as the ancestor that would be referenced + here. For example, if this list was full on BackendTLSPolicy, no + additional Gateways would be able to reference the Service targeted by + the BackendTLSPolicy. + items: + description: |- + PolicyAncestorStatus describes the status of a route with respect to an + associated Ancestor. + + Ancestors refer to objects that are either the Target of a policy or above it + in terms of object hierarchy. For example, if a policy targets a Service, the + Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and + the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most + useful object to place Policy status on, so we recommend that implementations + SHOULD use Gateway as the PolicyAncestorStatus object unless the designers + have a _very_ good reason otherwise. + + In the context of policy attachment, the Ancestor is used to distinguish which + resource results in a distinct application of this policy. For example, if a policy + targets a Service, it may have a distinct result per attached Gateway. + + Policies targeting the same resource may have different effects depending on the + ancestors of those resources. For example, different Gateways targeting the same + Service may have different capabilities, especially if they have different underlying + implementations. + + For example, in BackendTLSPolicy, the Policy attaches to a Service that is + used as a backend in a HTTPRoute that is itself attached to a Gateway. + In this case, the relevant object for status is the Gateway, and that is the + ancestor object referred to in this status. + + Note that a parent is also an ancestor, so for objects where the parent is the + relevant object for status, this struct SHOULD still be used. + + This struct is intended to be used in a slice that's effectively a map, + with a composite key made up of the AncestorRef and the ControllerName. + properties: + ancestorRef: + description: |- + AncestorRef corresponds with a ParentRef in the spec that this + PolicyAncestorStatus struct describes the status of. + properties: + group: + default: gateway.networking.k8s.io + description: |- + Group is the group of the referent. + When unspecified, "gateway.networking.k8s.io" is inferred. + To set the core API group (such as for a "Service" kind referent), + Group must be explicitly set to "" (empty string). + + Support: Core + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: |- + Kind is kind of the referent. + + There are two kinds of parent resources with "Core" support: + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + Support for other resources is Implementation-Specific. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + Name is the name of the referent. + + Support: Core + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the referent. When unspecified, this refers + to the local namespace of the Route. + + Note that there are specific rules for ParentRefs which cross namespace + boundaries. Cross-namespace references are only valid if they are explicitly + allowed by something in the namespace they are referring to. For example: + Gateway has the AllowedRoutes field, and ReferenceGrant provides a + generic way to enable any other kind of cross-namespace reference. + + + ParentRefs from a Route to a Service in the same namespace are "producer" + routes, which apply default routing rules to inbound connections from + any namespace to the Service. + + ParentRefs from a Route to a Service in a different namespace are + "consumer" routes, and these routing rules are only applied to outbound + connections originating from the same namespace as the Route, for which + the intended destination of the connections are a Service targeted as a + ParentRef of the Route. + + + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port is the network port this Route targets. It can be interpreted + differently based on the type of parent resource. + + When the parent resource is a Gateway, this targets all listeners + listening on the specified port that also support this kind of Route(and + select this Route). It's not recommended to set `Port` unless the + networking behaviors specified in a Route must apply to a specific port + as opposed to a listener(s) whose port(s) may be changed. When both Port + and SectionName are specified, the name and port of the selected listener + must match both specified values. + + + When the parent resource is a Service, this targets a specific port in the + Service spec. When both Port (experimental) and SectionName are specified, + the name and port of the selected port must match both specified values. + + + Implementations MAY choose to support other parent resources. + Implementations supporting other types of parent resources MUST clearly + document how/if Port is interpreted. + + For the purpose of status, an attachment is considered successful as + long as the parent resource accepts it partially. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + from the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, + the Route MUST be considered detached from the Gateway. + + Support: Extended + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: |- + SectionName is the name of a section within the target resource. In the + following resources, SectionName is interpreted as the following: + + * Gateway: Listener name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + * Service: Port name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + + Implementations MAY choose to support attaching Routes to other resources. + If that is the case, they MUST clearly document how SectionName is + interpreted. + + When unspecified (empty string), this will reference the entire resource. + For the purpose of status, an attachment is considered successful if at + least one section in the parent resource accepts it. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, the + Route MUST be considered detached from the Gateway. + + Support: Core + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + conditions: + description: Conditions describes the status of the Policy with + respect to the given Ancestor. + items: + description: Condition contains details for one aspect of + the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllerName: + description: |- + ControllerName is a domain/path string that indicates the name of the + controller that wrote this status. This corresponds with the + controllerName field on GatewayClass. + + Example: "example.net/gateway-controller". + + The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are + valid Kubernetes names + (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + Controllers MUST populate this field when writing status. Controllers should ensure that + entries to status populated with their ControllerName are cleaned up when they are no + longer necessary. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + type: string + required: + - ancestorRef + - controllerName + type: object + maxItems: 16 + type: array + required: + - ancestors + type: object + required: + - spec + type: object + served: true storage: true subresources: status: {} diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml index 992af79932..455dd92b55 100644 --- a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -90,6 +90,8 @@ spec: TargetRefs identifies API object(s) to apply the policy to. Objects must be in the same namespace as the policy. Support: Service + + TargetRefs must be _distinct_. The `name` field must be unique for all targetRef entries in the UpstreamSettingsPolicy. items: description: |- LocalPolicyTargetReference identifies an API object to apply a direct or @@ -127,6 +129,8 @@ spec: rule: self.all(t, t.kind=='Service') - message: TargetRefs Group must be core rule: self.exists(t, t.group=='') || self.exists(t, t.group=='core') + - message: TargetRef Name must be unique + rule: self.all(p1, self.exists_one(p2, p1.name == p2.name)) zoneSize: description: |- ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share diff --git a/deploy/crds.yaml b/deploy/crds.yaml index 5a9d708c60..01e4c83227 100644 --- a/deploy/crds.yaml +++ b/deploy/crds.yaml @@ -841,6 +841,9 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date + deprecated: true + deprecationWarning: The 'v1alpha1' version of ObservabilityPolicy API is deprecated, + please migrate to 'v1alpha2'. name: v1alpha1 schema: openAPIV3Schema: @@ -909,8 +912,470 @@ spec: x-kubernetes-validations: - message: 'TargetRef Kind must be: HTTPRoute or GRPCRoute' rule: (self.exists(t, t.kind=='HTTPRoute') || self.exists(t, t.kind=='GRPCRoute')) - - message: TargetRef Group must be gateway.networking.k8s.io. + - message: TargetRef Group must be gateway.networking.k8s.io + rule: self.all(t, t.group=='gateway.networking.k8s.io') + tracing: + description: Tracing allows for enabling and configuring tracing. + properties: + context: + description: |- + Context specifies how to propagate traceparent/tracestate headers. + Default: https://nginx.org/en/docs/ngx_otel_module.html#otel_trace_context + enum: + - extract + - inject + - propagate + - ignore + type: string + ratio: + description: |- + Ratio is the percentage of traffic that should be sampled. Integer from 0 to 100. + By default, 100% of http requests are traced. Not applicable for parent-based tracing. + If ratio is set to 0, tracing is disabled. + format: int32 + maximum: 100 + minimum: 0 + type: integer + spanAttributes: + description: SpanAttributes are custom key/value attributes that + are added to each span. + items: + description: SpanAttribute is a key value pair to be added to + a tracing span. + properties: + key: + description: |- + Key is the key for a span attribute. + Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\' + maxLength: 255 + minLength: 1 + pattern: ^([^"$\\]|\\[^$])*$ + type: string + value: + description: |- + Value is the value for a span attribute. + Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\' + maxLength: 255 + minLength: 1 + pattern: ^([^"$\\]|\\[^$])*$ + type: string + required: + - key + - value + type: object + maxItems: 64 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + spanName: + description: |- + SpanName defines the name of the Otel span. By default is the name of the location for a request. + If specified, applies to all locations that are created for a route. + Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\' + Examples of invalid names: some-$value, quoted-"value"-name, unescaped\ + maxLength: 255 + minLength: 1 + pattern: ^([^"$\\]|\\[^$])*$ + type: string + strategy: + description: Strategy defines if tracing is ratio-based or parent-based. + enum: + - ratio + - parent + type: string + required: + - strategy + type: object + x-kubernetes-validations: + - message: ratio can only be specified if strategy is of type ratio + rule: '!(has(self.ratio) && self.strategy != ''ratio'')' + required: + - targetRefs + type: object + status: + description: Status defines the state of the ObservabilityPolicy. + properties: + ancestors: + description: |- + Ancestors is a list of ancestor resources (usually Gateways) that are + associated with the policy, and the status of the policy with respect to + each ancestor. When this policy attaches to a parent, the controller that + manages the parent and the ancestors MUST add an entry to this list when + the controller first sees the policy and SHOULD update the entry as + appropriate when the relevant ancestor is modified. + + Note that choosing the relevant ancestor is left to the Policy designers; + an important part of Policy design is designing the right object level at + which to namespace this status. + + Note also that implementations MUST ONLY populate ancestor status for + the Ancestor resources they are responsible for. Implementations MUST + use the ControllerName field to uniquely identify the entries in this list + that they are responsible for. + + Note that to achieve this, the list of PolicyAncestorStatus structs + MUST be treated as a map with a composite key, made up of the AncestorRef + and ControllerName fields combined. + + A maximum of 16 ancestors will be represented in this list. An empty list + means the Policy is not relevant for any ancestors. + + If this slice is full, implementations MUST NOT add further entries. + Instead they MUST consider the policy unimplementable and signal that + on any related resources such as the ancestor that would be referenced + here. For example, if this list was full on BackendTLSPolicy, no + additional Gateways would be able to reference the Service targeted by + the BackendTLSPolicy. + items: + description: |- + PolicyAncestorStatus describes the status of a route with respect to an + associated Ancestor. + + Ancestors refer to objects that are either the Target of a policy or above it + in terms of object hierarchy. For example, if a policy targets a Service, the + Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and + the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most + useful object to place Policy status on, so we recommend that implementations + SHOULD use Gateway as the PolicyAncestorStatus object unless the designers + have a _very_ good reason otherwise. + + In the context of policy attachment, the Ancestor is used to distinguish which + resource results in a distinct application of this policy. For example, if a policy + targets a Service, it may have a distinct result per attached Gateway. + + Policies targeting the same resource may have different effects depending on the + ancestors of those resources. For example, different Gateways targeting the same + Service may have different capabilities, especially if they have different underlying + implementations. + + For example, in BackendTLSPolicy, the Policy attaches to a Service that is + used as a backend in a HTTPRoute that is itself attached to a Gateway. + In this case, the relevant object for status is the Gateway, and that is the + ancestor object referred to in this status. + + Note that a parent is also an ancestor, so for objects where the parent is the + relevant object for status, this struct SHOULD still be used. + + This struct is intended to be used in a slice that's effectively a map, + with a composite key made up of the AncestorRef and the ControllerName. + properties: + ancestorRef: + description: |- + AncestorRef corresponds with a ParentRef in the spec that this + PolicyAncestorStatus struct describes the status of. + properties: + group: + default: gateway.networking.k8s.io + description: |- + Group is the group of the referent. + When unspecified, "gateway.networking.k8s.io" is inferred. + To set the core API group (such as for a "Service" kind referent), + Group must be explicitly set to "" (empty string). + + Support: Core + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: |- + Kind is kind of the referent. + + There are two kinds of parent resources with "Core" support: + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + Support for other resources is Implementation-Specific. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + Name is the name of the referent. + + Support: Core + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the referent. When unspecified, this refers + to the local namespace of the Route. + + Note that there are specific rules for ParentRefs which cross namespace + boundaries. Cross-namespace references are only valid if they are explicitly + allowed by something in the namespace they are referring to. For example: + Gateway has the AllowedRoutes field, and ReferenceGrant provides a + generic way to enable any other kind of cross-namespace reference. + + + ParentRefs from a Route to a Service in the same namespace are "producer" + routes, which apply default routing rules to inbound connections from + any namespace to the Service. + + ParentRefs from a Route to a Service in a different namespace are + "consumer" routes, and these routing rules are only applied to outbound + connections originating from the same namespace as the Route, for which + the intended destination of the connections are a Service targeted as a + ParentRef of the Route. + + + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port is the network port this Route targets. It can be interpreted + differently based on the type of parent resource. + + When the parent resource is a Gateway, this targets all listeners + listening on the specified port that also support this kind of Route(and + select this Route). It's not recommended to set `Port` unless the + networking behaviors specified in a Route must apply to a specific port + as opposed to a listener(s) whose port(s) may be changed. When both Port + and SectionName are specified, the name and port of the selected listener + must match both specified values. + + + When the parent resource is a Service, this targets a specific port in the + Service spec. When both Port (experimental) and SectionName are specified, + the name and port of the selected port must match both specified values. + + + Implementations MAY choose to support other parent resources. + Implementations supporting other types of parent resources MUST clearly + document how/if Port is interpreted. + + For the purpose of status, an attachment is considered successful as + long as the parent resource accepts it partially. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + from the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, + the Route MUST be considered detached from the Gateway. + + Support: Extended + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: |- + SectionName is the name of a section within the target resource. In the + following resources, SectionName is interpreted as the following: + + * Gateway: Listener name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + * Service: Port name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + + Implementations MAY choose to support attaching Routes to other resources. + If that is the case, they MUST clearly document how SectionName is + interpreted. + + When unspecified (empty string), this will reference the entire resource. + For the purpose of status, an attachment is considered successful if at + least one section in the parent resource accepts it. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, the + Route MUST be considered detached from the Gateway. + + Support: Core + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + conditions: + description: Conditions describes the status of the Policy with + respect to the given Ancestor. + items: + description: Condition contains details for one aspect of + the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllerName: + description: |- + ControllerName is a domain/path string that indicates the name of the + controller that wrote this status. This corresponds with the + controllerName field on GatewayClass. + + Example: "example.net/gateway-controller". + + The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are + valid Kubernetes names + (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + Controllers MUST populate this field when writing status. Controllers should ensure that + entries to status populated with their ControllerName are cleaned up when they are no + longer necessary. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + type: string + required: + - ancestorRef + - controllerName + type: object + maxItems: 16 + type: array + required: + - ancestors + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: |- + ObservabilityPolicy is a Direct Attached Policy. It provides a way to configure observability settings for + the NGINX Gateway Fabric data plane. Used in conjunction with the NginxProxy CRD that is attached to the + GatewayClass parametersRef. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of the ObservabilityPolicy. + properties: + targetRefs: + description: |- + TargetRefs identifies the API object(s) to apply the policy to. + Objects must be in the same namespace as the policy. + Support: HTTPRoute, GRPCRoute. + + TargetRefs must be _distinct_. This means that the multi-part key defined by `kind` and `name` must + be unique across all targetRef entries in the ObservabilityPolicy. + items: + description: |- + LocalPolicyTargetReference identifies an API object to apply a direct or + inherited policy to. This should be used as part of Policy resources + that can target Gateway API resources. For more information on how this + policy attachment model works, and a sample Policy resource, refer to + the policy attachment documentation for Gateway API. + properties: + group: + description: Group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: Kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + required: + - group + - kind + - name + type: object + maxItems: 16 + minItems: 1 + type: array + x-kubernetes-validations: + - message: 'TargetRef Kind must be: HTTPRoute or GRPCRoute' + rule: (self.exists(t, t.kind=='HTTPRoute') || self.exists(t, t.kind=='GRPCRoute')) + - message: TargetRef Group must be gateway.networking.k8s.io rule: self.all(t, t.group=='gateway.networking.k8s.io') + - message: TargetRef Kind and Name combination must be unique + rule: self.all(p1, self.exists_one(p2, (p1.name == p2.name) && (p1.kind + == p2.kind))) tracing: description: Tracing allows for enabling and configuring tracing. properties: @@ -1574,6 +2039,8 @@ spec: TargetRefs identifies API object(s) to apply the policy to. Objects must be in the same namespace as the policy. Support: Service + + TargetRefs must be _distinct_. The `name` field must be unique for all targetRef entries in the UpstreamSettingsPolicy. items: description: |- LocalPolicyTargetReference identifies an API object to apply a direct or @@ -1611,6 +2078,8 @@ spec: rule: self.all(t, t.kind=='Service') - message: TargetRefs Group must be core rule: self.exists(t, t.group=='') || self.exists(t, t.group=='core') + - message: TargetRef Name must be unique + rule: self.all(p1, self.exists_one(p2, p1.name == p2.name)) zoneSize: description: |- ZoneSize is the size of the shared memory zone used by the upstream. This memory zone is used to share diff --git a/docs/proposals/observability.md b/docs/proposals/observability.md index 71ed333cdb..0d6952d622 100644 --- a/docs/proposals/observability.md +++ b/docs/proposals/observability.md @@ -148,7 +148,7 @@ type SpanAttribute struct { Below is an example YAML version of an `ObservabilityPolicy`: ```yaml -apiVersion: gateway.nginx.org/v1alpha1 +apiVersion: gateway.nginx.org/v1alpha2 kind: ObservabilityPolicy metadata: name: example-observability-policy diff --git a/internal/mode/static/manager.go b/internal/mode/static/manager.go index e5351f6a61..02ecd670eb 100644 --- a/internal/mode/static/manager.go +++ b/internal/mode/static/manager.go @@ -34,7 +34,8 @@ import ( gatewayv1alpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3" gatewayv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/controller" "github.com/nginx/nginx-gateway-fabric/internal/framework/controller/filter" "github.com/nginx/nginx-gateway-fabric/internal/framework/controller/index" @@ -83,7 +84,8 @@ func init() { utilruntime.Must(gatewayv1alpha2.Install(scheme)) utilruntime.Must(apiv1.AddToScheme(scheme)) utilruntime.Must(discoveryV1.AddToScheme(scheme)) - utilruntime.Must(ngfAPI.AddToScheme(scheme)) + utilruntime.Must(ngfAPIv1alpha1.AddToScheme(scheme)) + utilruntime.Must(ngfAPIv1alpha2.AddToScheme(scheme)) utilruntime.Must(apiext.AddToScheme(scheme)) utilruntime.Must(appsv1.AddToScheme(scheme)) } @@ -314,15 +316,15 @@ func createPolicyManager( ) *policies.CompositeValidator { cfgs := []policies.ManagerConfig{ { - GVK: mustExtractGVK(&ngfAPI.ClientSettingsPolicy{}), + GVK: mustExtractGVK(&ngfAPIv1alpha1.ClientSettingsPolicy{}), Validator: clientsettings.NewValidator(validator), }, { - GVK: mustExtractGVK(&ngfAPI.ObservabilityPolicy{}), + GVK: mustExtractGVK(&ngfAPIv1alpha2.ObservabilityPolicy{}), Validator: observability.NewValidator(validator), }, { - GVK: mustExtractGVK(&ngfAPI.UpstreamSettingsPolicy{}), + GVK: mustExtractGVK(&ngfAPIv1alpha1.UpstreamSettingsPolicy{}), Validator: upstreamsettings.NewValidator(validator), }, } @@ -483,7 +485,7 @@ func registerControllers( }, }, { - objectType: &ngfAPI.NginxProxy{}, + objectType: &ngfAPIv1alpha1.NginxProxy{}, options: []controller.Option{ controller.WithK8sPredicate(k8spredicate.GenerationChangedPredicate{}), }, @@ -495,19 +497,19 @@ func registerControllers( }, }, { - objectType: &ngfAPI.ClientSettingsPolicy{}, + objectType: &ngfAPIv1alpha1.ClientSettingsPolicy{}, options: []controller.Option{ controller.WithK8sPredicate(k8spredicate.GenerationChangedPredicate{}), }, }, { - objectType: &ngfAPI.ObservabilityPolicy{}, + objectType: &ngfAPIv1alpha2.ObservabilityPolicy{}, options: []controller.Option{ controller.WithK8sPredicate(k8spredicate.GenerationChangedPredicate{}), }, }, { - objectType: &ngfAPI.UpstreamSettingsPolicy{}, + objectType: &ngfAPIv1alpha1.UpstreamSettingsPolicy{}, options: []controller.Option{ controller.WithK8sPredicate(k8spredicate.GenerationChangedPredicate{}), }, @@ -540,7 +542,7 @@ func registerControllers( if cfg.ConfigName != "" { controllerRegCfgs = append(controllerRegCfgs, ctlrCfg{ - objectType: &ngfAPI.NginxGateway{}, + objectType: &ngfAPIv1alpha1.NginxGateway{}, options: []controller.Option{ controller.WithNamespacedNameFilter(filter.CreateSingleResourceFilter(controlConfigNSName)), }, @@ -559,7 +561,7 @@ func registerControllers( if cfg.SnippetsFilters { controllerRegCfgs = append(controllerRegCfgs, ctlrCfg{ - objectType: &ngfAPI.SnippetsFilter{}, + objectType: &ngfAPIv1alpha1.SnippetsFilter{}, options: []controller.Option{ controller.WithK8sPredicate(k8spredicate.GenerationChangedPredicate{}), }, @@ -744,11 +746,11 @@ func prepareFirstEventBatchPreparerArgs(cfg config.Config) ([]client.Object, []c &discoveryV1.EndpointSliceList{}, &gatewayv1.HTTPRouteList{}, &gatewayv1beta1.ReferenceGrantList{}, - &ngfAPI.NginxProxyList{}, + &ngfAPIv1alpha1.NginxProxyList{}, &gatewayv1.GRPCRouteList{}, - &ngfAPI.ClientSettingsPolicyList{}, - &ngfAPI.ObservabilityPolicyList{}, - &ngfAPI.UpstreamSettingsPolicyList{}, + &ngfAPIv1alpha1.ClientSettingsPolicyList{}, + &ngfAPIv1alpha2.ObservabilityPolicyList{}, + &ngfAPIv1alpha1.UpstreamSettingsPolicyList{}, partialObjectMetadataList, } @@ -764,7 +766,7 @@ func prepareFirstEventBatchPreparerArgs(cfg config.Config) ([]client.Object, []c if cfg.SnippetsFilters { objectLists = append( objectLists, - &ngfAPI.SnippetsFilterList{}, + &ngfAPIv1alpha1.SnippetsFilterList{}, ) } @@ -792,7 +794,7 @@ func setInitialConfig( ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - var conf ngfAPI.NginxGateway + var conf ngfAPIv1alpha1.NginxGateway // Polling to wait for CRD to exist if the Deployment is created first. if err := wait.PollUntilContextCancel( ctx, diff --git a/internal/mode/static/manager_test.go b/internal/mode/static/manager_test.go index 7c995f90b2..5361be4deb 100644 --- a/internal/mode/static/manager_test.go +++ b/internal/mode/static/manager_test.go @@ -19,7 +19,8 @@ import ( gatewayv1alpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3" gatewayv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/config" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/state/graph" ) @@ -62,12 +63,12 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &gatewayv1.HTTPRouteList{}, &gatewayv1.GatewayList{}, &gatewayv1beta1.ReferenceGrantList{}, - &ngfAPI.NginxProxyList{}, + &ngfAPIv1alpha1.NginxProxyList{}, &gatewayv1.GRPCRouteList{}, partialObjectMetadataList, - &ngfAPI.ClientSettingsPolicyList{}, - &ngfAPI.ObservabilityPolicyList{}, - &ngfAPI.UpstreamSettingsPolicyList{}, + &ngfAPIv1alpha1.ClientSettingsPolicyList{}, + &ngfAPIv1alpha2.ObservabilityPolicyList{}, + &ngfAPIv1alpha1.UpstreamSettingsPolicyList{}, }, }, { @@ -92,12 +93,12 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &discoveryV1.EndpointSliceList{}, &gatewayv1.HTTPRouteList{}, &gatewayv1beta1.ReferenceGrantList{}, - &ngfAPI.NginxProxyList{}, + &ngfAPIv1alpha1.NginxProxyList{}, &gatewayv1.GRPCRouteList{}, partialObjectMetadataList, - &ngfAPI.ClientSettingsPolicyList{}, - &ngfAPI.ObservabilityPolicyList{}, - &ngfAPI.UpstreamSettingsPolicyList{}, + &ngfAPIv1alpha1.ClientSettingsPolicyList{}, + &ngfAPIv1alpha2.ObservabilityPolicyList{}, + &ngfAPIv1alpha1.UpstreamSettingsPolicyList{}, }, }, { @@ -123,14 +124,14 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &discoveryV1.EndpointSliceList{}, &gatewayv1.HTTPRouteList{}, &gatewayv1beta1.ReferenceGrantList{}, - &ngfAPI.NginxProxyList{}, + &ngfAPIv1alpha1.NginxProxyList{}, partialObjectMetadataList, &gatewayv1alpha3.BackendTLSPolicyList{}, &gatewayv1alpha2.TLSRouteList{}, &gatewayv1.GRPCRouteList{}, - &ngfAPI.ClientSettingsPolicyList{}, - &ngfAPI.ObservabilityPolicyList{}, - &ngfAPI.UpstreamSettingsPolicyList{}, + &ngfAPIv1alpha1.ClientSettingsPolicyList{}, + &ngfAPIv1alpha2.ObservabilityPolicyList{}, + &ngfAPIv1alpha1.UpstreamSettingsPolicyList{}, }, }, { @@ -155,13 +156,13 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &discoveryV1.EndpointSliceList{}, &gatewayv1.HTTPRouteList{}, &gatewayv1beta1.ReferenceGrantList{}, - &ngfAPI.NginxProxyList{}, + &ngfAPIv1alpha1.NginxProxyList{}, partialObjectMetadataList, &gatewayv1.GRPCRouteList{}, - &ngfAPI.ClientSettingsPolicyList{}, - &ngfAPI.ObservabilityPolicyList{}, - &ngfAPI.SnippetsFilterList{}, - &ngfAPI.UpstreamSettingsPolicyList{}, + &ngfAPIv1alpha1.ClientSettingsPolicyList{}, + &ngfAPIv1alpha2.ObservabilityPolicyList{}, + &ngfAPIv1alpha1.SnippetsFilterList{}, + &ngfAPIv1alpha1.UpstreamSettingsPolicyList{}, }, }, { @@ -187,15 +188,15 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &discoveryV1.EndpointSliceList{}, &gatewayv1.HTTPRouteList{}, &gatewayv1beta1.ReferenceGrantList{}, - &ngfAPI.NginxProxyList{}, + &ngfAPIv1alpha1.NginxProxyList{}, partialObjectMetadataList, &gatewayv1alpha3.BackendTLSPolicyList{}, &gatewayv1alpha2.TLSRouteList{}, &gatewayv1.GRPCRouteList{}, - &ngfAPI.ClientSettingsPolicyList{}, - &ngfAPI.ObservabilityPolicyList{}, - &ngfAPI.SnippetsFilterList{}, - &ngfAPI.UpstreamSettingsPolicyList{}, + &ngfAPIv1alpha1.ClientSettingsPolicyList{}, + &ngfAPIv1alpha2.ObservabilityPolicyList{}, + &ngfAPIv1alpha1.SnippetsFilterList{}, + &ngfAPIv1alpha1.UpstreamSettingsPolicyList{}, }, }, } diff --git a/internal/mode/static/nginx/config/policies/clientsettings/generator_test.go b/internal/mode/static/nginx/config/policies/clientsettings/generator_test.go index ffc00bd29a..e3370a4a57 100644 --- a/internal/mode/static/nginx/config/policies/clientsettings/generator_test.go +++ b/internal/mode/static/nginx/config/policies/clientsettings/generator_test.go @@ -5,7 +5,8 @@ import ( . "github.com/onsi/gomega" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/helpers" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/http" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/policies" @@ -14,12 +15,12 @@ import ( func TestGenerate(t *testing.T) { t.Parallel() - maxSize := helpers.GetPointer[ngfAPI.Size]("10m") - bodyTimeout := helpers.GetPointer[ngfAPI.Duration]("600ms") + maxSize := helpers.GetPointer[ngfAPIv1alpha1.Size]("10m") + bodyTimeout := helpers.GetPointer[ngfAPIv1alpha1.Duration]("600ms") keepaliveRequests := helpers.GetPointer[int32](900) - keepaliveTime := helpers.GetPointer[ngfAPI.Duration]("50s") - keepaliveServerTimeout := helpers.GetPointer[ngfAPI.Duration]("30s") - keepaliveHeaderTimeout := helpers.GetPointer[ngfAPI.Duration]("60s") + keepaliveTime := helpers.GetPointer[ngfAPIv1alpha1.Duration]("50s") + keepaliveServerTimeout := helpers.GetPointer[ngfAPIv1alpha1.Duration]("30s") + keepaliveHeaderTimeout := helpers.GetPointer[ngfAPIv1alpha1.Duration]("60s") tests := []struct { name string @@ -28,9 +29,9 @@ func TestGenerate(t *testing.T) { }{ { name: "body max size populated", - policy: &ngfAPI.ClientSettingsPolicy{ - Spec: ngfAPI.ClientSettingsPolicySpec{ - Body: &ngfAPI.ClientBody{ + policy: &ngfAPIv1alpha1.ClientSettingsPolicy{ + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ + Body: &ngfAPIv1alpha1.ClientBody{ MaxSize: maxSize, }, }, @@ -41,9 +42,9 @@ func TestGenerate(t *testing.T) { }, { name: "body timeout populated", - policy: &ngfAPI.ClientSettingsPolicy{ - Spec: ngfAPI.ClientSettingsPolicySpec{ - Body: &ngfAPI.ClientBody{ + policy: &ngfAPIv1alpha1.ClientSettingsPolicy{ + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ + Body: &ngfAPIv1alpha1.ClientBody{ Timeout: bodyTimeout, }, }, @@ -54,9 +55,9 @@ func TestGenerate(t *testing.T) { }, { name: "keepalive requests populated", - policy: &ngfAPI.ClientSettingsPolicy{ - Spec: ngfAPI.ClientSettingsPolicySpec{ - KeepAlive: &ngfAPI.ClientKeepAlive{ + policy: &ngfAPIv1alpha1.ClientSettingsPolicy{ + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ + KeepAlive: &ngfAPIv1alpha1.ClientKeepAlive{ Requests: keepaliveRequests, }, }, @@ -67,9 +68,9 @@ func TestGenerate(t *testing.T) { }, { name: "keepalive time populated", - policy: &ngfAPI.ClientSettingsPolicy{ - Spec: ngfAPI.ClientSettingsPolicySpec{ - KeepAlive: &ngfAPI.ClientKeepAlive{ + policy: &ngfAPIv1alpha1.ClientSettingsPolicy{ + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ + KeepAlive: &ngfAPIv1alpha1.ClientKeepAlive{ Time: keepaliveTime, }, }, @@ -80,10 +81,10 @@ func TestGenerate(t *testing.T) { }, { name: "keepalive timeout server populated", - policy: &ngfAPI.ClientSettingsPolicy{ - Spec: ngfAPI.ClientSettingsPolicySpec{ - KeepAlive: &ngfAPI.ClientKeepAlive{ - Timeout: &ngfAPI.ClientKeepAliveTimeout{ + policy: &ngfAPIv1alpha1.ClientSettingsPolicy{ + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ + KeepAlive: &ngfAPIv1alpha1.ClientKeepAlive{ + Timeout: &ngfAPIv1alpha1.ClientKeepAliveTimeout{ Server: keepaliveServerTimeout, }, }, @@ -95,10 +96,10 @@ func TestGenerate(t *testing.T) { }, { name: "keepalive timeout server and header populated", - policy: &ngfAPI.ClientSettingsPolicy{ - Spec: ngfAPI.ClientSettingsPolicySpec{ - KeepAlive: &ngfAPI.ClientKeepAlive{ - Timeout: &ngfAPI.ClientKeepAliveTimeout{ + policy: &ngfAPIv1alpha1.ClientSettingsPolicy{ + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ + KeepAlive: &ngfAPIv1alpha1.ClientKeepAlive{ + Timeout: &ngfAPIv1alpha1.ClientKeepAliveTimeout{ Server: keepaliveServerTimeout, Header: keepaliveHeaderTimeout, }, @@ -111,10 +112,10 @@ func TestGenerate(t *testing.T) { }, { name: "keepalive timeout header populated", - policy: &ngfAPI.ClientSettingsPolicy{ - Spec: ngfAPI.ClientSettingsPolicySpec{ - KeepAlive: &ngfAPI.ClientKeepAlive{ - Timeout: &ngfAPI.ClientKeepAliveTimeout{ + policy: &ngfAPIv1alpha1.ClientSettingsPolicy{ + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ + KeepAlive: &ngfAPIv1alpha1.ClientKeepAlive{ + Timeout: &ngfAPIv1alpha1.ClientKeepAliveTimeout{ Header: keepaliveHeaderTimeout, }, }, @@ -124,16 +125,16 @@ func TestGenerate(t *testing.T) { }, { name: "all fields populated", - policy: &ngfAPI.ClientSettingsPolicy{ - Spec: ngfAPI.ClientSettingsPolicySpec{ - Body: &ngfAPI.ClientBody{ + policy: &ngfAPIv1alpha1.ClientSettingsPolicy{ + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ + Body: &ngfAPIv1alpha1.ClientBody{ MaxSize: maxSize, Timeout: bodyTimeout, }, - KeepAlive: &ngfAPI.ClientKeepAlive{ + KeepAlive: &ngfAPIv1alpha1.ClientKeepAlive{ Requests: keepaliveRequests, Time: keepaliveTime, - Timeout: &ngfAPI.ClientKeepAliveTimeout{ + Timeout: &ngfAPIv1alpha1.ClientKeepAliveTimeout{ Server: keepaliveServerTimeout, Header: keepaliveHeaderTimeout, }, @@ -186,18 +187,18 @@ func TestGenerateNoPolicies(t *testing.T) { resFiles := generator.GenerateForServer([]policies.Policy{}, http.Server{}) g.Expect(resFiles).To(BeEmpty()) - resFiles = generator.GenerateForServer([]policies.Policy{&ngfAPI.ObservabilityPolicy{}}, http.Server{}) + resFiles = generator.GenerateForServer([]policies.Policy{&ngfAPIv1alpha2.ObservabilityPolicy{}}, http.Server{}) g.Expect(resFiles).To(BeEmpty()) resFiles = generator.GenerateForLocation([]policies.Policy{}, http.Location{}) g.Expect(resFiles).To(BeEmpty()) - resFiles = generator.GenerateForLocation([]policies.Policy{&ngfAPI.ObservabilityPolicy{}}, http.Location{}) + resFiles = generator.GenerateForLocation([]policies.Policy{&ngfAPIv1alpha2.ObservabilityPolicy{}}, http.Location{}) g.Expect(resFiles).To(BeEmpty()) resFiles = generator.GenerateForInternalLocation([]policies.Policy{}) g.Expect(resFiles).To(BeEmpty()) - resFiles = generator.GenerateForInternalLocation([]policies.Policy{&ngfAPI.ObservabilityPolicy{}}) + resFiles = generator.GenerateForInternalLocation([]policies.Policy{&ngfAPIv1alpha2.ObservabilityPolicy{}}) g.Expect(resFiles).To(BeEmpty()) } diff --git a/internal/mode/static/nginx/config/policies/observability/generator.go b/internal/mode/static/nginx/config/policies/observability/generator.go index 261defeefd..dc09e2d8e3 100644 --- a/internal/mode/static/nginx/config/policies/observability/generator.go +++ b/internal/mode/static/nginx/config/policies/observability/generator.go @@ -4,7 +4,7 @@ import ( "fmt" "text/template" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/helpers" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/http" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/policies" @@ -83,7 +83,7 @@ func (g Generator) GenerateForLocation(pols []policies.Policy, location http.Loc includeGlobalAttrs bool, ) policies.GenerateResultFiles { for _, pol := range pols { - obs, ok := pol.(*ngfAPI.ObservabilityPolicy) + obs, ok := pol.(*ngfAPIv1alpha2.ObservabilityPolicy) if !ok { continue } @@ -118,7 +118,7 @@ func (g Generator) GenerateForLocation(pols []policies.Policy, location http.Loc // being specified in the external location that redirects to the internal location. func (g Generator) GenerateForInternalLocation(pols []policies.Policy) policies.GenerateResultFiles { for _, pol := range pols { - obs, ok := pol.(*ngfAPI.ObservabilityPolicy) + obs, ok := pol.(*ngfAPIv1alpha2.ObservabilityPolicy) if !ok { continue } @@ -139,13 +139,13 @@ func (g Generator) GenerateForInternalLocation(pols []policies.Policy) policies. return nil } -func getStrategy(obs *ngfAPI.ObservabilityPolicy) string { +func getStrategy(obs *ngfAPIv1alpha2.ObservabilityPolicy) string { var strategy string if obs.Spec.Tracing != nil { switch obs.Spec.Tracing.Strategy { - case ngfAPI.TraceStrategyParent: + case ngfAPIv1alpha2.TraceStrategyParent: strategy = "$otel_parent_sampled" - case ngfAPI.TraceStrategyRatio: + case ngfAPIv1alpha2.TraceStrategyRatio: strategy = "on" if obs.Spec.Tracing.Ratio != nil { if *obs.Spec.Tracing.Ratio > 0 { diff --git a/internal/mode/static/nginx/config/policies/observability/generator_test.go b/internal/mode/static/nginx/config/policies/observability/generator_test.go index 03ad174cb6..85785d8e09 100644 --- a/internal/mode/static/nginx/config/policies/observability/generator_test.go +++ b/internal/mode/static/nginx/config/policies/observability/generator_test.go @@ -6,7 +6,8 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/helpers" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/http" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/policies" @@ -18,7 +19,7 @@ func TestGenerate(t *testing.T) { t.Parallel() ratio := helpers.GetPointer[int32](25) zeroRatio := helpers.GetPointer[int32](0) - context := helpers.GetPointer[ngfAPI.TraceContext](ngfAPI.TraceContextExtract) + context := helpers.GetPointer[ngfAPIv1alpha2.TraceContext](ngfAPIv1alpha2.TraceContextExtract) spanName := helpers.GetPointer("my-span") tests := []struct { @@ -31,10 +32,10 @@ func TestGenerate(t *testing.T) { }{ { name: "strategy set to default ratio", - policy: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ - Strategy: ngfAPI.TraceStrategyRatio, + policy: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ + Strategy: ngfAPIv1alpha2.TraceStrategyRatio, }, }, }, @@ -50,14 +51,14 @@ func TestGenerate(t *testing.T) { }, { name: "strategy set to custom ratio", - policy: &ngfAPI.ObservabilityPolicy{ + policy: &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "test-policy", Namespace: "test-namespace", }, - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ - Strategy: ngfAPI.TraceStrategyRatio, + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ + Strategy: ngfAPIv1alpha2.TraceStrategyRatio, Ratio: ratio, }, }, @@ -74,14 +75,14 @@ func TestGenerate(t *testing.T) { }, { name: "strategy set to zero ratio", - policy: &ngfAPI.ObservabilityPolicy{ + policy: &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "test-policy", Namespace: "test-namespace", }, - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ - Strategy: ngfAPI.TraceStrategyRatio, + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ + Strategy: ngfAPIv1alpha2.TraceStrategyRatio, Ratio: zeroRatio, }, }, @@ -98,10 +99,10 @@ func TestGenerate(t *testing.T) { }, { name: "strategy set to parent", - policy: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ - Strategy: ngfAPI.TraceStrategyParent, + policy: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ + Strategy: ngfAPIv1alpha2.TraceStrategyParent, }, }, }, @@ -117,9 +118,9 @@ func TestGenerate(t *testing.T) { }, { name: "context is set", - policy: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ + policy: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ Context: context, }, }, @@ -138,9 +139,9 @@ func TestGenerate(t *testing.T) { }, { name: "spanName is set", - policy: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ + policy: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ SpanName: spanName, }, }, @@ -158,10 +159,10 @@ func TestGenerate(t *testing.T) { }, { name: "span attributes set", - policy: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ - SpanAttributes: []ngfAPI.SpanAttribute{ + policy: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ + SpanAttributes: []ngfAPIv1alpha1.SpanAttribute{ {Key: "test-key", Value: "test-value"}, }, }, @@ -181,9 +182,9 @@ func TestGenerate(t *testing.T) { }, { name: "global span attributes set", - policy: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{}, + policy: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{}, }, }, telemetryConf: dataplane.Telemetry{ @@ -205,13 +206,13 @@ func TestGenerate(t *testing.T) { }, { name: "all fields populated", - policy: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ - Strategy: ngfAPI.TraceStrategyRatio, + policy: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ + Strategy: ngfAPIv1alpha2.TraceStrategyRatio, Context: context, SpanName: spanName, - SpanAttributes: []ngfAPI.SpanAttribute{ + SpanAttributes: []ngfAPIv1alpha1.SpanAttribute{ {Key: "test-key", Value: "test-value"}, }, }, @@ -290,12 +291,12 @@ func TestGenerateNoPolicies(t *testing.T) { resFiles := generator.GenerateForLocation([]policies.Policy{}, http.Location{}) g.Expect(resFiles).To(BeEmpty()) - resFiles = generator.GenerateForLocation([]policies.Policy{&ngfAPI.ClientSettingsPolicy{}}, http.Location{}) + resFiles = generator.GenerateForLocation([]policies.Policy{&ngfAPIv1alpha1.ClientSettingsPolicy{}}, http.Location{}) g.Expect(resFiles).To(BeEmpty()) resFiles = generator.GenerateForInternalLocation([]policies.Policy{}) g.Expect(resFiles).To(BeEmpty()) - resFiles = generator.GenerateForInternalLocation([]policies.Policy{&ngfAPI.ClientSettingsPolicy{}}) + resFiles = generator.GenerateForInternalLocation([]policies.Policy{&ngfAPIv1alpha1.ClientSettingsPolicy{}}) g.Expect(resFiles).To(BeEmpty()) } diff --git a/internal/mode/static/nginx/config/policies/observability/validator.go b/internal/mode/static/nginx/config/policies/observability/validator.go index 8cf43c478a..4d7182e128 100644 --- a/internal/mode/static/nginx/config/policies/observability/validator.go +++ b/internal/mode/static/nginx/config/policies/observability/validator.go @@ -4,7 +4,7 @@ import ( "k8s.io/apimachinery/pkg/util/validation/field" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/conditions" "github.com/nginx/nginx-gateway-fabric/internal/framework/helpers" "github.com/nginx/nginx-gateway-fabric/internal/framework/kinds" @@ -29,7 +29,7 @@ func (v *Validator) Validate( policy policies.Policy, globalSettings *policies.GlobalSettings, ) []conditions.Condition { - obs := helpers.MustCastObject[*ngfAPI.ObservabilityPolicy](policy) + obs := helpers.MustCastObject[*ngfAPIv1alpha2.ObservabilityPolicy](policy) if globalSettings == nil || !globalSettings.NginxProxyValid { return []conditions.Condition{ @@ -62,13 +62,13 @@ func (v *Validator) Validate( // Conflicts returns true if the two ObservabilityPolicies conflict. func (v *Validator) Conflicts(polA, polB policies.Policy) bool { - a := helpers.MustCastObject[*ngfAPI.ObservabilityPolicy](polA) - b := helpers.MustCastObject[*ngfAPI.ObservabilityPolicy](polB) + a := helpers.MustCastObject[*ngfAPIv1alpha2.ObservabilityPolicy](polA) + b := helpers.MustCastObject[*ngfAPIv1alpha2.ObservabilityPolicy](polB) return a.Spec.Tracing != nil && b.Spec.Tracing != nil } -func (v *Validator) validateSettings(spec ngfAPI.ObservabilityPolicySpec) error { +func (v *Validator) validateSettings(spec ngfAPIv1alpha2.ObservabilityPolicySpec) error { var allErrs field.ErrorList fieldPath := field.NewPath("spec") @@ -76,7 +76,7 @@ func (v *Validator) validateSettings(spec ngfAPI.ObservabilityPolicySpec) error tracePath := fieldPath.Child("tracing") switch spec.Tracing.Strategy { - case ngfAPI.TraceStrategyRatio, ngfAPI.TraceStrategyParent: + case ngfAPIv1alpha2.TraceStrategyRatio, ngfAPIv1alpha2.TraceStrategyParent: default: allErrs = append( allErrs, @@ -84,18 +84,18 @@ func (v *Validator) validateSettings(spec ngfAPI.ObservabilityPolicySpec) error tracePath.Child("strategy"), spec.Tracing.Strategy, []string{ - string(ngfAPI.TraceStrategyRatio), - string(ngfAPI.TraceStrategyParent), + string(ngfAPIv1alpha2.TraceStrategyRatio), + string(ngfAPIv1alpha2.TraceStrategyParent), }), ) } if spec.Tracing.Context != nil { switch *spec.Tracing.Context { - case ngfAPI.TraceContextExtract, - ngfAPI.TraceContextInject, - ngfAPI.TraceContextPropagate, - ngfAPI.TraceContextIgnore: + case ngfAPIv1alpha2.TraceContextExtract, + ngfAPIv1alpha2.TraceContextInject, + ngfAPIv1alpha2.TraceContextPropagate, + ngfAPIv1alpha2.TraceContextIgnore: default: allErrs = append( allErrs, @@ -103,10 +103,10 @@ func (v *Validator) validateSettings(spec ngfAPI.ObservabilityPolicySpec) error tracePath.Child("context"), spec.Tracing.Context, []string{ - string(ngfAPI.TraceContextExtract), - string(ngfAPI.TraceContextInject), - string(ngfAPI.TraceContextPropagate), - string(ngfAPI.TraceContextIgnore), + string(ngfAPIv1alpha2.TraceContextExtract), + string(ngfAPIv1alpha2.TraceContextInject), + string(ngfAPIv1alpha2.TraceContextPropagate), + string(ngfAPIv1alpha2.TraceContextIgnore), }), ) } diff --git a/internal/mode/static/nginx/config/policies/observability/validator_test.go b/internal/mode/static/nginx/config/policies/observability/validator_test.go index 679906a390..5b0894110d 100644 --- a/internal/mode/static/nginx/config/policies/observability/validator_test.go +++ b/internal/mode/static/nginx/config/policies/observability/validator_test.go @@ -8,7 +8,8 @@ import ( gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/conditions" "github.com/nginx/nginx-gateway-fabric/internal/framework/helpers" "github.com/nginx/nginx-gateway-fabric/internal/framework/kinds" @@ -19,14 +20,14 @@ import ( staticConds "github.com/nginx/nginx-gateway-fabric/internal/mode/static/state/conditions" ) -type policyModFunc func(policy *ngfAPI.ObservabilityPolicy) *ngfAPI.ObservabilityPolicy +type policyModFunc func(policy *ngfAPIv1alpha2.ObservabilityPolicy) *ngfAPIv1alpha2.ObservabilityPolicy -func createValidPolicy() *ngfAPI.ObservabilityPolicy { - return &ngfAPI.ObservabilityPolicy{ +func createValidPolicy() *ngfAPIv1alpha2.ObservabilityPolicy { + return &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Namespace: "default", }, - Spec: ngfAPI.ObservabilityPolicySpec{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ TargetRefs: []v1alpha2.LocalPolicyTargetReference{ { Group: gatewayv1.GroupName, @@ -34,11 +35,11 @@ func createValidPolicy() *ngfAPI.ObservabilityPolicy { Name: "route", }, }, - Tracing: &ngfAPI.Tracing{ - Strategy: ngfAPI.TraceStrategyRatio, - Context: helpers.GetPointer(ngfAPI.TraceContextExtract), + Tracing: &ngfAPIv1alpha2.Tracing{ + Strategy: ngfAPIv1alpha2.TraceStrategyRatio, + Context: helpers.GetPointer(ngfAPIv1alpha2.TraceContextExtract), SpanName: helpers.GetPointer("spanName"), - SpanAttributes: []ngfAPI.SpanAttribute{ + SpanAttributes: []ngfAPIv1alpha1.SpanAttribute{ {Key: "key", Value: "value"}, }, }, @@ -47,7 +48,7 @@ func createValidPolicy() *ngfAPI.ObservabilityPolicy { } } -func createModifiedPolicy(mod policyModFunc) *ngfAPI.ObservabilityPolicy { +func createModifiedPolicy(mod policyModFunc) *ngfAPIv1alpha2.ObservabilityPolicy { return mod(createValidPolicy()) } @@ -60,7 +61,7 @@ func TestValidator_Validate(t *testing.T) { tests := []struct { name string - policy *ngfAPI.ObservabilityPolicy + policy *ngfAPIv1alpha2.ObservabilityPolicy globalSettings *policies.GlobalSettings expConditions []conditions.Condition }{ @@ -89,7 +90,7 @@ func TestValidator_Validate(t *testing.T) { }, { name: "invalid target ref; unsupported group", - policy: createModifiedPolicy(func(p *ngfAPI.ObservabilityPolicy) *ngfAPI.ObservabilityPolicy { + policy: createModifiedPolicy(func(p *ngfAPIv1alpha2.ObservabilityPolicy) *ngfAPIv1alpha2.ObservabilityPolicy { p.Spec.TargetRefs[0].Group = "Unsupported" return p }), @@ -101,7 +102,7 @@ func TestValidator_Validate(t *testing.T) { }, { name: "invalid target ref; unsupported kind", - policy: createModifiedPolicy(func(p *ngfAPI.ObservabilityPolicy) *ngfAPI.ObservabilityPolicy { + policy: createModifiedPolicy(func(p *ngfAPIv1alpha2.ObservabilityPolicy) *ngfAPIv1alpha2.ObservabilityPolicy { p.Spec.TargetRefs[0].Kind = "Unsupported" return p }), @@ -113,7 +114,7 @@ func TestValidator_Validate(t *testing.T) { }, { name: "invalid strategy", - policy: createModifiedPolicy(func(p *ngfAPI.ObservabilityPolicy) *ngfAPI.ObservabilityPolicy { + policy: createModifiedPolicy(func(p *ngfAPIv1alpha2.ObservabilityPolicy) *ngfAPIv1alpha2.ObservabilityPolicy { p.Spec.Tracing.Strategy = "invalid" return p }), @@ -125,8 +126,8 @@ func TestValidator_Validate(t *testing.T) { }, { name: "invalid context", - policy: createModifiedPolicy(func(p *ngfAPI.ObservabilityPolicy) *ngfAPI.ObservabilityPolicy { - p.Spec.Tracing.Context = helpers.GetPointer[ngfAPI.TraceContext]("invalid") + policy: createModifiedPolicy(func(p *ngfAPIv1alpha2.ObservabilityPolicy) *ngfAPIv1alpha2.ObservabilityPolicy { + p.Spec.Tracing.Context = helpers.GetPointer[ngfAPIv1alpha2.TraceContext]("invalid") return p }), globalSettings: globalSettings, @@ -137,7 +138,7 @@ func TestValidator_Validate(t *testing.T) { }, { name: "invalid span name", - policy: createModifiedPolicy(func(p *ngfAPI.ObservabilityPolicy) *ngfAPI.ObservabilityPolicy { + policy: createModifiedPolicy(func(p *ngfAPIv1alpha2.ObservabilityPolicy) *ngfAPIv1alpha2.ObservabilityPolicy { p.Spec.Tracing.SpanName = helpers.GetPointer("invalid$$$") return p }), @@ -150,7 +151,7 @@ func TestValidator_Validate(t *testing.T) { }, { name: "invalid span attribute key", - policy: createModifiedPolicy(func(p *ngfAPI.ObservabilityPolicy) *ngfAPI.ObservabilityPolicy { + policy: createModifiedPolicy(func(p *ngfAPIv1alpha2.ObservabilityPolicy) *ngfAPIv1alpha2.ObservabilityPolicy { p.Spec.Tracing.SpanAttributes[0].Key = "invalid$$$" return p }), @@ -163,7 +164,7 @@ func TestValidator_Validate(t *testing.T) { }, { name: "invalid span attribute value", - policy: createModifiedPolicy(func(p *ngfAPI.ObservabilityPolicy) *ngfAPI.ObservabilityPolicy { + policy: createModifiedPolicy(func(p *ngfAPIv1alpha2.ObservabilityPolicy) *ngfAPIv1alpha2.ObservabilityPolicy { p.Spec.Tracing.SpanAttributes[0].Value = "invalid$$$" return p }), @@ -211,33 +212,33 @@ func TestValidator_ValidatePanics(t *testing.T) { func TestValidator_Conflicts(t *testing.T) { t.Parallel() tests := []struct { - polA *ngfAPI.ObservabilityPolicy - polB *ngfAPI.ObservabilityPolicy + polA *ngfAPIv1alpha2.ObservabilityPolicy + polB *ngfAPIv1alpha2.ObservabilityPolicy name string conflicts bool }{ { name: "no conflicts", - polA: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{}, + polA: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{}, }, }, - polB: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{}, + polB: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{}, }, conflicts: false, }, { name: "conflicts", - polA: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{}, + polA: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{}, }, }, - polB: &ngfAPI.ObservabilityPolicy{ - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{}, + polB: &ngfAPIv1alpha2.ObservabilityPolicy{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{}, }, }, conflicts: true, diff --git a/internal/mode/static/nginx/config/policies/upstreamsettings/processor_test.go b/internal/mode/static/nginx/config/policies/upstreamsettings/processor_test.go index 835dfe8eee..80ca82b7b6 100644 --- a/internal/mode/static/nginx/config/policies/upstreamsettings/processor_test.go +++ b/internal/mode/static/nginx/config/policies/upstreamsettings/processor_test.go @@ -6,7 +6,8 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/helpers" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/http" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/policies" @@ -23,18 +24,18 @@ func TestProcess(t *testing.T) { { name: "all fields populated", policies: []policies.Policy{ - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - ZoneSize: helpers.GetPointer[ngfAPI.Size]("2m"), - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + ZoneSize: helpers.GetPointer[ngfAPIv1alpha1.Size]("2m"), + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ Connections: helpers.GetPointer(int32(1)), Requests: helpers.GetPointer(int32(1)), - Time: helpers.GetPointer[ngfAPI.Duration]("5s"), - Timeout: helpers.GetPointer[ngfAPI.Duration]("10s"), + Time: helpers.GetPointer[ngfAPIv1alpha1.Duration]("5s"), + Timeout: helpers.GetPointer[ngfAPIv1alpha1.Duration]("10s"), }), }, }, @@ -52,13 +53,13 @@ func TestProcess(t *testing.T) { { name: "zone size set", policies: []policies.Policy{ - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - ZoneSize: helpers.GetPointer[ngfAPI.Size]("2m"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + ZoneSize: helpers.GetPointer[ngfAPIv1alpha1.Size]("2m"), }, }, }, @@ -69,13 +70,13 @@ func TestProcess(t *testing.T) { { name: "keep alive connections set", policies: []policies.Policy{ - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ Connections: helpers.GetPointer(int32(1)), }), }, @@ -90,13 +91,13 @@ func TestProcess(t *testing.T) { { name: "keep alive requests set", policies: []policies.Policy{ - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ Requests: helpers.GetPointer(int32(1)), }), }, @@ -111,14 +112,14 @@ func TestProcess(t *testing.T) { { name: "keep alive time set", policies: []policies.Policy{ - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ - Time: helpers.GetPointer[ngfAPI.Duration]("5s"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ + Time: helpers.GetPointer[ngfAPIv1alpha1.Duration]("5s"), }), }, }, @@ -132,14 +133,14 @@ func TestProcess(t *testing.T) { { name: "keep alive timeout set", policies: []policies.Policy{ - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ - Timeout: helpers.GetPointer[ngfAPI.Duration]("10s"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ + Timeout: helpers.GetPointer[ngfAPIv1alpha1.Duration]("10s"), }), }, }, @@ -153,12 +154,12 @@ func TestProcess(t *testing.T) { { name: "no fields populated", policies: []policies.Policy{ - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{}, + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{}, }, }, expUpstreamSettings: UpstreamSettings{}, @@ -166,56 +167,56 @@ func TestProcess(t *testing.T) { { name: "multiple UpstreamSettingsPolicies", policies: []policies.Policy{ - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-zonesize", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - ZoneSize: helpers.GetPointer[ngfAPI.Size]("2m"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + ZoneSize: helpers.GetPointer[ngfAPIv1alpha1.Size]("2m"), }, }, - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-keepalive-connections", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ Connections: helpers.GetPointer(int32(1)), }), }, }, - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-keepalive-requests", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ Requests: helpers.GetPointer(int32(1)), }), }, }, - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-keepalive-time", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ - Time: helpers.GetPointer[ngfAPI.Duration]("5s"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ + Time: helpers.GetPointer[ngfAPIv1alpha1.Duration]("5s"), }), }, }, - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-keepalive-timeout", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ - Timeout: helpers.GetPointer[ngfAPI.Duration]("10s"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ + Timeout: helpers.GetPointer[ngfAPIv1alpha1.Duration]("10s"), }), }, }, @@ -233,78 +234,78 @@ func TestProcess(t *testing.T) { { name: "multiple UpstreamSettingsPolicies along with other policies", policies: []policies.Policy{ - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-zonesize", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - ZoneSize: helpers.GetPointer[ngfAPI.Size]("2m"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + ZoneSize: helpers.GetPointer[ngfAPIv1alpha1.Size]("2m"), }, }, - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-keepalive-connections", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ Connections: helpers.GetPointer(int32(1)), }), }, }, - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-keepalive-requests", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ Requests: helpers.GetPointer(int32(1)), }), }, }, - &ngfAPI.ClientSettingsPolicy{ + &ngfAPIv1alpha1.ClientSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "client-settings-policy", Namespace: "test", }, - Spec: ngfAPI.ClientSettingsPolicySpec{ - Body: &ngfAPI.ClientBody{ - MaxSize: helpers.GetPointer[ngfAPI.Size]("1m"), + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ + Body: &ngfAPIv1alpha1.ClientBody{ + MaxSize: helpers.GetPointer[ngfAPIv1alpha1.Size]("1m"), }, }, }, - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-keepalive-time", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ - Time: helpers.GetPointer[ngfAPI.Duration]("5s"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ + Time: helpers.GetPointer[ngfAPIv1alpha1.Duration]("5s"), }), }, }, - &ngfAPI.UpstreamSettingsPolicy{ + &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp-keepalive-timeout", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - KeepAlive: helpers.GetPointer(ngfAPI.UpstreamKeepAlive{ - Timeout: helpers.GetPointer[ngfAPI.Duration]("10s"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + KeepAlive: helpers.GetPointer(ngfAPIv1alpha1.UpstreamKeepAlive{ + Timeout: helpers.GetPointer[ngfAPIv1alpha1.Duration]("10s"), }), }, }, - &ngfAPI.ObservabilityPolicy{ + &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "observability-policy", Namespace: "test", }, - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ - Strategy: ngfAPI.TraceStrategyRatio, + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ + Strategy: ngfAPIv1alpha2.TraceStrategyRatio, Ratio: helpers.GetPointer(int32(1)), }, }, diff --git a/internal/mode/static/state/change_processor.go b/internal/mode/static/state/change_processor.go index 9992c7291d..61d6475d9f 100644 --- a/internal/mode/static/state/change_processor.go +++ b/internal/mode/static/state/change_processor.go @@ -16,7 +16,8 @@ import ( "sigs.k8s.io/gateway-api/apis/v1alpha3" "sigs.k8s.io/gateway-api/apis/v1beta1" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/gatewayclass" "github.com/nginx/nginx-gateway-fabric/internal/framework/kinds" ngftypes "github.com/nginx/nginx-gateway-fabric/internal/framework/types" @@ -108,11 +109,11 @@ func NewChangeProcessorImpl(cfg ChangeProcessorConfig) *ChangeProcessorImpl { CRDMetadata: make(map[types.NamespacedName]*metav1.PartialObjectMetadata), BackendTLSPolicies: make(map[types.NamespacedName]*v1alpha3.BackendTLSPolicy), ConfigMaps: make(map[types.NamespacedName]*apiv1.ConfigMap), - NginxProxies: make(map[types.NamespacedName]*ngfAPI.NginxProxy), + NginxProxies: make(map[types.NamespacedName]*ngfAPIv1alpha1.NginxProxy), GRPCRoutes: make(map[types.NamespacedName]*v1.GRPCRoute), TLSRoutes: make(map[types.NamespacedName]*v1alpha2.TLSRoute), NGFPolicies: make(map[graph.PolicyKey]policies.Policy), - SnippetsFilters: make(map[types.NamespacedName]*ngfAPI.SnippetsFilter), + SnippetsFilters: make(map[types.NamespacedName]*ngfAPIv1alpha1.SnippetsFilter), } processor := &ChangeProcessorImpl{ @@ -202,22 +203,22 @@ func NewChangeProcessorImpl(cfg ChangeProcessorConfig) *ChangeProcessorImpl { predicate: annotationChangedPredicate{annotation: gatewayclass.BundleVersionAnnotation}, }, { - gvk: cfg.MustExtractGVK(&ngfAPI.NginxProxy{}), + gvk: cfg.MustExtractGVK(&ngfAPIv1alpha1.NginxProxy{}), store: newObjectStoreMapAdapter(clusterStore.NginxProxies), predicate: funcPredicate{stateChanged: isReferenced}, }, { - gvk: cfg.MustExtractGVK(&ngfAPI.ClientSettingsPolicy{}), + gvk: cfg.MustExtractGVK(&ngfAPIv1alpha1.ClientSettingsPolicy{}), store: commonPolicyObjectStore, predicate: funcPredicate{stateChanged: isNGFPolicyRelevant}, }, { - gvk: cfg.MustExtractGVK(&ngfAPI.ObservabilityPolicy{}), + gvk: cfg.MustExtractGVK(&ngfAPIv1alpha2.ObservabilityPolicy{}), store: commonPolicyObjectStore, predicate: funcPredicate{stateChanged: isNGFPolicyRelevant}, }, { - gvk: cfg.MustExtractGVK(&ngfAPI.UpstreamSettingsPolicy{}), + gvk: cfg.MustExtractGVK(&ngfAPIv1alpha1.UpstreamSettingsPolicy{}), store: commonPolicyObjectStore, predicate: funcPredicate{stateChanged: isNGFPolicyRelevant}, }, @@ -227,7 +228,7 @@ func NewChangeProcessorImpl(cfg ChangeProcessorConfig) *ChangeProcessorImpl { predicate: nil, }, { - gvk: cfg.MustExtractGVK(&ngfAPI.SnippetsFilter{}), + gvk: cfg.MustExtractGVK(&ngfAPIv1alpha1.SnippetsFilter{}), store: newObjectStoreMapAdapter(clusterStore.SnippetsFilters), predicate: nil, // we always want to write status to SnippetsFilters so we don't filter them out }, diff --git a/internal/mode/static/state/change_processor_test.go b/internal/mode/static/state/change_processor_test.go index b61de86721..7211a5f045 100644 --- a/internal/mode/static/state/change_processor_test.go +++ b/internal/mode/static/state/change_processor_test.go @@ -19,7 +19,8 @@ import ( "sigs.k8s.io/gateway-api/apis/v1alpha3" "sigs.k8s.io/gateway-api/apis/v1beta1" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/conditions" "github.com/nginx/nginx-gateway-fabric/internal/framework/controller/index" "github.com/nginx/nginx-gateway-fabric/internal/framework/gatewayclass" @@ -326,7 +327,8 @@ func createScheme() *runtime.Scheme { utilruntime.Must(apiv1.AddToScheme(scheme)) utilruntime.Must(discoveryV1.AddToScheme(scheme)) utilruntime.Must(apiext.AddToScheme(scheme)) - utilruntime.Must(ngfAPI.AddToScheme(scheme)) + utilruntime.Must(ngfAPIv1alpha1.AddToScheme(scheme)) + utilruntime.Must(ngfAPIv1alpha2.AddToScheme(scheme)) return scheme } @@ -2291,28 +2293,28 @@ var _ = Describe("ChangeProcessor", func() { Describe("NginxProxy resource changes", Ordered, func() { paramGC := gc.DeepCopy() paramGC.Spec.ParametersRef = &v1beta1.ParametersReference{ - Group: ngfAPI.GroupName, + Group: ngfAPIv1alpha1.GroupName, Kind: kinds.NginxProxy, Name: "np", } - np := &ngfAPI.NginxProxy{ + np := &ngfAPIv1alpha1.NginxProxy{ ObjectMeta: metav1.ObjectMeta{ Name: "np", }, } - npUpdated := &ngfAPI.NginxProxy{ + npUpdated := &ngfAPIv1alpha1.NginxProxy{ ObjectMeta: metav1.ObjectMeta{ Name: "np", }, - Spec: ngfAPI.NginxProxySpec{ - Telemetry: &ngfAPI.Telemetry{ - Exporter: &ngfAPI.TelemetryExporter{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Telemetry: &ngfAPIv1alpha1.Telemetry{ + Exporter: &ngfAPIv1alpha1.TelemetryExporter{ Endpoint: "my-svc:123", BatchSize: helpers.GetPointer(int32(512)), BatchCount: helpers.GetPointer(int32(4)), - Interval: helpers.GetPointer(ngfAPI.Duration("5s")), + Interval: helpers.GetPointer(ngfAPIv1alpha1.Duration("5s")), }, }, }, @@ -2347,9 +2349,9 @@ var _ = Describe("ChangeProcessor", func() { gw *v1.Gateway route *v1.HTTPRoute svc *apiv1.Service - csp, cspUpdated *ngfAPI.ClientSettingsPolicy - obs, obsUpdated *ngfAPI.ObservabilityPolicy - usp, uspUpdated *ngfAPI.UpstreamSettingsPolicy + csp, cspUpdated *ngfAPIv1alpha1.ClientSettingsPolicy + obs, obsUpdated *ngfAPIv1alpha2.ObservabilityPolicy + usp, uspUpdated *ngfAPIv1alpha1.UpstreamSettingsPolicy cspKey, obsKey, uspKey graph.PolicyKey ) @@ -2384,41 +2386,41 @@ var _ = Describe("ChangeProcessor", func() { }, } - csp = &ngfAPI.ClientSettingsPolicy{ + csp = &ngfAPIv1alpha1.ClientSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "csp", Namespace: "test", }, - Spec: ngfAPI.ClientSettingsPolicySpec{ + Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ TargetRef: v1alpha2.LocalPolicyTargetReference{ Group: v1.GroupName, Kind: kinds.Gateway, Name: "gw", }, - Body: &ngfAPI.ClientBody{ - MaxSize: helpers.GetPointer[ngfAPI.Size]("10m"), + Body: &ngfAPIv1alpha1.ClientBody{ + MaxSize: helpers.GetPointer[ngfAPIv1alpha1.Size]("10m"), }, }, } cspUpdated = csp.DeepCopy() - cspUpdated.Spec.Body.MaxSize = helpers.GetPointer[ngfAPI.Size]("20m") + cspUpdated.Spec.Body.MaxSize = helpers.GetPointer[ngfAPIv1alpha1.Size]("20m") cspKey = graph.PolicyKey{ NsName: types.NamespacedName{Name: "csp", Namespace: "test"}, GVK: schema.GroupVersionKind{ - Group: ngfAPI.GroupName, + Group: ngfAPIv1alpha1.GroupName, Kind: kinds.ClientSettingsPolicy, Version: "v1alpha1", }, } - obs = &ngfAPI.ObservabilityPolicy{ + obs = &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "obs", Namespace: "test", }, - Spec: ngfAPI.ObservabilityPolicySpec{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ TargetRefs: []v1alpha2.LocalPolicyTargetReference{ { Group: v1.GroupName, @@ -2426,31 +2428,31 @@ var _ = Describe("ChangeProcessor", func() { Name: "hr-1", }, }, - Tracing: &ngfAPI.Tracing{ - Strategy: ngfAPI.TraceStrategyRatio, + Tracing: &ngfAPIv1alpha2.Tracing{ + Strategy: ngfAPIv1alpha2.TraceStrategyRatio, }, }, } obsUpdated = obs.DeepCopy() - obsUpdated.Spec.Tracing.Strategy = ngfAPI.TraceStrategyParent + obsUpdated.Spec.Tracing.Strategy = ngfAPIv1alpha2.TraceStrategyParent obsKey = graph.PolicyKey{ NsName: types.NamespacedName{Name: "obs", Namespace: "test"}, GVK: schema.GroupVersionKind{ - Group: ngfAPI.GroupName, + Group: ngfAPIv1alpha1.GroupName, Kind: kinds.ObservabilityPolicy, - Version: "v1alpha1", + Version: "v1alpha2", }, } - usp = &ngfAPI.UpstreamSettingsPolicy{ + usp = &ngfAPIv1alpha1.UpstreamSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "usp", Namespace: "test", }, - Spec: ngfAPI.UpstreamSettingsPolicySpec{ - ZoneSize: helpers.GetPointer[ngfAPI.Size]("10m"), + Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ + ZoneSize: helpers.GetPointer[ngfAPIv1alpha1.Size]("10m"), TargetRefs: []v1alpha2.LocalPolicyTargetReference{ { Group: "core", @@ -2462,12 +2464,12 @@ var _ = Describe("ChangeProcessor", func() { } uspUpdated = usp.DeepCopy() - uspUpdated.Spec.ZoneSize = helpers.GetPointer[ngfAPI.Size]("20m") + uspUpdated.Spec.ZoneSize = helpers.GetPointer[ngfAPIv1alpha1.Size]("20m") uspKey = graph.PolicyKey{ NsName: types.NamespacedName{Name: "usp", Namespace: "test"}, GVK: schema.GroupVersionKind{ - Group: ngfAPI.GroupName, + Group: ngfAPIv1alpha1.GroupName, Kind: kinds.UpstreamSettingsPolicy, Version: "v1alpha1", }, @@ -2531,9 +2533,9 @@ var _ = Describe("ChangeProcessor", func() { }) When("the policy is deleted", func() { It("removes the policy from the graph", func() { - processor.CaptureDeleteChange(&ngfAPI.ClientSettingsPolicy{}, client.ObjectKeyFromObject(csp)) - processor.CaptureDeleteChange(&ngfAPI.ObservabilityPolicy{}, client.ObjectKeyFromObject(obs)) - processor.CaptureDeleteChange(&ngfAPI.UpstreamSettingsPolicy{}, client.ObjectKeyFromObject(usp)) + processor.CaptureDeleteChange(&ngfAPIv1alpha1.ClientSettingsPolicy{}, client.ObjectKeyFromObject(csp)) + processor.CaptureDeleteChange(&ngfAPIv1alpha2.ObservabilityPolicy{}, client.ObjectKeyFromObject(obs)) + processor.CaptureDeleteChange(&ngfAPIv1alpha1.UpstreamSettingsPolicy{}, client.ObjectKeyFromObject(usp)) changed, graph := processor.Process() Expect(changed).To(Equal(state.ClusterStateChange)) @@ -2548,34 +2550,34 @@ var _ = Describe("ChangeProcessor", func() { Namespace: "test", } - sf := &ngfAPI.SnippetsFilter{ + sf := &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: sfNsName.Name, Namespace: sfNsName.Namespace, }, - Spec: ngfAPI.SnippetsFilterSpec{ - Snippets: []ngfAPI.Snippet{ + Spec: ngfAPIv1alpha1.SnippetsFilterSpec{ + Snippets: []ngfAPIv1alpha1.Snippet{ { - Context: ngfAPI.NginxContextMain, + Context: ngfAPIv1alpha1.NginxContextMain, Value: "main snippet", }, }, }, } - sfUpdated := &ngfAPI.SnippetsFilter{ + sfUpdated := &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: sfNsName.Name, Namespace: sfNsName.Namespace, }, - Spec: ngfAPI.SnippetsFilterSpec{ - Snippets: []ngfAPI.Snippet{ + Spec: ngfAPIv1alpha1.SnippetsFilterSpec{ + Snippets: []ngfAPIv1alpha1.Snippet{ { - Context: ngfAPI.NginxContextMain, + Context: ngfAPIv1alpha1.NginxContextMain, Value: "main snippet", }, { - Context: ngfAPI.NginxContextHTTP, + Context: ngfAPIv1alpha1.NginxContextHTTP, Value: "http snippet", }, }, @@ -2631,7 +2633,7 @@ var _ = Describe("ChangeProcessor", func() { secret, secretUpdated, unrelatedSecret, barSecret, barSecretUpdated *apiv1.Secret cm, cmUpdated, unrelatedCM *apiv1.ConfigMap btls, btlsUpdated *v1alpha3.BackendTLSPolicy - np, npUpdated *ngfAPI.NginxProxy + np, npUpdated *ngfAPIv1alpha1.NginxProxy ) BeforeEach(OncePerOrdered, func() { @@ -2930,12 +2932,12 @@ var _ = Describe("ChangeProcessor", func() { btlsUpdated = btls.DeepCopy() npNsName = types.NamespacedName{Name: "np-1"} - np = &ngfAPI.NginxProxy{ + np = &ngfAPIv1alpha1.NginxProxy{ ObjectMeta: metav1.ObjectMeta{ Name: npNsName.Name, }, - Spec: ngfAPI.NginxProxySpec{ - Telemetry: &ngfAPI.Telemetry{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Telemetry: &ngfAPIv1alpha1.Telemetry{ ServiceName: helpers.GetPointer("my-svc"), }, }, @@ -3010,7 +3012,7 @@ var _ = Describe("ChangeProcessor", func() { processor.CaptureDeleteChange(&v1beta1.ReferenceGrant{}, rgNsName) processor.CaptureDeleteChange(&v1alpha3.BackendTLSPolicy{}, btlsNsName) processor.CaptureDeleteChange(&apiv1.ConfigMap{}, cmNsName) - processor.CaptureDeleteChange(&ngfAPI.NginxProxy{}, npNsName) + processor.CaptureDeleteChange(&ngfAPIv1alpha1.NginxProxy{}, npNsName) // these are non-changing changes processor.CaptureUpsertChange(gw2) diff --git a/internal/mode/static/state/dataplane/configuration.go b/internal/mode/static/state/dataplane/configuration.go index 68a46387f4..33324dbf42 100644 --- a/internal/mode/static/state/dataplane/configuration.go +++ b/internal/mode/static/state/dataplane/configuration.go @@ -13,7 +13,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" v1 "sigs.k8s.io/gateway-api/apis/v1" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/helpers" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/policies" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/state/graph" @@ -62,7 +63,7 @@ func BuildConfiguration( Telemetry: buildTelemetry(g), BaseHTTPConfig: baseHTTPConfig, Logging: buildLogging(g), - MainSnippets: buildSnippetsForContext(g.SnippetsFilters, ngfAPI.NginxContextMain), + MainSnippets: buildSnippetsForContext(g.SnippetsFilters, ngfAPIv1alpha1.NginxContextMain), AuxiliarySecrets: buildAuxiliarySecrets(g.PlusSecrets), } @@ -809,7 +810,7 @@ func buildTelemetry(g *graph.Graph) Telemetry { // logic in this function ratioMap := make(map[string]int32) for _, pol := range g.NGFPolicies { - if obsPol, ok := pol.Source.(*ngfAPI.ObservabilityPolicy); ok { + if obsPol, ok := pol.Source.(*ngfAPIv1alpha2.ObservabilityPolicy); ok { if obsPol.Spec.Tracing != nil && obsPol.Spec.Tracing.Ratio != nil && *obsPol.Spec.Tracing.Ratio > 0 { ratioName := CreateRatioVarName(*obsPol.Spec.Tracing.Ratio) ratioMap[ratioName] = *obsPol.Spec.Tracing.Ratio @@ -825,7 +826,7 @@ func buildTelemetry(g *graph.Graph) Telemetry { return tel } -func setSpanAttributes(spanAttributes []ngfAPI.SpanAttribute) []SpanAttribute { +func setSpanAttributes(spanAttributes []ngfAPIv1alpha1.SpanAttribute) []SpanAttribute { spanAttrs := make([]SpanAttribute, 0, len(spanAttributes)) for _, spanAttr := range spanAttributes { sa := SpanAttribute{ @@ -850,7 +851,7 @@ func buildBaseHTTPConfig(g *graph.Graph) BaseHTTPConfig { // HTTP2 should be enabled by default HTTP2: true, IPFamily: Dual, - Snippets: buildSnippetsForContext(g.SnippetsFilters, ngfAPI.NginxContextHTTP), + Snippets: buildSnippetsForContext(g.SnippetsFilters, ngfAPIv1alpha1.NginxContextHTTP), } if g.NginxProxy == nil || !g.NginxProxy.Valid { return baseConfig @@ -862,9 +863,9 @@ func buildBaseHTTPConfig(g *graph.Graph) BaseHTTPConfig { if g.NginxProxy.Source.Spec.IPFamily != nil { switch *g.NginxProxy.Source.Spec.IPFamily { - case ngfAPI.IPv4: + case ngfAPIv1alpha1.IPv4: baseConfig.IPFamily = IPv4 - case ngfAPI.IPv6: + case ngfAPIv1alpha1.IPv6: baseConfig.IPFamily = IPv6 } } @@ -872,9 +873,9 @@ func buildBaseHTTPConfig(g *graph.Graph) BaseHTTPConfig { if g.NginxProxy.Source.Spec.RewriteClientIP != nil { if g.NginxProxy.Source.Spec.RewriteClientIP.Mode != nil { switch *g.NginxProxy.Source.Spec.RewriteClientIP.Mode { - case ngfAPI.RewriteClientIPModeProxyProtocol: + case ngfAPIv1alpha1.RewriteClientIPModeProxyProtocol: baseConfig.RewriteClientIPSettings.Mode = RewriteIPModeProxyProtocol - case ngfAPI.RewriteClientIPModeXForwardedFor: + case ngfAPIv1alpha1.RewriteClientIPModeXForwardedFor: baseConfig.RewriteClientIPSettings.Mode = RewriteIPModeXForwardedFor } } @@ -893,7 +894,7 @@ func buildBaseHTTPConfig(g *graph.Graph) BaseHTTPConfig { return baseConfig } -func createSnippetName(nc ngfAPI.NginxContext, nsname types.NamespacedName) string { +func createSnippetName(nc ngfAPIv1alpha1.NginxContext, nsname types.NamespacedName) string { return fmt.Sprintf( "SnippetsFilter_%s_%s_%s", nc, @@ -904,7 +905,7 @@ func createSnippetName(nc ngfAPI.NginxContext, nsname types.NamespacedName) stri func buildSnippetsForContext( snippetFilters map[types.NamespacedName]*graph.SnippetsFilter, - nc ngfAPI.NginxContext, + nc ngfAPIv1alpha1.NginxContext, ) []Snippet { if len(snippetFilters) == 0 { return nil @@ -950,7 +951,7 @@ func buildPolicies(graphPolicies []*graph.Policy) []policies.Policy { return finalPolicies } -func convertAddresses(addresses []ngfAPI.Address) []string { +func convertAddresses(addresses []ngfAPIv1alpha1.Address) []string { trustedAddresses := make([]string, len(addresses)) for i, addr := range addresses { trustedAddresses[i] = addr.Value diff --git a/internal/mode/static/state/dataplane/configuration_test.go b/internal/mode/static/state/dataplane/configuration_test.go index 45da72bf91..a455d5c73e 100644 --- a/internal/mode/static/state/dataplane/configuration_test.go +++ b/internal/mode/static/state/dataplane/configuration_test.go @@ -19,7 +19,8 @@ import ( "sigs.k8s.io/gateway-api/apis/v1alpha2" "sigs.k8s.io/gateway-api/apis/v1alpha3" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/helpers" "github.com/nginx/nginx-gateway-fabric/internal/framework/kinds" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/nginx/config/policies" @@ -337,7 +338,7 @@ func TestBuildConfiguration(t *testing.T) { ) sf1 := &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "sf", Namespace: "test", @@ -345,16 +346,16 @@ func TestBuildConfiguration(t *testing.T) { }, Valid: true, Referenced: true, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextHTTPServerLocation: "location snippet", - ngfAPI.NginxContextHTTPServer: "server snippet", - ngfAPI.NginxContextMain: "main snippet", - ngfAPI.NginxContextHTTP: "http snippet", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextHTTPServerLocation: "location snippet", + ngfAPIv1alpha1.NginxContextHTTPServer: "server snippet", + ngfAPIv1alpha1.NginxContextMain: "main snippet", + ngfAPIv1alpha1.NginxContextHTTP: "http snippet", }, } sfNotReferenced := &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "sf-not-referenced", Namespace: "test", @@ -362,9 +363,9 @@ func TestBuildConfiguration(t *testing.T) { }, Valid: true, Referenced: false, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextMain: "main snippet no ref", - ngfAPI.NginxContextHTTP: "http snippet no ref", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextMain: "main snippet no ref", + ngfAPIv1alpha1.NginxContextHTTP: "http snippet no ref", }, } @@ -377,7 +378,7 @@ func TestBuildConfiguration(t *testing.T) { extRefFilter := graph.Filter{ FilterType: graph.FilterExtensionRef, ExtensionRef: &v1.LocalObjectReference{ - Group: ngfAPI.GroupName, + Group: ngfAPIv1alpha1.GroupName, Kind: kinds.SnippetsFilter, Name: "sf", }, @@ -393,14 +394,14 @@ func TestBuildConfiguration(t *testing.T) { expExtRefFilter := SnippetsFilter{ LocationSnippet: &Snippet{ Name: createSnippetName( - ngfAPI.NginxContextHTTPServerLocation, + ngfAPIv1alpha1.NginxContextHTTPServerLocation, client.ObjectKeyFromObject(extRefFilter.ResolvedExtensionRef.SnippetsFilter.Source), ), Contents: "location snippet", }, ServerSnippet: &Snippet{ Name: createSnippetName( - ngfAPI.NginxContextHTTPServer, + ngfAPIv1alpha1.NginxContextHTTPServer, client.ObjectKeyFromObject(extRefFilter.ResolvedExtensionRef.SnippetsFilter.Source), ), Contents: "server snippet", @@ -826,39 +827,39 @@ func TestBuildConfiguration(t *testing.T) { } nginxProxy := &graph.NginxProxy{ - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Telemetry: &ngfAPI.Telemetry{ - Exporter: &ngfAPI.TelemetryExporter{ + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Telemetry: &ngfAPIv1alpha1.Telemetry{ + Exporter: &ngfAPIv1alpha1.TelemetryExporter{ Endpoint: "my-otel.svc:4563", BatchSize: helpers.GetPointer(int32(512)), BatchCount: helpers.GetPointer(int32(4)), - Interval: helpers.GetPointer(ngfAPI.Duration("5s")), + Interval: helpers.GetPointer(ngfAPIv1alpha1.Duration("5s")), }, ServiceName: helpers.GetPointer("my-svc"), }, DisableHTTP2: true, - IPFamily: helpers.GetPointer(ngfAPI.Dual), + IPFamily: helpers.GetPointer(ngfAPIv1alpha1.Dual), }, }, Valid: true, } nginxProxyIPv4 := &graph.NginxProxy{ - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Telemetry: &ngfAPI.Telemetry{}, - IPFamily: helpers.GetPointer(ngfAPI.IPv4), + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Telemetry: &ngfAPIv1alpha1.Telemetry{}, + IPFamily: helpers.GetPointer(ngfAPIv1alpha1.IPv4), }, }, Valid: true, } nginxProxyIPv6 := &graph.NginxProxy{ - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Telemetry: &ngfAPI.Telemetry{}, - IPFamily: helpers.GetPointer(ngfAPI.IPv6), + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Telemetry: &ngfAPIv1alpha1.Telemetry{}, + IPFamily: helpers.GetPointer(ngfAPIv1alpha1.IPv6), }, }, Valid: true, @@ -2090,12 +2091,12 @@ func TestBuildConfiguration(t *testing.T) { }) g.NginxProxy = &graph.NginxProxy{ Valid: false, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ DisableHTTP2: true, - IPFamily: helpers.GetPointer(ngfAPI.Dual), - Telemetry: &ngfAPI.Telemetry{ - Exporter: &ngfAPI.TelemetryExporter{ + IPFamily: helpers.GetPointer(ngfAPIv1alpha1.Dual), + Telemetry: &ngfAPIv1alpha1.Telemetry{ + Exporter: &ngfAPIv1alpha1.TelemetryExporter{ Endpoint: "some-endpoint", }, }, @@ -2266,17 +2267,17 @@ func TestBuildConfiguration(t *testing.T) { }) g.NginxProxy = &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - RewriteClientIP: &ngfAPI.RewriteClientIP{ + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + RewriteClientIP: &ngfAPIv1alpha1.RewriteClientIP{ SetIPRecursively: helpers.GetPointer(true), - TrustedAddresses: []ngfAPI.Address{ + TrustedAddresses: []ngfAPIv1alpha1.Address{ { - Type: ngfAPI.CIDRAddressType, + Type: ngfAPIv1alpha1.CIDRAddressType, Value: "1.1.1.1/32", }, }, - Mode: helpers.GetPointer(ngfAPI.RewriteClientIPModeProxyProtocol), + Mode: helpers.GetPointer(ngfAPIv1alpha1.RewriteClientIPModeProxyProtocol), }, }, }, @@ -2313,9 +2314,9 @@ func TestBuildConfiguration(t *testing.T) { }) g.NginxProxy = &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Logging: &ngfAPI.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPI.NginxLogLevelDebug)}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Logging: &ngfAPIv1alpha1.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPIv1alpha1.NginxLogLevelDebug)}, }, }, } @@ -2342,7 +2343,7 @@ func TestBuildConfiguration(t *testing.T) { conf.MainSnippets = []Snippet{ { Name: createSnippetName( - ngfAPI.NginxContextMain, + ngfAPIv1alpha1.NginxContextMain, client.ObjectKeyFromObject(sf1.Source), ), Contents: "main snippet", @@ -2351,7 +2352,7 @@ func TestBuildConfiguration(t *testing.T) { conf.BaseHTTPConfig.Snippets = []Snippet{ { Name: createSnippetName( - ngfAPI.NginxContextHTTP, + ngfAPIv1alpha1.NginxContextHTTP, client.ObjectKeyFromObject(sf1.Source), ), Contents: "http snippet", @@ -2534,14 +2535,14 @@ func TestCreateFilters(t *testing.T) { snippetsFilter1 := graph.Filter{ FilterType: graph.FilterExtensionRef, ExtensionRef: &v1.LocalObjectReference{ - Group: ngfAPI.GroupName, + Group: ngfAPIv1alpha1.GroupName, Kind: kinds.SnippetsFilter, Name: "sf1", }, ResolvedExtensionRef: &graph.ExtensionRefFilter{ Valid: true, SnippetsFilter: &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "sf1", Namespace: "default", @@ -2549,11 +2550,11 @@ func TestCreateFilters(t *testing.T) { }, Valid: true, Referenced: true, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextHTTPServerLocation: "location snippet 1", - ngfAPI.NginxContextMain: "main snippet 1", - ngfAPI.NginxContextHTTPServer: "server snippet 1", - ngfAPI.NginxContextHTTP: "http snippet 1", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextHTTPServerLocation: "location snippet 1", + ngfAPIv1alpha1.NginxContextMain: "main snippet 1", + ngfAPIv1alpha1.NginxContextHTTPServer: "server snippet 1", + ngfAPIv1alpha1.NginxContextHTTP: "http snippet 1", }, }, }, @@ -2562,14 +2563,14 @@ func TestCreateFilters(t *testing.T) { snippetsFilter2 := graph.Filter{ FilterType: graph.FilterExtensionRef, ExtensionRef: &v1.LocalObjectReference{ - Group: ngfAPI.GroupName, + Group: ngfAPIv1alpha1.GroupName, Kind: kinds.SnippetsFilter, Name: "sf2", }, ResolvedExtensionRef: &graph.ExtensionRefFilter{ Valid: true, SnippetsFilter: &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "sf2", Namespace: "default", @@ -2577,11 +2578,11 @@ func TestCreateFilters(t *testing.T) { }, Valid: true, Referenced: true, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextHTTPServerLocation: "location snippet 2", - ngfAPI.NginxContextMain: "main snippet 2", - ngfAPI.NginxContextHTTPServer: "server snippet 2", - ngfAPI.NginxContextHTTP: "http snippet 2", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextHTTPServerLocation: "location snippet 2", + ngfAPIv1alpha1.NginxContextMain: "main snippet 2", + ngfAPIv1alpha1.NginxContextHTTPServer: "server snippet 2", + ngfAPIv1alpha1.NginxContextHTTP: "http snippet 2", }, }, }, @@ -2628,14 +2629,14 @@ func TestCreateFilters(t *testing.T) { { LocationSnippet: &Snippet{ Name: createSnippetName( - ngfAPI.NginxContextHTTPServerLocation, + ngfAPIv1alpha1.NginxContextHTTPServerLocation, types.NamespacedName{Namespace: "default", Name: "sf1"}, ), Contents: "location snippet 1", }, ServerSnippet: &Snippet{ Name: createSnippetName( - ngfAPI.NginxContextHTTPServer, + ngfAPIv1alpha1.NginxContextHTTPServer, types.NamespacedName{Namespace: "default", Name: "sf1"}, ), Contents: "server snippet 1", @@ -2644,14 +2645,14 @@ func TestCreateFilters(t *testing.T) { { LocationSnippet: &Snippet{ Name: createSnippetName( - ngfAPI.NginxContextHTTPServerLocation, + ngfAPIv1alpha1.NginxContextHTTPServerLocation, types.NamespacedName{Namespace: "default", Name: "sf2"}, ), Contents: "location snippet 2", }, ServerSnippet: &Snippet{ Name: createSnippetName( - ngfAPI.NginxContextHTTPServer, + ngfAPIv1alpha1.NginxContextHTTPServer, types.NamespacedName{Namespace: "default", Name: "sf2"}, ), Contents: "server snippet 2", @@ -3278,17 +3279,17 @@ func TestConvertBackendTLS(t *testing.T) { func TestBuildTelemetry(t *testing.T) { t.Parallel() telemetryConfigured := &graph.NginxProxy{ - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Telemetry: &ngfAPI.Telemetry{ - Exporter: &ngfAPI.TelemetryExporter{ + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Telemetry: &ngfAPIv1alpha1.Telemetry{ + Exporter: &ngfAPIv1alpha1.TelemetryExporter{ Endpoint: "my-otel.svc:4563", BatchSize: helpers.GetPointer(int32(512)), BatchCount: helpers.GetPointer(int32(4)), - Interval: helpers.GetPointer(ngfAPI.Duration("5s")), + Interval: helpers.GetPointer(ngfAPIv1alpha1.Duration("5s")), }, ServiceName: helpers.GetPointer("my-svc"), - SpanAttributes: []ngfAPI.SpanAttribute{ + SpanAttributes: []ngfAPIv1alpha1.SpanAttribute{ {Key: "key", Value: "value"}, }, }, @@ -3323,7 +3324,7 @@ func TestBuildTelemetry(t *testing.T) { { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ - Source: &ngfAPI.NginxProxy{}, + Source: &ngfAPIv1alpha1.NginxProxy{}, }, }, expTelemetry: Telemetry{}, @@ -3332,10 +3333,10 @@ func TestBuildTelemetry(t *testing.T) { { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Telemetry: &ngfAPI.Telemetry{ - Exporter: &ngfAPI.TelemetryExporter{}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Telemetry: &ngfAPIv1alpha1.Telemetry{ + Exporter: &ngfAPIv1alpha1.TelemetryExporter{}, }, }, }, @@ -3373,13 +3374,13 @@ func TestBuildTelemetry(t *testing.T) { NginxProxy: telemetryConfigured, NGFPolicies: map[graph.PolicyKey]*graph.Policy{ {NsName: types.NamespacedName{Name: "obsPolicy"}}: { - Source: &ngfAPI.ObservabilityPolicy{ + Source: &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "obsPolicy", Namespace: "custom-ns", }, - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ Ratio: helpers.GetPointer[int32](25), }, }, @@ -3408,46 +3409,46 @@ func TestBuildTelemetry(t *testing.T) { NginxProxy: telemetryConfigured, NGFPolicies: map[graph.PolicyKey]*graph.Policy{ {NsName: types.NamespacedName{Name: "obsPolicy"}}: { - Source: &ngfAPI.ObservabilityPolicy{ + Source: &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "obsPolicy", Namespace: "custom-ns", }, - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ Ratio: helpers.GetPointer[int32](25), }, }, }, }, {NsName: types.NamespacedName{Name: "obsPolicy2"}}: { - Source: &ngfAPI.ObservabilityPolicy{ + Source: &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "obsPolicy2", Namespace: "custom-ns", }, - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ Ratio: helpers.GetPointer[int32](50), }, }, }, }, {NsName: types.NamespacedName{Name: "obsPolicy3"}}: { - Source: &ngfAPI.ObservabilityPolicy{ + Source: &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "obsPolicy3", Namespace: "custom-ns", }, - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ Ratio: helpers.GetPointer[int32](25), }, }, }, }, {NsName: types.NamespacedName{Name: "csPolicy"}}: { - Source: &ngfAPI.ClientSettingsPolicy{ + Source: &ngfAPIv1alpha1.ClientSettingsPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "csPolicy", Namespace: "custom-ns", @@ -3478,13 +3479,13 @@ func TestBuildTelemetry(t *testing.T) { NginxProxy: telemetryConfigured, NGFPolicies: map[graph.PolicyKey]*graph.Policy{ {NsName: types.NamespacedName{Name: "obsPolicy"}}: { - Source: &ngfAPI.ObservabilityPolicy{ + Source: &ngfAPIv1alpha2.ObservabilityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "obsPolicy", Namespace: "custom-ns", }, - Spec: ngfAPI.ObservabilityPolicySpec{ - Tracing: &ngfAPI.Tracing{ + Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ + Tracing: &ngfAPIv1alpha2.Tracing{ Ratio: helpers.GetPointer[int32](0), }, }, @@ -3913,7 +3914,7 @@ func TestBuildRewriteIPSettings(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{}, + Source: &ngfAPIv1alpha1.NginxProxy{}, }, }, expRewriteIPSettings: RewriteClientIPSettings{}, @@ -3923,13 +3924,13 @@ func TestBuildRewriteIPSettings(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - RewriteClientIP: &ngfAPI.RewriteClientIP{ - Mode: helpers.GetPointer(ngfAPI.RewriteClientIPModeProxyProtocol), - TrustedAddresses: []ngfAPI.Address{ + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + RewriteClientIP: &ngfAPIv1alpha1.RewriteClientIP{ + Mode: helpers.GetPointer(ngfAPIv1alpha1.RewriteClientIPModeProxyProtocol), + TrustedAddresses: []ngfAPIv1alpha1.Address{ { - Type: ngfAPI.CIDRAddressType, + Type: ngfAPIv1alpha1.CIDRAddressType, Value: "10.9.9.4/32", }, }, @@ -3950,13 +3951,13 @@ func TestBuildRewriteIPSettings(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - RewriteClientIP: &ngfAPI.RewriteClientIP{ - Mode: helpers.GetPointer(ngfAPI.RewriteClientIPModeXForwardedFor), - TrustedAddresses: []ngfAPI.Address{ + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + RewriteClientIP: &ngfAPIv1alpha1.RewriteClientIP{ + Mode: helpers.GetPointer(ngfAPIv1alpha1.RewriteClientIPModeXForwardedFor), + TrustedAddresses: []ngfAPIv1alpha1.Address{ { - Type: ngfAPI.CIDRAddressType, + Type: ngfAPIv1alpha1.CIDRAddressType, Value: "76.89.90.11/24", }, }, @@ -3977,25 +3978,25 @@ func TestBuildRewriteIPSettings(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - RewriteClientIP: &ngfAPI.RewriteClientIP{ - Mode: helpers.GetPointer(ngfAPI.RewriteClientIPModeXForwardedFor), - TrustedAddresses: []ngfAPI.Address{ + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + RewriteClientIP: &ngfAPIv1alpha1.RewriteClientIP{ + Mode: helpers.GetPointer(ngfAPIv1alpha1.RewriteClientIPModeXForwardedFor), + TrustedAddresses: []ngfAPIv1alpha1.Address{ { - Type: ngfAPI.CIDRAddressType, + Type: ngfAPIv1alpha1.CIDRAddressType, Value: "5.5.5.5/12", }, { - Type: ngfAPI.CIDRAddressType, + Type: ngfAPIv1alpha1.CIDRAddressType, Value: "1.1.1.1/26", }, { - Type: ngfAPI.CIDRAddressType, + Type: ngfAPIv1alpha1.CIDRAddressType, Value: "2.2.2.2/32", }, { - Type: ngfAPI.CIDRAddressType, + Type: ngfAPIv1alpha1.CIDRAddressType, Value: "3.3.3.3/24", }, }, @@ -4042,8 +4043,8 @@ func TestBuildLogging(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{}, }, }, }, @@ -4054,9 +4055,9 @@ func TestBuildLogging(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Logging: &ngfAPI.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPI.NginxLogLevelDebug)}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Logging: &ngfAPIv1alpha1.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPIv1alpha1.NginxLogLevelDebug)}, }, }, }, @@ -4068,9 +4069,9 @@ func TestBuildLogging(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Logging: &ngfAPI.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPI.NginxLogLevelInfo)}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Logging: &ngfAPIv1alpha1.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPIv1alpha1.NginxLogLevelInfo)}, }, }, }, @@ -4082,9 +4083,9 @@ func TestBuildLogging(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Logging: &ngfAPI.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPI.NginxLogLevelNotice)}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Logging: &ngfAPIv1alpha1.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPIv1alpha1.NginxLogLevelNotice)}, }, }, }, @@ -4096,9 +4097,9 @@ func TestBuildLogging(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Logging: &ngfAPI.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPI.NginxLogLevelWarn)}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Logging: &ngfAPIv1alpha1.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPIv1alpha1.NginxLogLevelWarn)}, }, }, }, @@ -4110,9 +4111,9 @@ func TestBuildLogging(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Logging: &ngfAPI.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPI.NginxLogLevelError)}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Logging: &ngfAPIv1alpha1.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPIv1alpha1.NginxLogLevelError)}, }, }, }, @@ -4124,9 +4125,9 @@ func TestBuildLogging(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Logging: &ngfAPI.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPI.NginxLogLevelCrit)}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Logging: &ngfAPIv1alpha1.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPIv1alpha1.NginxLogLevelCrit)}, }, }, }, @@ -4138,9 +4139,9 @@ func TestBuildLogging(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Logging: &ngfAPI.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPI.NginxLogLevelAlert)}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Logging: &ngfAPIv1alpha1.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPIv1alpha1.NginxLogLevelAlert)}, }, }, }, @@ -4152,9 +4153,9 @@ func TestBuildLogging(t *testing.T) { g: &graph.Graph{ NginxProxy: &graph.NginxProxy{ Valid: true, - Source: &ngfAPI.NginxProxy{ - Spec: ngfAPI.NginxProxySpec{ - Logging: &ngfAPI.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPI.NginxLogLevelEmerg)}, + Source: &ngfAPIv1alpha1.NginxProxy{ + Spec: ngfAPIv1alpha1.NginxProxySpec{ + Logging: &ngfAPIv1alpha1.NginxLogging{ErrorLevel: helpers.GetPointer(ngfAPIv1alpha1.NginxLogLevelEmerg)}, }, }, }, @@ -4179,7 +4180,7 @@ func TestCreateSnippetName(t *testing.T) { g := NewWithT(t) name := createSnippetName( - ngfAPI.NginxContextHTTPServerLocation, + ngfAPIv1alpha1.NginxContextHTTPServerLocation, types.NamespacedName{Namespace: "some-ns", Name: "some-name"}, ) g.Expect(name).To(Equal("SnippetsFilter_http.server.location_some-ns_some-name")) @@ -4189,7 +4190,7 @@ func TestBuildSnippetForContext(t *testing.T) { t.Parallel() validUnreferenced := &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "valid-unreferenced", Namespace: "default", @@ -4197,13 +4198,13 @@ func TestBuildSnippetForContext(t *testing.T) { }, Valid: true, Referenced: false, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextHTTPServerLocation: "valid unreferenced", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextHTTPServerLocation: "valid unreferenced", }, } invalidUnreferenced := &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "invalid-unreferenced", Namespace: "default", @@ -4211,13 +4212,13 @@ func TestBuildSnippetForContext(t *testing.T) { }, Valid: false, Referenced: false, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextHTTPServerLocation: "invalid unreferenced", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextHTTPServerLocation: "invalid unreferenced", }, } invalidReferenced := &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "invalid-referenced", Namespace: "default", @@ -4225,13 +4226,13 @@ func TestBuildSnippetForContext(t *testing.T) { }, Valid: false, Referenced: true, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextHTTPServerLocation: "invalid referenced", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextHTTPServerLocation: "invalid referenced", }, } validReferenced1 := &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "valid-referenced1", Namespace: "default", @@ -4239,14 +4240,14 @@ func TestBuildSnippetForContext(t *testing.T) { }, Valid: true, Referenced: true, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextHTTP: "http valid referenced 1", - ngfAPI.NginxContextMain: "main valid referenced 1", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextHTTP: "http valid referenced 1", + ngfAPIv1alpha1.NginxContextMain: "main valid referenced 1", }, } validReferenced2 := &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "valid-referenced2", Namespace: "other-ns", @@ -4254,14 +4255,14 @@ func TestBuildSnippetForContext(t *testing.T) { }, Valid: true, Referenced: true, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextMain: "main valid referenced 2", - ngfAPI.NginxContextHTTP: "http valid referenced 2", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextMain: "main valid referenced 2", + ngfAPIv1alpha1.NginxContextHTTP: "http valid referenced 2", }, } validReferenced3 := &graph.SnippetsFilter{ - Source: &ngfAPI.SnippetsFilter{ + Source: &ngfAPIv1alpha1.SnippetsFilter{ ObjectMeta: metav1.ObjectMeta{ Name: "valid-referenced3", Namespace: "other-ns", @@ -4269,29 +4270,29 @@ func TestBuildSnippetForContext(t *testing.T) { }, Valid: true, Referenced: true, - Snippets: map[ngfAPI.NginxContext]string{ - ngfAPI.NginxContextHTTPServerLocation: "location valid referenced 2", + Snippets: map[ngfAPIv1alpha1.NginxContext]string{ + ngfAPIv1alpha1.NginxContextHTTPServerLocation: "location valid referenced 2", }, } expMainSnippets := []Snippet{ { - Name: createSnippetName(ngfAPI.NginxContextMain, client.ObjectKeyFromObject(validReferenced1.Source)), + Name: createSnippetName(ngfAPIv1alpha1.NginxContextMain, client.ObjectKeyFromObject(validReferenced1.Source)), Contents: "main valid referenced 1", }, { - Name: createSnippetName(ngfAPI.NginxContextMain, client.ObjectKeyFromObject(validReferenced2.Source)), + Name: createSnippetName(ngfAPIv1alpha1.NginxContextMain, client.ObjectKeyFromObject(validReferenced2.Source)), Contents: "main valid referenced 2", }, } expHTTPSnippets := []Snippet{ { - Name: createSnippetName(ngfAPI.NginxContextHTTP, client.ObjectKeyFromObject(validReferenced1.Source)), + Name: createSnippetName(ngfAPIv1alpha1.NginxContextHTTP, client.ObjectKeyFromObject(validReferenced1.Source)), Contents: "http valid referenced 1", }, { - Name: createSnippetName(ngfAPI.NginxContextHTTP, client.ObjectKeyFromObject(validReferenced2.Source)), + Name: createSnippetName(ngfAPIv1alpha1.NginxContextHTTP, client.ObjectKeyFromObject(validReferenced2.Source)), Contents: "http valid referenced 2", }, } @@ -4310,25 +4311,25 @@ func TestBuildSnippetForContext(t *testing.T) { tests := []struct { name string snippetsFilters map[types.NamespacedName]*graph.SnippetsFilter - ctx ngfAPI.NginxContext + ctx ngfAPIv1alpha1.NginxContext expSnippets []Snippet }{ { name: "no snippets filters", snippetsFilters: nil, - ctx: ngfAPI.NginxContextMain, + ctx: ngfAPIv1alpha1.NginxContextMain, expSnippets: nil, }, { name: "main context: mix of invalid, unreferenced, and valid, referenced snippets filters", snippetsFilters: getSnippetsFilters(), - ctx: ngfAPI.NginxContextMain, + ctx: ngfAPIv1alpha1.NginxContextMain, expSnippets: expMainSnippets, }, { name: "http context: mix of invalid, unreferenced, and valid, referenced snippets filters", snippetsFilters: getSnippetsFilters(), - ctx: ngfAPI.NginxContextHTTP, + ctx: ngfAPIv1alpha1.NginxContextHTTP, expSnippets: expHTTPSnippets, }, } diff --git a/internal/mode/static/state/graph/policy_ancestor_test.go b/internal/mode/static/state/graph/policy_ancestor_test.go index 75391bc097..d3a1905b0b 100644 --- a/internal/mode/static/state/graph/policy_ancestor_test.go +++ b/internal/mode/static/state/graph/policy_ancestor_test.go @@ -8,7 +8,7 @@ import ( v1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/framework/kinds" ) @@ -90,7 +90,7 @@ func TestNGFPolicyAncestorsFull(t *testing.T) { } return &Policy{ - Source: &ngfAPI.ObservabilityPolicy{ + Source: &ngfAPIv1alpha2.ObservabilityPolicy{ Status: v1alpha2.PolicyStatus{ Ancestors: currAncestors, }, diff --git a/site/content/how-to/monitoring/tracing.md b/site/content/how-to/monitoring/tracing.md index 2820c7f187..3b440a33c4 100644 --- a/site/content/how-to/monitoring/tracing.md +++ b/site/content/how-to/monitoring/tracing.md @@ -267,7 +267,7 @@ To enable tracing for the coffee HTTPRoute, create the following policy: ```yaml kubectl apply -f - <}}) | Configure connection behavior between client and NGINX | Inherited | Gateway, HTTPRoute, GRPCRoute | No | Yes | v1alpha1 | -| [ObservabilityPolicy]({{}}) | Define settings related to tracing, metrics, or logging | Direct | HTTPRoute, GRPCRoute | Yes | No | v1alpha1 | +| [ObservabilityPolicy]({{}}) | Define settings related to tracing, metrics, or logging | Direct | HTTPRoute, GRPCRoute | Yes | No | v1alpha2 | | [UpstreamSettingsPolicy]({{}}) | Configure connection behavior between NGINX and upstream applications | Direct | Service | Yes | Yes | v1alpha1 | - {{}} {{< important >}} diff --git a/site/content/reference/api.md b/site/content/reference/api.md index 74ea08d3c8..77eafa4ac6 100644 --- a/site/content/reference/api.md +++ b/site/content/reference/api.md @@ -10,6 +10,9 @@ NGINX Gateway API Reference
  • gateway.nginx.org/v1alpha1
    • +
  • +gateway.nginx.org/v1alpha2 +

    • gateway.nginx.org/v1alpha1

    @@ -683,6 +686,7 @@ UpstreamKeepAlive

    TargetRefs identifies API object(s) to apply the policy to. Objects must be in the same namespace as the policy. Support: Service

    +

    TargetRefs must be distinct. The name field must be unique for all targetRef entries in the UpstreamSettingsPolicy.

    @@ -1825,7 +1829,8 @@ and the status of the SnippetsFilter with respect to each controller.

    (Appears on: Telemetry, -Tracing) +Tracing, +Tracing)

    SpanAttribute is a key value pair to be added to a tracing span.

    @@ -2290,6 +2295,326 @@ UpstreamKeepAlive

    TargetRefs identifies API object(s) to apply the policy to. Objects must be in the same namespace as the policy. Support: Service

    +

    TargetRefs must be distinct. The name field must be unique for all targetRef entries in the UpstreamSettingsPolicy.

    + + + + +
    +

    gateway.nginx.org/v1alpha2

    +

    +

    Package v1alpha2 contains API Schema definitions for the +gateway.nginx.org API group.

    +

    +Resource Types: + +

    ObservabilityPolicy + +

    +

    +

    ObservabilityPolicy is a Direct Attached Policy. It provides a way to configure observability settings for +the NGINX Gateway Fabric data plane. Used in conjunction with the NginxProxy CRD that is attached to the +GatewayClass parametersRef.

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    +apiVersion
    +string    		 + +gateway.nginx.org/v1alpha2 + +
    +kind
    +string +    		ObservabilityPolicy
    +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + +    		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
    +spec
    + + +ObservabilityPolicySpec + + +    		 +

    Spec defines the desired state of the ObservabilityPolicy.

    +
    +
    + + + + + + + + + +
    +tracing
    + + +Tracing + + +    		 +(Optional) +

    Tracing allows for enabling and configuring tracing.

    +
    +targetRefs
    + + +[]sigs.k8s.io/gateway-api/apis/v1alpha2.LocalPolicyTargetReference + + +    		 +

    TargetRefs identifies the API object(s) to apply the policy to. +Objects must be in the same namespace as the policy. +Support: HTTPRoute, GRPCRoute.

    +

    TargetRefs must be distinct. This means that the multi-part key defined by kind and name must +be unique across all targetRef entries in the ObservabilityPolicy.

    +
    +
    +status
    + + +sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyStatus + + +    		 +

    Status defines the state of the ObservabilityPolicy.

    +
    +

    ObservabilityPolicySpec + +

    +

    +(Appears on: +ObservabilityPolicy) +

    +

    +

    ObservabilityPolicySpec defines the desired state of the ObservabilityPolicy.

    +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +tracing
    + + +Tracing + + +    		 +(Optional) +

    Tracing allows for enabling and configuring tracing.

    +
    +targetRefs
    + + +[]sigs.k8s.io/gateway-api/apis/v1alpha2.LocalPolicyTargetReference + + +    		 +

    TargetRefs identifies the API object(s) to apply the policy to. +Objects must be in the same namespace as the policy. +Support: HTTPRoute, GRPCRoute.

    +

    TargetRefs must be distinct. This means that the multi-part key defined by kind and name must +be unique across all targetRef entries in the ObservabilityPolicy.

    +
    +

    TraceContext +(string alias)

    +

    +

    +(Appears on: +Tracing) +

    +

    +

    TraceContext specifies how to propagate traceparent/tracestate headers.

    +

    + + + + + + + + + + + + + + + + +
    ValueDescription

    "extract"

    TraceContextExtract uses an existing trace context from the request, so that the identifiers +of a trace and the parent span are inherited from the incoming request.

    +

    "ignore"

    TraceContextIgnore skips context headers processing.

    +

    "inject"

    TraceContextInject adds a new context to the request, overwriting existing headers, if any.

    +

    "propagate"

    TraceContextPropagate updates the existing context (combines extract and inject).

    +
    +

    TraceStrategy +(string alias)

    +

    +

    +(Appears on: +Tracing) +

    +

    +

    TraceStrategy defines the tracing strategy.

    +

    + + + + + + + + + + + + +
    ValueDescription

    "parent"

    TraceStrategyParent enables tracing and only records spans if the parent span was sampled.

    +

    "ratio"

    TraceStrategyRatio enables ratio-based tracing, defaulting to 100% sampling rate.

    +
    +

    Tracing + +

    +

    +(Appears on: +ObservabilityPolicySpec) +

    +

    +

    Tracing allows for enabling and configuring OpenTelemetry tracing.

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/suite/manifests/tracing/policy-multiple.yaml b/tests/suite/manifests/tracing/policy-multiple.yaml index 851f573fdd..cbafeafd2b 100644 --- a/tests/suite/manifests/tracing/policy-multiple.yaml +++ b/tests/suite/manifests/tracing/policy-multiple.yaml @@ -1,4 +1,4 @@ -apiVersion: gateway.nginx.org/v1alpha1 +apiVersion: gateway.nginx.org/v1alpha2 kind: ObservabilityPolicy metadata: name: test-observability-policy diff --git a/tests/suite/manifests/tracing/policy-single.yaml b/tests/suite/manifests/tracing/policy-single.yaml index 6d8da1581c..37904db3c6 100644 --- a/tests/suite/manifests/tracing/policy-single.yaml +++ b/tests/suite/manifests/tracing/policy-single.yaml @@ -1,4 +1,4 @@ -apiVersion: gateway.nginx.org/v1alpha1 +apiVersion: gateway.nginx.org/v1alpha2 kind: ObservabilityPolicy metadata: name: test-observability-policy diff --git a/tests/suite/system_suite_test.go b/tests/suite/system_suite_test.go index 1f759d0db2..684ad1d998 100644 --- a/tests/suite/system_suite_test.go +++ b/tests/suite/system_suite_test.go @@ -31,7 +31,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" v1 "sigs.k8s.io/gateway-api/apis/v1" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/tests/framework" ) @@ -117,7 +118,8 @@ func setup(cfg setupConfig, extraInstallArgs ...string) { Expect(coordination.AddToScheme(scheme)).To(Succeed()) Expect(v1.Install(scheme)).To(Succeed()) Expect(batchv1.AddToScheme(scheme)).To(Succeed()) - Expect(ngfAPI.AddToScheme(scheme)).To(Succeed()) + Expect(ngfAPIv1alpha1.AddToScheme(scheme)).To(Succeed()) + Expect(ngfAPIv1alpha2.AddToScheme(scheme)).To(Succeed()) options := client.Options{ Scheme: scheme, diff --git a/tests/suite/tracing_test.go b/tests/suite/tracing_test.go index 46ec5bfc18..5d39bd94eb 100644 --- a/tests/suite/tracing_test.go +++ b/tests/suite/tracing_test.go @@ -17,7 +17,8 @@ import ( gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - ngfAPI "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha1" + ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/internal/mode/static/state/conditions" "github.com/nginx/nginx-gateway-fabric/tests/framework" ) @@ -101,7 +102,7 @@ var _ = Describe("Tracing", FlakeAttempts(2), Label("functional", "tracing"), fu } gwClass.Spec.ParametersRef = &gatewayv1.ParametersReference{ - Group: ngfAPI.GroupName, + Group: ngfAPIv1alpha1.GroupName, Kind: gatewayv1.Kind("NginxProxy"), Name: "nginx-proxy", } @@ -235,7 +236,7 @@ func verifyPolicyStatus() error { ctx, cancel := context.WithTimeout(context.Background(), timeoutConfig.GetTimeout) defer cancel() - var pol ngfAPI.ObservabilityPolicy + var pol ngfAPIv1alpha2.ObservabilityPolicy key := types.NamespacedName{Name: "test-observability-policy", Namespace: "helloworld"} if err := k8sClient.Get(ctx, key, &pol); err != nil { return err
    FieldDescription
    +strategy
    + + +TraceStrategy + + +    		 +

    Strategy defines if tracing is ratio-based or parent-based.

    +
    +ratio
    + +int32 + +    		 +(Optional) +

    Ratio is the percentage of traffic that should be sampled. Integer from 0 to 100. +By default, 100% of http requests are traced. Not applicable for parent-based tracing. +If ratio is set to 0, tracing is disabled.

    +
    +context
    + + +TraceContext + + +    		 +(Optional) +

    Context specifies how to propagate traceparent/tracestate headers. +Default: https://nginx.org/en/docs/ngx_otel_module.html#otel_trace_context

    +
    +spanName
    + +string + +    		 +(Optional) +

    SpanName defines the name of the Otel span. By default is the name of the location for a request. +If specified, applies to all locations that are created for a route. +Format: must have all ‘“’ escaped and must not contain any ‘$’ or end with an unescaped ‘\’ +Examples of invalid names: some-$value, quoted-“value”-name, unescaped

    +
    +spanAttributes
    + + +[]SpanAttribute + + +    		 +(Optional) +

    SpanAttributes are custom key/value attributes that are added to each span.