diff --git a/apis/v1alpha1/nginxproxy_types.go b/apis/v1alpha1/nginxproxy_types.go
index 20a870b9d8..39bfb6eabc 100644
--- a/apis/v1alpha1/nginxproxy_types.go
+++ b/apis/v1alpha1/nginxproxy_types.go
@@ -88,20 +88,3 @@ type TelemetryExporter struct {
// +kubebuilder:validation:Pattern=`^(?:http?:\/\/)?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*(?::\d{1,5})?$`
Endpoint string `json:"endpoint"`
}
-
-// SpanAttribute is a key value pair to be added to a tracing span.
-type SpanAttribute struct {
- // Key is the key for a span attribute.
- //
- // +kubebuilder:validation:MinLength=1
- // +kubebuilder:validation:MaxLength=255
- // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9_-]+$`
- Key string `json:"key"`
-
- // Value is the value for a span attribute.
- //
- // +kubebuilder:validation:MinLength=1
- // +kubebuilder:validation:MaxLength=255
- // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9_-]+$`
- Value string `json:"value"`
-}
diff --git a/apis/v1alpha1/observabilitypolicy_types.go b/apis/v1alpha1/observabilitypolicy_types.go
new file mode 100644
index 0000000000..fcd614c192
--- /dev/null
+++ b/apis/v1alpha1/observabilitypolicy_types.go
@@ -0,0 +1,126 @@
+package v1alpha1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:categories=nginx-gateway-fabric,scope=Namespaced
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct"
+
+// ObservabilityPolicy is a Direct Attached Policy. It provides a way to configure observability settings for
+// the NGINX Gateway Fabric data plane. Used in conjunction with the NginxProxy CRD that is attached to the
+// GatewayClass parametersRef.
+type ObservabilityPolicy struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ // Spec defines the desired state of the ObservabilityPolicy.
+ Spec ObservabilityPolicySpec `json:"spec"`
+
+ // Status defines the state of the ObservabilityPolicy.
+ Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// ObservabilityPolicyList contains a list of ObservabilityPolicies.
+type ObservabilityPolicyList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []ObservabilityPolicy `json:"items"`
+}
+
+// ObservabilityPolicySpec defines the desired state of the ObservabilityPolicy.
+type ObservabilityPolicySpec struct {
+ // TargetRef identifies an API object to apply the policy to.
+ // Object must be in the same namespace as the policy.
+ //
+ // Support: HTTPRoute
+ TargetRef gatewayv1alpha2.PolicyTargetReference `json:"targetRef"`
+
+ // Tracing allows for enabling and configuring tracing.
+ //
+ // +optional
+ Tracing *Tracing `json:"tracing,omitempty"`
+}
+
+// Tracing allows for enabling and configuring OpenTelemetry tracing.
+//
+// +kubebuilder:validation:XValidation:message="ratio can only be specified if strategy is of type ratio",rule="!(has(self.ratio) && self.strategy != 'ratio')"
+//
+//nolint:lll
+type Tracing struct {
+ // Strategy defines if tracing is ratio-based or parent-based.
+ Strategy TraceStrategy `json:"strategy"`
+
+ // Ratio is the percentage of traffic that should be sampled. Integer from 0 to 100.
+ // By default, 100% of http requests are traced. Not applicable for parent-based tracing.
+ //
+ // +optional
+ // +kubebuilder:validation:Minimum=0
+ // +kubebuilder:validation:Maximum=100
+ Ratio *int32 `json:"ratio,omitempty"`
+
+ // Context specifies how to propagate traceparent/tracestate headers.
+ // Default: https://nginx.org/en/docs/ngx_otel_module.html#otel_trace_context
+ //
+ // +optional
+ Context *TraceContext `json:"context,omitempty"`
+
+ // SpanName defines the name of the Otel span. By default is the name of the location for a request.
+ // If specified, applies to all locations that are created for a route.
+ // Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\'
+ // Examples of invalid names: some-$value, quoted-"value"-name, unescaped\
+ //
+ // +optional
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=255
+ // +kubebuilder:validation:Pattern=`^([^"$\\]|\\[^$])*$`
+ SpanName *string `json:"spanName,omitempty"`
+
+ // SpanAttributes are custom key/value attributes that are added to each span.
+ //
+ // +optional
+ // +listType=map
+ // +listMapKey=key
+ // +kubebuilder:validation:MaxItems=64
+ SpanAttributes []SpanAttribute `json:"spanAttributes,omitempty"`
+}
+
+// TraceStrategy defines the tracing strategy.
+//
+// +kubebuilder:validation:Enum=ratio;parent
+type TraceStrategy string
+
+const (
+ // TraceStrategyRatio enables ratio-based tracing, defaulting to 100% sampling rate.
+ TraceStrategyRatio TraceStrategy = "ratio"
+
+ // TraceStrategyParent enables tracing and only records spans if the parent span was sampled.
+ TraceStrategyParent TraceStrategy = "parent"
+)
+
+// TraceContext specifies how to propagate traceparent/tracestate headers.
+//
+// +kubebuilder:validation:Enum=extract;inject;propagate;ignore
+type TraceContext string
+
+const (
+ // TraceContextExtract uses an existing trace context from the request, so that the identifiers
+ // of a trace and the parent span are inherited from the incoming request.
+ TraceContextExtract TraceContext = "extract"
+
+ // TraceContextInject adds a new context to the request, overwriting existing headers, if any.
+ TraceContextInject TraceContext = "inject"
+
+ // TraceContextPropagate updates the existing context (combines extract and inject).
+ TraceContextPropagate TraceContext = "propagate"
+
+ // TraceContextIgnore skips context headers processing.
+ TraceContextIgnore TraceContext = "ignore"
+)
diff --git a/apis/v1alpha1/register.go b/apis/v1alpha1/register.go
index ada0bc7a06..c0f23fcac3 100644
--- a/apis/v1alpha1/register.go
+++ b/apis/v1alpha1/register.go
@@ -36,6 +36,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&NginxGatewayList{},
&NginxProxy{},
&NginxProxyList{},
+ &ObservabilityPolicy{},
+ &ObservabilityPolicyList{},
&ClientSettingsPolicy{},
&ClientSettingsPolicyList{},
)
diff --git a/apis/v1alpha1/shared_types.go b/apis/v1alpha1/shared_types.go
index 59f9d13d4d..d56ff53593 100644
--- a/apis/v1alpha1/shared_types.go
+++ b/apis/v1alpha1/shared_types.go
@@ -6,3 +6,22 @@ package v1alpha1
//
// +kubebuilder:validation:Pattern=`^\d{1,4}(ms|s)?$`
type Duration string
+
+// SpanAttribute is a key value pair to be added to a tracing span.
+type SpanAttribute struct {
+ // Key is the key for a span attribute.
+ // Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\'
+ //
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=255
+ // +kubebuilder:validation:Pattern=`^([^"$\\]|\\[^$])*$`
+ Key string `json:"key"`
+
+ // Value is the value for a span attribute.
+ // Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\'
+ //
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=255
+ // +kubebuilder:validation:Pattern=`^([^"$\\]|\\[^$])*$`
+ Value string `json:"value"`
+}
diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go
index 2304c2941a..222ff43edb 100644
--- a/apis/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/v1alpha1/zz_generated.deepcopy.go
@@ -373,6 +373,86 @@ func (in *NginxProxySpec) DeepCopy() *NginxProxySpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ObservabilityPolicy) DeepCopyInto(out *ObservabilityPolicy) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObservabilityPolicy.
+func (in *ObservabilityPolicy) DeepCopy() *ObservabilityPolicy {
+ if in == nil {
+ return nil
+ }
+ out := new(ObservabilityPolicy)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ObservabilityPolicy) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ObservabilityPolicyList) DeepCopyInto(out *ObservabilityPolicyList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ObservabilityPolicy, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObservabilityPolicyList.
+func (in *ObservabilityPolicyList) DeepCopy() *ObservabilityPolicyList {
+ if in == nil {
+ return nil
+ }
+ out := new(ObservabilityPolicyList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ObservabilityPolicyList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ObservabilityPolicySpec) DeepCopyInto(out *ObservabilityPolicySpec) {
+ *out = *in
+ in.TargetRef.DeepCopyInto(&out.TargetRef)
+ if in.Tracing != nil {
+ in, out := &in.Tracing, &out.Tracing
+ *out = new(Tracing)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObservabilityPolicySpec.
+func (in *ObservabilityPolicySpec) DeepCopy() *ObservabilityPolicySpec {
+ if in == nil {
+ return nil
+ }
+ out := new(ObservabilityPolicySpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SpanAttribute) DeepCopyInto(out *SpanAttribute) {
*out = *in
@@ -447,3 +527,38 @@ func (in *TelemetryExporter) DeepCopy() *TelemetryExporter {
in.DeepCopyInto(out)
return out
}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Tracing) DeepCopyInto(out *Tracing) {
+ *out = *in
+ if in.Ratio != nil {
+ in, out := &in.Ratio, &out.Ratio
+ *out = new(int32)
+ **out = **in
+ }
+ if in.Context != nil {
+ in, out := &in.Context, &out.Context
+ *out = new(TraceContext)
+ **out = **in
+ }
+ if in.SpanName != nil {
+ in, out := &in.SpanName, &out.SpanName
+ *out = new(string)
+ **out = **in
+ }
+ if in.SpanAttributes != nil {
+ in, out := &in.SpanAttributes, &out.SpanAttributes
+ *out = make([]SpanAttribute, len(*in))
+ copy(*out, *in)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing.
+func (in *Tracing) DeepCopy() *Tracing {
+ if in == nil {
+ return nil
+ }
+ out := new(Tracing)
+ in.DeepCopyInto(out)
+ return out
+}
diff --git a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml
index 6119184d92..cecb62da57 100644
--- a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml
+++ b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml
@@ -98,16 +98,20 @@ spec:
a tracing span.
properties:
key:
- description: Key is the key for a span attribute.
+ description: |-
+ Key is the key for a span attribute.
+ Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\'
maxLength: 255
minLength: 1
- pattern: ^[a-zA-Z0-9_-]+$
+ pattern: ^([^"$\\]|\\[^$])*$
type: string
value:
- description: Value is the value for a span attribute.
+ description: |-
+ Value is the value for a span attribute.
+ Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\'
maxLength: 255
minLength: 1
- pattern: ^[a-zA-Z0-9_-]+$
+ pattern: ^([^"$\\]|\\[^$])*$
type: string
required:
- key
diff --git a/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml b/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml
new file mode 100644
index 0000000000..523de8d74a
--- /dev/null
+++ b/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml
@@ -0,0 +1,524 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ labels:
+ gateway.networking.k8s.io/policy: direct
+ name: observabilitypolicies.gateway.nginx.org
+spec:
+ group: gateway.nginx.org
+ names:
+ categories:
+ - nginx-gateway-fabric
+ kind: ObservabilityPolicy
+ listKind: ObservabilityPolicyList
+ plural: observabilitypolicies
+ singular: observabilitypolicy
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ObservabilityPolicy is a Direct Attached Policy. It provides a way to configure observability settings for
+ the NGINX Gateway Fabric data plane. Used in conjunction with the NginxProxy CRD that is attached to the
+ GatewayClass parametersRef.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the desired state of the ObservabilityPolicy.
+ properties:
+ targetRef:
+ description: |-
+ TargetRef identifies an API object to apply the policy to.
+ Object must be in the same namespace as the policy.
+
+
+ Support: HTTPRoute
+ properties:
+ group:
+ description: Group is the group of the target resource.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the target resource.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the target resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, the local
+ namespace is inferred. Even when policy targets a resource in a different
+ namespace, it MUST only apply to traffic originating from the same
+ namespace as the policy.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ tracing:
+ description: Tracing allows for enabling and configuring tracing.
+ properties:
+ context:
+ description: |-
+ Context specifies how to propagate traceparent/tracestate headers.
+ Default: https://nginx.org/en/docs/ngx_otel_module.html#otel_trace_context
+ enum:
+ - extract
+ - inject
+ - propagate
+ - ignore
+ type: string
+ ratio:
+ description: |-
+ Ratio is the percentage of traffic that should be sampled. Integer from 0 to 100.
+ By default, 100% of http requests are traced. Not applicable for parent-based tracing.
+ format: int32
+ maximum: 100
+ minimum: 0
+ type: integer
+ spanAttributes:
+ description: SpanAttributes are custom key/value attributes that
+ are added to each span.
+ items:
+ description: SpanAttribute is a key value pair to be added to
+ a tracing span.
+ properties:
+ key:
+ description: |-
+ Key is the key for a span attribute.
+ Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\'
+ maxLength: 255
+ minLength: 1
+ pattern: ^([^"$\\]|\\[^$])*$
+ type: string
+ value:
+ description: |-
+ Value is the value for a span attribute.
+ Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\'
+ maxLength: 255
+ minLength: 1
+ pattern: ^([^"$\\]|\\[^$])*$
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ maxItems: 64
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ spanName:
+ description: |-
+ SpanName defines the name of the Otel span. By default is the name of the location for a request.
+ If specified, applies to all locations that are created for a route.
+ Format: must have all '"' escaped and must not contain any '$' or end with an unescaped '\'
+ Examples of invalid names: some-$value, quoted-"value"-name, unescaped\
+ maxLength: 255
+ minLength: 1
+ pattern: ^([^"$\\]|\\[^$])*$
+ type: string
+ strategy:
+ description: Strategy defines if tracing is ratio-based or parent-based.
+ enum:
+ - ratio
+ - parent
+ type: string
+ required:
+ - strategy
+ type: object
+ x-kubernetes-validations:
+ - message: ratio can only be specified if strategy is of type ratio
+ rule: '!(has(self.ratio) && self.strategy != ''ratio'')'
+ required:
+ - targetRef
+ type: object
+ status:
+ description: Status defines the state of the ObservabilityPolicy.
+ properties:
+ ancestors:
+ description: |-
+ Ancestors is a list of ancestor resources (usually Gateways) that are
+ associated with the policy, and the status of the policy with respect to
+ each ancestor. When this policy attaches to a parent, the controller that
+ manages the parent and the ancestors MUST add an entry to this list when
+ the controller first sees the policy and SHOULD update the entry as
+ appropriate when the relevant ancestor is modified.
+
+
+ Note that choosing the relevant ancestor is left to the Policy designers;
+ an important part of Policy design is designing the right object level at
+ which to namespace this status.
+
+
+ Note also that implementations MUST ONLY populate ancestor status for
+ the Ancestor resources they are responsible for. Implementations MUST
+ use the ControllerName field to uniquely identify the entries in this list
+ that they are responsible for.
+
+
+ Note that to achieve this, the list of PolicyAncestorStatus structs
+ MUST be treated as a map with a composite key, made up of the AncestorRef
+ and ControllerName fields combined.
+
+
+ A maximum of 16 ancestors will be represented in this list. An empty list
+ means the Policy is not relevant for any ancestors.
+
+
+ If this slice is full, implementations MUST NOT add further entries.
+ Instead they MUST consider the policy unimplementable and signal that
+ on any related resources such as the ancestor that would be referenced
+ here. For example, if this list was full on BackendTLSPolicy, no
+ additional Gateways would be able to reference the Service targeted by
+ the BackendTLSPolicy.
+ items:
+ description: |-
+ PolicyAncestorStatus describes the status of a route with respect to an
+ associated Ancestor.
+
+
+ Ancestors refer to objects that are either the Target of a policy or above it
+ in terms of object hierarchy. For example, if a policy targets a Service, the
+ Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and
+ the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most
+ useful object to place Policy status on, so we recommend that implementations
+ SHOULD use Gateway as the PolicyAncestorStatus object unless the designers
+ have a _very_ good reason otherwise.
+
+
+ In the context of policy attachment, the Ancestor is used to distinguish which
+ resource results in a distinct application of this policy. For example, if a policy
+ targets a Service, it may have a distinct result per attached Gateway.
+
+
+ Policies targeting the same resource may have different effects depending on the
+ ancestors of those resources. For example, different Gateways targeting the same
+ Service may have different capabilities, especially if they have different underlying
+ implementations.
+
+
+ For example, in BackendTLSPolicy, the Policy attaches to a Service that is
+ used as a backend in a HTTPRoute that is itself attached to a Gateway.
+ In this case, the relevant object for status is the Gateway, and that is the
+ ancestor object referred to in this status.
+
+
+ Note that a parent is also an ancestor, so for objects where the parent is the
+ relevant object for status, this struct SHOULD still be used.
+
+
+ This struct is intended to be used in a slice that's effectively a map,
+ with a composite key made up of the AncestorRef and the ControllerName.
+ properties:
+ ancestorRef:
+ description: |-
+ AncestorRef corresponds with a ParentRef in the spec that this
+ PolicyAncestorStatus struct describes the status of.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Gateway
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, experimental, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
+
+
+
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ sectionName:
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener Name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port Name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values. Note that attaching Routes to Services as Parents
+ is part of experimental Mesh support and is not supported for any other
+ purpose.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - name
+ type: object
+ conditions:
+ description: Conditions describes the status of the Policy with
+ respect to the given Ancestor.
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource.\n---\nThis struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 8
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ controllerName:
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
+ type: string
+ required:
+ - ancestorRef
+ - controllerName
+ type: object
+ maxItems: 16
+ type: array
+ required:
+ - ancestors
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/docs/proposals/observability.md b/docs/proposals/observability.md
index 64f60b9d2d..e0efb2f8ef 100644
--- a/docs/proposals/observability.md
+++ b/docs/proposals/observability.md
@@ -98,24 +98,21 @@ type Tracing struct {
// SpanAttributes are custom key/value attributes that are added to each span.
//
// +optional
- SpanAttributes map[string]string `json:"spanAttributes,omitempty"`
+ SpanAttributes []SpanAttribute `json:"spanAttributes,omitempty"`
- // Enable defines if tracing is enabled, disabled, or parent-based.
- Enable TraceType `json:"enable"`
+ // Strategy defines if tracing is ratio-based or parent-based.
+ Strategy TraceStrategy `json:"strategy"`
}
-// TraceType defines if tracing is enabled.
-type TraceType string
+// TraceStrategy defines the tracing strategy.
+type TraceStrategy string
const (
- // TraceTypeOn enables tracing.
- TraceTypeOn TraceType = "on"
+ // TraceStrategyRatio enables ratio-based tracing, defaulting to 100% sampling rate.
+ TraceStrategyRatio TraceStrategy = "ratio"
- // TraceTypeOff disables tracing.
- TraceTypeOff TraceType = "off"
-
- // TraceTypeParent enables tracing and only records spans if the parent span was sampled.
- TraceTypeParent TraceType = "parent"
+ // TraceStrategyParent enables tracing and only records spans if the parent span was sampled.
+ TraceStrategyParent TraceStrategy = "parent"
)
// TraceContext specifies how to propagate traceparent/tracestate headers.
@@ -135,6 +132,15 @@ const (
// TraceContextIgnore skips context headers processing.
TraceContextIgnore TraceContext = "ignore"
)
+
+// SpanAttribute is a key value pair to be added to a tracing span.
+type SpanAttribute struct {
+ // Key is the key for a span attribute.
+ Key string `json:"key"`
+
+ // Value is the value for a span attribute.
+ Value string `json:"value"`
+}
```
### YAML
@@ -152,15 +158,16 @@ spec:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: example-route
- sectionName: example-section
tracing:
+ strategy: ratio
ratio: 10
context: inject
spanName: example-span
spanAttributes:
- attribute1: value1
- attribute2: value2
- enable: "on"
+ - key: attribute1
+ value: value1
+ - key: attribute2
+ value: value2
status:
ancestors:
ancestorRef:
@@ -175,29 +182,6 @@ status:
message: Policy is accepted
```
-and the HTTPRoute it is attached to:
-
-```yaml
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
- name: example-route
-spec:
- gatewayClassName: nginx
- listeners:
- - name: example-section
- port: 80
- protocol: HTTP
- hostname: "*.example.com"
-status:
- conditions:
- ...
- - type: gateway.nginx.org/ObservabilityPolicyAffected # new condition
- status: "True"
- reason: PolicyAffected
- message: Object affected by an ObservabilityPolicy.
-```
-
### Status
#### CRD Label