Skip to content

extend cache policy for more configurable parameters #8533

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
Nov 28, 2025
Merged

extend cache policy for more configurable parameters #8533

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
831fe94
extend cache policy for more configurable parameters
haywoodsh Nov 12, 2025
884062c
Merge branch 'main' into feat/extend-cache-policy
vepatel Nov 24, 2025
9c205ac
Merge branch 'main' into feat/extend-cache-policy
vepatel Nov 24, 2025
389d7f7
add validation on cacheKey and unit tests
vepatel Nov 26, 2025
6865e87
Merge branch 'main' into feat/extend-cache-policy
vepatel Nov 26, 2025
394f019
remove redundant default assignment
vepatel Nov 26, 2025
ba7e6d5
add tests for cacheUseStale
vepatel Nov 26, 2025
59acac8
move cacheKey default logic to VS
vepatel Nov 26, 2025
aacb495
Merge branch 'main' into feat/extend-cache-policy
vepatel Nov 26, 2025
f21dd11
remove vars from list
vepatel Nov 27, 2025
22035f4
Merge branch 'main' into feat/extend-cache-policy
vepatel Nov 27, 2025
f159ca6
allow braced and unbraced vars in cacheKey
vepatel Nov 27, 2025
c240364
Merge branch 'main' into feat/extend-cache-policy
vepatel Nov 27, 2025
bfdf360
update python test data to include extended spec
vepatel Nov 27, 2025
d2dc3d9
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Nov 27, 2025
5c899d8
update python test assertion to account for in key
vepatel Nov 27, 2025
a1d3246
Merge branch 'main' into feat/extend-cache-policy
vepatel Nov 27, 2025
d0a6a75
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Nov 27, 2025
6e60539
update python test assertion to account for request_method in cachekey
vepatel Nov 27, 2025
3daf603
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Nov 27, 2025
eee7ce3
update CRD filed description
vepatel Nov 27, 2025
89c79cc
Merge branch 'main' into feat/extend-cache-policy
vepatel Nov 27, 2025
228b125
remove TODO
vepatel Nov 28, 2025
36b8471
up
vepatel Nov 28, 2025
13fa127
Merge branch 'main' into feat/extend-cache-policy
vepatel Nov 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
134 changes: 132 additions & 2 deletions config/crd/bases/k8s.nginx.org_policies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,29 @@ spec:
x-kubernetes-validations:
- message: 'allowed methods must be one of: GET, HEAD, POST'
rule: self.all(method, method in ['GET', 'HEAD', 'POST'])
cacheBackgroundUpdate:
default: false
description: |-
CacheBackgroundUpdate allows starting a background subrequest to update an expired cache item (proxy_cache_background_update).
A stale cached response is returned to the client while the cache is being updated.
type: boolean
cacheKey:
description: |-
CacheKey defines a key for caching (proxy_cache_key).
By default, close to "$scheme$proxy_host$uri$is_args$args".
Must not contain command execution patterns: $(, `, ;, &&, ||
maxLength: 1024
type: string
x-kubernetes-validations:
- message: 'cache key must not contain command execution patterns:
$(, `, ;, &&, ||'
rule: '!self.contains(''$('') && !self.contains(''`'') && !self.contains('';'')
&& !self.contains(''&&'') && !self.contains(''||'')'
cacheMinUses:
description: CacheMinUses sets the number of requests after which
the response will be cached (proxy_cache_min_uses).
minimum: 1
type: integer
cachePurgeAllow:
description: |-
CachePurgeAllow defines IP addresses or CIDR blocks allowed to purge cache.
Expand All @@ -149,6 +172,20 @@ spec:
items:
type: string
type: array
cacheRevalidate:
default: false
description: |-
CacheRevalidate enables revalidation of expired cache items using conditional requests (proxy_cache_revalidate).
Uses "If-Modified-Since" and "If-None-Match" header fields.
type: boolean
cacheUseStale:
description: |-
CacheUseStale determines in which cases a stale cached response can be used (proxy_cache_use_stale).
Valid parameters: error, timeout, invalid_header, updating, http_500, http_502, http_503, http_504, http_403, http_404, http_429, off.
items:
type: string
maxItems: 11
type: array
cacheZoneName:
description: |-
CacheZoneName defines the name of the cache zone. Must start with a lowercase letter,
Expand All @@ -159,9 +196,34 @@ spec:
cacheZoneSize:
description: |-
CacheZoneSize defines the size of the cache zone. Must be a number followed by a size unit:
'k' for kilobytes, 'm' for megabytes, or 'g' for gigabytes.
'k' or 'K' for kilobytes, 'm' or 'M' for megabytes, or 'g' or 'G' for gigabytes.
Examples: "10m", "1g", "512k".
pattern: ^[0-9]+[kmg]$
pattern: ^[0-9]+[kmgKMG]$
type: string
conditions:
description: Conditions defines when responses should not be cached
or taken from cache.
properties:
bypass:
description: |-
Bypass defines conditions under which the response will not be taken from a cache (proxy_cache_bypass).
If at least one value of the string parameters is not empty and is not equal to "0" then the response will not be taken from the cache.
items:
type: string
type: array
noCache:
description: |-
NoCache defines conditions under which the response will not be saved to a cache (proxy_no_cache).
If at least one value of the string parameters is not empty and is not equal to "0" then the response will not be saved.
items:
type: string
type: array
type: object
inactive:
description: |-
Inactive sets the time after which cached data that are not accessed get removed from the cache (inactive parameter).
By default, inactive is set to 10 minutes.
pattern: ^[0-9]+[smhd]$
type: string
levels:
description: |-
Expand All @@ -172,6 +234,67 @@ spec:
Invalid: "3:1", "1:3", "1:2:3".
pattern: ^[12](?::[12]){0,2}$
type: string
lock:
description: Lock configures cache locking to prevent multiple
identical requests from populating the same cache element simultaneously.
properties:
age:
description: |-
Age sets the maximum time a cache lock can be held (proxy_cache_lock_age).
If the last request passed to the proxied server for populating a new cache element has not completed for the specified time, one more request may be passed.
pattern: ^[0-9]+[smhd]$
type: string
enable:
default: false
description: |-
Enable sets whether cache locking is enabled (proxy_cache_lock).
When enabled, only one request at a time will be allowed to populate a new cache element according to the proxy_cache_key.
type: boolean
timeout:
description: |-
Timeout sets a timeout for proxy_cache_lock.
When the time expires, the request will be passed to the proxied server, however, the response will not be cached.
pattern: ^[0-9]+[smhd]$
type: string
type: object
x-kubernetes-validations:
- message: timeout or age require enable=true
rule: (!has(self.timeout) && !has(self.age)) || self.enable
manager:
description: Manager configures the cache manager process parameters
(manager_files, manager_sleep, manager_threshold).
properties:
files:
description: |-
Files sets the maximum number of files that will be deleted in one iteration by the cache manager.
During one iteration no more than manager_files items are deleted (by default, 100).
minimum: 1
type: integer
sleep:
description: |-
Sleep sets the pause between cache manager iterations.
Between iterations, a pause configured by manager_sleep (by default, 50 milliseconds) is made.
pattern: ^[0-9]+[mu]?s$
type: string
threshold:
description: |-
Threshold sets the maximum duration of one cache manager iteration.
The duration of one iteration is limited by manager_threshold (by default, 200 milliseconds).
pattern: ^[0-9]+[mu]?s$
type: string
type: object
maxSize:
description: |-
MaxSize sets the maximum cache size (max_size parameter).
When the size is exceeded, the cache manager removes the least recently used data.
pattern: ^[0-9]+[kmgKMG]$
type: string
minFree:
description: |-
MinFree sets the minimum amount of free space required on the file system with cache (min_free parameter).
When there is not enough free space, the cache manager removes the least recently used data.
pattern: ^[0-9]+[kmgKMG]$
type: string
overrideUpstreamCache:
default: false
description: |-
Expand All @@ -188,6 +311,13 @@ spec:
Examples: "30s", "5m", "1h", "2d".
pattern: ^[0-9]+[smhd]$
type: string
useTempPath:
default: false
description: |-
UseTempPath controls whether temporary files and the cache are put on different file systems (use_temp_path parameter).
If set to false, temporary files will be put directly in the cache directory (use_temp_path=off).
Default: false (use_temp_path=off, which puts temp files directly in cache directory for better performance).
type: boolean
required:
- cacheZoneName
- cacheZoneSize
Expand Down
134 changes: 132 additions & 2 deletions deploy/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,29 @@ spec:
x-kubernetes-validations:
- message: 'allowed methods must be one of: GET, HEAD, POST'
rule: self.all(method, method in ['GET', 'HEAD', 'POST'])
cacheBackgroundUpdate:
default: false
description: |-
CacheBackgroundUpdate allows starting a background subrequest to update an expired cache item (proxy_cache_background_update).
A stale cached response is returned to the client while the cache is being updated.
type: boolean
cacheKey:
description: |-
CacheKey defines a key for caching (proxy_cache_key).
By default, close to "$scheme$proxy_host$uri$is_args$args".
Must not contain command execution patterns: $(, `, ;, &&, ||
maxLength: 1024
type: string
x-kubernetes-validations:
- message: 'cache key must not contain command execution patterns:
$(, `, ;, &&, ||'
rule: '!self.contains(''$('') && !self.contains(''`'') && !self.contains('';'')
&& !self.contains(''&&'') && !self.contains(''||'')'
cacheMinUses:
description: CacheMinUses sets the number of requests after which
the response will be cached (proxy_cache_min_uses).
minimum: 1
type: integer
cachePurgeAllow:
description: |-
CachePurgeAllow defines IP addresses or CIDR blocks allowed to purge cache.
Expand All @@ -320,6 +343,20 @@ spec:
items:
type: string
type: array
cacheRevalidate:
default: false
description: |-
CacheRevalidate enables revalidation of expired cache items using conditional requests (proxy_cache_revalidate).
Uses "If-Modified-Since" and "If-None-Match" header fields.
type: boolean
cacheUseStale:
description: |-
CacheUseStale determines in which cases a stale cached response can be used (proxy_cache_use_stale).
Valid parameters: error, timeout, invalid_header, updating, http_500, http_502, http_503, http_504, http_403, http_404, http_429, off.
items:
type: string
maxItems: 11
type: array
cacheZoneName:
description: |-
CacheZoneName defines the name of the cache zone. Must start with a lowercase letter,
Expand All @@ -330,9 +367,34 @@ spec:
cacheZoneSize:
description: |-
CacheZoneSize defines the size of the cache zone. Must be a number followed by a size unit:
'k' for kilobytes, 'm' for megabytes, or 'g' for gigabytes.
'k' or 'K' for kilobytes, 'm' or 'M' for megabytes, or 'g' or 'G' for gigabytes.
Examples: "10m", "1g", "512k".
pattern: ^[0-9]+[kmg]$
pattern: ^[0-9]+[kmgKMG]$
type: string
conditions:
description: Conditions defines when responses should not be cached
or taken from cache.
properties:
bypass:
description: |-
Bypass defines conditions under which the response will not be taken from a cache (proxy_cache_bypass).
If at least one value of the string parameters is not empty and is not equal to "0" then the response will not be taken from the cache.
items:
type: string
type: array
noCache:
description: |-
NoCache defines conditions under which the response will not be saved to a cache (proxy_no_cache).
If at least one value of the string parameters is not empty and is not equal to "0" then the response will not be saved.
items:
type: string
type: array
type: object
inactive:
description: |-
Inactive sets the time after which cached data that are not accessed get removed from the cache (inactive parameter).
By default, inactive is set to 10 minutes.
pattern: ^[0-9]+[smhd]$
type: string
levels:
description: |-
Expand All @@ -343,6 +405,67 @@ spec:
Invalid: "3:1", "1:3", "1:2:3".
pattern: ^[12](?::[12]){0,2}$
type: string
lock:
description: Lock configures cache locking to prevent multiple
identical requests from populating the same cache element simultaneously.
properties:
age:
description: |-
Age sets the maximum time a cache lock can be held (proxy_cache_lock_age).
If the last request passed to the proxied server for populating a new cache element has not completed for the specified time, one more request may be passed.
pattern: ^[0-9]+[smhd]$
type: string
enable:
default: false
description: |-
Enable sets whether cache locking is enabled (proxy_cache_lock).
When enabled, only one request at a time will be allowed to populate a new cache element according to the proxy_cache_key.
type: boolean
timeout:
description: |-
Timeout sets a timeout for proxy_cache_lock.
When the time expires, the request will be passed to the proxied server, however, the response will not be cached.
pattern: ^[0-9]+[smhd]$
type: string
type: object
x-kubernetes-validations:
- message: timeout or age require enable=true
rule: (!has(self.timeout) && !has(self.age)) || self.enable
manager:
description: Manager configures the cache manager process parameters
(manager_files, manager_sleep, manager_threshold).
properties:
files:
description: |-
Files sets the maximum number of files that will be deleted in one iteration by the cache manager.
During one iteration no more than manager_files items are deleted (by default, 100).
minimum: 1
type: integer
sleep:
description: |-
Sleep sets the pause between cache manager iterations.
Between iterations, a pause configured by manager_sleep (by default, 50 milliseconds) is made.
pattern: ^[0-9]+[mu]?s$
type: string
threshold:
description: |-
Threshold sets the maximum duration of one cache manager iteration.
The duration of one iteration is limited by manager_threshold (by default, 200 milliseconds).
pattern: ^[0-9]+[mu]?s$
type: string
type: object
maxSize:
description: |-
MaxSize sets the maximum cache size (max_size parameter).
When the size is exceeded, the cache manager removes the least recently used data.
pattern: ^[0-9]+[kmgKMG]$
type: string
minFree:
description: |-
MinFree sets the minimum amount of free space required on the file system with cache (min_free parameter).
When there is not enough free space, the cache manager removes the least recently used data.
pattern: ^[0-9]+[kmgKMG]$
type: string
overrideUpstreamCache:
default: false
description: |-
Expand All @@ -359,6 +482,13 @@ spec:
Examples: "30s", "5m", "1h", "2d".
pattern: ^[0-9]+[smhd]$
type: string
useTempPath:
default: false
description: |-
UseTempPath controls whether temporary files and the cache are put on different file systems (use_temp_path parameter).
If set to false, temporary files will be put directly in the cache directory (use_temp_path=off).
Default: false (use_temp_path=off, which puts temp files directly in cache directory for better performance).
type: boolean
required:
- cacheZoneName
- cacheZoneSize
Expand Down
Loading
Loading