diff --git a/api/v1alpha1/connection_types.go b/api/v1alpha1/connection_types.go
index 808e03ebaa2..04ffb822a47 100644
--- a/api/v1alpha1/connection_types.go
+++ b/api/v1alpha1/connection_types.go
@@ -70,6 +70,45 @@ type BackendConnection struct {
// +optional
// +notImplementedHide
SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`
+
+ // Preconnect configures proactive upstream connections to reduce latency by establishing
+ // connections before they’re needed and avoiding connection establishment overhead.
+ //
+ // If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ //
+ // +optional
+ Preconnect *PreconnectPolicy `json:"preconnect,omitempty"`
+}
+
+// Preconnect configures proactive upstream connections to avoid
+// connection establishment overhead and reduce latency.
+type PreconnectPolicy struct {
+ // PerEndpointPercent configures how many additional connections to maintain per
+ // upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ // percentage of the connections required by active streams
+ // (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+ //
+ // Allowed value range is between 100-300. When both PerEndpointPercent and
+ // PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ //
+ // +kubebuilder:validation:Minimum=100
+ // +kubebuilder:validation:Maximum=300
+ // +optional
+ PerEndpointPercent *uint32 `json:"perEndpointPercent,omitempty"`
+
+ // PredictivePercent configures how many additional connections to maintain
+ // across the cluster by anticipating which upstream endpoint the load balancer
+ // will select next, useful for low-QPS services. Relies on deterministic
+ // loadbalancing and is only supported with Random or RoundRobin.
+ // Expressed as a percentage of the connections required by active streams
+ // (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+ //
+ // Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ // set Envoy ensures both are satisfied per host (max of the two).
+ //
+ // +kubebuilder:validation:Minimum=100
+ // +optional
+ PredictivePercent *uint32 `json:"predictivePercent,omitempty"`
}
type ConnectionLimit struct {
diff --git a/api/v1alpha1/shared_types.go b/api/v1alpha1/shared_types.go
index 360ed8aa228..533aba2b91b 100644
--- a/api/v1alpha1/shared_types.go
+++ b/api/v1alpha1/shared_types.go
@@ -585,6 +585,8 @@ type BackendCluster struct {
// ClusterSettings provides the various knobs that can be set to control how traffic to a given
// backend will be configured.
+//
+// +kubebuilder:validation:XValidation:rule="!((has(self.connection) && has(self.connection.preconnect) && has(self.connection.preconnect.predictivePercent)) && !(has(self.loadBalancer) && has(self.loadBalancer.type) && self.loadBalancer.type in ['Random', 'RoundRobin']))",message="predictivePercent in preconnect policy only works with RoundRobin or Random load balancers"
type ClusterSettings struct {
// LoadBalancer policy to apply when routing traffic from the gateway to
// the backend endpoints. Defaults to `LeastRequest`.
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 00aa60d8af0..563c78fa1eb 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -369,6 +369,11 @@ func (in *BackendConnection) DeepCopyInto(out *BackendConnection) {
x := (*in).DeepCopy()
*out = &x
}
+ if in.Preconnect != nil {
+ in, out := &in.Preconnect, &out.Preconnect
+ *out = new(PreconnectPolicy)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendConnection.
@@ -5287,6 +5292,31 @@ func (in *PolicyTargetReferences) DeepCopy() *PolicyTargetReferences {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PreconnectPolicy) DeepCopyInto(out *PreconnectPolicy) {
+ *out = *in
+ if in.PerEndpointPercent != nil {
+ in, out := &in.PerEndpointPercent, &out.PerEndpointPercent
+ *out = new(uint32)
+ **out = **in
+ }
+ if in.PredictivePercent != nil {
+ in, out := &in.PredictivePercent, &out.PredictivePercent
+ *out = new(uint32)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreconnectPolicy.
+func (in *PreconnectPolicy) DeepCopy() *PreconnectPolicy {
+ if in == nil {
+ return nil
+ }
+ out := new(PreconnectPolicy)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PreferLocalZone) DeepCopyInto(out *PreferLocalZone) {
*out = *in
diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
index d9282309813..12bdafa7c1d 100644
--- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
+++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
@@ -191,6 +191,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -2265,6 +2300,12 @@ spec:
: true'
- message: either compression or compressor can be set, not both
rule: '!has(self.compression) || !has(self.compressor)'
+ - message: predictivePercent in preconnect policy only works with RoundRobin
+ or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect) &&
+ has(self.connection.preconnect.predictivePercent)) && !(has(self.loadBalancer)
+ && has(self.loadBalancer.type) && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
status:
description: status defines the current status of BackendTrafficPolicy.
properties:
diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
index 8f50f21d4a3..f6232bd4dfa 100644
--- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
+++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
@@ -302,6 +302,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -1059,6 +1094,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent)) &&
+ !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
failOpen:
default: false
description: |-
diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyproxies.yaml
index 00d79b07503..5db119ac0d8 100644
--- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyproxies.yaml
+++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyproxies.yaml
@@ -11234,6 +11234,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -12058,6 +12093,15 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect
+ policy only works with RoundRobin or Random
+ load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
http:
description: HTTP defines additional configuration
specific to HTTP access logs.
@@ -12389,6 +12433,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -13213,6 +13292,15 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect
+ policy only works with RoundRobin or Random
+ load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
host:
description: |-
Host define the extension service hostname.
@@ -13657,6 +13745,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -14447,6 +14570,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy
+ only works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
host:
description: |-
Host define the service hostname.
@@ -14817,6 +14947,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -15598,6 +15763,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only
+ works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
host:
description: |-
Host define the provider service hostname.
diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_securitypolicies.yaml
index 5f39586b7d0..d67461b6bf3 100644
--- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_securitypolicies.yaml
+++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -816,6 +816,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -1581,6 +1616,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
type: object
x-kubernetes-validations:
- message: backendRef or backendRefs needs to be set
@@ -1863,6 +1905,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -2628,6 +2705,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
headersToBackend:
description: |-
HeadersToBackend are the authorization response headers that will be added
@@ -3108,6 +3192,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -3892,6 +4011,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only
+ works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
cacheDuration:
default: 300s
description: |-
@@ -4437,6 +4563,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -5202,6 +5363,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
endSessionEndpoint:
description: |-
The OIDC Provider's [end session endpoint](https://openid.net/specs/openid-connect-core-1_0.html#RPLogout).
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
index a241a1ee22b..f21a093df2c 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
@@ -190,6 +190,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -2264,6 +2299,12 @@ spec:
: true'
- message: either compression or compressor can be set, not both
rule: '!has(self.compression) || !has(self.compressor)'
+ - message: predictivePercent in preconnect policy only works with RoundRobin
+ or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect) &&
+ has(self.connection.preconnect.predictivePercent)) && !(has(self.loadBalancer)
+ && has(self.loadBalancer.type) && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
status:
description: status defines the current status of BackendTrafficPolicy.
properties:
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
index 435ae16a7bd..6bf1b5b3b23 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
@@ -301,6 +301,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -1058,6 +1093,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent)) &&
+ !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
failOpen:
default: false
description: |-
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
index ae6ec5f248e..792bd0eccb8 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
@@ -11233,6 +11233,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -12057,6 +12092,15 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect
+ policy only works with RoundRobin or Random
+ load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
http:
description: HTTP defines additional configuration
specific to HTTP access logs.
@@ -12388,6 +12432,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -13212,6 +13291,15 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect
+ policy only works with RoundRobin or Random
+ load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
host:
description: |-
Host define the extension service hostname.
@@ -13656,6 +13744,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -14446,6 +14569,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy
+ only works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
host:
description: |-
Host define the service hostname.
@@ -14816,6 +14946,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -15597,6 +15762,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only
+ works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
host:
description: |-
Host define the provider service hostname.
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
index 136fa8ffac2..b6623997470 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -815,6 +815,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -1580,6 +1615,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
type: object
x-kubernetes-validations:
- message: backendRef or backendRefs needs to be set
@@ -1862,6 +1904,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -2627,6 +2704,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
headersToBackend:
description: |-
HeadersToBackend are the authorization response headers that will be added
@@ -3107,6 +3191,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -3891,6 +4010,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only
+ works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
cacheDuration:
default: 300s
description: |-
@@ -4436,6 +4562,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -5201,6 +5362,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
endSessionEndpoint:
description: |-
The OIDC Provider's [end session endpoint](https://openid.net/specs/openid-connect-core-1_0.html#RPLogout).
diff --git a/internal/gatewayapi/clustersettings.go b/internal/gatewayapi/clustersettings.go
index aa5acf18321..ada6f4e2823 100644
--- a/internal/gatewayapi/clustersettings.go
+++ b/internal/gatewayapi/clustersettings.go
@@ -173,6 +173,17 @@ func buildBackendConnection(policy *egv1a1.ClusterSettings) (*ir.BackendConnecti
bcIR.BufferLimitBytes = ptr.To(uint32(bf))
}
+ if bc.Preconnect != nil {
+ preconnect := &ir.Preconnect{}
+ pc := bc.Preconnect
+ if pc.PerEndpointPercent != nil {
+ preconnect.PerEndpointPercent = pc.PerEndpointPercent
+ }
+ if pc.PredictivePercent != nil {
+ preconnect.PredictivePercent = pc.PredictivePercent
+ }
+ bcIR.Preconnect = preconnect
+ }
}
return bcIR, nil
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-preconnect.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-preconnect.in.yaml
new file mode 100644
index 00000000000..8aea110a6b4
--- /dev/null
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-preconnect.in.yaml
@@ -0,0 +1,93 @@
+gateways:
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-1
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: All
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-2
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: All
+grpcRoutes:
+ - apiVersion: gateway.networking.k8s.io/v1alpha2
+ kind: GRPCRoute
+ metadata:
+ namespace: default
+ name: grpcroute-1
+ spec:
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-1
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+httpRoutes:
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-1
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-2
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: "/"
+ backendRefs:
+ - name: service-1
+ port: 8080
+backendTrafficPolicies:
+ - apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ namespace: envoy-gateway
+ name: policy-for-gateway
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ connection:
+ preconnect:
+ perEndpointPercent: 123
+ predictivePercent: 100
+ - apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ namespace: default
+ name: policy-for-route
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ connection:
+ preconnect:
+ perEndpointPercent: 100
+ predictivePercent: 234
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-preconnect.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-preconnect.out.yaml
new file mode 100644
index 00000000000..955e7bccc34
--- /dev/null
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-preconnect.out.yaml
@@ -0,0 +1,402 @@
+backendTrafficPolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ name: policy-for-route
+ namespace: default
+ spec:
+ connection:
+ preconnect:
+ perEndpointPercent: 100
+ predictivePercent: 234
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: BackendTrafficPolicy
+ metadata:
+ name: policy-for-gateway
+ namespace: envoy-gateway
+ spec:
+ connection:
+ preconnect:
+ perEndpointPercent: 123
+ predictivePercent: 100
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ name: gateway-1
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: All
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 1
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ name: gateway-2
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: All
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 1
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+grpcRoutes:
+- apiVersion: gateway.networking.k8s.io/v1alpha2
+ kind: GRPCRoute
+ metadata:
+ name: grpcroute-1
+ namespace: default
+ spec:
+ parentRefs:
+ - name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+httpRoutes:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ name: httproute-1
+ namespace: default
+ spec:
+ hostnames:
+ - gateway.envoyproxy.io
+ parentRefs:
+ - name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ matches:
+ - path:
+ value: /
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+infraIR:
+ envoy-gateway/gateway-1:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-1/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-1
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ ownerReference:
+ kind: GatewayClass
+ name: envoy-gateway-class
+ name: envoy-gateway/gateway-1
+ namespace: envoy-gateway-system
+ envoy-gateway/gateway-2:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-2/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-2
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ ownerReference:
+ kind: GatewayClass
+ name: envoy-gateway-class
+ name: envoy-gateway/gateway-2
+ namespace: envoy-gateway-system
+xdsIR:
+ envoy-gateway/gateway-1:
+ accessLog:
+ json:
+ - path: /dev/stdout
+ globalResources:
+ proxyServiceCluster:
+ metadata:
+ name: envoy-envoy-gateway-gateway-1-196ae069
+ namespace: envoy-gateway-system
+ sectionName: "8080"
+ name: envoy-gateway/gateway-1
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.6.5.4
+ port: 8080
+ zone: zone1
+ metadata:
+ name: envoy-envoy-gateway-gateway-1-196ae069
+ namespace: envoy-gateway-system
+ sectionName: "8080"
+ name: envoy-gateway/gateway-1
+ protocol: TCP
+ http:
+ - address: 0.0.0.0
+ externalPort: 80
+ hostnames:
+ - '*'
+ isHTTP2: true
+ metadata:
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-1/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ metadata:
+ kind: GRPCRoute
+ name: grpcroute-1
+ namespace: default
+ name: grpcroute/default/grpcroute-1/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ metadata:
+ name: service-1
+ namespace: default
+ sectionName: "8080"
+ name: grpcroute/default/grpcroute-1/rule/0/backend/0
+ protocol: GRPC
+ weight: 1
+ hostname: '*'
+ isHTTP2: true
+ metadata:
+ kind: GRPCRoute
+ name: grpcroute-1
+ namespace: default
+ name: grpcroute/default/grpcroute-1/rule/0/match/-1/*
+ traffic:
+ backendConnection:
+ preconnect:
+ perEndpointPercent: 123
+ predictivePercent: 100
+ readyListener:
+ address: 0.0.0.0
+ ipFamily: IPv4
+ path: /ready
+ port: 19003
+ envoy-gateway/gateway-2:
+ accessLog:
+ json:
+ - path: /dev/stdout
+ globalResources:
+ proxyServiceCluster:
+ metadata:
+ name: envoy-envoy-gateway-gateway-2-4a0e4eb9
+ namespace: envoy-gateway-system
+ sectionName: "8080"
+ name: envoy-gateway/gateway-2
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.6.5.4
+ port: 8080
+ zone: zone1
+ metadata:
+ name: envoy-envoy-gateway-gateway-2-4a0e4eb9
+ namespace: envoy-gateway-system
+ sectionName: "8080"
+ name: envoy-gateway/gateway-2
+ protocol: TCP
+ http:
+ - address: 0.0.0.0
+ externalPort: 80
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-2/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ metadata:
+ kind: HTTPRoute
+ name: httproute-1
+ namespace: default
+ name: httproute/default/httproute-1/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ metadata:
+ name: service-1
+ namespace: default
+ sectionName: "8080"
+ name: httproute/default/httproute-1/rule/0/backend/0
+ protocol: HTTP
+ weight: 1
+ hostname: gateway.envoyproxy.io
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-1
+ namespace: default
+ name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /
+ traffic:
+ backendConnection:
+ preconnect:
+ perEndpointPercent: 100
+ predictivePercent: 234
+ readyListener:
+ address: 0.0.0.0
+ ipFamily: IPv4
+ path: /ready
+ port: 19003
diff --git a/internal/ir/xds.go b/internal/ir/xds.go
index 571b6bf6de9..a68b3610e2c 100644
--- a/internal/ir/xds.go
+++ b/internal/ir/xds.go
@@ -2038,6 +2038,9 @@ type TCPRoute struct {
ProxyProtocol *ProxyProtocol `json:"proxyProtocol,omitempty" yaml:"proxyProtocol,omitempty"`
// settings of upstream connection
BackendConnection *BackendConnection `json:"backendConnection,omitempty" yaml:"backendConnection,omitempty"`
+ // Preconnect configures preconnecting to upstream endpoints
+ // +optional
+ Preconnect *Preconnect `json:"preconnect,omitempty" yaml:"preconnect,omitempty"`
// DNS is used to configure how DNS resolution is handled for the route
DNS *DNS `json:"dns,omitempty" yaml:"dns,omitempty"`
// Authorization defines the schema for the authorization.
@@ -3031,6 +3034,18 @@ func (t *TLSUpstreamConfig) ToTLSConfig() (*tls.Config, error) {
type BackendConnection struct {
// BufferLimitBytes is the maximum number of bytes that can be buffered for a connection.
BufferLimitBytes *uint32 `json:"bufferLimit,omitempty" yaml:"bufferLimit,omitempty"`
+ // Preconnect configures preconnecting to upstream endpoints
+ // +optional
+ Preconnect *Preconnect `json:"preconnect,omitempty" yaml:"preconnect,omitempty"`
+}
+
+// Preconnect configures preconnecting to upstream endpoints
+// +k8s:deepcopy-gen=true
+type Preconnect struct {
+ // PerEndpointPercent is the percent of connections to preconnect per upstream endpoint.
+ PerEndpointPercent *uint32 `json:"perEndpointPercent,omitempty" yaml:"perEndpointPercent,omitempty"`
+ // PredictivePercent is the percent of connections to preconnect across the entire cluster.
+ PredictivePercent *uint32 `json:"predictivePercent,omitempty" yaml:"predictivePercent,omitempty"`
}
// ClientConnection settings for downstream connections
diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go
index fc1d97bbdfd..378a01b8e2a 100644
--- a/internal/ir/zz_generated.deepcopy.go
+++ b/internal/ir/zz_generated.deepcopy.go
@@ -360,6 +360,11 @@ func (in *BackendConnection) DeepCopyInto(out *BackendConnection) {
*out = new(uint32)
**out = **in
}
+ if in.Preconnect != nil {
+ in, out := &in.Preconnect, &out.Preconnect
+ *out = new(Preconnect)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendConnection.
@@ -2781,6 +2786,31 @@ func (in *PerRetryPolicy) DeepCopy() *PerRetryPolicy {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Preconnect) DeepCopyInto(out *Preconnect) {
+ *out = *in
+ if in.PerEndpointPercent != nil {
+ in, out := &in.PerEndpointPercent, &out.PerEndpointPercent
+ *out = new(uint32)
+ **out = **in
+ }
+ if in.PredictivePercent != nil {
+ in, out := &in.PredictivePercent, &out.PredictivePercent
+ *out = new(uint32)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Preconnect.
+func (in *Preconnect) DeepCopy() *Preconnect {
+ if in == nil {
+ return nil
+ }
+ out := new(Preconnect)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PreferLocalZone) DeepCopyInto(out *PreferLocalZone) {
*out = *in
@@ -3739,6 +3769,11 @@ func (in *TCPRoute) DeepCopyInto(out *TCPRoute) {
*out = new(BackendConnection)
(*in).DeepCopyInto(*out)
}
+ if in.Preconnect != nil {
+ in, out := &in.Preconnect, &out.Preconnect
+ *out = new(Preconnect)
+ (*in).DeepCopyInto(*out)
+ }
if in.DNS != nil {
in, out := &in.DNS, &out.DNS
*out = new(DNS)
diff --git a/internal/xds/translator/cluster.go b/internal/xds/translator/cluster.go
index 8ce5667145b..9653beec4c3 100644
--- a/internal/xds/translator/cluster.go
+++ b/internal/xds/translator/cluster.go
@@ -168,6 +168,7 @@ func buildXdsCluster(args *xdsClusterArgs) (*buildClusterResult, error) {
DnsLookupFamily: dnsLookupFamily,
CommonLbConfig: &clusterv3.Cluster_CommonLbConfig{},
PerConnectionBufferLimitBytes: buildBackandConnectionBufferLimitBytes(args.backendConnection),
+ PreconnectPolicy: buildBackendConnectionPreconnectPolicy(args.backendConnection),
Metadata: buildXdsMetadata(args.metadata),
// Dont wait for a health check to determine health and remove these endpoints
// if the endpoint has been removed via EDS by the control plane or removed from DNS query results
@@ -1085,6 +1086,33 @@ func buildXdsClusterUpstreamOptions(tcpkeepalive *ir.TCPKeepalive) *clusterv3.Up
return ka
}
+func buildBackendConnectionPreconnectPolicy(bc *ir.BackendConnection) *clusterv3.Cluster_PreconnectPolicy {
+ if bc == nil || bc.Preconnect == nil {
+ return nil
+ }
+
+ pc := bc.Preconnect
+ if pc.PerEndpointPercent == nil && pc.PredictivePercent == nil {
+ return nil
+ }
+
+ policy := &clusterv3.Cluster_PreconnectPolicy{}
+
+ if pc.PerEndpointPercent != nil {
+ policy.PerUpstreamPreconnectRatio = &wrapperspb.DoubleValue{
+ Value: 0.01 * float64(*pc.PerEndpointPercent),
+ }
+ }
+
+ if pc.PredictivePercent != nil {
+ policy.PredictivePreconnectRatio = &wrapperspb.DoubleValue{
+ Value: 0.01 * float64(*pc.PredictivePercent),
+ }
+ }
+
+ return policy
+}
+
func buildAddress(irEp *ir.DestinationEndpoint) *corev3.Address {
if irEp.Path != nil {
return &corev3.Address{
diff --git a/internal/xds/translator/testdata/in/xds-ir/backend-preconnect.yaml b/internal/xds/translator/testdata/in/xds-ir/backend-preconnect.yaml
new file mode 100644
index 00000000000..262de433248
--- /dev/null
+++ b/internal/xds/translator/testdata/in/xds-ir/backend-preconnect.yaml
@@ -0,0 +1,72 @@
+http:
+ - name: "first-listener"
+ address: "::"
+ port: 10080
+ hostnames:
+ - "*"
+ path:
+ mergeSlashes: true
+ escapedSlashesAction: UnescapeAndRedirect
+ routes:
+ - name: "first-route"
+ hostname: "*"
+ destination:
+ name: "first-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ - host: "1.2.3.5"
+ port: 50000
+ name: "first-route-dest/backend/0"
+ traffic:
+ backendConnection:
+ preconnect:
+ perEndpointPercent: 105
+ predictivePercent: 205
+ - name: "second-listener"
+ address: "::"
+ port: 10081
+ hostnames:
+ - "*"
+ path:
+ mergeSlashes: true
+ escapedSlashesAction: UnescapeAndRedirect
+ routes:
+ - name: "second-route"
+ hostname: "*"
+ destination:
+ name: "second-route-dest"
+ settings:
+ - endpoints:
+ - host: "2.3.4.5"
+ port: 8080
+ - host: "2.3.4.6"
+ port: 8080
+ - host: "2.3.4.7"
+ port: 8080
+ name: "second-route-dest/backend/0"
+ traffic:
+ backendConnection:
+ preconnect:
+ perEndpointPercent: 199
+ predictivePercent: 133
+tcp:
+ - name: "tcp-listener"
+ address: "::"
+ port: 10082
+ routes:
+ - name: "tcp-route"
+ destination:
+ name: "tcp-route-dest"
+ settings:
+ - endpoints:
+ - host: "3.4.5.6"
+ port: 9000
+ - host: "3.4.5.7"
+ port: 9000
+ name: "tcp-route-dest/backend/0"
+ backendConnection:
+ preconnect:
+ perEndpointPercent: 150
+ predictivePercent: 150
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.clusters.yaml
new file mode 100644
index 00000000000..a8c6898da54
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.clusters.yaml
@@ -0,0 +1,81 @@
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_PREFERRED
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: first-route-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ loadBalancingPolicy:
+ policies:
+ - typedExtensionConfig:
+ name: envoy.load_balancing_policies.least_request
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest
+ localityLbConfig:
+ localityWeightedLbConfig: {}
+ name: first-route-dest
+ perConnectionBufferLimitBytes: 32768
+ preconnectPolicy:
+ perUpstreamPreconnectRatio: 1.05
+ predictivePreconnectRatio: 2.05
+ type: EDS
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_PREFERRED
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: second-route-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ loadBalancingPolicy:
+ policies:
+ - typedExtensionConfig:
+ name: envoy.load_balancing_policies.least_request
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest
+ localityLbConfig:
+ localityWeightedLbConfig: {}
+ name: second-route-dest
+ perConnectionBufferLimitBytes: 32768
+ preconnectPolicy:
+ perUpstreamPreconnectRatio: 1.99
+ predictivePreconnectRatio: 1.33
+ type: EDS
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_PREFERRED
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: tcp-route-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ loadBalancingPolicy:
+ policies:
+ - typedExtensionConfig:
+ name: envoy.load_balancing_policies.least_request
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest
+ localityLbConfig:
+ localityWeightedLbConfig: {}
+ name: tcp-route-dest
+ perConnectionBufferLimitBytes: 32768
+ preconnectPolicy:
+ perUpstreamPreconnectRatio: 1.5
+ predictivePreconnectRatio: 1.5
+ type: EDS
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.endpoints.yaml
new file mode 100644
index 00000000000..ec05a9c0855
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.endpoints.yaml
@@ -0,0 +1,60 @@
+- clusterName: first-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.5
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: first-route-dest/backend/0
+- clusterName: second-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 2.3.4.5
+ portValue: 8080
+ loadBalancingWeight: 1
+ - endpoint:
+ address:
+ socketAddress:
+ address: 2.3.4.6
+ portValue: 8080
+ loadBalancingWeight: 1
+ - endpoint:
+ address:
+ socketAddress:
+ address: 2.3.4.7
+ portValue: 8080
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: second-route-dest/backend/0
+- clusterName: tcp-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 3.4.5.6
+ portValue: 9000
+ loadBalancingWeight: 1
+ - endpoint:
+ address:
+ socketAddress:
+ address: 3.4.5.7
+ portValue: 9000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: tcp-route-dest/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.listeners.yaml
new file mode 100644
index 00000000000..0b17adf5b7c
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.listeners.yaml
@@ -0,0 +1,85 @@
+- address:
+ socketAddress:
+ address: '::'
+ portValue: 10080
+ defaultFilterChain:
+ filters:
+ - name: envoy.filters.network.http_connection_manager
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ commonHttpProtocolOptions:
+ headersWithUnderscoresAction: REJECT_REQUEST
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+ maxConcurrentStreams: 100
+ httpFilters:
+ - name: envoy.filters.http.router
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ suppressEnvoyHeaders: true
+ mergeSlashes: true
+ normalizePath: true
+ pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT
+ rds:
+ configSource:
+ ads: {}
+ resourceApiVersion: V3
+ routeConfigName: first-listener
+ serverHeaderTransformation: PASS_THROUGH
+ statPrefix: http-10080
+ useRemoteAddress: true
+ name: first-listener
+ maxConnectionsToAcceptPerSocketEvent: 1
+ name: first-listener
+ perConnectionBufferLimitBytes: 32768
+- address:
+ socketAddress:
+ address: '::'
+ portValue: 10081
+ defaultFilterChain:
+ filters:
+ - name: envoy.filters.network.http_connection_manager
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ commonHttpProtocolOptions:
+ headersWithUnderscoresAction: REJECT_REQUEST
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+ maxConcurrentStreams: 100
+ httpFilters:
+ - name: envoy.filters.http.router
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ suppressEnvoyHeaders: true
+ mergeSlashes: true
+ normalizePath: true
+ pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT
+ rds:
+ configSource:
+ ads: {}
+ resourceApiVersion: V3
+ routeConfigName: second-listener
+ serverHeaderTransformation: PASS_THROUGH
+ statPrefix: http-10081
+ useRemoteAddress: true
+ name: second-listener
+ maxConnectionsToAcceptPerSocketEvent: 1
+ name: second-listener
+ perConnectionBufferLimitBytes: 32768
+- address:
+ socketAddress:
+ address: '::'
+ portValue: 10082
+ filterChains:
+ - filters:
+ - name: envoy.filters.network.tcp_proxy
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+ cluster: tcp-route-dest
+ statPrefix: tcp-10082
+ name: tcp-route
+ maxConnectionsToAcceptPerSocketEvent: 1
+ name: tcp-listener
+ perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.routes.yaml
new file mode 100644
index 00000000000..ff93cfff360
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-preconnect.routes.yaml
@@ -0,0 +1,28 @@
+- ignorePortInHostMatching: true
+ name: first-listener
+ virtualHosts:
+ - domains:
+ - '*'
+ name: first-listener/*
+ routes:
+ - match:
+ prefix: /
+ name: first-route
+ route:
+ cluster: first-route-dest
+ upgradeConfigs:
+ - upgradeType: websocket
+- ignorePortInHostMatching: true
+ name: second-listener
+ virtualHosts:
+ - domains:
+ - '*'
+ name: second-listener/*
+ routes:
+ - match:
+ prefix: /
+ name: second-route
+ route:
+ cluster: second-route-dest
+ upgradeConfigs:
+ - upgradeType: websocket
diff --git a/release-notes/current.yaml b/release-notes/current.yaml
index e53f27a5322..f5b444e2126 100644
--- a/release-notes/current.yaml
+++ b/release-notes/current.yaml
@@ -25,6 +25,7 @@ new features: |
Added support for per-backend client TLS settings in Backend resources. This allows configuring the client certificate as well as TLS protocol parameters such as ciphers, TLS versions, and ALPN protocols on a per-backend basis.
Added support for returning 503 responses when no valid backend endpoints exist.
Added support for CSRFTokenTTL in OIDC authn to configure the lifetime of the CSRF token used during the OAuth2 authorization code flow.
+ Added support for Envoy PreconnectPolicy in BackendTrafficPolicy.
Added support for binaryData in ConfigMap referenced by HTTPRouteFilter for direct response.
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 8b7ba1e25b6..85803e5abe0 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -345,6 +345,7 @@ _Appears in:_
| Field | Type | Required | Default | Description |
| --- | --- | --- | --- | --- |
| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
+| `preconnect` | _[PreconnectPolicy](#preconnectpolicy)_ | false | | Preconnect configures proactive upstream connections to reduce latency by establishing
connections before they’re needed and avoiding connection establishment overhead.
If unset, Envoy will fetch connections as needed to serve in-flight requests. |
#### BackendEndpoint
@@ -3664,6 +3665,22 @@ _Appears in:_
| `targetSelectors` | _[TargetSelector](#targetselector) array_ | true | | TargetSelectors allow targeting resources for this policy based on labels |
+#### PreconnectPolicy
+
+
+
+Preconnect configures proactive upstream connections to avoid
+connection establishment overhead and reduce latency.
+
+_Appears in:_
+- [BackendConnection](#backendconnection)
+
+| Field | Type | Required | Default | Description |
+| --- | --- | --- | --- | --- |
+| `perEndpointPercent` | _integer_ | false | | PerEndpointPercent configures how many additional connections to maintain per
upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
percentage of the connections required by active streams
(e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
Allowed value range is between 100-300. When both PerEndpointPercent and
PredictivePercent are set, Envoy ensures both are satisfied (max of the two). |
+| `predictivePercent` | _integer_ | false | | PredictivePercent configures how many additional connections to maintain
across the cluster by anticipating which upstream endpoint the load balancer
will select next, useful for low-QPS services. Relies on deterministic
loadbalancing and is only supported with Random or RoundRobin.
Expressed as a percentage of the connections required by active streams
(e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
set Envoy ensures both are satisfied per host (max of the two). |
+
+
#### PreferLocalZone
diff --git a/test/cel-validation/backendtrafficpolicy_test.go b/test/cel-validation/backendtrafficpolicy_test.go
index 162fd324063..a6c5a0b4f7c 100644
--- a/test/cel-validation/backendtrafficpolicy_test.go
+++ b/test/cel-validation/backendtrafficpolicy_test.go
@@ -1250,6 +1250,144 @@ func TestBackendTrafficPolicyTarget(t *testing.T) {
"spec.connection.bufferLimit: Invalid value: \"1m\": spec.connection.bufferLimit in body should match '^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$', : Invalid value: \"\"",
},
},
+ {
+ desc: "valid preconnect perEndpointPercent",
+ mutate: func(btp *egv1a1.BackendTrafficPolicy) {
+ btp.Spec = egv1a1.BackendTrafficPolicySpec{
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1.LocalPolicyTargetReference{
+ Group: gwapiv1.Group("gateway.networking.k8s.io"),
+ Kind: gwapiv1.Kind("Gateway"),
+ Name: gwapiv1.ObjectName("eg"),
+ },
+ },
+ },
+ ClusterSettings: egv1a1.ClusterSettings{
+ Connection: &egv1a1.BackendConnection{
+ Preconnect: &egv1a1.PreconnectPolicy{
+ PerEndpointPercent: ptr.To(uint32(100)),
+ },
+ },
+ LoadBalancer: &egv1a1.LoadBalancer{
+ Type: egv1a1.LeastRequestLoadBalancerType,
+ },
+ },
+ }
+ },
+ wantErrors: []string{},
+ },
+ {
+ desc: "valid preconnect perEndpointPercent nil loadbalancer",
+ mutate: func(btp *egv1a1.BackendTrafficPolicy) {
+ btp.Spec = egv1a1.BackendTrafficPolicySpec{
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1.LocalPolicyTargetReference{
+ Group: gwapiv1.Group("gateway.networking.k8s.io"),
+ Kind: gwapiv1.Kind("Gateway"),
+ Name: gwapiv1.ObjectName("eg"),
+ },
+ },
+ },
+ ClusterSettings: egv1a1.ClusterSettings{
+ Connection: &egv1a1.BackendConnection{
+ Preconnect: &egv1a1.PreconnectPolicy{
+ PerEndpointPercent: ptr.To(uint32(100)),
+ },
+ },
+ },
+ }
+ },
+ wantErrors: []string{},
+ },
+ {
+ desc: "valid preconnect PredictivePercent",
+ mutate: func(btp *egv1a1.BackendTrafficPolicy) {
+ btp.Spec = egv1a1.BackendTrafficPolicySpec{
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1.LocalPolicyTargetReference{
+ Group: gwapiv1.Group("gateway.networking.k8s.io"),
+ Kind: gwapiv1.Kind("Gateway"),
+ Name: gwapiv1.ObjectName("eg"),
+ },
+ },
+ },
+ ClusterSettings: egv1a1.ClusterSettings{
+ Connection: &egv1a1.BackendConnection{
+ Preconnect: &egv1a1.PreconnectPolicy{
+ PredictivePercent: ptr.To(uint32(110)),
+ PerEndpointPercent: ptr.To(uint32(133)),
+ },
+ },
+ LoadBalancer: &egv1a1.LoadBalancer{
+ Type: egv1a1.RoundRobinLoadBalancerType,
+ },
+ },
+ }
+ },
+ wantErrors: []string{},
+ },
+ {
+ desc: "invalid preconnect policy due to loadbalancer type",
+ mutate: func(btp *egv1a1.BackendTrafficPolicy) {
+ btp.Spec = egv1a1.BackendTrafficPolicySpec{
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1.LocalPolicyTargetReference{
+ Group: gwapiv1.Group("gateway.networking.k8s.io"),
+ Kind: gwapiv1.Kind("Gateway"),
+ Name: gwapiv1.ObjectName("eg"),
+ },
+ },
+ },
+ ClusterSettings: egv1a1.ClusterSettings{
+ Connection: &egv1a1.BackendConnection{
+ Preconnect: &egv1a1.PreconnectPolicy{
+ PredictivePercent: ptr.To(uint32(133)),
+ PerEndpointPercent: ptr.To(uint32(150)),
+ },
+ },
+ LoadBalancer: &egv1a1.LoadBalancer{
+ Type: egv1a1.LeastRequestLoadBalancerType,
+ },
+ },
+ }
+ },
+ wantErrors: []string{
+ " Invalid value: \"object\": predictivePercent in preconnect policy only works with RoundRobin or Random load balancers",
+ },
+ },
+ {
+ desc: "invalid preconnect policy due to ratio values",
+ mutate: func(btp *egv1a1.BackendTrafficPolicy) {
+ btp.Spec = egv1a1.BackendTrafficPolicySpec{
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1.LocalPolicyTargetReference{
+ Group: gwapiv1.Group("gateway.networking.k8s.io"),
+ Kind: gwapiv1.Kind("Gateway"),
+ Name: gwapiv1.ObjectName("eg"),
+ },
+ },
+ },
+ ClusterSettings: egv1a1.ClusterSettings{
+ Connection: &egv1a1.BackendConnection{
+ Preconnect: &egv1a1.PreconnectPolicy{
+ PerEndpointPercent: ptr.To(uint32(305)),
+ },
+ },
+ LoadBalancer: &egv1a1.LoadBalancer{
+ Type: egv1a1.RandomLoadBalancerType,
+ },
+ },
+ }
+ },
+ wantErrors: []string{
+ "spec.connection.preconnect.perEndpointPercent: Invalid value: 305: spec.connection.preconnect.perEndpointPercent in body should be less than or equal to 300",
+ },
+ },
{
desc: "both targetref and targetrefs specified",
mutate: func(btp *egv1a1.BackendTrafficPolicy) {
diff --git a/test/helm/gateway-crds-helm/all.out.yaml b/test/helm/gateway-crds-helm/all.out.yaml
index 3e86d64a3d6..eccbac99b5c 100644
--- a/test/helm/gateway-crds-helm/all.out.yaml
+++ b/test/helm/gateway-crds-helm/all.out.yaml
@@ -21324,6 +21324,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -23398,6 +23433,12 @@ spec:
: true'
- message: either compression or compressor can be set, not both
rule: '!has(self.compression) || !has(self.compressor)'
+ - message: predictivePercent in preconnect policy only works with RoundRobin
+ or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect) &&
+ has(self.connection.preconnect.predictivePercent)) && !(has(self.loadBalancer)
+ && has(self.loadBalancer.type) && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
status:
description: status defines the current status of BackendTrafficPolicy.
properties:
@@ -25751,6 +25792,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -26508,6 +26584,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent)) &&
+ !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
failOpen:
default: false
description: |-
@@ -39267,6 +39350,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -40091,6 +40209,15 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect
+ policy only works with RoundRobin or Random
+ load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
http:
description: HTTP defines additional configuration
specific to HTTP access logs.
@@ -40422,6 +40549,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -41246,6 +41408,15 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect
+ policy only works with RoundRobin or Random
+ load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
host:
description: |-
Host define the extension service hostname.
@@ -41690,6 +41861,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -42480,6 +42686,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy
+ only works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
host:
description: |-
Host define the service hostname.
@@ -42850,6 +43063,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -43631,6 +43879,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only
+ works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
host:
description: |-
Host define the provider service hostname.
@@ -44993,6 +45248,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -45758,6 +46048,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
type: object
x-kubernetes-validations:
- message: backendRef or backendRefs needs to be set
@@ -46040,6 +46337,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -46805,6 +47137,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
headersToBackend:
description: |-
HeadersToBackend are the authorization response headers that will be added
@@ -47285,6 +47624,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -48069,6 +48443,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only
+ works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
cacheDuration:
default: 300s
description: |-
@@ -48614,6 +48995,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -49379,6 +49795,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
endSessionEndpoint:
description: |-
The OIDC Provider's [end session endpoint](https://openid.net/specs/openid-connect-core-1_0.html#RPLogout).
diff --git a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
index 1ecee620ddd..9065f74a1a0 100644
--- a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
+++ b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml
@@ -668,6 +668,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -2742,6 +2777,12 @@ spec:
: true'
- message: either compression or compressor can be set, not both
rule: '!has(self.compression) || !has(self.compressor)'
+ - message: predictivePercent in preconnect policy only works with RoundRobin
+ or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect) &&
+ has(self.connection.preconnect.predictivePercent)) && !(has(self.loadBalancer)
+ && has(self.loadBalancer.type) && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
status:
description: status defines the current status of BackendTrafficPolicy.
properties:
@@ -5095,6 +5136,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -5852,6 +5928,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent)) &&
+ !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
failOpen:
default: false
description: |-
@@ -18611,6 +18694,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -19435,6 +19553,15 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect
+ policy only works with RoundRobin or Random
+ load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
http:
description: HTTP defines additional configuration
specific to HTTP access logs.
@@ -19766,6 +19893,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -20590,6 +20752,15 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect
+ policy only works with RoundRobin or Random
+ load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'',
+ ''RoundRobin'']))'
host:
description: |-
Host define the extension service hostname.
@@ -21034,6 +21205,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -21824,6 +22030,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy
+ only works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
host:
description: |-
Host define the service hostname.
@@ -22194,6 +22407,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -22975,6 +23223,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only
+ works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
host:
description: |-
Host define the provider service hostname.
@@ -24337,6 +24592,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -25102,6 +25392,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
type: object
x-kubernetes-validations:
- message: backendRef or backendRefs needs to be set
@@ -25384,6 +25681,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -26149,6 +26481,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
headersToBackend:
description: |-
HeadersToBackend are the authorization response headers that will be added
@@ -26629,6 +26968,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -27413,6 +27787,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only
+ works with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
cacheDuration:
default: 300s
description: |-
@@ -27958,6 +28339,41 @@ spec:
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes.
x-kubernetes-int-or-string: true
+ preconnect:
+ description: |-
+ Preconnect configures proactive upstream connections to reduce latency by establishing
+ connections before they’re needed and avoiding connection establishment overhead.
+
+ If unset, Envoy will fetch connections as needed to serve in-flight requests.
+ properties:
+ perEndpointPercent:
+ description: |-
+ PerEndpointPercent configures how many additional connections to maintain per
+ upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a
+ percentage of the connections required by active streams
+ (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×).
+
+ Allowed value range is between 100-300. When both PerEndpointPercent and
+ PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
+ format: int32
+ maximum: 300
+ minimum: 100
+ type: integer
+ predictivePercent:
+ description: |-
+ PredictivePercent configures how many additional connections to maintain
+ across the cluster by anticipating which upstream endpoint the load balancer
+ will select next, useful for low-QPS services. Relies on deterministic
+ loadbalancing and is only supported with Random or RoundRobin.
+ Expressed as a percentage of the connections required by active streams
+ (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×).
+
+ Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are
+ set Envoy ensures both are satisfied per host (max of the two).
+ format: int32
+ minimum: 100
+ type: integer
+ type: object
socketBufferLimit:
allOf:
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
@@ -28723,6 +29139,13 @@ spec:
type: object
type: object
type: object
+ x-kubernetes-validations:
+ - message: predictivePercent in preconnect policy only works
+ with RoundRobin or Random load balancers
+ rule: '!((has(self.connection) && has(self.connection.preconnect)
+ && has(self.connection.preconnect.predictivePercent))
+ && !(has(self.loadBalancer) && has(self.loadBalancer.type)
+ && self.loadBalancer.type in [''Random'', ''RoundRobin'']))'
endSessionEndpoint:
description: |-
The OIDC Provider's [end session endpoint](https://openid.net/specs/openid-connect-core-1_0.html#RPLogout).