|
44 | 44 | |``ingressMTLS`` | The IngressMTLS policy configures client certificate verification. | [ingressMTLS](#ingressmtls) | No | |
45 | 45 | |``egressMTLS`` | The EgressMTLS policy configures upstreams authentication and certificate verification. | [egressMTLS](#egressmtls) | No | |
46 | 46 | |``waf`` | The WAF policy configures WAF and log configuration policies for [NGINX AppProtect]({{< ref "/nic/installation/integrations/app-protect-waf/configuration.md" >}}) | [WAF](#waf) | No | |
| 47 | +|``cache`` | The cache policy configures proxy caching for serving cached content. | [cache](#cache) | No | |
| 48 | +
|
47 | 49 | {{% /table %}} |
48 | 50 |
|
49 | 51 | \* A policy must include exactly one policy. |
@@ -740,6 +742,57 @@ policies: |
740 | 742 |
|
741 | 743 | In this example NGINX Ingress Controller will use the configuration from the first policy reference `oidc-policy-one`, and ignores `oidc-policy-two`. |
742 | 744 |
|
| 745 | +### Cache |
| 746 | + |
| 747 | +The cache policy configures proxy caching, which improves performance by storing and serving cached responses to clients without having to proxy every request to upstream servers. |
| 748 | + |
| 749 | +For example, the following policy creates a cache zone named "my-cache" with 10MB memory allocation and caches all GET response codes for 30 seconds: |
| 750 | + |
| 751 | +```yaml |
| 752 | +cache: |
| 753 | + cacheZoneName: "mycache" |
| 754 | + cacheZoneSize: "10m" |
| 755 | + allowedCodes: ["any"] |
| 756 | + allowedMethods: ["GET"] |
| 757 | + time: "30s" |
| 758 | +``` |
| 759 | + |
| 760 | +Here's an example with more specific configuration: |
| 761 | + |
| 762 | +```yaml |
| 763 | +cache: |
| 764 | + cacheZoneName: "mycache" |
| 765 | + cacheZoneSize: "100m" |
| 766 | + allowedCodes: [200, 301, 302] |
| 767 | + allowedMethods: ["GET", "POST"] |
| 768 | + time: "5m" |
| 769 | + levels: "1:2" |
| 770 | + overrideUpstreamCache: true |
| 771 | +``` |
| 772 | + |
| 773 | +{{< note >}} |
| 774 | + |
| 775 | +The feature is implemented using the NGINX [ngx_http_proxy_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path) proxy_cache_path and related directives. |
| 776 | + |
| 777 | +{{< /note >}} |
| 778 | + |
| 779 | +{{% table %}} |
| 780 | +|Field | Description | Type | Required | |
| 781 | +| --- | ---| ---| --- | |
| 782 | +| ``cacheZoneName`` | CacheZoneName defines the name of the cache zone. Must start with a lowercase letter,followed by alphanumeric characters or underscores, and end with an alphanumeric character. Single lowercase letters are also allowed. Examples: "cache", "my_cache", "cache1". | ``string`` | Yes | |
| 783 | +|``cacheZoneSize`` | CacheZoneSize defines the size of the cache zone. Must be a number followed by a size unit: 'k' for kilobytes, 'm' for megabytes, or 'g' for gigabytes. Examples: "10m", "1g", "512k". | ``string`` | Yes | |
| 784 | +|``allowedCodes`` | AllowedCodes defines which HTTP response codes should be cached. Accepts either: - The string "any" to cache all response codes (must be the only element) - A list of HTTP status codes as integers (100-599) Examples: ["any"], [200, 301, 404], [200]. Invalid: ["any", 200] (cannot mix "any" with specific codes). | ``[]IntOrString`` | No | |
| 785 | +|``time`` | The default cache time for responses. Required when allowedCodes is specified. Must be a number followed by a time unit: 's' for seconds, 'm' for minutes, 'h' for hours, 'd' for days. Examples: "30s", "5m", "1h", "2d". | ``string`` | No | |
| 786 | +|``allowedMethods`` | AllowedMethods defines which HTTP methods should be cached. Only "GET", "HEAD", and "POST" are supported by NGINX proxy_cache_methods directive. GET and HEAD are always cached by default even if not specified. Maximum of 3 items allowed. Examples: ["GET"], ["GET", "HEAD", "POST"]. Invalid methods: PUT, DELETE, PATCH, etc. | ``[]string`` | No | |
| 787 | +|``levels`` | Levels defines the cache directory hierarchy levels for storing cached files. Must be in format "X:Y" or "X:Y:Z" where X, Y, Z are either 1 or 2. This controls the number of subdirectory levels and their name lengths. Examples: "1:2", "2:2", "1:2:2". Invalid: "3:1", "1:3", "1:2:3". | ``string`` | No | |
| 788 | +|``overrideUpstreamCache`` | OverrideUpstreamCache controls whether to override upstream cache headers (using proxy_ignore_headers directive). When true, NGINX will ignore cache-related headers from upstream servers like Cache-Control, Expires etc, Default: false. | ``bool`` | No | |
| 789 | +|``cachePurgeAllow`` | CachePurgeAllow defines IP addresses or CIDR blocks allowed to purge cache. This feature is only available in NGINX Plus. Examples: ["192.168.1.100", "10.0.0.0/8", "::1"]. | ``[]string`` | No | |
| 790 | +{{% /table %}} |
| 791 | + |
| 792 | +#### Cache Merging Behavior |
| 793 | + |
| 794 | +A VirtualServer/VirtualServerRoute can reference multiple cache policies. However, only one can be applied: every subsequent reference will be ignored. |
| 795 | + |
743 | 796 | ## Using Policy |
744 | 797 |
|
745 | 798 | You can use the usual `kubectl` commands to work with Policy resources, just as with built-in Kubernetes resources. |
|
0 commit comments