feat: support upstream health checks in BackendTrafficPolicy

[AlinsRan]

Summary

Closes #402

• Add HealthCheck, ActiveHealthCheck, PassiveHealthCheck and related types to api/v1alpha1, independent of the api/v2 types used by ApisixUpstream
• Add HealthCheck *HealthCheck field to BackendTrafficPolicySpec, enabling Gateway API users to configure active and passive upstream health checks through BackendTrafficPolicy
• Implement translation from v1alpha1.HealthCheck to ADC UpstreamHealthCheck in attachBackendTrafficPolicyToUpstream
• Regenerate DeepCopy methods and CRD manifests

Changes

• api/v1alpha1/backendtrafficpolicy_types.go — new HealthCheck field + 7 new types
• api/v1alpha1/zz_generated.deepcopy.go — regenerated DeepCopy
• internal/adc/translator/policies.go — health check translation logic (translateBTPHealthCheck, translateBTPActiveHealthCheck, translateBTPPassiveHealthCheck)
• internal/adc/translator/httproute_test.go — unit tests for health check translation
• test/e2e/crds/v1alpha1/backendtrafficpolicy.go — e2e tests for health check lifecycle
• config/crd/bases/apisix.apache.org_backendtrafficpolicies.yaml — updated CRD schema

Usage Examples

Active health check only

Proactively probe /healthz every second. A node is marked healthy after 2 consecutive 200 responses, unhealthy after 3 consecutive 5xx responses.

apiVersion: apisix.apache.org/v1alpha1
kind: BackendTrafficPolicy
metadata:
  name: my-backend-policy
  namespace: default
spec:
  targetRefs:
  - name: my-service
    kind: Service
    group: ""
  healthCheck:
    active:
      type: http
      httpPath: /healthz
      healthy:
        httpCodes: [200]
        successes: 2
        interval: 1s
      unhealthy:
        httpCodes: [500, 502, 503]
        httpFailures: 3
        interval: 1s

Active and passive health checks

Use active probes for periodic detection, and passive checks to react immediately to failures observed in live traffic.

apiVersion: apisix.apache.org/v1alpha1
kind: BackendTrafficPolicy
metadata:
  name: my-backend-policy
  namespace: default
spec:
  targetRefs:
  - name: my-service
    kind: Service
    group: ""
  healthCheck:
    active:
      type: http
      httpPath: /healthz
      concurrency: 10
      healthy:
        httpCodes: [200]
        successes: 2
        interval: 5s
      unhealthy:
        httpCodes: [500, 502, 503]
        httpFailures: 3
        interval: 2s
    passive:
      type: http
      healthy:
        httpCodes: [200, 201, 204]
        successes: 3
      unhealthy:
        httpCodes: [500, 502, 503]
        httpFailures: 5
        tcpFailures: 2

HTTPS backend with strict TLS

For HTTPS upstream backends, enable strict TLS certificate validation on health check probes.

apiVersion: apisix.apache.org/v1alpha1
kind: BackendTrafficPolicy
metadata:
  name: my-backend-policy
  namespace: default
spec:
  targetRefs:
  - name: my-service
    kind: Service
    group: ""
  scheme: https
  healthCheck:
    active:
      type: https
      httpPath: /health
      strictTLS: true
      healthy:
        httpCodes: [200]
        interval: 10s
      unhealthy:
        httpCodes: [500, 503]
        httpFailures: 2
        interval: 5s

Test Plan

• Unit tests: TestAttachBackendTrafficPolicyHealthCheck covers nil, active-only, passive+active, and strictTLS=false cases
• E2e tests: active-only, active+passive, and policy deletion (health check removed) scenarios
• go build ./... passes
• go test ./... (unit tests) passes

Summary by CodeRabbit

• New Features

  • Added upstream backend health checks: active probes and passive traffic-based monitoring with configurable thresholds, intervals, HTTP codes, timeouts, ports/paths, request headers and TLS verification.

• Documentation

  • API reference updated to document health-check configuration for BackendTrafficPolicy.

• Tests

  • New unit and end-to-end tests validating health-check behavior, presence on dataplane upstreams, and removal after policy deletion.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR extends BackendTrafficPolicy with upstream health check capabilities by adding API types (active/passive checks and thresholds), updating the CRD schema, generating deepcopy methods, translating policy fields into ADC upstream checks, adding unit and e2e tests, and updating docs.

Changes

Upstream Health Check Support for BackendTrafficPolicy

Layer / File(s)	Summary
API Type Definitions api/v1alpha1/backendtrafficpolicy_types.go	BackendTrafficPolicySpec gains optional HealthCheck field. New types define active/passive health check configurations with probe settings (type, timeout, concurrency, host, port, path, headers, TLS), and threshold structures for healthy/unhealthy state transitions (intervals, success/failure counts, HTTP codes, TCP failures, timeouts).
CRD Schema Validation config/crd/bases/apisix.apache.org_backendtrafficpolicies.yaml	spec.healthCheck schema added with active (required) and passive (optional) objects. Active probe defines concurrency, host/port/path, request headers, strict TLS, timeout, and type. Both modes specify healthy/unhealthy thresholds with HTTP codes, success/failure counters, TCP failures, and timeouts.
Generated Deep Copy Methods api/v1alpha1/zz_generated.deepcopy.go	DeepCopyInto and DeepCopy methods generated for HealthCheck, ActiveHealthCheck, PassiveHealthCheck, and threshold types. BackendTrafficPolicySpec updated to deep-copy the new HealthCheck pointer field with proper nested struct and slice handling.
Health Check Translator internal/adc/translator/policies.go	attachBackendTrafficPolicyToUpstream populates upstream.Checks when health check is configured. Helper functions translateBTPHealthCheck, translateBTPActiveHealthCheck, and translateBTPPassiveHealthCheck map policy config to adctypes.UpstreamHealthCheck, defaulting check type to "http" and converting durations, headers, and TLS behavior.
Unit Tests internal/adc/translator/httproute_test.go	New TestAttachBackendTrafficPolicyHealthCheck validates health check attachment with test cases for nil checks, full active configuration with strict TLS and headers, strictTLS=false override, and combined active+passive checks; asserts upstream.Checks population matches expected structures.
E2E Tests test/e2e/crds/v1alpha1/backendtrafficpolicy.go	Adds shared gateway setup helper and health-check e2e tests that apply policies, send traffic to register upstreams, assert dataplane upstream health-check configuration, and verify removal after policy deletion.

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• api7/api7-ingress-controller#396: touches active upstream health-check TLS verification mapping used by this PR.

Suggested reviewers

• Baoyuantop

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error)

Check name	Status	Explanation	Resolution
Security Check	❌ Error	RequestHeaders field allows storing credentials (Authorization, API keys) in plain YAML without validation or redaction mechanisms.	Add validation to reject sensitive header patterns or implement header redaction methods. Document that RequestHeaders should not contain secrets. Consider Secret references for sensitive values.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding upstream health check support to BackendTrafficPolicy.
Linked Issues check	✅ Passed	All coding requirements from issue #402 are met: health check types added to BackendTrafficPolicy API, translation logic implemented, tests added, and CRD manifest updated.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to health check support in BackendTrafficPolicy with appropriate API, translation, test, CRD, and documentation updates.
E2e Test Quality Review	✅ Passed	E2E tests verify health checks on real APISIX dataplane. Tests independent, readable, cover key scenarios. All blocking criteria met: error handling correct, scope valid, no concurrency issues.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/backendtrafficpolicy-healthcheck

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adds upstream health check configuration support to BackendTrafficPolicy (v1alpha1) so Gateway API users can configure APISIX active/passive upstream health checks through policy attachment during translation to ADC upstreams.

Changes:

• Introduces HealthCheck (active/passive) types and a HealthCheck field on BackendTrafficPolicySpec (v1alpha1).
• Adds translation logic to map v1alpha1.HealthCheck into ADC UpstreamHealthCheck when attaching BackendTrafficPolicy to an upstream.
• Adds unit coverage for health check translation and updates generated DeepCopy + CRD schema.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
internal/adc/translator/policies.go	Adds BTP → ADC upstream health check translation and attaches it to upstreams.
internal/adc/translator/httproute_test.go	Adds unit tests for BTP health check translation (active/passive + strictTLS).
api/v1alpha1/backendtrafficpolicy_types.go	Adds new v1alpha1 health check API types and spec.healthCheck.
api/v1alpha1/zz_generated.deepcopy.go	Regenerates DeepCopy methods for the new v1alpha1 types.
config/crd/bases/apisix.apache.org_backendtrafficpolicies.yaml	Updates CRD OpenAPI schema for the new healthCheck fields.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@api/v1alpha1/backendtrafficpolicy_types.go`:
- Line 265: The struct field Timeouts in backendtrafficpolicy_types.go has a
mismatched JSON tag (json:"timeout,omitempty"); change the tag to
json:"timeouts,omitempty" so the field and serialized name align (i.e., keep the
field name Timeouts and update its tag), then run code generation to update CRD
manifests and deepcopy code (make generate).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 23738847-ed1e-4850-8bbe-9e4f44fa97ac

📥 Commits

Reviewing files that changed from the base of the PR and between 0283a04 and 8550ca0.

📒 Files selected for processing (5)

• api/v1alpha1/backendtrafficpolicy_types.go
• api/v1alpha1/zz_generated.deepcopy.go
• config/crd/bases/apisix.apache.org_backendtrafficpolicies.yaml
• internal/adc/translator/httproute_test.go
• internal/adc/translator/policies.go

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

test/e2e/crds/v1alpha1/backendtrafficpolicy.go (1)

66-76: ⚡ Quick win

Replace fixed sleeps with condition-based waiting.

The hard-coded time.Sleep calls make these e2e specs slow and flaky under variable reconciliation timing. Prefer polling assertions with bounded timeout/interval until the expected state is observed.

Also applies to: 235-236, 271-272, 310-311, 327-327

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/crds/v1alpha1/backendtrafficpolicy.go` around lines 66 - 76, Replace
the fixed time.Sleep calls after resource creation with condition-based polling:
after calling s.CreateResourceFromString(...) for the GatewayClass (using
s.GetGatewayClassYaml()) and for the Gateway (using s.GetGatewayYaml()), remove
the time.Sleep(5 * time.Second) and instead wait until the created resource
reaches the expected reconciliation state using a polling assertion (e.g.,
Eventually/Wait with a bounded timeout/interval) that checks the resource
readiness/observed status via the test harness helper (or implement a small
s.WaitForResourceCondition/Get and assert the expected condition); apply the
same replacement for the other occurrences noted (around lines 235-236, 271-272,
310-311, 327) so tests poll for the actual ready state instead of sleeping.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e/crds/v1alpha1/backendtrafficpolicy.go`:
- Around line 241-247: The loop picks the first upstream with Checks != nil
(using ups and target of type adctypes.Upstream) which may be for a different
backend; change the selection to find the upstream that belongs to the
deterministic backend (e.g. match the upstream identity to
"httpbin-service-e2e-test" by checking the upstream’s owner/target/service name
field) and only set/assert against that matching upstream (target). Apply the
same scoped match (instead of the any-upstream check) in the other two test
locations mentioned so each assertion operates on the upstream that actually
belongs to the intended backend.

---

Nitpick comments:
In `@test/e2e/crds/v1alpha1/backendtrafficpolicy.go`:
- Around line 66-76: Replace the fixed time.Sleep calls after resource creation
with condition-based polling: after calling s.CreateResourceFromString(...) for
the GatewayClass (using s.GetGatewayClassYaml()) and for the Gateway (using
s.GetGatewayYaml()), remove the time.Sleep(5 * time.Second) and instead wait
until the created resource reaches the expected reconciliation state using a
polling assertion (e.g., Eventually/Wait with a bounded timeout/interval) that
checks the resource readiness/observed status via the test harness helper (or
implement a small s.WaitForResourceCondition/Get and assert the expected
condition); apply the same replacement for the other occurrences noted (around
lines 235-236, 271-272, 310-311, 327) so tests poll for the actual ready state
instead of sleeping.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 629a0dc7-9c53-4fd7-be46-500a27672a13

📥 Commits

Reviewing files that changed from the base of the PR and between 8550ca0 and 752ff61.

📒 Files selected for processing (1)

• test/e2e/crds/v1alpha1/backendtrafficpolicy.go

[github-actions]

conformance test report - apisix mode

apiVersion: gateway.networking.k8s.io/v1
date: "2026-05-14T06:16:29Z"
gatewayAPIChannel: experimental
gatewayAPIVersion: v1.3.0
implementation:
  contact: null
  organization: APISIX
  project: apisix-ingress-controller
  url: https://github.com/apache/apisix-ingress-controller.git
  version: v2.0.0
kind: ConformanceReport
mode: default
profiles:
- core:
    result: success
    statistics:
      Failed: 0
      Passed: 12
      Skipped: 0
  name: GATEWAY-GRPC
  summary: Core tests succeeded.
- core:
    failedTests:
    - HTTPRouteInvalidBackendRefUnknownKind
    result: failure
    skippedTests:
    - HTTPRouteHTTPSListener
    statistics:
      Failed: 1
      Passed: 31
      Skipped: 1
  extended:
    result: partial
    skippedTests:
    - HTTPRouteRedirectPortAndScheme
    statistics:
      Failed: 0
      Passed: 11
      Skipped: 1
    supportedFeatures:
    - GatewayAddressEmpty
    - GatewayPort8080
    - HTTPRouteBackendProtocolWebSocket
    - HTTPRouteDestinationPortMatching
    - HTTPRouteHostRewrite
    - HTTPRouteMethodMatching
    - HTTPRoutePathRewrite
    - HTTPRoutePortRedirect
    - HTTPRouteQueryParamMatching
    - HTTPRouteRequestMirror
    - HTTPRouteResponseHeaderModification
    - HTTPRouteSchemeRedirect
    unsupportedFeatures:
    - GatewayHTTPListenerIsolation
    - GatewayInfrastructurePropagation
    - GatewayStaticAddresses
    - HTTPRouteBackendProtocolH2C
    - HTTPRouteBackendRequestHeaderModification
    - HTTPRouteBackendTimeout
    - HTTPRouteParentRefPort
    - HTTPRoutePathRedirect
    - HTTPRouteRequestMultipleMirrors
    - HTTPRouteRequestPercentageMirror
    - HTTPRouteRequestTimeout
  name: GATEWAY-HTTP
  summary: Core tests failed with 1 test failures. Extended tests partially succeeded
    with 1 test skips.
- core:
    result: partial
    skippedTests:
    - TLSRouteSimpleSameNamespace
    statistics:
      Failed: 0
      Passed: 10
      Skipped: 1
  name: GATEWAY-TLS
  summary: Core tests partially succeeded with 1 test skips.

[github-actions]

conformance test report - apisix-standalone mode

apiVersion: gateway.networking.k8s.io/v1
date: "2026-05-14T06:16:24Z"
gatewayAPIChannel: experimental
gatewayAPIVersion: v1.3.0
implementation:
  contact: null
  organization: APISIX
  project: apisix-ingress-controller
  url: https://github.com/apache/apisix-ingress-controller.git
  version: v2.0.0
kind: ConformanceReport
mode: default
profiles:
- core:
    result: partial
    skippedTests:
    - TLSRouteSimpleSameNamespace
    statistics:
      Failed: 0
      Passed: 10
      Skipped: 1
  name: GATEWAY-TLS
  summary: Core tests partially succeeded with 1 test skips.
- core:
    result: success
    statistics:
      Failed: 0
      Passed: 12
      Skipped: 0
  name: GATEWAY-GRPC
  summary: Core tests succeeded.
- core:
    result: partial
    skippedTests:
    - HTTPRouteHTTPSListener
    statistics:
      Failed: 0
      Passed: 32
      Skipped: 1
  extended:
    result: partial
    skippedTests:
    - HTTPRouteRedirectPortAndScheme
    statistics:
      Failed: 0
      Passed: 11
      Skipped: 1
    supportedFeatures:
    - GatewayAddressEmpty
    - GatewayPort8080
    - HTTPRouteBackendProtocolWebSocket
    - HTTPRouteDestinationPortMatching
    - HTTPRouteHostRewrite
    - HTTPRouteMethodMatching
    - HTTPRoutePathRewrite
    - HTTPRoutePortRedirect
    - HTTPRouteQueryParamMatching
    - HTTPRouteRequestMirror
    - HTTPRouteResponseHeaderModification
    - HTTPRouteSchemeRedirect
    unsupportedFeatures:
    - GatewayHTTPListenerIsolation
    - GatewayInfrastructurePropagation
    - GatewayStaticAddresses
    - HTTPRouteBackendProtocolH2C
    - HTTPRouteBackendRequestHeaderModification
    - HTTPRouteBackendTimeout
    - HTTPRouteParentRefPort
    - HTTPRoutePathRedirect
    - HTTPRouteRequestMultipleMirrors
    - HTTPRouteRequestPercentageMirror
    - HTTPRouteRequestTimeout
  name: GATEWAY-HTTP
  summary: Core tests partially succeeded with 1 test skips. Extended tests partially
    succeeded with 1 test skips.

[github-actions]

conformance test report

apiVersion: gateway.networking.k8s.io/v1
date: "2026-05-14T06:38:54Z"
gatewayAPIChannel: experimental
gatewayAPIVersion: v1.3.0
implementation:
  contact: null
  organization: APISIX
  project: apisix-ingress-controller
  url: https://github.com/apache/apisix-ingress-controller.git
  version: v2.0.0
kind: ConformanceReport
mode: default
profiles:
- core:
    failedTests:
    - GRPCExactMethodMatching
    - GRPCRouteHeaderMatching
    - GRPCRouteListenerHostnameMatching
    - GatewayModifyListeners
    result: failure
    statistics:
      Failed: 4
      Passed: 8
      Skipped: 0
  name: GATEWAY-GRPC
  summary: Core tests failed with 4 test failures.
- core:
    failedTests:
    - GatewayModifyListeners
    result: failure
    skippedTests:
    - HTTPRouteHTTPSListener
    statistics:
      Failed: 1
      Passed: 31
      Skipped: 1
  extended:
    result: partial
    skippedTests:
    - HTTPRouteRedirectPortAndScheme
    statistics:
      Failed: 0
      Passed: 11
      Skipped: 1
    supportedFeatures:
    - GatewayAddressEmpty
    - GatewayPort8080
    - HTTPRouteBackendProtocolWebSocket
    - HTTPRouteDestinationPortMatching
    - HTTPRouteHostRewrite
    - HTTPRouteMethodMatching
    - HTTPRoutePathRewrite
    - HTTPRoutePortRedirect
    - HTTPRouteQueryParamMatching
    - HTTPRouteRequestMirror
    - HTTPRouteResponseHeaderModification
    - HTTPRouteSchemeRedirect
    unsupportedFeatures:
    - GatewayHTTPListenerIsolation
    - GatewayInfrastructurePropagation
    - GatewayStaticAddresses
    - HTTPRouteBackendProtocolH2C
    - HTTPRouteBackendRequestHeaderModification
    - HTTPRouteBackendTimeout
    - HTTPRouteParentRefPort
    - HTTPRoutePathRedirect
    - HTTPRouteRequestMultipleMirrors
    - HTTPRouteRequestPercentageMirror
    - HTTPRouteRequestTimeout
  name: GATEWAY-HTTP
  summary: Core tests failed with 1 test failures. Extended tests partially succeeded
    with 1 test skips.
- core:
    failedTests:
    - GatewayModifyListeners
    - TLSRouteSimpleSameNamespace
    result: failure
    statistics:
      Failed: 2
      Passed: 9
      Skipped: 0
  name: GATEWAY-TLS
  summary: Core tests failed with 2 test failures.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/e2e/crds/v1alpha1/backendtrafficpolicy.go`:
- Around line 331-337: The test currently loops over ups returned by
s.DefaultDataplaneResource().Upstream().List and asserts checks are nil only for
matching names, but if no upstream matches the assertion is never executed; add
a sentinel (e.g., found or matchCount) initialized before the loop, set it
true/increment when strings.Contains(u.Name, "httpbin-service-e2e-test") and
still run Expect(u.Checks).To(BeNil()) inside that branch, then after the loop
add Expect(found).To(BeTrue(), "expected at least one upstream matching
'httpbin-service-e2e-test' to validate deletion") so the test fails when the
target upstream is missing.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 203c29f9-428b-4867-b084-cba98b03feb6

📥 Commits

Reviewing files that changed from the base of the PR and between 752ff61 and 84c72fd.

📒 Files selected for processing (5)

• api/v1alpha1/backendtrafficpolicy_types.go
• config/crd/bases/apisix.apache.org_backendtrafficpolicies.yaml
• docs/en/latest/reference/api-reference.md
• internal/adc/translator/policies.go
• test/e2e/crds/v1alpha1/backendtrafficpolicy.go

✅ Files skipped from review due to trivial changes (1)

• docs/en/latest/reference/api-reference.md

🚧 Files skipped from review as they are similar to previous changes (2)

• internal/adc/translator/policies.go
• config/crd/bases/apisix.apache.org_backendtrafficpolicies.yaml

[Copilot]

Pull request overview

Copilot reviewed 6 out of 7 changed files in this pull request and generated 3 comments.

Files not reviewed (1)

• api/v1alpha1/zz_generated.deepcopy.go: Language not supported

Comments suppressed due to low confidence (1)

api/v1alpha1/backendtrafficpolicy_types.go:216

• The interval fields accept any Duration, but translation rounds down to whole seconds and coerces anything < 1s up to 1s. Consider adding CRD validation to constrain intervals to whole seconds and enforce the documented minimum (1s) to avoid surprising truncation/coercion (apply to both healthy and unhealthy intervals).

	// Interval defines the time between health check probes.
	// Minimum is 1s.
	Interval metav1.Duration `json:"interval,omitempty" yaml:"interval,omitempty"`

[Copilot]

Pull request overview

Copilot reviewed 6 out of 7 changed files in this pull request and generated no new comments.

Files not reviewed (1)

• api/v1alpha1/zz_generated.deepcopy.go: Language not supported

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

internal/adc/translator/policies.go (1)

20-171: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Run gofmt on this file before merge.

Line 20 onward is part of a file currently failing CI formatting checks (gofmt -l reports internal/adc/translator/policies.go). Please run:

gofmt -w internal/adc/translator/policies.go

and commit the result.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/adc/translator/policies.go` around lines 20 - 171, The file
internal/adc/translator/policies.go is failing gofmt; run gofmt -w on the file
and commit the result so formatting passes CI. Locate the file around the
functions such as convertBackendRef, AttachBackendTrafficPolicyToUpstream,
attachBackendTrafficPolicyToUpstream and the translateBTP* helpers, run: gofmt
-w internal/adc/translator/policies.go (or use your editor's Go formatting),
verify no changes in logic were made, then add/commit the formatted file.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@internal/adc/translator/policies.go`:
- Around line 20-171: The file internal/adc/translator/policies.go is failing
gofmt; run gofmt -w on the file and commit the result so formatting passes CI.
Locate the file around the functions such as convertBackendRef,
AttachBackendTrafficPolicyToUpstream, attachBackendTrafficPolicyToUpstream and
the translateBTP* helpers, run: gofmt -w internal/adc/translator/policies.go (or
use your editor's Go formatting), verify no changes in logic were made, then
add/commit the formatted file.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7c89c923-3e25-405b-87e4-802f1ca8d79e

📥 Commits

Reviewing files that changed from the base of the PR and between ead701c and 9e34b0a.

📒 Files selected for processing (2)

• internal/adc/translator/policies.go
• test/e2e/crds/v1alpha1/backendtrafficpolicy.go

🚧 Files skipped from review as they are similar to previous changes (1)

• test/e2e/crds/v1alpha1/backendtrafficpolicy.go

[Copilot]

Pull request overview

Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.

Files not reviewed (1)

• api/v1alpha1/zz_generated.deepcopy.go: Language not supported