diff --git a/.gitignore b/.gitignore index d2e7d33e2..3615727c6 100644 --- a/.gitignore +++ b/.gitignore @@ -54,3 +54,7 @@ internal/mode/static/nginx/modules/coverage # SSH config files *.ssh + +# temporary files used for manifest generation +config/base/deploy.yaml +config/base/deploy.yaml.bak diff --git a/.goreleaser.yml b/.goreleaser.yml index 56c5fa951..4d6c2e575 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -62,10 +62,3 @@ milestones: snapshot: name_template: "edge" - -release: - extra_files: - - glob: ./deploy/manifests/nginx-gateway.yaml - - glob: ./deploy/manifests/nginx-plus-gateway.yaml - - glob: ./deploy/manifests/nginx-gateway-experimental.yaml - - glob: ./deploy/manifests/nginx-plus-gateway-experimental.yaml diff --git a/.yamllint.yaml b/.yamllint.yaml index b0e6d6d7d..28fd5a76a 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -29,8 +29,6 @@ rules: spaces: consistent indent-sequences: consistent check-multi-line-strings: true - ignore: | - deploy/manifests/nginx-gateway.yaml key-duplicates: enable key-ordering: disable line-length: @@ -39,7 +37,6 @@ rules: allow-non-breakable-inline-mappings: true ignore: | .github/ - deploy/manifests/nginx-gateway.yaml tests/suite/manifests/longevity/cronjob.yaml .goreleaser.yml new-line-at-end-of-file: enable diff --git a/Makefile b/Makefile index e2009f87e..231f2af93 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,6 @@ # variables that should not be overridden by the user VERSION = edge SELF_DIR := $(dir $(lastword $(MAKEFILE_LIST))) -MANIFEST_DIR = $(CURDIR)/deploy/manifests CHART_DIR = $(SELF_DIR)charts/nginx-gateway-fabric NGINX_CONF_DIR = internal/mode/static/nginx/conf NJS_DIR = internal/mode/static/nginx/modules/src @@ -36,8 +35,6 @@ TARGET ?= local## The target of the build. Possible values: local and container OUT_DIR ?= build/out## The folder where the binary will be stored GOARCH ?= amd64## The architecture of the image and/or binary. For example: amd64 or arm64 GOOS ?= linux## The OS of the image and/or binary. For example: linux or darwin -override HELM_TEMPLATE_COMMON_ARGS += --set creator=template --set nameOverride=nginx-gateway## The common options for the Helm template command. -override HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE += --set service.create=false## The options to be passed to the full Helm templating command only. override NGINX_DOCKER_BUILD_OPTIONS += --build-arg NJS_DIR=$(NJS_DIR) --build-arg NGINX_CONF_DIR=$(NGINX_CONF_DIR) --build-arg BUILD_AGENT=$(BUILD_AGENT) .DEFAULT_GOAL := help @@ -124,15 +121,7 @@ uninstall-gateway-crds: ## Uninstall Gateway API CRDs .PHONY: generate-manifests generate-manifests: ## Generate manifests using Helm. - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-gateway.yaml - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginx.plus=true --set nginx.image.repository=$(NGINX_PLUS_PREFIX) -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-plus-gateway.yaml - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginxGateway.gwAPIExperimentalFeatures.enable=true -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-gateway-experimental.yaml - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginxGateway.gwAPIExperimentalFeatures.enable=true --set nginx.plus=true --set nginx.image.repository=$(NGINX_PLUS_PREFIX) -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-plus-gateway-experimental.yaml - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set metrics.enable=false --set nginxGateway.productTelemetry.enable=false -n nginx-gateway -s templates/deployment.yaml > config/tests/static-deployment.yaml - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/loadbalancer.yaml - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set service.annotations.'service\.beta\.kubernetes\.io\/aws-load-balancer-type'="nlb" -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/loadbalancer-aws-nlb.yaml - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set service.type=NodePort --set service.externalTrafficPolicy="" -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/nodeport.yaml - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) -n nginx-gateway --api-versions security.openshift.io/v1/SecurityContextConstraints -s templates/scc.yaml > $(strip $(MANIFEST_DIR))/scc.yaml + ./scripts/generate-manifests.sh generate-api-docs: ## Generate API docs go run github.com/ahmetb/gen-crd-api-reference-docs -config site/config/api/config.json -template-dir site/config/api -out-file site/content/reference/api.md -api-dir "github.com/nginxinc/nginx-gateway-fabric/apis" diff --git a/charts/nginx-gateway-fabric/templates/_helpers.tpl b/charts/nginx-gateway-fabric/templates/_helpers.tpl index 90b0698e5..65b6c5e6f 100644 --- a/charts/nginx-gateway-fabric/templates/_helpers.tpl +++ b/charts/nginx-gateway-fabric/templates/_helpers.tpl @@ -58,14 +58,12 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "nginx-gateway.labels" -}} +helm.sh/chart: {{ include "nginx-gateway.chart" . }} {{ include "nginx-gateway.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} -{{- if eq (default "helm" .Values.creator) "helm" }} app.kubernetes.io/managed-by: {{ .Release.Service }} -helm.sh/chart: {{ include "nginx-gateway.chart" . }} -{{- end -}} {{- end }} {{/* diff --git a/charts/nginx-gateway-fabric/templates/rbac.yaml b/charts/nginx-gateway-fabric/templates/clusterrole.yaml similarity index 68% rename from charts/nginx-gateway-fabric/templates/rbac.yaml rename to charts/nginx-gateway-fabric/templates/clusterrole.yaml index 330d89b0e..01785c282 100644 --- a/charts/nginx-gateway-fabric/templates/rbac.yaml +++ b/charts/nginx-gateway-fabric/templates/clusterrole.yaml @@ -1,24 +1,3 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "nginx-gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "nginx-gateway.labels" . | nindent 4 }} - annotations: - {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} -{{- if or .Values.serviceAccount.imagePullSecret .Values.serviceAccount.imagePullSecrets }} -imagePullSecrets: - {{- if .Values.serviceAccount.imagePullSecret }} - - name: {{ .Values.serviceAccount.imagePullSecret }} - {{- end }} - {{- if .Values.serviceAccount.imagePullSecrets }} - {{- range .Values.serviceAccount.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end }} ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -161,18 +140,3 @@ rules: verbs: - use {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "nginx-gateway.fullname" . }} - labels: - {{- include "nginx-gateway.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "nginx-gateway.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "nginx-gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/nginx-gateway-fabric/templates/clusterrolebinding.yaml b/charts/nginx-gateway-fabric/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..4a0d4321b --- /dev/null +++ b/charts/nginx-gateway-fabric/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "nginx-gateway.fullname" . }} + labels: + {{- include "nginx-gateway.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "nginx-gateway.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "nginx-gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/nginx-gateway-fabric/templates/deployment.yaml b/charts/nginx-gateway-fabric/templates/deployment.yaml index 1dabe35a1..107c25899 100644 --- a/charts/nginx-gateway-fabric/templates/deployment.yaml +++ b/charts/nginx-gateway-fabric/templates/deployment.yaml @@ -88,7 +88,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - image: {{ .Values.nginxGateway.image.repository }}:{{ .Values.nginxGateway.image.tag | default .Chart.AppVersion }} + image: {{ .Values.nginxGateway.image.repository }}:{{ default .Chart.AppVersion .Values.nginxGateway.image.tag }} imagePullPolicy: {{ .Values.nginxGateway.image.pullPolicy }} name: nginx-gateway {{- if .Values.nginxGateway.lifecycle }} diff --git a/charts/nginx-gateway-fabric/templates/serviceaccount.yaml b/charts/nginx-gateway-fabric/templates/serviceaccount.yaml new file mode 100644 index 000000000..069a2066b --- /dev/null +++ b/charts/nginx-gateway-fabric/templates/serviceaccount.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "nginx-gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-gateway.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- if or .Values.serviceAccount.imagePullSecret .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: + {{- if .Values.serviceAccount.imagePullSecret }} + - name: {{ .Values.serviceAccount.imagePullSecret }} + {{- end }} + {{- if .Values.serviceAccount.imagePullSecrets }} + {{- range .Values.serviceAccount.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end }} diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml new file mode 100644 index 000000000..f3639e372 --- /dev/null +++ b/config/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deploy.yaml +- namespace.yaml diff --git a/deploy/manifests/namespace.yaml b/config/base/namespace.yaml similarity index 100% rename from deploy/manifests/namespace.yaml rename to config/base/namespace.yaml diff --git a/deploy/README.md b/deploy/README.md new file mode 100644 index 000000000..ade7d43ff --- /dev/null +++ b/deploy/README.md @@ -0,0 +1,15 @@ +# Deployment manifests + +This directory contains the Kubernetes manifests for deploying NGINX Gateway Fabric in a Kubernetes cluster. They are generated from the Helm Chart [examples](../examples/helm/). + +They are a single file deployment manifest that can be applied to a Kubernetes cluster using `kubectl apply -f `. You should have the Gateway API CRDs and the NGINX Gateway Fabric CRDs deployed before applying these manifests. +The NGINX Gateway Fabric CRDs can be found in this directory as a single file deployment manifest [crds.yaml](./crds.yaml). + +To deploy the manifests using a different registry or tag, you can modify the `kustomization.yaml` file with the desired values and +use the following command to apply the manifests: + +```shell +kubectl kustomize | kubectl apply -f - +``` + +For more information on how to deploy NGINX Gateway Fabric and the Gateway API CRDs see the [installation guide](https://docs.nginx.com/nginx-gateway-fabric/installation/installing-ngf/manifests/). diff --git a/deploy/aws-nlb/deploy.yaml b/deploy/aws-nlb/deploy.yaml new file mode 100644 index 000000000..00839c039 --- /dev/null +++ b/deploy/aws-nlb/deploy.yaml @@ -0,0 +1,331 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-type: external + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:edge + imagePullPolicy: Always + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge + imagePullPolicy: Always + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: module-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/azure/deploy.yaml b/deploy/azure/deploy.yaml new file mode 100644 index 000000000..5cfbec8b6 --- /dev/null +++ b/deploy/azure/deploy.yaml @@ -0,0 +1,330 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:edge + imagePullPolicy: Always + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge + imagePullPolicy: Always + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: module-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/manifests/nginx-plus-gateway.yaml b/deploy/default/deploy.yaml similarity index 73% rename from deploy/manifests/nginx-plus-gateway.yaml rename to deploy/default/deploy.yaml index 8e6fd9462..734744319 100644 --- a/deploy/manifests/nginx-plus-gateway.yaml +++ b/deploy/default/deploy.yaml @@ -3,28 +3,24 @@ kind: Namespace metadata: name: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: nginx-gateway - namespace: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" - annotations: - {} + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway rules: - apiGroups: - "" @@ -48,12 +44,6 @@ rules: - replicasets verbs: - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - list - apiGroups: - "" resources: @@ -135,15 +125,14 @@ rules: - list - watch --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -153,30 +142,54 @@ subjects: name: nginx-gateway namespace: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment +apiVersion: v1 +kind: Service metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge name: nginx-gateway namespace: nginx-gateway - labels: +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway template: metadata: - labels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway annotations: - prometheus.io/scrape: "true" prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway spec: containers: - args: @@ -185,7 +198,6 @@ spec: - --gatewayclass=nginx - --config=nginx-gateway-config - --service=nginx-gateway - - --nginx-plus - --metrics-port=9113 - --health-port=8081 - --leader-election-lock-name=nginx-gateway-leader-election @@ -206,10 +218,10 @@ spec: imagePullPolicy: Always name: nginx-gateway ports: - - name: metrics - containerPort: 9113 - - name: health - containerPort: 8081 + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health readinessProbe: httpGet: path: /readyz @@ -217,8 +229,6 @@ spec: initialDelaySeconds: 3 periodSeconds: 1 securityContext: - seccompProfile: - type: RuntimeDefault allowPrivilegeEscalation: false capabilities: add: @@ -226,20 +236,22 @@ spec: drop: - ALL readOnlyRootFilesystem: true - runAsUser: 102 runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: module-includes - mountPath: /etc/nginx/module-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes - - image: nginx-gateway-fabric/nginx-plus:edge + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge imagePullPolicy: Always name: nginx ports: @@ -248,71 +260,69 @@ spec: - containerPort: 443 name: https securityContext: - seccompProfile: - type: RuntimeDefault capabilities: add: - NET_BIND_SERVICE drop: - ALL readOnlyRootFilesystem: true - runAsUser: 101 runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: module-includes - mountPath: /etc/nginx/module-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-cache - mountPath: /var/cache/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes - terminationGracePeriodSeconds: 30 - serviceAccountName: nginx-gateway - shareProcessNamespace: true + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes securityContext: fsGroup: 1001 runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 volumes: - - name: nginx-conf - emptyDir: {} - - name: module-includes - emptyDir: {} - - name: nginx-secrets - emptyDir: {} - - name: nginx-run - emptyDir: {} - - name: nginx-cache - emptyDir: {} - - name: nginx-includes - emptyDir: {} + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: module-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes --- -# Source: nginx-gateway-fabric/templates/gatewayclass.yaml apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: - name: nginx labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx spec: controllerName: gateway.nginx.org/nginx-gateway-controller --- -# Source: nginx-gateway-fabric/templates/nginxgateway.yaml apiVersion: gateway.nginx.org/v1alpha1 kind: NginxGateway metadata: - name: nginx-gateway-config - namespace: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway-config + namespace: nginx-gateway spec: logging: level: info diff --git a/deploy/manifests/nginx-plus-gateway-experimental.yaml b/deploy/experimental-nginx-plus/deploy.yaml similarity index 73% rename from deploy/manifests/nginx-plus-gateway-experimental.yaml rename to deploy/experimental-nginx-plus/deploy.yaml index f69009261..2a850aa19 100644 --- a/deploy/manifests/nginx-plus-gateway-experimental.yaml +++ b/deploy/experimental-nginx-plus/deploy.yaml @@ -3,28 +3,26 @@ kind: Namespace metadata: name: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: v1 +imagePullSecrets: +- name: nginx-plus-registry-secret kind: ServiceAccount metadata: - name: nginx-gateway - namespace: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" - annotations: - {} + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway rules: - apiGroups: - "" @@ -138,15 +136,14 @@ rules: - list - watch --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -156,30 +153,54 @@ subjects: name: nginx-gateway namespace: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment +apiVersion: v1 +kind: Service metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge name: nginx-gateway namespace: nginx-gateway - labels: +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway template: metadata: - labels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway annotations: - prometheus.io/scrape: "true" prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway spec: containers: - args: @@ -210,10 +231,10 @@ spec: imagePullPolicy: Always name: nginx-gateway ports: - - name: metrics - containerPort: 9113 - - name: health - containerPort: 8081 + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health readinessProbe: httpGet: path: /readyz @@ -221,8 +242,6 @@ spec: initialDelaySeconds: 3 periodSeconds: 1 securityContext: - seccompProfile: - type: RuntimeDefault allowPrivilegeEscalation: false capabilities: add: @@ -230,20 +249,22 @@ spec: drop: - ALL readOnlyRootFilesystem: true - runAsUser: 102 runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: module-includes - mountPath: /etc/nginx/module-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes - - image: nginx-gateway-fabric/nginx-plus:edge + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:edge imagePullPolicy: Always name: nginx ports: @@ -252,71 +273,69 @@ spec: - containerPort: 443 name: https securityContext: - seccompProfile: - type: RuntimeDefault capabilities: add: - NET_BIND_SERVICE drop: - ALL readOnlyRootFilesystem: true - runAsUser: 101 runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: module-includes - mountPath: /etc/nginx/module-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-cache - mountPath: /var/cache/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes - terminationGracePeriodSeconds: 30 - serviceAccountName: nginx-gateway - shareProcessNamespace: true + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes securityContext: fsGroup: 1001 runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 volumes: - - name: nginx-conf - emptyDir: {} - - name: module-includes - emptyDir: {} - - name: nginx-secrets - emptyDir: {} - - name: nginx-run - emptyDir: {} - - name: nginx-cache - emptyDir: {} - - name: nginx-includes - emptyDir: {} + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: module-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes --- -# Source: nginx-gateway-fabric/templates/gatewayclass.yaml apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: - name: nginx labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx spec: controllerName: gateway.nginx.org/nginx-gateway-controller --- -# Source: nginx-gateway-fabric/templates/nginxgateway.yaml apiVersion: gateway.nginx.org/v1alpha1 kind: NginxGateway metadata: - name: nginx-gateway-config - namespace: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway-config + namespace: nginx-gateway spec: logging: level: info diff --git a/deploy/manifests/nginx-gateway-experimental.yaml b/deploy/experimental/deploy.yaml similarity index 74% rename from deploy/manifests/nginx-gateway-experimental.yaml rename to deploy/experimental/deploy.yaml index 1da745fa5..5cd1c2b0b 100644 --- a/deploy/manifests/nginx-gateway-experimental.yaml +++ b/deploy/experimental/deploy.yaml @@ -3,28 +3,24 @@ kind: Namespace metadata: name: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: nginx-gateway - namespace: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" - annotations: - {} + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway rules: - apiGroups: - "" @@ -132,15 +128,14 @@ rules: - list - watch --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -150,30 +145,54 @@ subjects: name: nginx-gateway namespace: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment +apiVersion: v1 +kind: Service metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge name: nginx-gateway namespace: nginx-gateway - labels: +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway template: metadata: - labels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway annotations: - prometheus.io/scrape: "true" prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway spec: containers: - args: @@ -203,10 +222,10 @@ spec: imagePullPolicy: Always name: nginx-gateway ports: - - name: metrics - containerPort: 9113 - - name: health - containerPort: 8081 + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health readinessProbe: httpGet: path: /readyz @@ -214,8 +233,6 @@ spec: initialDelaySeconds: 3 periodSeconds: 1 securityContext: - seccompProfile: - type: RuntimeDefault allowPrivilegeEscalation: false capabilities: add: @@ -223,19 +240,21 @@ spec: drop: - ALL readOnlyRootFilesystem: true - runAsUser: 102 runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: module-includes - mountPath: /etc/nginx/module-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge imagePullPolicy: Always name: nginx @@ -245,71 +264,69 @@ spec: - containerPort: 443 name: https securityContext: - seccompProfile: - type: RuntimeDefault capabilities: add: - NET_BIND_SERVICE drop: - ALL readOnlyRootFilesystem: true - runAsUser: 101 runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: module-includes - mountPath: /etc/nginx/module-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-cache - mountPath: /var/cache/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes - terminationGracePeriodSeconds: 30 - serviceAccountName: nginx-gateway - shareProcessNamespace: true + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes securityContext: fsGroup: 1001 runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 volumes: - - name: nginx-conf - emptyDir: {} - - name: module-includes - emptyDir: {} - - name: nginx-secrets - emptyDir: {} - - name: nginx-run - emptyDir: {} - - name: nginx-cache - emptyDir: {} - - name: nginx-includes - emptyDir: {} + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: module-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes --- -# Source: nginx-gateway-fabric/templates/gatewayclass.yaml apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: - name: nginx labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx spec: controllerName: gateway.nginx.org/nginx-gateway-controller --- -# Source: nginx-gateway-fabric/templates/nginxgateway.yaml apiVersion: gateway.nginx.org/v1alpha1 kind: NginxGateway metadata: - name: nginx-gateway-config - namespace: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway-config + namespace: nginx-gateway spec: logging: level: info diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml new file mode 100644 index 000000000..26df3ab55 --- /dev/null +++ b/deploy/kustomization.yaml @@ -0,0 +1,44 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# these replacements modify the version label for all resources with the tag specified in images.newTag below for NGF +replacements: +- source: + fieldPath: spec.template.spec.containers.[name=nginx-gateway].image + kind: Deployment + options: + delimiter: ':' + index: 1 + targets: + - fieldPaths: + - metadata.labels.[app.kubernetes.io/version] + options: + create: true + select: + name: nginx + - fieldPaths: + - metadata.labels.[app.kubernetes.io/version] + options: + create: true + select: + name: nginx-gateway + - fieldPaths: + - metadata.labels.[app.kubernetes.io/version] + options: + create: true + select: + name: nginx-gateway-config + +# replace this with the path to the resources you want to deploy +resources: +- default/deploy.yaml + +images: +# NGF image +- name: ghcr.io/nginxinc/nginx-gateway-fabric + newName: my-registry/nginx-gateway-fabric + newTag: new-tag +# NGINX image +- name: ghcr.io/nginxinc/nginx-gateway-fabric/nginx + newName: my-registry/nginx-gateway-fabric/nginx + newTag: new-tag diff --git a/deploy/manifests/scc.yaml b/deploy/manifests/scc.yaml deleted file mode 100644 index 3ff4f1577..000000000 --- a/deploy/manifests/scc.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Source: nginx-gateway-fabric/templates/scc.yaml -kind: SecurityContextConstraints -apiVersion: security.openshift.io/v1 -metadata: - name: nginx-gateway-scc -allowPrivilegeEscalation: false -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegedContainer: false -readOnlyRootFilesystem: true -runAsUser: - type: MustRunAsRange - uidRangeMin: 101 - uidRangeMax: 102 -fsGroup: - type: MustRunAs - ranges: - - min: 1001 - max: 1001 -supplementalGroups: - type: MustRunAs - ranges: - - min: 1001 - max: 1001 -seLinuxContext: - type: MustRunAs -seccompProfiles: -- runtime/default -volumes: -- emptyDir -- secret -users: -- system:serviceaccount:nginx-gateway:nginx-gateway -allowedCapabilities: -- NET_BIND_SERVICE -- KILL -requiredDropCapabilities: -- ALL diff --git a/deploy/manifests/service/loadbalancer-aws-nlb.yaml b/deploy/manifests/service/loadbalancer-aws-nlb.yaml deleted file mode 100644 index ab64f656c..000000000 --- a/deploy/manifests/service/loadbalancer-aws-nlb.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Source: nginx-gateway-fabric/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: nginx-gateway - namespace: nginx-gateway - labels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: nlb -spec: - externalTrafficPolicy: Local - type: LoadBalancer - selector: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway - ports: # Update the following ports to match your Gateway Listener ports - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 diff --git a/deploy/manifests/service/loadbalancer.yaml b/deploy/manifests/service/loadbalancer.yaml deleted file mode 100644 index 660a23657..000000000 --- a/deploy/manifests/service/loadbalancer.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Source: nginx-gateway-fabric/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: nginx-gateway - namespace: nginx-gateway - labels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" -spec: - externalTrafficPolicy: Local - type: LoadBalancer - selector: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway - ports: # Update the following ports to match your Gateway Listener ports - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 diff --git a/deploy/manifests/service/nodeport.yaml b/deploy/manifests/service/nodeport.yaml deleted file mode 100644 index 83c236da7..000000000 --- a/deploy/manifests/service/nodeport.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Source: nginx-gateway-fabric/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: nginx-gateway - namespace: nginx-gateway - labels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" -spec: - type: NodePort - selector: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway - ports: # Update the following ports to match your Gateway Listener ports - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 diff --git a/deploy/nginx-plus/deploy.yaml b/deploy/nginx-plus/deploy.yaml new file mode 100644 index 000000000..9c6a4bd13 --- /dev/null +++ b/deploy/nginx-plus/deploy.yaml @@ -0,0 +1,339 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nginx-gateway +--- +apiVersion: v1 +imagePullSecrets: +- name: nginx-plus-registry-secret +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - list +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --nginx-plus + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + - --usage-report-secret=nginx-gateway/ngf-usage-auth + - --usage-report-server-url=https://my-instance-nim.example.com + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:edge + imagePullPolicy: Always + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:edge + imagePullPolicy: Always + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: module-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/manifests/nginx-gateway.yaml b/deploy/nodeport/deploy.yaml similarity index 73% rename from deploy/manifests/nginx-gateway.yaml rename to deploy/nodeport/deploy.yaml index 135031dc3..4f9b78acd 100644 --- a/deploy/manifests/nginx-gateway.yaml +++ b/deploy/nodeport/deploy.yaml @@ -3,28 +3,24 @@ kind: Namespace metadata: name: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: nginx-gateway - namespace: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" - annotations: - {} + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway rules: - apiGroups: - "" @@ -129,15 +125,14 @@ rules: - list - watch --- -# Source: nginx-gateway-fabric/templates/rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -147,30 +142,54 @@ subjects: name: nginx-gateway namespace: nginx-gateway --- -# Source: nginx-gateway-fabric/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment +apiVersion: v1 +kind: Service metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge name: nginx-gateway namespace: nginx-gateway - labels: +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway + type: NodePort +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway template: metadata: - labels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway annotations: - prometheus.io/scrape: "true" prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway spec: containers: - args: @@ -199,10 +218,10 @@ spec: imagePullPolicy: Always name: nginx-gateway ports: - - name: metrics - containerPort: 9113 - - name: health - containerPort: 8081 + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health readinessProbe: httpGet: path: /readyz @@ -210,8 +229,6 @@ spec: initialDelaySeconds: 3 periodSeconds: 1 securityContext: - seccompProfile: - type: RuntimeDefault allowPrivilegeEscalation: false capabilities: add: @@ -219,19 +236,21 @@ spec: drop: - ALL readOnlyRootFilesystem: true - runAsUser: 102 runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: module-includes - mountPath: /etc/nginx/module-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge imagePullPolicy: Always name: nginx @@ -241,71 +260,69 @@ spec: - containerPort: 443 name: https securityContext: - seccompProfile: - type: RuntimeDefault capabilities: add: - NET_BIND_SERVICE drop: - ALL readOnlyRootFilesystem: true - runAsUser: 101 runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: module-includes - mountPath: /etc/nginx/module-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-cache - mountPath: /var/cache/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes - terminationGracePeriodSeconds: 30 - serviceAccountName: nginx-gateway - shareProcessNamespace: true + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes securityContext: fsGroup: 1001 runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 volumes: - - name: nginx-conf - emptyDir: {} - - name: module-includes - emptyDir: {} - - name: nginx-secrets - emptyDir: {} - - name: nginx-run - emptyDir: {} - - name: nginx-cache - emptyDir: {} - - name: nginx-includes - emptyDir: {} + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: module-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes --- -# Source: nginx-gateway-fabric/templates/gatewayclass.yaml apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: - name: nginx labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx spec: controllerName: gateway.nginx.org/nginx-gateway-controller --- -# Source: nginx-gateway-fabric/templates/nginxgateway.yaml apiVersion: gateway.nginx.org/v1alpha1 kind: NginxGateway metadata: - name: nginx-gateway-config - namespace: nginx-gateway labels: - app.kubernetes.io/name: nginx-gateway app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway-config + namespace: nginx-gateway spec: logging: level: info diff --git a/deploy/openshift/deploy.yaml b/deploy/openshift/deploy.yaml new file mode 100644 index 000000000..213cedcb5 --- /dev/null +++ b/deploy/openshift/deploy.yaml @@ -0,0 +1,377 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - nginx-gateway-scc + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:edge + imagePullPolicy: Always + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge + imagePullPolicy: Always + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/module-includes + name: module-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: module-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: edge + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info +--- +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: false +allowPrivilegedContainer: false +allowedCapabilities: +- NET_BIND_SERVICE +- KILL +apiVersion: security.openshift.io/v1 +fsGroup: + ranges: + - max: 1001 + min: 1001 + type: MustRunAs +kind: SecurityContextConstraints +metadata: + name: nginx-gateway-scc +readOnlyRootFilesystem: true +requiredDropCapabilities: +- ALL +runAsUser: + type: MustRunAsRange + uidRangeMax: 102 + uidRangeMin: 101 +seLinuxContext: + type: MustRunAs +seccompProfiles: +- runtime/default +supplementalGroups: + ranges: + - max: 1001 + min: 1001 + type: MustRunAs +users: +- system:serviceaccount:nginx-gateway:nginx-gateway +volumes: +- emptyDir +- secret diff --git a/docs/developer/quickstart.md b/docs/developer/quickstart.md index e64706b17..cfe361035 100644 --- a/docs/developer/quickstart.md +++ b/docs/developer/quickstart.md @@ -194,30 +194,16 @@ This will build the docker images `nginx-gateway-fabric:` and `nginx- - To install with manifests: - ```shell - make generate-manifests HELM_TEMPLATE_COMMON_ARGS="--set nginxGateway.image.repository=nginx-gateway-fabric --set nginxGateway.image.tag=$(whoami) --set nginxGateway.image.pullPolicy=Never --set nginx.image.repository=nginx-gateway-fabric/nginx --set nginx.image.tag=$(whoami) --set nginx.image.pullPolicy=Never" - kubectl apply -f deploy/crds.yaml - kubectl apply -f deploy/manifests/nginx-gateway.yaml - kubectl apply -f deploy/manifests/service/nodeport.yaml - ``` + The mainifests files are genarated using Helm from the [examples](/examples/helm) directory. To generate a custom one you can modify the `values.yaml` file in the example you want to use with the desired values and follow the instructions about [manifests generation](/examples/helm/README.md#manifests-generation). - - To install NGINX Plus with manifests: + If the only change is the image repository and tag, you can update the `kustomization.yaml` file in `deploy/` with the desired values and deployment mainifest and run the following commands: ```shell - make generate-manifests HELM_TEMPLATE_COMMON_ARGS="--set nginxGateway.image.repository=nginx-gateway-fabric --set nginxGateway.image.tag=$(whoami) --set nginxGateway.image.pullPolicy=Never --set nginx.image.repository=nginx-gateway-fabric/nginx-plus --set nginx.image.tag=$(whoami) --set nginx.image.pullPolicy=Never --set nginx.plus=true" - kubectl apply -f deploy/crds.yaml - kubectl apply -f deploy/manifests/nginx-gateway.yaml - kubectl apply -f deploy/manifests/service/nodeport.yaml + kubectl apply -f deploy/crds.yaml + kubectl kustomize deploy | kubectl apply -f - ``` - - To install with experimental manifests: - - ```shell - make generate-manifests HELM_TEMPLATE_COMMON_ARGS="--set nginxGateway.image.repository=nginx-gateway-fabric --set nginxGateway.image.tag=$(whoami) --set nginxGateway.image.pullPolicy=Never --set nginx.image.repository=nginx-gateway-fabric/nginx --set nginx.image.tag=$(whoami) --set nginx.image.pullPolicy=Never" - kubectl apply -f deploy/crds.yaml - kubectl apply -f deploy/manifests/nginx-gateway-experimental.yaml - kubectl apply -f deploy/manifests/service/nodeport.yaml - ``` + > For more information on how to use the manifests, see the [deployment manifests](/deploy/README.md) documentation. ### Run Examples diff --git a/examples/helm/README.md b/examples/helm/README.md new file mode 100644 index 000000000..dc8f8b440 --- /dev/null +++ b/examples/helm/README.md @@ -0,0 +1,30 @@ +# Helm Chart Examples + +This directory contains examples of Helm charts that can be used to deploy NGINX Gateway Fabric in a Kubernetes cluster. + +## Prerequisites + +- Helm 3.x + +## Examples + +- [Default](./default) - deploys NGINX Gateway Fabric withg NGINX OSS with default configuration. +- [NGINX Plus](./nginx-plus) - deploys NGINX Gateway Fabric with NGINX Plus as the data plane. The image is pulled from the + NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the secret to use to pull the image. + The secret must be created in the same namespace as the NGINX Gateway Fabric deployment. +- [Experimental](./experimental) - deploys NGINX Gateway Fabric with the Gateway API experimental features enabled and NGINX OSS as the data plane. +- [Experimental with NGINX Plus](./experimental-nginx-plus) - deploys NGINX Gateway Fabric with the Gateway API experimental features enabled and NGINX Plus as the data plane. The image is pulled from the NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the secret to use to pull the image. The secret must be created in the same namespace as the NGINX Gateway Fabric deployment. +- [AWS NLB](./aws-nlb) - deploys NGINX Gateway Fabric with NGINX OSS using a Service of type `LoadBalancer` to allocate an AWS Network Load Balancer (NLB). +- [Azure](./azure) - deploys NGINX Gateway Fabric with NGINX OSS using a nodeSelector to deploy the gateway on Linux nodes in an Azure Kubernetes Service (AKS) cluster. +- [NodePort](./nodeport) - deploys NGINX Gateway Fabric with NGINX OSS using a Service of type `NodePort` to expose the gateway on a specific port on each node. + +## Manifests generation + +These examples are used to generate the manifests for the NGINX Gateway Fabric located in the deploy directory [here](../../deploy). + +If you want to generate manifests for a specific example, or need to customize one of the examples, run the following +command from the root of the project: + +```shell +helm template nginx-gateway --namespace nginx-gateway --values examples/helm//values.yaml charts/nginx-gateway-fabric +``` diff --git a/examples/helm/aws-nlb/values.yaml b/examples/helm/aws-nlb/values.yaml new file mode 100644 index 000000000..b1ffc8797 --- /dev/null +++ b/examples/helm/aws-nlb/values.yaml @@ -0,0 +1,7 @@ +nginxGateway: + name: nginx-gateway +service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: "external" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" diff --git a/examples/helm/azure/values.yaml b/examples/helm/azure/values.yaml new file mode 100644 index 000000000..3dbfc2425 --- /dev/null +++ b/examples/helm/azure/values.yaml @@ -0,0 +1,4 @@ +nginxGateway: + name: nginx-gateway +nodeSelector: + kubernetes.io/os: linux diff --git a/examples/helm/default/values.yaml b/examples/helm/default/values.yaml new file mode 100644 index 000000000..d01142b8a --- /dev/null +++ b/examples/helm/default/values.yaml @@ -0,0 +1,2 @@ +nginxGateway: + name: nginx-gateway diff --git a/examples/helm/experimental-nginx-plus/values.yaml b/examples/helm/experimental-nginx-plus/values.yaml new file mode 100644 index 000000000..08469ce36 --- /dev/null +++ b/examples/helm/experimental-nginx-plus/values.yaml @@ -0,0 +1,12 @@ +nginxGateway: + name: nginx-gateway + gwAPIExperimentalFeatures: + enable: true + +nginx: + plus: true + image: + repository: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus + +serviceAccount: + imagePullSecret: nginx-plus-registry-secret diff --git a/examples/helm/experimental/values.yaml b/examples/helm/experimental/values.yaml new file mode 100644 index 000000000..0f1291765 --- /dev/null +++ b/examples/helm/experimental/values.yaml @@ -0,0 +1,4 @@ +nginxGateway: + name: nginx-gateway + gwAPIExperimentalFeatures: + enable: true diff --git a/examples/helm/nginx-plus/values.yaml b/examples/helm/nginx-plus/values.yaml new file mode 100644 index 000000000..e702df5e9 --- /dev/null +++ b/examples/helm/nginx-plus/values.yaml @@ -0,0 +1,13 @@ +nginxGateway: + name: nginx-gateway + +nginx: + plus: true + image: + repository: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus + usage: + secretName: nginx-gateway/ngf-usage-auth + serverURL: https://my-instance-nim.example.com + +serviceAccount: + imagePullSecret: nginx-plus-registry-secret diff --git a/examples/helm/nodeport/values.yaml b/examples/helm/nodeport/values.yaml new file mode 100644 index 000000000..17da6a884 --- /dev/null +++ b/examples/helm/nodeport/values.yaml @@ -0,0 +1,4 @@ +nginxGateway: + name: nginx-gateway +service: + type: NodePort diff --git a/scripts/generate-manifests.sh b/scripts/generate-manifests.sh new file mode 100755 index 000000000..705b5e48e --- /dev/null +++ b/scripts/generate-manifests.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +# Generate deployment files using Helm. This script uses the Helm chart examples in examples/helm + +charts=$(find examples/helm -maxdepth 1 -mindepth 1 -type d -exec basename {} \;) + +generate_manifests() { + chart=$1 + manifest=deploy/$chart/deploy.yaml + mkdir -p deploy/$chart + + helm_parameters="--namespace nginx-gateway --set nameOverride=nginx-gateway --skip-crds" + if [ "$chart" == "openshift" ]; then + chart="default" + helm_parameters="$helm_parameters --api-versions security.openshift.io/v1/SecurityContextConstraints" + fi + + helm template nginx-gateway $helm_parameters --values examples/helm/$chart/values.yaml charts/nginx-gateway-fabric >$manifest 2>/dev/null + sed -i.bak '/app.kubernetes.io\/managed-by: Helm/d' $manifest + sed -i.bak '/helm.sh/d' $manifest + cp $manifest config/base + kubectl kustomize config/base >$manifest + rm -f config/base/deploy.yaml + rm -f $manifest.bak +} + +for chart in $charts; do + generate_manifests $chart +done + +# For OpenShift, we don't need a Helm example so we generate the manifests from the default values.yaml +generate_manifests openshift + +# FIXME(lucacome): Implement a better way to generate the static deployment file +# https://github.com/nginxinc/nginx-gateway-fabric/issues/2326 +helm template nginx-gateway charts/nginx-gateway-fabric --set nameOverride=nginx-gateway --set metrics.enable=false --set nginxGateway.productTelemetry.enable=false -n nginx-gateway -s templates/deployment.yaml > config/tests/static-deployment.yaml +sed -i.bak '/app.kubernetes.io\/managed-by: Helm/d' config/tests/static-deployment.yaml +sed -i.bak '/helm.sh/d' config/tests/static-deployment.yaml +rm -f config/tests/static-deployment.yaml.bak diff --git a/site/content/how-to/monitoring/prometheus.md b/site/content/how-to/monitoring/prometheus.md index d95b2bba6..54ec72627 100644 --- a/site/content/how-to/monitoring/prometheus.md +++ b/site/content/how-to/monitoring/prometheus.md @@ -102,11 +102,11 @@ You can configure monitoring metrics for NGINX Gateway Fabric using Helm or Mani ### Using Helm -If you're setting up NGINX Gateway Fabric with Helm, you can adjust the `metrics.*` parameters to fit your needs. For detailed options and instructions, see the [Helm README](/charts/nginx-gateway-fabric/README.md). +If you're setting up NGINX Gateway Fabric with Helm, you can adjust the `metrics.*` parameters to fit your needs. For detailed options and instructions, see the [Helm README](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.3.0/charts/nginx-gateway-fabric/README.md). ### Using Kubernetes manifests -For setups using Kubernetes manifests, change the metrics configuration by editing the [NGINX Gateway manifest](/deploy/manifests/nginx-gateway.yaml). +For setups using Kubernetes manifests, change the metrics configuration by editing the NGINX Gateway Fabric manifest that you want to deploy. You can find some examples in the [deploy](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.3.0/deploy) directory. #### Disabling metrics diff --git a/site/content/how-to/monitoring/tracing.md b/site/content/how-to/monitoring/tracing.md index 72bc90bbf..a3a1dc806 100644 --- a/site/content/how-to/monitoring/tracing.md +++ b/site/content/how-to/monitoring/tracing.md @@ -162,7 +162,7 @@ If you already have NGINX Gateway Fabric installed, then you can create the `Ngi kubectl edit gatewayclasses.gateway.networking.k8s.io nginx ``` -Next, [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) and save the public IP address and port of NGINX Gateway Fabric into shell variables: +Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text GW_IP=XXX.YYY.ZZZ.III diff --git a/site/content/how-to/traffic-management/advanced-routing.md b/site/content/how-to/traffic-management/advanced-routing.md index 4ccf1e0ba..05e866120 100644 --- a/site/content/how-to/traffic-management/advanced-routing.md +++ b/site/content/how-to/traffic-management/advanced-routing.md @@ -20,8 +20,7 @@ The goal is to create a set of rules that will result in client requests being s ## Before you begin - [Install]({{< relref "/installation/" >}}) NGINX Gateway Fabric. -- [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) and save the public IP - address and port of NGINX Gateway Fabric into shell variables: +- Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text GW_IP=XXX.YYY.ZZZ.III @@ -237,7 +236,7 @@ This request should receive a response from the `tea-post` pod. Any other type o If you have any issues while sending traffic, try the following to debug your configuration and setup: -- Make sure you set the shell variables $GW_IP and $GW_PORT to the public IP and port of the NGINX Gateway Fabric service. Refer to the topic [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) for instructions on finding those values. +- Make sure you set the shell variables $GW_IP and $GW_PORT to the public IP and port of the NGINX Gateway Fabric service. Refer to the [Installation]({{< relref "/installation/" >}}) guides for more information. - Check the status of the Gateway: diff --git a/site/content/how-to/traffic-management/client-settings.md b/site/content/how-to/traffic-management/client-settings.md index 43aaeefd1..a61030866 100644 --- a/site/content/how-to/traffic-management/client-settings.md +++ b/site/content/how-to/traffic-management/client-settings.md @@ -37,7 +37,7 @@ For all the possible configuration options for `ClientSettingsPolicy`, see the [ ## Setup - [Install]({{< relref "/installation/" >}}) NGINX Gateway Fabric. -- [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) and save the public IP address and port of NGINX Gateway Fabric into shell variables: +- Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text GW_IP=XXX.YYY.ZZZ.III diff --git a/site/content/how-to/traffic-management/https-termination.md b/site/content/how-to/traffic-management/https-termination.md index 971de72ba..c06aed55b 100644 --- a/site/content/how-to/traffic-management/https-termination.md +++ b/site/content/how-to/traffic-management/https-termination.md @@ -14,7 +14,7 @@ In this guide, we will show how to configure HTTPS termination for your applicat ## Before you begin - [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric. -- [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) and save the public IP address and port of NGINX Gateway Fabric into shell variables: +- Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text GW_IP=XXX.YYY.ZZZ.III diff --git a/site/content/how-to/traffic-management/redirects-and-rewrites.md b/site/content/how-to/traffic-management/redirects-and-rewrites.md index 184650f32..d5ca7b63d 100644 --- a/site/content/how-to/traffic-management/redirects-and-rewrites.md +++ b/site/content/how-to/traffic-management/redirects-and-rewrites.md @@ -20,7 +20,7 @@ In this guide, we will be configuring a path URL rewrite. ## Before you begin - [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric. -- [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) and save the public IP address and port of NGINX Gateway Fabric into shell variables: +- Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text GW_IP=XXX.YYY.ZZZ.III diff --git a/site/content/how-to/traffic-management/response-headers.md b/site/content/how-to/traffic-management/response-headers.md index 62076861e..52c38f1b0 100644 --- a/site/content/how-to/traffic-management/response-headers.md +++ b/site/content/how-to/traffic-management/response-headers.md @@ -17,8 +17,7 @@ We'll begin by configuring an app with custom headers and a straightforward HTTP ## Before you begin - [Install]({{< relref "/installation/" >}}) NGINX Gateway Fabric. -- [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) and save the public IP - address and port of NGINX Gateway Fabric into shell variables: +- Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text GW_IP=XXX.YYY.ZZZ.III diff --git a/site/content/how-to/traffic-management/routing-traffic-to-your-app.md b/site/content/how-to/traffic-management/routing-traffic-to-your-app.md index 2a19111bd..784c8b936 100644 --- a/site/content/how-to/traffic-management/routing-traffic-to-your-app.md +++ b/site/content/how-to/traffic-management/routing-traffic-to-your-app.md @@ -14,7 +14,7 @@ You can route traffic to your Kubernetes applications using the Gateway API and ## Before you begin - [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric. -- [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) and save the public IP address and port of NGINX Gateway Fabric into shell variables: +- Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text GW_IP=XXX.YYY.ZZZ.III @@ -230,7 +230,7 @@ You should receive a 404 Not Found error: If you have any issues while testing the configuration, try the following to debug your configuration and setup: -- Make sure you set the shell variables $GW_IP and $GW_PORT to the public IP and port of the NGINX Gateway Fabric Service. Instructions for finding those values are in the [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) guide. +- Make sure you set the shell variables $GW_IP and $GW_PORT to the public IP and port of the NGINX Gateway Fabric Service. Refer to the [Installation]({{< relref "/installation/" >}}) guides for more information. - Check the status of the gateway: diff --git a/site/content/how-to/traffic-management/securing-backend-traffic.md b/site/content/how-to/traffic-management/securing-backend-traffic.md index cdbf618ac..707314359 100644 --- a/site/content/how-to/traffic-management/securing-backend-traffic.md +++ b/site/content/how-to/traffic-management/securing-backend-traffic.md @@ -15,7 +15,7 @@ In this guide, we will show how to specify the TLS configuration of the connecti ## Before you begin - [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric. Please note that the Gateway APIs from the experimental channel are required, and NGF must be deployed with the `--gateway-api-experimental-features` flag. -- [Expose NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}) and save the public IP address and port of NGINX Gateway Fabric into shell variables: +- Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text GW_IP=XXX.YYY.ZZZ.III diff --git a/site/content/includes/installation/expose-nginx-gateway-fabric.md b/site/content/includes/installation/expose-nginx-gateway-fabric.md new file mode 100644 index 000000000..316b22b6e --- /dev/null +++ b/site/content/includes/installation/expose-nginx-gateway-fabric.md @@ -0,0 +1,53 @@ +--- +title: "Expose NGINX Gateway Fabric" +weight: 300 +docs: "DOCS-1427" +--- + +There are two options for accessing NGINX Gateway Fabric depending on the type of LoadBalancer service you chose during installation: + +- If the LoadBalancer type is `NodePort`, Kubernetes will randomly allocate two ports on every node of the cluster. + To access the NGINX Gateway Fabric, use an IP address of any node of the cluster along with the two allocated ports. + + {{}} Read more about the type NodePort in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). {{}} + +- If the LoadBalancer type is `LoadBalancer`: + + - For GCP or Azure, Kubernetes will allocate a cloud load balancer for load balancing the NGINX Gateway Fabric pods. + Use the public IP of the load balancer to access NGINX Gateway Fabric. + - For AWS, Kubernetes will allocate a Network Load Balancer (NLB) in TCP mode with the PROXY protocol enabled to pass + the client's information (the IP address and the port). + + Use the public IP of the load balancer to access NGINX Gateway Fabric. To get the public IP which is reported in the `EXTERNAL-IP` column: + + - For GCP or Azure, run: + + ```shell + kubectl get svc nginx-gateway -n nginx-gateway + ``` + + - In AWS, the NLB (Network Load Balancer) DNS (directory name system) name will be reported by Kubernetes instead of a public IP. To get the DNS name, run: + + ```shell + kubectl get svc nginx-gateway -n nginx-gateway + ``` + + {{< note >}} We recommend using the NLB DNS whenever possible, but for testing purposes, you can resolve the DNS name to get the IP address of the load balancer: + + ```shell + nslookup + ``` + + {{< /note >}} + + {{}} Learn more about type LoadBalancer in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer). + + For AWS, additional options regarding an allocated load balancer are available, such as its type and SSL + termination. Read the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) to learn more. + {{}} + +{{}}By default Helm and manifests configure NGINX Gateway Fabric on ports `80` and `443`, affecting any gateway [listeners](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Listener) on these ports. To use different ports, update the configuration. NGINX Gateway Fabric requires a configured [gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/#gateway) resource with a valid listener to listen on any ports.{{}} + +NGINX Gateway Fabric uses the created service to update the **Addresses** field in the **Gateway Status** resource. Using a **LoadBalancer** service sets this field to the IP address and/or hostname of that service. Without a service, the pod IP address is used. + +This gateway is associated with the NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a **GatewayClass** with the name **nginx**. NGINX Gateway Fabric will only configure gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag](/docs/cli-help.md#static-mode). diff --git a/site/content/includes/installation/next-step-expose-fabric.md b/site/content/includes/installation/next-step-expose-fabric.md deleted file mode 100644 index a8d28c75d..000000000 --- a/site/content/includes/installation/next-step-expose-fabric.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -docs: "DOCS-1437" ---- - -After installing NGINX Gateway Fabric, the next step is to make it accessible. Detailed instructions can be found in [Expose the NGINX Gateway Fabric]({{< relref "installation/expose-nginx-gateway-fabric.md" >}}). diff --git a/site/content/installation/expose-nginx-gateway-fabric.md b/site/content/installation/expose-nginx-gateway-fabric.md deleted file mode 100644 index 2acbf349c..000000000 --- a/site/content/installation/expose-nginx-gateway-fabric.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: "Expose NGINX Gateway Fabric" -weight: 300 -toc: true -docs: "DOCS-1427" ---- - -## Overview - -Gain access to NGINX Gateway Fabric by creating either a **NodePort** service or a **LoadBalancer** service in the same namespace as the controller. The service name is specified in the `--service` argument of the controller. - -{{}}The service manifests configure NGINX Gateway Fabric on ports `80` and `443`, affecting any gateway [listeners](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Listener) on these ports. To use different ports, update the manifests. NGINX Gateway Fabric requires a configured [gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/#gateway) resource with a valid listener to listen on any ports.{{}} - -NGINX Gateway Fabric uses the created service to update the **Addresses** field in the **Gateway Status** resource. Using a **LoadBalancer** service sets this field to the IP address and/or hostname of that service. Without a service, the pod IP address is used. - -This gateway is associated with the NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a **GatewayClass** with the name **nginx**. NGINX Gateway Fabric will only configure gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag](/docs/cli-help.md#static-mode). - -## Create a NodePort service - -To create a **NodePort** service run the following command: - -```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/manifests/service/nodeport.yaml -``` - -A **NodePort** service allocates a port on every cluster node. Access NGINX Gateway Fabric using any node's IP address and the allocated port. - -## Create a LoadBalancer Service - -To create a **LoadBalancer** service, use the appropriate manifest for your cloud provider: - -### GCP (Google Cloud Platform) and Azure - -1. Run the following command: - - ```shell - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/manifests/service/loadbalancer.yaml - ``` - -2. Lookup the public IP of the load balancer, which is reported in the `EXTERNAL-IP` column in the output of the following command: - - ```shell - kubectl get svc nginx-gateway -n nginx-gateway - ``` - -3. Use the public IP of the load balancer to access NGINX Gateway Fabric. - -### AWS (Amazon Web Services) - -1. Run the following command: - - ```shell - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/manifests/service/loadbalancer-aws-nlb.yaml - ``` - -2. In AWS, the NLB (Network Load Balancer) DNS (directory name system) name will be reported by Kubernetes instead of a public IP in the `EXTERNAL-IP` column. To get the DNS name, run: - - ```shell - kubectl get svc nginx-gateway -n nginx-gateway - ``` - - {{< note >}} We recommend using the NLB DNS whenever possible, but for testing purposes, you can resolve the DNS name to get the IP address of the load balancer: - - ```shell - nslookup - ``` - - {{< /note >}} diff --git a/site/content/installation/installing-ngf/helm.md b/site/content/installation/installing-ngf/helm.md index 4a7062076..8f32cafc3 100644 --- a/site/content/installation/installing-ngf/helm.md +++ b/site/content/installation/installing-ngf/helm.md @@ -28,15 +28,19 @@ To complete this guide, you'll need to install: ### Install from the OCI registry -To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command: +{{}} + +{{%tab name="NGINX"%}} -##### For NGINX +To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command: ```shell helm install ngf oci://ghcr.io/nginxinc/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway ``` -##### For NGINX Plus +{{% /tab %}} + +{{%tab name="NGINX Plus"%}} {{< note >}}If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials.{{< /note >}} @@ -61,6 +65,10 @@ You can also use the certificate and key from the MyF5 portal and the Docker reg } ``` +{{% /tab %}} + +{{}} + To wait for the Deployment to be ready, you can either add the `--wait` flag to the `helm install` command, or run the following after installing: ```shell @@ -116,6 +124,14 @@ helm install ngf oci://ghcr.io/nginxinc/charts/nginx-gateway-fabric --create-nam {{}}Requires the Gateway APIs installed from the experimental channel.{{}} +#### Examples + +You can find several examples of configuration options of the `values.yaml` file in the [helm examples](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.3.0/examples/helm) directory. + +### Access NGINX Gateway Fabric + +{{}} + ## Upgrade NGINX Gateway Fabric {{}}For guidance on zero downtime upgrades, see the [Delay Pod Termination](#configure-delayed-pod-termination-for-zero-downtime-upgrades) section below.{{}} @@ -275,9 +291,3 @@ Follow these steps to uninstall NGINX Gateway Fabric and Gateway API from your K ## Additional configuration For a full list of the Helm Chart configuration parameters, read [the NGINX Gateway Fabric Helm Chart](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.3.0/charts/nginx-gateway-fabric/README.md#configuration). - -## Next steps - -### Expose NGINX Gateway Fabric - -{{}} diff --git a/site/content/installation/installing-ngf/manifests.md b/site/content/installation/installing-ngf/manifests.md index 3e5b37e9c..179870737 100644 --- a/site/content/installation/installing-ngf/manifests.md +++ b/site/content/installation/installing-ngf/manifests.md @@ -46,80 +46,99 @@ kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric {{}}By default, NGINX Gateway Fabric is installed in the **nginx-gateway** namespace. You can deploy in another namespace by modifying the manifest files.{{}} -{{}}If you are deploying NGINX Gateway Fabric on OpenShift, we've supplied a baseline [SecurityContextConstraints](https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/manifests/scc.yaml) manifest that you can download, modify if needed, and apply. You will also need to make sure the SecurityContextConstraints resource is added to the ClusterRole RBAC: - -```yaml -. . . -- apiGroups: - - security.openshift.io - resources: - - securitycontextconstraints - resourceNames: - - nginx-gateway-scc - verbs: - - use - ``` - -Alternatively, use [helm]({{< relref "installation/installing-ngf/helm.md" >}}), which will automatically configure the mentioned resources on OpenShift. -{{}} +{{}} -#### Stable release +{{%tab name="Default"%}} -##### For NGINX +Deploys NGINX Gateway Fabric with NGINX OSS. ```shell -kubectl apply -f https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.3.0/nginx-gateway.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/default/deploy.yaml ``` -##### For NGINX Plus +{{% /tab %}} + +{{%tab name="AWS NLB"%}} + +Deploys NGINX Gateway Fabric with NGINX OSS and an AWS Network Load Balancer service. + +```shell +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/aws-nlb/deploy.yaml +``` -Download the [deployment YAML](https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.3.0/nginx-plus-gateway.yaml). +{{% /tab %}} -Update the `nginx-plus-gateway.yaml` file to include your chosen NGINX Plus image from the F5 Container registry or your custom image. +{{%tab name="Azure"%}} -{{< important >}}Ensure that you [Enable Usage Reporting]({{< relref "installation/usage-reporting.md" >}}) before applying.{{< /important >}} +Deploys NGINX Gateway Fabric with NGINX OSS and `nodeSelector` to deploy on Linux nodes. ```shell -kubectl apply -f nginx-plus-gateway.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/azure/deploy.yaml ``` -#### Edge version +{{% /tab %}} + +{{%tab name="NGINX Plus"%}} -##### For NGINX +Deploys NGINX Gateway Fabric with NGINX Plus. The image is pulled from the +NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the secret to use to pull the image. +The secret must be created in the same namespace as the NGINX Gateway Fabric deployment. + +{{< important >}}Ensure that you [Enable Usage Reporting]({{< relref "installation/usage-reporting.md" >}}) and update the necessary fields before applying.{{< /important >}} ```shell -kubectl apply -f deploy/manifests/nginx-gateway.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/nginx-plus/deploy.yaml ``` -##### For NGINX Plus +{{% /tab %}} + +{{%tab name="Experimental"%}} -{{< important >}}Ensure that you [Enable Usage Reporting]({{< relref "installation/usage-reporting.md" >}}) before applying.{{< /important >}} +Deploys NGINX Gateway Fabric with NGINX OSS and experimental features. ```shell -kubectl apply -f deploy/manifests/nginx-plus-gateway.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/experimental/deploy.yaml ``` -Update the nginx-plus-gateway.yaml file to include your chosen image from the F5 Container registry or your custom container image. +{{}}Requires the Gateway APIs installed from the experimental channel.{{}} + +{{% /tab %}} -#### Enable experimental features +{{%tab name="NGINX Plus Experimental"%}} -We support a subset of the additional features provided by the Gateway API experimental channel. To enable the experimental features of Gateway API which are supported by NGINX Gateway Fabric: +Deploys NGINX Gateway Fabric with NGINX Plus and experimental features. The image is pulled from the NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the secret to use to pull the image. The secret must be created in the same namespace as the NGINX Gateway Fabric deployment. -##### For NGINX +{{< important >}}Ensure that you [Enable Usage Reporting]({{< relref "installation/usage-reporting.md" >}}) and update the necessary fields before applying.{{< /important >}} ```shell -kubectl apply -f deploy/manifests/nginx-gateway-experimental.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/nginx-plus-experimental/deploy.yaml ``` -##### For NGINX Plus +{{}}Requires the Gateway APIs installed from the experimental channel.{{}} + +{{% /tab %}} + +{{%tab name="NodePort"%}} + +Deploys NGINX Gateway Fabric with NGINX OSS using a Service type of `NodePort`. ```shell -kubectl apply -f deploy/manifests/nginx-plus-gateway-experimental.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/nodeport/deploy.yaml ``` -Update the nginx-plus-gateway-experimental.yaml file to include your chosen image from the F5 Container registry or your custom container image. +{{% /tab %}} -{{}}Requires the Gateway APIs installed from the experimental channel.{{}} +{{%tab name="OpenShift"%}} + +Deploys NGINX Gateway Fabric with NGINX OSS on OpenShift. + +```shell +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.3.0/deploy/openshift/deploy.yaml +``` + +{{% /tab %}} + +{{}} ### 4. Verify the Deployment @@ -136,6 +155,10 @@ NAME READY STATUS RESTARTS AGE nginx-gateway-5d4f4c7db7-xk2kq 2/2 Running 0 112s ``` +### 5. Access NGINX Gateway Fabric + +{{}} + ## Upgrade NGINX Gateway Fabric {{}}For guidance on zero downtime upgrades, see the [Delay Pod Termination](#configure-delayed-pod-termination-for-zero-downtime-upgrades) section below.{{}} @@ -168,25 +191,7 @@ To upgrade NGINX Gateway Fabric and get the latest features and improvements, ta 1. **Upgrade NGINX Gateway Fabric deployment:** - - To upgrade your OSS deployment, run: - - ```shell - kubectl apply -f https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.3.0/nginx-gateway.yaml - ``` - - - To upgrade your Plus deployment: - - Download the [deployment YAML](https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.3.0/nginx-plus-gateway.yaml). - - Update the `nginx-plus-gateway.yaml` file to include your chosen NGINX Plus image from the F5 Container registry or your custom image. - - ```shell - kubectl apply -f nginx-plus-gateway.yaml - ``` - - - To upgrade the deployment from NGINX OSS to NGINX Plus, follow the above instructions for upgrading your Plus deployment. - - {{< important >}}Ensure that you [Enable Usage Reporting]({{< relref "installation/usage-reporting.md" >}}) before applying.{{< /important >}} + Select the deployment manifest that matches your current deployment from the table above in the [Deploy NGINX Gateway Fabric](#3-deploy-nginx-gateway-fabric) section and apply it. ## Delay pod termination for zero downtime upgrades {#configure-delayed-pod-termination-for-zero-downtime-upgrades} @@ -194,11 +199,11 @@ To upgrade NGINX Gateway Fabric and get the latest features and improvements, ta Follow these steps to configure delayed pod termination: -1. Open the `nginx-gateway.yaml` for editing. +1. Open the `deploy.yaml` for editing. 1. **Add delayed shutdown hooks**: - - In the `nginx-gateway.yaml` file, add `lifecycle: preStop` hooks to both the `nginx` and `nginx-gateway` container definitions. These hooks instruct the containers to delay their shutdown process, allowing time for connections to close gracefully. Update the `sleep` value to what works for your environment. + - In the `deploy.yaml` file, add `lifecycle: preStop` hooks to both the `nginx` and `nginx-gateway` container definitions. These hooks instruct the containers to delay their shutdown process, allowing time for connections to close gracefully. Update the `sleep` value to what works for your environment. ```yaml <...> @@ -246,7 +251,9 @@ Follow these steps to uninstall NGINX Gateway Fabric and Gateway API from your K - To remove NGINX Gateway Fabric and its custom resource definitions (CRDs), run: ```shell - kubectl delete -f https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.3.0/nginx-gateway.yaml + kubectl delete namespace nginx-gateway + kubectl delete cluterrole nginx-gateway + kubectl delete clusterrolebinding nginx-gateway ``` ```shell @@ -256,9 +263,3 @@ Follow these steps to uninstall NGINX Gateway Fabric and Gateway API from your K 1. **Remove the Gateway API resources:** - {{}} - -## Next steps - -### Expose NGINX Gateway Fabric - -{{}} diff --git a/tests/Makefile b/tests/Makefile index 16dcd6703..b75c2050d 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -158,7 +158,7 @@ deploy-updated-provisioner: ## Update provisioner manifest and deploy to the con .PHONY: generate-static-deployment generate-static-deployment: - helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set metrics.enable=false --set nginxGateway.productTelemetry.enable=false -n nginx-gateway -s templates/deployment.yaml --set nginxGateway.image.repository=$(PREFIX) --set nginxGateway.image.tag=$(TAG) --set nginxGateway.image.pullPolicy=Never --set nginx.image.repository=$(NGINX_PREFIX) --set nginx.image.tag=$(TAG) --set nginx.image.pullPolicy=Never --set nginxGateway.gwAPIExperimentalFeatures.enable=$(ENABLE_EXPERIMENTAL) --set nginx.plus=$(PLUS_ENABLED) > $(SELF_DIR)config/tests/static-deployment.yaml + helm template nginx-gateway $(CHART_DIR) --set nameOverride=nginx-gateway --set metrics.enable=false --set nginxGateway.productTelemetry.enable=false -n nginx-gateway -s templates/deployment.yaml --set nginxGateway.image.repository=$(PREFIX) --set nginxGateway.image.tag=$(TAG) --set nginxGateway.image.pullPolicy=Never --set nginx.image.repository=$(NGINX_PREFIX) --set nginx.image.tag=$(TAG) --set nginx.image.pullPolicy=Never --set nginxGateway.gwAPIExperimentalFeatures.enable=$(ENABLE_EXPERIMENTAL) --set nginx.plus=$(PLUS_ENABLED) > $(SELF_DIR)config/tests/static-deployment.yaml # this target is used to install the gateway-api CRDs from the main branch (only used in the nightly CI job) # it overrides the target in the main Makefile when the GW_API_VERSION is set to main