From 9557bac0fe23c0ebd0fe4bad7c0d203389a8cebf Mon Sep 17 00:00:00 2001 From: nginx-bot Date: Fri, 15 Nov 2024 18:54:47 +0000 Subject: [PATCH 01/14] Release 1.5.0 --- CHANGELOG.md | 50 +++ Makefile | 4 +- README.md | 4 +- charts/nginx-gateway-fabric/Chart.yaml | 4 +- charts/nginx-gateway-fabric/README.md | 10 +- .../nginx-gateway-fabric/values.schema.json | 12 +- charts/nginx-gateway-fabric/values.yaml | 12 +- config/tests/static-deployment.yaml | 169 ------- deploy/aws-nlb/deploy.yaml | 376 ---------------- deploy/azure/deploy.yaml | 375 ---------------- deploy/default/deploy.yaml | 373 --------------- deploy/experimental-nginx-plus/deploy.yaml | 405 ----------------- deploy/experimental/deploy.yaml | 379 ---------------- deploy/nginx-plus/deploy.yaml | 399 ---------------- deploy/nodeport/deploy.yaml | 373 --------------- deploy/openshift/deploy.yaml | 424 ------------------ .../snippets-filters-nginx-plus/deploy.yaml | 402 ----------------- deploy/snippets-filters/deploy.yaml | 376 ---------------- site/content/how-to/monitoring/prometheus.md | 4 +- .../traffic-management/advanced-routing.md | 4 +- .../traffic-management/client-settings.md | 6 +- .../request-response-headers.md | 6 +- .../how-to/traffic-management/snippets.md | 6 +- .../how-to/upgrade-apps-without-downtime.md | 4 +- ...stall-gateway-api-experimental-features.md | 2 +- .../install-gateway-api-resources.md | 6 +- .../uninstall-gateway-api-resources.md | 4 +- .../installation/building-the-images.md | 12 +- .../installation/installing-ngf/helm.md | 12 +- .../installation/installing-ngf/manifests.md | 26 +- .../ngf-images/pulling-ngf-image.md | 104 +++++ site/content/overview/gateway-architecture.md | 6 +- 32 files changed, 226 insertions(+), 4123 deletions(-) create mode 100644 site/content/installation/ngf-images/pulling-ngf-image.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 74b8ea6a1b..f23bb24601 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,56 @@ This document includes a curated changelog for each release. We also publish a c a [GitHub release](https://github.com/nginxinc/nginx-gateway-fabric/releases), which, by contrast, is auto-generated and includes links to all PRs that went into the release. +## Release 1.5.0 + +* Add guide for TLS Route in site by @sarthyparty in https://github.com/nginxinc/nginx-gateway-fabric/pull/2363 +* Adds configuration to retain client IP information by @salonichf5 in https://github.com/nginxinc/nginx-gateway-fabric/pull/2284 +* Change validation in Duration type in CRDs and NGF by @bjee19 in https://github.com/nginxinc/nginx-gateway-fabric/pull/2525 +* Use correct indentation in lifecyce examples by @defrank in https://github.com/nginxinc/nginx-gateway-fabric/pull/2588 +* Add Helm schema by @lucacome in https://github.com/nginxinc/nginx-gateway-fabric/pull/2492 +* Add SnippetsFilter API by @sjberman in https://github.com/nginxinc/nginx-gateway-fabric/pull/2667 +* Only set stream status zone if hostname exists by @sjberman in https://github.com/nginxinc/nginx-gateway-fabric/pull/2684 +* Add loadBalancerSourceRanges to helm parameters by @salonichf5 in https://github.com/nginxinc/nginx-gateway-fabric/pull/2773 + +%%DATE%% + +FEATURES: + +- + +BUG FIXES: + +- + +DOCUMENTATION: + +- + +HELM CHART: + +- The version of the Helm chart is now 1.5.0 +- + +UPGRADE: + +- + +KNOWN ISSUES: + +- + +COMPATIBILITY: + +- Gateway API version: `` +- NGINX version: `` +- NGINX Plus version: `` +- Kubernetes version: `` + +CONTAINER IMAGES: + +- Control plane: `ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0` +- Data plane: `ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0` +- Data plane with NGINX Plus: `private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:1.5.0` ## Release 1.4.0 _August 20, 2024_ diff --git a/Makefile b/Makefile index ed68d2b7f6..b922d1df2b 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # variables that should not be overridden by the user -VERSION = edge -SELF_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +VERSION = 1.5.0 +SELF_DIR := $(dir $(lastword $(MAKEFILE_LIST))) CHART_DIR = $(SELF_DIR)charts/nginx-gateway-fabric NGINX_CONF_DIR = internal/mode/static/nginx/conf NJS_DIR = internal/mode/static/nginx/modules/src diff --git a/README.md b/README.md index 996dfe2051..67569dc965 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ You can find the comprehensive NGINX Gateway Fabric user documentation on the [N We publish NGINX Gateway Fabric releases on GitHub. See our [releases page](https://github.com/nginxinc/nginx-gateway-fabric/releases). -The latest release is [1.4.0](https://github.com/nginxinc/nginx-gateway-fabric/releases/tag/v1.4.0). +The latest release is [1.5.0](https://github.com/nginxinc/nginx-gateway-fabric/releases/tag/v1.5.0). The edge version is useful for experimenting with new features that are not yet published in a release. To use, choose the _edge_ version built from the [latest commit](https://github.com/nginxinc/nginx-gateway-fabric/commits/main) @@ -45,7 +45,7 @@ to the correct versions: | Version | Description | Installation Manifests | Documentation and Examples | |----------------|------------------------------------------|-----------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Latest release | For production use | [Manifests](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.4.0/deploy). | [Documentation](https://docs.nginx.com/nginx-gateway-fabric). [Examples](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.4.0/examples). | +| Latest release | For production use | [Manifests](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.5.0/deploy). | [Documentation](https://docs.nginx.com/nginx-gateway-fabric). [Examples](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.5.0/examples). | | Edge | For experimental use and latest features | [Manifests](https://github.com/nginxinc/nginx-gateway-fabric/tree/main/deploy). | [Documentation](https://github.com/nginxinc/nginx-gateway-fabric/tree/main/site/content). [Examples](https://github.com/nginxinc/nginx-gateway-fabric/tree/main/examples). | ### Versioning diff --git a/charts/nginx-gateway-fabric/Chart.yaml b/charts/nginx-gateway-fabric/Chart.yaml index da51db8850..63d87f8e94 100644 --- a/charts/nginx-gateway-fabric/Chart.yaml +++ b/charts/nginx-gateway-fabric/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: nginx-gateway-fabric description: NGINX Gateway Fabric type: application -version: 1.4.0 -appVersion: "edge" +version: 1.5.0 +appVersion: "1.5.0" kubeVersion: ">= 1.25.0-0" home: https://github.com/nginxinc/nginx-gateway-fabric icon: https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/main/charts/nginx-gateway-fabric/chart-icon.png diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md index 38c93d5214..cc7a845139 100644 --- a/charts/nginx-gateway-fabric/README.md +++ b/charts/nginx-gateway-fabric/README.md @@ -1,7 +1,7 @@ # NGINX Gateway Fabric Helm Chart -![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) ![AppVersion: edge](https://img.shields.io/badge/AppVersion-edge-informational?style=flat-square) +![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![AppVersion: 1.5.0](https://img.shields.io/badge/AppVersion-1.5.0-informational?style=flat-square) - [NGINX Gateway Fabric Helm Chart](#nginx-gateway-fabric-helm-chart) - [Introduction](#introduction) @@ -263,9 +263,9 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. | object | `{}` | | `nginx.debug` | Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource. | bool | `false` | | `nginx.extraVolumeMounts` | extraVolumeMounts are the additional volume mounts for the nginx container. | list | `[]` | -| `nginx.image.pullPolicy` | | string | `"Always"` | +| `nginx.image.pullPolicy` | | string | `"IfNotPresent"` | | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginxinc/nginx-gateway-fabric/nginx"` | -| `nginx.image.tag` | | string | `"edge"` | +| `nginx.image.tag` | | string | `"1.5.0"` | | `nginx.lifecycle` | The lifecycle of the nginx container. | object | `{}` | | `nginx.plus` | Is NGINX Plus image being used | bool | `false` | | `nginx.usage.caSecretName` | The name of the Secret containing the NGINX Instance Manager CA certificate. Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). | string | `""` | @@ -281,9 +281,9 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `nginxGateway.gatewayClassName` | The name of the GatewayClass that will be created as part of this release. Every NGINX Gateway Fabric must have a unique corresponding GatewayClass resource. NGINX Gateway Fabric only processes resources that belong to its class - i.e. have the "gatewayClassName" field resource equal to the class. | string | `"nginx"` | | `nginxGateway.gatewayControllerName` | The name of the Gateway controller. The controller name must be of the form: DOMAIN/PATH. The controller's domain is gateway.nginx.org. | string | `"gateway.nginx.org/nginx-gateway-controller"` | | `nginxGateway.gwAPIExperimentalFeatures.enable` | Enable the experimental features of Gateway API which are supported by NGINX Gateway Fabric. Requires the Gateway APIs installed from the experimental channel. | bool | `false` | -| `nginxGateway.image.pullPolicy` | | string | `"Always"` | +| `nginxGateway.image.pullPolicy` | | string | `"IfNotPresent"` | | `nginxGateway.image.repository` | The NGINX Gateway Fabric image to use | string | `"ghcr.io/nginxinc/nginx-gateway-fabric"` | -| `nginxGateway.image.tag` | | string | `"edge"` | +| `nginxGateway.image.tag` | | string | `"1.5.0"` | | `nginxGateway.kind` | The kind of the NGINX Gateway Fabric installation - currently, only deployment is supported. | string | `"deployment"` | | `nginxGateway.leaderElection.enable` | Enable leader election. Leader election is used to avoid multiple replicas of the NGINX Gateway Fabric reporting the status of the Gateway API resources. If not enabled, all replicas of NGINX Gateway Fabric will update the statuses of the Gateway API resources. | bool | `true` | | `nginxGateway.leaderElection.lockName` | The name of the leader election lock. A Lease object with this name will be created in the same Namespace as the controller. | string | Autogenerated if not set or set to "". | diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json index 801f372c1e..059570a7a3 100644 --- a/charts/nginx-gateway-fabric/values.schema.json +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -219,9 +219,9 @@ "image": { "properties": { "pullPolicy": { - "default": "Always", + "default": "IfNotPresent", "enum": [ - "Always", + "IfNotPresent", "IfNotPresent", "Never" ], @@ -236,7 +236,7 @@ "type": "string" }, "tag": { - "default": "edge", + "default": "1.5.0", "required": [], "title": "tag", "type": "string" @@ -394,9 +394,9 @@ "image": { "properties": { "pullPolicy": { - "default": "Always", + "default": "IfNotPresent", "enum": [ - "Always", + "IfNotPresent", "IfNotPresent", "Never" ], @@ -411,7 +411,7 @@ "type": "string" }, "tag": { - "default": "edge", + "default": "1.5.0", "required": [], "title": "tag", "type": "string" diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index c2b5d2bba0..40623c018c 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -82,14 +82,14 @@ nginxGateway: image: # -- The NGINX Gateway Fabric image to use repository: ghcr.io/nginxinc/nginx-gateway-fabric - tag: edge + tag: 1.5.0 # @schema # enum: - # - Always + # - IfNotPresent # - IfNotPresent # - Never # @schema - pullPolicy: Always + pullPolicy: IfNotPresent securityContext: # -- Some environments may need this set to true in order for the control plane to successfully reload NGINX. @@ -122,14 +122,14 @@ nginx: image: # -- The NGINX image to use. repository: ghcr.io/nginxinc/nginx-gateway-fabric/nginx - tag: edge + tag: 1.5.0 # @schema # enum: - # - Always + # - IfNotPresent # - IfNotPresent # - Never # @schema - pullPolicy: Always + pullPolicy: IfNotPresent # -- Is NGINX Plus image being used plus: false diff --git a/config/tests/static-deployment.yaml b/config/tests/static-deployment.yaml index 0ae1bcfc0f..e69de29bb2 100644 --- a/config/tests/static-deployment.yaml +++ b/config/tests/static-deployment.yaml @@ -1,169 +0,0 @@ ---- -# Source: nginx-gateway-fabric/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-gateway - namespace: nginx-gateway - labels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/version: "edge" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway - template: - metadata: - labels: - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/instance: nginx-gateway - spec: - initContainers: - - name: copy-nginx-config - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --destination - - /etc/nginx/main-includes - securityContext: - seccompProfile: - type: RuntimeDefault - capabilities: - add: - - KILL # Set because the binary has CAP_KILL for the main controller process. Not used by init. - drop: - - ALL - readOnlyRootFilesystem: true - runAsUser: 102 - runAsGroup: 1001 - volumeMounts: - - name: nginx-includes-bootstrap - mountPath: /includes - - name: nginx-main-includes - mountPath: /etc/nginx/main-includes - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --metrics-disable - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - - --product-telemetry-disable - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - name: health - containerPort: 8081 - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsUser: 102 - runAsGroup: 1001 - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: nginx-stream-conf - mountPath: /etc/nginx/stream-conf.d - - name: nginx-main-includes - mountPath: /etc/nginx/main-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes - - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - seccompProfile: - type: RuntimeDefault - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsUser: 101 - runAsGroup: 1001 - volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d - - name: nginx-stream-conf - mountPath: /etc/nginx/stream-conf.d - - name: nginx-main-includes - mountPath: /etc/nginx/main-includes - - name: nginx-secrets - mountPath: /etc/nginx/secrets - - name: nginx-run - mountPath: /var/run/nginx - - name: nginx-cache - mountPath: /var/cache/nginx - - name: nginx-includes - mountPath: /etc/nginx/includes - terminationGracePeriodSeconds: 30 - serviceAccountName: nginx-gateway - shareProcessNamespace: true - securityContext: - fsGroup: 1001 - runAsNonRoot: true - volumes: - - name: nginx-conf - emptyDir: {} - - name: nginx-stream-conf - emptyDir: {} - - name: nginx-main-includes - emptyDir: {} - - name: nginx-secrets - emptyDir: {} - - name: nginx-run - emptyDir: {} - - name: nginx-cache - emptyDir: {} - - name: nginx-includes - emptyDir: {} - - name: nginx-includes-bootstrap - configMap: - name: nginx-includes-bootstrap diff --git a/deploy/aws-nlb/deploy.yaml b/deploy/aws-nlb/deploy.yaml index 4f367638b5..8a9c42f3e3 100644 --- a/deploy/aws-nlb/deploy.yaml +++ b/deploy/aws-nlb/deploy.yaml @@ -2,379 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip - service.beta.kubernetes.io/aws-load-balancer-type: external - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: LoadBalancer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info diff --git a/deploy/azure/deploy.yaml b/deploy/azure/deploy.yaml index f4916da3ff..8a9c42f3e3 100644 --- a/deploy/azure/deploy.yaml +++ b/deploy/azure/deploy.yaml @@ -2,378 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: LoadBalancer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info diff --git a/deploy/default/deploy.yaml b/deploy/default/deploy.yaml index 88aae1eedd..8a9c42f3e3 100644 --- a/deploy/default/deploy.yaml +++ b/deploy/default/deploy.yaml @@ -2,376 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: LoadBalancer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info diff --git a/deploy/experimental-nginx-plus/deploy.yaml b/deploy/experimental-nginx-plus/deploy.yaml index c2bcbafe09..8a9c42f3e3 100644 --- a/deploy/experimental-nginx-plus/deploy.yaml +++ b/deploy/experimental-nginx-plus/deploy.yaml @@ -2,408 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -imagePullSecrets: -- name: nginx-plus-registry-secret -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - list -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - - backendtlspolicies - - tlsroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - - backendtlspolicies/status - - tlsroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; - mgmt.conf: | - mgmt { - enforce_initial_report off; - } -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: LoadBalancer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --nginx-plus - - --usage-report-secret=nplus-license - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - - --gateway-api-experimental-features - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - - mountPath: /var/lib/nginx/state - name: nginx-lib - - mountPath: /etc/nginx/license.jwt - name: nginx-plus-license - subPath: license.jwt - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --source - - /includes/mgmt.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap - - emptyDir: {} - name: nginx-lib - - name: nginx-plus-license - secret: - secretName: nplus-license ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info diff --git a/deploy/experimental/deploy.yaml b/deploy/experimental/deploy.yaml index be62207472..8a9c42f3e3 100644 --- a/deploy/experimental/deploy.yaml +++ b/deploy/experimental/deploy.yaml @@ -2,382 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - - backendtlspolicies - - tlsroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - - backendtlspolicies/status - - tlsroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: LoadBalancer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - - --gateway-api-experimental-features - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info diff --git a/deploy/nginx-plus/deploy.yaml b/deploy/nginx-plus/deploy.yaml index f31b0da07b..8a9c42f3e3 100644 --- a/deploy/nginx-plus/deploy.yaml +++ b/deploy/nginx-plus/deploy.yaml @@ -2,402 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -imagePullSecrets: -- name: nginx-plus-registry-secret -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - list -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; - mgmt.conf: | - mgmt { - enforce_initial_report off; - } -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: LoadBalancer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --nginx-plus - - --usage-report-secret=nplus-license - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - - mountPath: /var/lib/nginx/state - name: nginx-lib - - mountPath: /etc/nginx/license.jwt - name: nginx-plus-license - subPath: license.jwt - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --source - - /includes/mgmt.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap - - emptyDir: {} - name: nginx-lib - - name: nginx-plus-license - secret: - secretName: nplus-license ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info diff --git a/deploy/nodeport/deploy.yaml b/deploy/nodeport/deploy.yaml index 25b6210ed1..8a9c42f3e3 100644 --- a/deploy/nodeport/deploy.yaml +++ b/deploy/nodeport/deploy.yaml @@ -2,376 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: NodePort ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info diff --git a/deploy/openshift/deploy.yaml b/deploy/openshift/deploy.yaml index 8231de661e..8a9c42f3e3 100644 --- a/deploy/openshift/deploy.yaml +++ b/deploy/openshift/deploy.yaml @@ -2,427 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch -- apiGroups: - - security.openshift.io - resourceNames: - - nginx-gateway-scc - resources: - - securitycontextconstraints - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: LoadBalancer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info ---- -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: false -allowPrivilegedContainer: false -allowedCapabilities: -- NET_BIND_SERVICE -- KILL -apiVersion: security.openshift.io/v1 -fsGroup: - ranges: - - max: 1001 - min: 1001 - type: MustRunAs -kind: SecurityContextConstraints -metadata: - name: nginx-gateway-scc -readOnlyRootFilesystem: true -requiredDropCapabilities: -- ALL -runAsUser: - type: MustRunAsRange - uidRangeMax: 102 - uidRangeMin: 101 -seLinuxContext: - type: MustRunAs -seccompProfiles: -- runtime/default -supplementalGroups: - ranges: - - max: 1001 - min: 1001 - type: MustRunAs -users: -- system:serviceaccount:nginx-gateway:nginx-gateway -volumes: -- emptyDir -- secret -- configMap -- projected diff --git a/deploy/snippets-filters-nginx-plus/deploy.yaml b/deploy/snippets-filters-nginx-plus/deploy.yaml index 4a68115cce..8a9c42f3e3 100644 --- a/deploy/snippets-filters-nginx-plus/deploy.yaml +++ b/deploy/snippets-filters-nginx-plus/deploy.yaml @@ -2,405 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -imagePullSecrets: -- name: nginx-plus-registry-secret -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - list -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - - snippetsfilters - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - - snippetsfilters/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; - mgmt.conf: | - mgmt { - enforce_initial_report off; - } -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: LoadBalancer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --nginx-plus - - --usage-report-secret=nplus-license - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - - --snippets-filters - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - - mountPath: /var/lib/nginx/state - name: nginx-lib - - mountPath: /etc/nginx/license.jwt - name: nginx-plus-license - subPath: license.jwt - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --source - - /includes/mgmt.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap - - emptyDir: {} - name: nginx-lib - - name: nginx-plus-license - secret: - secretName: nplus-license ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info diff --git a/deploy/snippets-filters/deploy.yaml b/deploy/snippets-filters/deploy.yaml index e6fd79ce24..8a9c42f3e3 100644 --- a/deploy/snippets-filters/deploy.yaml +++ b/deploy/snippets-filters/deploy.yaml @@ -2,379 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - - grpcroutes - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - - grpcroutes/status - verbs: - - update -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways - verbs: - - get - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxproxies - - clientsettingspolicies - - observabilitypolicies - - snippetsfilters - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - nginxgateways/status - - clientsettingspolicies/status - - observabilitypolicies/status - - snippetsfilters/status - verbs: - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway ---- -apiVersion: v1 -data: - main.conf: | - error_log stderr info; -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-includes-bootstrap - namespace: nginx-gateway ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - externalTrafficPolicy: Local - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - type: LoadBalancer ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - template: - metadata: - annotations: - prometheus.io/port: "9113" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - spec: - containers: - - args: - - static-mode - - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - --config=nginx-gateway-config - - --service=nginx-gateway - - --metrics-port=9113 - - --health-port=8081 - - --leader-election-lock-name=nginx-gateway-leader-election - - --snippets-filters - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: nginx-gateway - ports: - - containerPort: 9113 - name: metrics - - containerPort: 8081 - name: health - readinessProbe: - httpGet: - path: /readyz - port: health - initialDelaySeconds: 3 - periodSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /etc/nginx/includes - name: nginx-includes - - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge - imagePullPolicy: Always - name: nginx - ports: - - containerPort: 80 - name: http - - containerPort: 443 - name: https - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/nginx/conf.d - name: nginx-conf - - mountPath: /etc/nginx/stream-conf.d - name: nginx-stream-conf - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - - mountPath: /etc/nginx/secrets - name: nginx-secrets - - mountPath: /var/run/nginx - name: nginx-run - - mountPath: /var/cache/nginx - name: nginx-cache - - mountPath: /etc/nginx/includes - name: nginx-includes - initContainers: - - command: - - /usr/bin/gateway - - copy - - --source - - /includes/main.conf - - --destination - - /etc/nginx/main-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric:edge - imagePullPolicy: Always - name: copy-nginx-config - securityContext: - capabilities: - add: - - KILL - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 1001 - runAsUser: 102 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /includes - name: nginx-includes-bootstrap - - mountPath: /etc/nginx/main-includes - name: nginx-main-includes - securityContext: - fsGroup: 1001 - runAsNonRoot: true - serviceAccountName: nginx-gateway - shareProcessNamespace: true - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: nginx-conf - - emptyDir: {} - name: nginx-stream-conf - - emptyDir: {} - name: nginx-main-includes - - emptyDir: {} - name: nginx-secrets - - emptyDir: {} - name: nginx-run - - emptyDir: {} - name: nginx-cache - - emptyDir: {} - name: nginx-includes - - configMap: - name: nginx-includes-bootstrap - name: nginx-includes-bootstrap ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx -spec: - controllerName: gateway.nginx.org/nginx-gateway-controller ---- -apiVersion: gateway.nginx.org/v1alpha1 -kind: NginxGateway -metadata: - labels: - app.kubernetes.io/instance: nginx-gateway - app.kubernetes.io/name: nginx-gateway - app.kubernetes.io/version: edge - name: nginx-gateway-config - namespace: nginx-gateway -spec: - logging: - level: info diff --git a/site/content/how-to/monitoring/prometheus.md b/site/content/how-to/monitoring/prometheus.md index 0d47badc54..20a5c7404d 100644 --- a/site/content/how-to/monitoring/prometheus.md +++ b/site/content/how-to/monitoring/prometheus.md @@ -102,11 +102,11 @@ You can configure monitoring metrics for NGINX Gateway Fabric using Helm or Mani ### Using Helm -If you're setting up NGINX Gateway Fabric with Helm, you can adjust the `metrics.*` parameters to fit your needs. For detailed options and instructions, see the [Helm README](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.4.0/charts/nginx-gateway-fabric/README.md). +If you're setting up NGINX Gateway Fabric with Helm, you can adjust the `metrics.*` parameters to fit your needs. For detailed options and instructions, see the [Helm README](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.5.0/charts/nginx-gateway-fabric/README.md). ### Using Kubernetes manifests -For setups using Kubernetes manifests, change the metrics configuration by editing the NGINX Gateway Fabric manifest that you want to deploy. You can find some examples in the [deploy](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.4.0/deploy) directory. +For setups using Kubernetes manifests, change the metrics configuration by editing the NGINX Gateway Fabric manifest that you want to deploy. You can find some examples in the [deploy](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.5.0/deploy) directory. #### Disabling metrics diff --git a/site/content/how-to/traffic-management/advanced-routing.md b/site/content/how-to/traffic-management/advanced-routing.md index 72b6d994c4..37cc5c2554 100644 --- a/site/content/how-to/traffic-management/advanced-routing.md +++ b/site/content/how-to/traffic-management/advanced-routing.md @@ -36,7 +36,7 @@ The goal is to create a set of rules that will result in client requests being s Begin by deploying the `coffee-v1` and `coffee-v2` applications: ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/advanced-routing/coffee.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/advanced-routing/coffee.yaml ``` ### Deploy the Gateway API Resources for the Coffee applications @@ -156,7 +156,7 @@ Let's deploy a different set of applications now called `tea` and `tea-post`. Th ### Deploy the Tea applications ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/advanced-routing/tea.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/advanced-routing/tea.yaml ``` ### Deploy the HTTPRoute for the Tea services diff --git a/site/content/how-to/traffic-management/client-settings.md b/site/content/how-to/traffic-management/client-settings.md index 791dae9efd..9bf21f0764 100644 --- a/site/content/how-to/traffic-management/client-settings.md +++ b/site/content/how-to/traffic-management/client-settings.md @@ -45,19 +45,19 @@ For all the possible configuration options for `ClientSettingsPolicy`, see the [ - Create the coffee and tea example applications: ```yaml - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/client-settings-policy/app.yaml + kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/client-settings-policy/app.yaml ``` - Create a Gateway: ```yaml - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/client-settings-policy/gateway.yaml + kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/client-settings-policy/gateway.yaml ``` - Create HTTPRoutes for the coffee and tea applications: ```yaml - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/client-settings-policy/httproutes.yaml + kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/client-settings-policy/httproutes.yaml ``` - Test the configuration: diff --git a/site/content/how-to/traffic-management/request-response-headers.md b/site/content/how-to/traffic-management/request-response-headers.md index b57f90ef22..f3518624c7 100644 --- a/site/content/how-to/traffic-management/request-response-headers.md +++ b/site/content/how-to/traffic-management/request-response-headers.md @@ -64,7 +64,7 @@ This examples demonstrates how to configure traffic routing for a simple echo se Begin by deploying the example application `headers`. It is a simple application that returns the request headers which will be modified later. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/http-request-header-filter/headers.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/http-request-header-filter/headers.yaml ``` This will create the headers Service and a Deployment with one Pod. Run the following command to verify the resources were created: @@ -175,7 +175,7 @@ kubectl delete httproutes.gateway.networking.k8s.io headers ``` ```shell -kubectl delete -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/http-request-header-filter/headers.yaml +kubectl delete -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/http-request-header-filter/headers.yaml ``` ## ResponseHeaderModifier example @@ -187,7 +187,7 @@ Begin by configuring an application with custom headers and a simple HTTPRoute. Begin by deploying the example application `headers`. It is a simple application that adds response headers that will be modified later. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/http-response-header-filter/headers.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/http-response-header-filter/headers.yaml ``` This will create the headers Service and a Deployment with one Pod. Run the following command to verify the resources were created: diff --git a/site/content/how-to/traffic-management/snippets.md b/site/content/how-to/traffic-management/snippets.md index 6064ee5dbf..e986042ad6 100644 --- a/site/content/how-to/traffic-management/snippets.md +++ b/site/content/how-to/traffic-management/snippets.md @@ -73,19 +73,19 @@ We have outlined a few best practices to keep in mind when using `SnippetsFilter - Create the coffee and tea example applications: ```yaml - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/snippets-filter/app.yaml + kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/snippets-filter/app.yaml ``` - Create a Gateway: ```yaml - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/snippets-filter/gateway.yaml + kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/snippets-filter/gateway.yaml ``` - Create HTTPRoutes for the coffee and tea applications: ```yaml - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/examples/snippets-filter/httproutes.yaml + kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/examples/snippets-filter/httproutes.yaml ``` - Test the configuration: diff --git a/site/content/how-to/upgrade-apps-without-downtime.md b/site/content/how-to/upgrade-apps-without-downtime.md index e832dcdedd..2c50fce0c7 100644 --- a/site/content/how-to/upgrade-apps-without-downtime.md +++ b/site/content/how-to/upgrade-apps-without-downtime.md @@ -56,7 +56,7 @@ For example, an application can be exposed using a routing rule like below: port: 80 ``` -{{< note >}}See the [Cafe example](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.4.0/examples/cafe-example) for a basic example.{{< /note >}} +{{< note >}}See the [Cafe example](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.5.0/examples/cafe-example) for a basic example.{{< /note >}} The upgrade methods in the next sections cover: @@ -121,4 +121,4 @@ By updating the rule you can further increase the share of traffic the new versi weight: 1 ``` -See the [Traffic splitting example](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.4.0/examples/traffic-splitting) from our repository. +See the [Traffic splitting example](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.5.0/examples/traffic-splitting) from our repository. diff --git a/site/content/includes/installation/install-gateway-api-experimental-features.md b/site/content/includes/installation/install-gateway-api-experimental-features.md index 27e1170027..e9a516e903 100644 --- a/site/content/includes/installation/install-gateway-api-experimental-features.md +++ b/site/content/includes/installation/install-gateway-api-experimental-features.md @@ -10,7 +10,7 @@ To use Gateway API experimental resources, the Gateway API resources from the ex To install the Gateway API resources from the experimental channel, run the following: ```shell -kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.4.0" | kubectl apply -f - +kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.5.0" | kubectl apply -f - ``` {{< note >}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`. {{}} diff --git a/site/content/includes/installation/install-gateway-api-resources.md b/site/content/includes/installation/install-gateway-api-resources.md index 109b6f4fd6..9fa5a82956 100644 --- a/site/content/includes/installation/install-gateway-api-resources.md +++ b/site/content/includes/installation/install-gateway-api-resources.md @@ -2,12 +2,12 @@ docs: "DOCS-1438" --- -{{< note >}} The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.4.0/README.md#technical-specifications). {{}} +{{< note >}} The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.5.0/README.md#technical-specifications). {{}} To install the Gateway API resources, run the following: ```shell -kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.4.0" | kubectl apply -f - +kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.5.0" | kubectl apply -f - ``` {{< note >}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`.{{}} @@ -18,7 +18,7 @@ NGINX Gateway Fabric currently supports a subset of the additional features prov To install from the experimental channel, run the following: ```shell -kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.4.0" | kubectl apply -f - +kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.5.0" | kubectl apply -f - ``` {{< note >}} To learn more about what Gateway API resources NGINX Gateway Fabric currently supports, visit our [Gateway API Compatibility]({{< relref "overview/gateway-api-compatibility.md" >}}) document. {{}} diff --git a/site/content/includes/installation/uninstall-gateway-api-resources.md b/site/content/includes/installation/uninstall-gateway-api-resources.md index 3b4efa9171..94e6a886c5 100644 --- a/site/content/includes/installation/uninstall-gateway-api-resources.md +++ b/site/content/includes/installation/uninstall-gateway-api-resources.md @@ -7,11 +7,11 @@ docs: "DOCS-1436" To uninstall the Gateway API resources, run the following: ```shell -kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.4.0" | kubectl delete -f - +kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.5.0" | kubectl delete -f - ``` Alternatively, if you installed the Gateway APIs from the experimental channel, run the following: ```shell -kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.4.0" | kubectl delete -f - +kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.5.0" | kubectl delete -f - ``` diff --git a/site/content/installation/building-the-images.md b/site/content/installation/building-the-images.md index ed03e099f1..b294d5fb7b 100644 --- a/site/content/installation/building-the-images.md +++ b/site/content/installation/building-the-images.md @@ -26,7 +26,7 @@ If building the NGINX Plus image, you will also need a valid NGINX Plus license 1. Clone the repo and change into the `nginx-gateway-fabric` directory: ```shell - git clone https://github.com/nginxinc/nginx-gateway-fabric.git --branch v1.4.0 + git clone https://github.com/nginxinc/nginx-gateway-fabric.git --branch v1.5.0 cd nginx-gateway-fabric ``` @@ -62,20 +62,20 @@ If building the NGINX Plus image, you will also need a valid NGINX Plus license ``` Set the `PREFIX` variable to the name of the registry you'd like to push the image to. By default, the images will be - named `nginx-gateway-fabric:1.4.0` and `nginx-gateway-fabric/nginx:1.4.0` or `nginx-gateway-fabric/nginx-plus:1.4.0`. + named `nginx-gateway-fabric:1.5.0` and `nginx-gateway-fabric/nginx:1.5.0` or `nginx-gateway-fabric/nginx-plus:1.5.0`. 1. Push the images to your container registry: ```shell - docker push myregistry.example.com/nginx-gateway-fabric:1.4.0 - docker push myregistry.example.com/nginx-gateway-fabric/nginx:1.4.0 + docker push myregistry.example.com/nginx-gateway-fabric:1.5.0 + docker push myregistry.example.com/nginx-gateway-fabric/nginx:1.5.0 ``` or ```shell - docker push myregistry.example.com/nginx-gateway-fabric:1.4.0 - docker push myregistry.example.com/nginx-gateway-fabric/nginx-plus:1.4.0 + docker push myregistry.example.com/nginx-gateway-fabric:1.5.0 + docker push myregistry.example.com/nginx-gateway-fabric/nginx-plus:1.5.0 ``` Make sure to substitute `myregistry.example.com/nginx-gateway-fabric` with your registry. diff --git a/site/content/installation/installing-ngf/helm.md b/site/content/installation/installing-ngf/helm.md index 143a982830..02cfbf9490 100644 --- a/site/content/installation/installing-ngf/helm.md +++ b/site/content/installation/installing-ngf/helm.md @@ -157,7 +157,7 @@ helm install ngf oci://ghcr.io/nginxinc/charts/nginx-gateway-fabric --create-nam #### Examples -You can find several examples of configuration options of the `values.yaml` file in the [helm examples](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.4.0/examples/helm) directory. +You can find several examples of configuration options of the `values.yaml` file in the [helm examples](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.5.0/examples/helm) directory. ### Access NGINX Gateway Fabric @@ -178,13 +178,13 @@ To upgrade your Gateway API resources, take the following steps: - To upgrade the Gateway API resources, run: ```shell - kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.4.0" | kubectl apply -f - + kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.5.0" | kubectl apply -f - ``` or, if you installed the from the experimental channel: ```shell - kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.4.0" | kubectl apply -f - + kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.5.0" | kubectl apply -f - ``` ### Upgrade NGINX Gateway Fabric CRDs @@ -198,7 +198,7 @@ To upgrade the CRDs, take the following steps: 2. Upgrade the CRDs: ```shell - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/crds.yaml + kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/crds.yaml ``` {{}}Ignore the following warning, as it is expected.{{}} @@ -315,7 +315,7 @@ Follow these steps to uninstall NGINX Gateway Fabric and Gateway API from your K ```shell kubectl delete ns nginx-gateway - kubectl delete -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/crds.yaml + kubectl delete -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/crds.yaml ``` 3. **Remove the Gateway API resources:** @@ -324,4 +324,4 @@ Follow these steps to uninstall NGINX Gateway Fabric and Gateway API from your K ## Additional configuration -For a full list of the Helm Chart configuration parameters, read [the NGINX Gateway Fabric Helm Chart](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.4.0/charts/nginx-gateway-fabric/README.md#configuration). +For a full list of the Helm Chart configuration parameters, read [the NGINX Gateway Fabric Helm Chart](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.5.0/charts/nginx-gateway-fabric/README.md#configuration). diff --git a/site/content/installation/installing-ngf/manifests.md b/site/content/installation/installing-ngf/manifests.md index c2eff51048..875a8a08c3 100644 --- a/site/content/installation/installing-ngf/manifests.md +++ b/site/content/installation/installing-ngf/manifests.md @@ -53,7 +53,7 @@ Deploying NGINX Gateway Fabric with Kubernetes manifests takes only a few steps. #### Stable release ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/crds.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/crds.yaml ``` #### Edge version @@ -73,7 +73,7 @@ kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric Deploys NGINX Gateway Fabric with NGINX OSS. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/default/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/default/deploy.yaml ``` {{% /tab %}} @@ -83,7 +83,7 @@ kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric Deploys NGINX Gateway Fabric with NGINX OSS and an AWS Network Load Balancer service. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/aws-nlb/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/aws-nlb/deploy.yaml ``` {{% /tab %}} @@ -93,7 +93,7 @@ kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric Deploys NGINX Gateway Fabric with NGINX OSS and `nodeSelector` to deploy on Linux nodes. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/azure/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/azure/deploy.yaml ``` {{% /tab %}} @@ -105,7 +105,7 @@ NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the Sec The NGINX Plus JWT Secret used to run NGINX Plus is also specified in a volume mount and the `--usage-report-secret` parameter. These Secrets are created as part of the [Before you begin](#before-you-begin) section. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/nginx-plus/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/nginx-plus/deploy.yaml ``` {{% /tab %}} @@ -115,7 +115,7 @@ kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric Deploys NGINX Gateway Fabric with NGINX OSS and experimental features. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/experimental/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/experimental/deploy.yaml ``` {{< note >}} Requires the Gateway APIs installed from the experimental channel. {{< /note >}} @@ -129,7 +129,7 @@ NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the Sec The NGINX Plus JWT Secret used to run NGINX Plus is also specified in a volume mount and the `--usage-report-secret` parameter. These Secrets are created as part of the [Before you begin](#before-you-begin) section. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/nginx-plus-experimental/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/nginx-plus-experimental/deploy.yaml ``` {{< note >}} Requires the Gateway APIs installed from the experimental channel. {{< /note >}} @@ -141,7 +141,7 @@ kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric Deploys NGINX Gateway Fabric with NGINX OSS using a Service type of `NodePort`. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/nodeport/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/nodeport/deploy.yaml ``` {{% /tab %}} @@ -151,7 +151,7 @@ kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric Deploys NGINX Gateway Fabric with NGINX OSS on OpenShift. ```shell -kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/openshift/deploy.yaml +kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/openshift/deploy.yaml ``` {{% /tab %}} @@ -193,13 +193,13 @@ To upgrade NGINX Gateway Fabric and get the latest features and improvements, ta - To upgrade the Gateway API resources, run: ```shell - kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.4.0" | kubectl apply -f - + kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.5.0" | kubectl apply -f - ``` or, if you installed the from the experimental channel: ```shell - kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.4.0" | kubectl apply -f - + kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.5.0" | kubectl apply -f - ``` 1. **Upgrade NGINX Gateway Fabric CRDs:** @@ -207,7 +207,7 @@ To upgrade NGINX Gateway Fabric and get the latest features and improvements, ta - To upgrade the Custom Resource Definitions (CRDs), run: ```shell - kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/crds.yaml + kubectl apply -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/crds.yaml ``` 1. **Upgrade NGINX Gateway Fabric deployment:** @@ -278,7 +278,7 @@ Follow these steps to uninstall NGINX Gateway Fabric and Gateway API from your K ``` ```shell - kubectl delete -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.4.0/deploy/crds.yaml + kubectl delete -f https://raw.githubusercontent.com/nginxinc/nginx-gateway-fabric/v1.5.0/deploy/crds.yaml ``` 1. **Remove the Gateway API resources:** diff --git a/site/content/installation/ngf-images/pulling-ngf-image.md b/site/content/installation/ngf-images/pulling-ngf-image.md new file mode 100644 index 0000000000..7953bb1142 --- /dev/null +++ b/site/content/installation/ngf-images/pulling-ngf-image.md @@ -0,0 +1,104 @@ +--- +title: "Push an NGINX Plus image to a private registry" +weight: 200 +doctypes: ["install"] +toc: true +docs: "DOCS-1433" +--- + +## Overview + +This document describes how to pull a NGINX Plus image for NGINX Gateway Fabric from the official F5 Docker registry and upload it to your private registry + +## Before you begin + +Before you start, you'll need these installed on your machine: + +- [Docker v18.09 or higher](https://docs.docker.com/engine/release-notes/18.09/). +- The certificate (**nginx-repo.crt**) and key (**nginx-repo.key**) for a Connectivity Stack for Kubernetes subscription, obtainable from [MyF5l](https://my.f5.com) An NGINX Plus certificate and key will not work. + +## Configuring Docker for the F5 Container Registry + +To configure Docker to communicate with the F5 Container Registry, first create a folder containing your certificate and key files: + +```shell +mkdir -p /etc/docker/certs.d/private-registry.nginx.com +cp /etc/docker/certs.d/private-registry.nginx.com/client.cert +cp /etc/docker/certs.d/private-registry.nginx.com/client.key +``` + +If you are not using a Linux operating system, read the [Docker for Windows](https://docs.docker.com/desktop/faqs/windowsfaqs/#how-do-i-add-custom-ca-certificates) or [Docker for Mac](https://docs.docker.com/desktop/faqs/macfaqs/#add-custom-ca-certificates-server-side) instructions. For more details on Docker Engine security, you can refer to the [Docker Engine Security documentation](https://docs.docker.com/engine/security/). + + +## Pulling the image + +Once configured, you can now pull images from `private-registry.nginx.com`. To find your desired image, read the [Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric#technical-specifications). + +Run this command step to pull an image, replacing `` with the specific version you need, such as `1.5.0`. + + + ```shell + docker pull private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:1.5.0 + ``` + +You can use the Docker registry API to list available image tags using your client certificate and key. The `jq` command is used to format the JSON output for easier reading. + +```shell +curl https://private-registry.nginx.com/nginx-gateway-fabric/nginx-plus/tags/list --key --cert | jq +``` + +```json +{ + "name": "nginx-gateway-fabric/nginx-plus", + "tags": [ + "edge", + "nightly" + ] +} +``` + + +Once you have pulled an image, you can tag it and push it to a private registry. + +1. Log into your private registry: + + ```shell + docker login + ``` + +1. Tag the image, replacing `` with your registry's path and `` with the version you're using: + + + ```shell + docker tag private-registry.nginx.com/nginx-gateway-fabric/nginx-plus: /nginx-gateway-fabric/nginx-plus: + docker push /nginx-gateway-fabric/nginx-plus: + ``` + + +## Troubleshooting + +If you encounter issues while following this guide, here are solutions to common problems: + +- **Certificate errors**: + - *Likely cause*: Incorrect certificate or key location, or using an NGINX Plus certificate. + - *Solution*: Check you have the correct NGINX Gateway Fabric certificate and key, their files are named correctly, and they are in the correct directory. + +- **Docker version compatibility** + - *Likely cause*: Outdated Docker version. + - *Solution*: Make sure you're running [Docker v18.09 or higher](https://docs.docker.com/engine/release-notes/18.09/), and upgrade if necessary. + +- **Can't pull the image** + - *Likely cause*: Mismatched image name or tag. + - *Solution*: Compare the image name and tag to the [Technical Specifications table](https://github.com/nginxinc/nginx-gateway-fabric?tab=readme-ov-file#technical-specifications). + +- **Failed to push to private registry** + - *Likely cause*: Not logged into your private registry or incorrect image tagging. + - *Solution*: Verify your login status and correct the image tag before pushing. Read the [Docker documentation](https://docs.docker.com/docker-hub/repos/) for more guidance. + + +## Alternative installation options + +There are alternative ways to get an NGINX Plus image for NGINX Gateway Fabric: + +- [Install by pulling a docker image]({{}}). +- [Build the Gateway Fabric image]({{}}) using the source code from the GitHub repository and your NGINX Plus subscription certificate and key. diff --git a/site/content/overview/gateway-architecture.md b/site/content/overview/gateway-architecture.md index 015bfc4e55..c3b829b0eb 100644 --- a/site/content/overview/gateway-architecture.md +++ b/site/content/overview/gateway-architecture.md @@ -21,7 +21,7 @@ NGINX Gateway Fabric is an open source project that provides an implementation o For a list of supported Gateway API resources and features, see the [Gateway API Compatibility]({{< relref "/overview/gateway-api-compatibility.md" >}}) documentation. -We have more information regarding our [design principles](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.4.0/docs/developer/design-principles.md) in the project's GitHub repository. +We have more information regarding our [design principles](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.5.0/docs/developer/design-principles.md) in the project's GitHub repository. ## NGINX Gateway Fabric at a high level @@ -72,7 +72,7 @@ The following list describes the connections, preceeded by their types in parent 1. (HTTPS) - Read: _NGF_ reads the _Kubernetes API_ to get the latest versions of the resources in the cluster. - - Write: _NGF_ writes to the _Kubernetes API_ to update the handled resources' statuses and emit events. If there's more than one replica of _NGF_ and [leader election](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.4.0/charts/nginx-gateway-fabric#configuration) is enabled, only the _NGF_ pod that is leading will write statuses to the _Kubernetes API_. + - Write: _NGF_ writes to the _Kubernetes API_ to update the handled resources' statuses and emit events. If there's more than one replica of _NGF_ and [leader election](https://github.com/nginxinc/nginx-gateway-fabric/tree/v1.5.0/charts/nginx-gateway-fabric#configuration) is enabled, only the _NGF_ pod that is leading will write statuses to the _Kubernetes API_. 1. (HTTP, HTTPS) _Prometheus_ fetches the `controller-runtime` and NGINX metrics via an HTTP endpoint that _NGF_ exposes (`:9113/metrics` by default). Prometheus is **not** required by NGINX Gateway Fabric, and its endpoint can be turned off. 1. (File I/O) - Write: _NGF_ generates NGINX _configuration_ based on the cluster resources and writes them as `.conf` files to the mounted `nginx-conf` volume, located at `/etc/nginx/conf.d`. It also writes _TLS certificates_ and _keys_ from [TLS secrets](https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets) referenced in the accepted Gateway resource to the `nginx-secrets` volume at the path `/etc/nginx/secrets`. @@ -86,7 +86,7 @@ The following list describes the connections, preceeded by their types in parent 1. (File I/O) - Write: The _NGINX master_ writes to the auxiliary Unix sockets folder, which is located in the `/var/run/nginx` directory. - - Read: The _NGINX master_ reads the `nginx.conf` file from the `/etc/nginx` directory. This [file](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.4.0/internal/mode/static/nginx/conf/nginx.conf) contains the global and http configuration settings for NGINX. In addition, _NGINX master_ reads the NJS modules referenced in the configuration when it starts or during a reload. NJS modules are stored in the `/usr/lib/nginx/modules` directory. + - Read: The _NGINX master_ reads the `nginx.conf` file from the `/etc/nginx` directory. This [file](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.5.0/internal/mode/static/nginx/conf/nginx.conf) contains the global and http configuration settings for NGINX. In addition, _NGINX master_ reads the NJS modules referenced in the configuration when it starts or during a reload. NJS modules are stored in the `/usr/lib/nginx/modules` directory. 1. (File I/O) The _NGINX master_ sends logs to its _stdout_ and _stderr_, which are collected by the container runtime. 1. (File I/O) An _NGINX worker_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime. 1. (Signal) The _NGINX master_ controls the [lifecycle of _NGINX workers_](https://nginx.org/en/docs/control.html#reconfiguration) it creates workers with the new configuration and shutdowns workers with the old configuration. From 67410f8b0fae5178d61627374369a7586ac8e454 Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Fri, 15 Nov 2024 13:32:11 -0800 Subject: [PATCH 02/14] regenerate files --- .../nginx-gateway-fabric/values.schema.json | 4 +- charts/nginx-gateway-fabric/values.yaml | 4 +- config/tests/static-deployment.yaml | 169 +++++++ deploy/aws-nlb/deploy.yaml | 376 ++++++++++++++++ deploy/azure/deploy.yaml | 375 ++++++++++++++++ deploy/default/deploy.yaml | 373 +++++++++++++++ deploy/experimental-nginx-plus/deploy.yaml | 388 ++++++++++++++++ deploy/experimental/deploy.yaml | 379 ++++++++++++++++ deploy/nginx-plus/deploy.yaml | 384 ++++++++++++++++ deploy/nodeport/deploy.yaml | 373 +++++++++++++++ deploy/openshift/deploy.yaml | 423 ++++++++++++++++++ .../snippets-filters-nginx-plus/deploy.yaml | 385 ++++++++++++++++ deploy/snippets-filters/deploy.yaml | 376 ++++++++++++++++ 13 files changed, 4005 insertions(+), 4 deletions(-) diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json index 059570a7a3..0e284594a9 100644 --- a/charts/nginx-gateway-fabric/values.schema.json +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -221,7 +221,7 @@ "pullPolicy": { "default": "IfNotPresent", "enum": [ - "IfNotPresent", + "Always", "IfNotPresent", "Never" ], @@ -396,7 +396,7 @@ "pullPolicy": { "default": "IfNotPresent", "enum": [ - "IfNotPresent", + "Always", "IfNotPresent", "Never" ], diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index 40623c018c..7af279f290 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -85,7 +85,7 @@ nginxGateway: tag: 1.5.0 # @schema # enum: - # - IfNotPresent + # - Always # - IfNotPresent # - Never # @schema @@ -125,7 +125,7 @@ nginx: tag: 1.5.0 # @schema # enum: - # - IfNotPresent + # - Always # - IfNotPresent # - Never # @schema diff --git a/config/tests/static-deployment.yaml b/config/tests/static-deployment.yaml index e69de29bb2..1d56a596de 100644 --- a/config/tests/static-deployment.yaml +++ b/config/tests/static-deployment.yaml @@ -0,0 +1,169 @@ +--- +# Source: nginx-gateway-fabric/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-gateway + namespace: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "1.5.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + template: + metadata: + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + spec: + initContainers: + - name: copy-nginx-config + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + securityContext: + seccompProfile: + type: RuntimeDefault + capabilities: + add: + - KILL # Set because the binary has CAP_KILL for the main controller process. Not used by init. + drop: + - ALL + readOnlyRootFilesystem: true + runAsUser: 102 + runAsGroup: 1001 + volumeMounts: + - name: nginx-includes-configmap + mountPath: /includes + - name: nginx-main-includes + mountPath: /etc/nginx/main-includes + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-disable + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + - --product-telemetry-disable + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - name: health + containerPort: 8081 + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + seccompProfile: + type: RuntimeDefault + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsUser: 102 + runAsGroup: 1001 + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/conf.d + - name: nginx-stream-conf + mountPath: /etc/nginx/stream-conf.d + - name: nginx-main-includes + mountPath: /etc/nginx/main-includes + - name: nginx-secrets + mountPath: /etc/nginx/secrets + - name: nginx-run + mountPath: /var/run/nginx + - name: nginx-includes + mountPath: /etc/nginx/includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + seccompProfile: + type: RuntimeDefault + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsUser: 101 + runAsGroup: 1001 + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/conf.d + - name: nginx-stream-conf + mountPath: /etc/nginx/stream-conf.d + - name: nginx-main-includes + mountPath: /etc/nginx/main-includes + - name: nginx-secrets + mountPath: /etc/nginx/secrets + - name: nginx-run + mountPath: /var/run/nginx + - name: nginx-cache + mountPath: /var/cache/nginx + - name: nginx-includes + mountPath: /etc/nginx/includes + terminationGracePeriodSeconds: 30 + serviceAccountName: nginx-gateway + shareProcessNamespace: true + securityContext: + fsGroup: 1001 + runAsNonRoot: true + volumes: + - name: nginx-conf + emptyDir: {} + - name: nginx-stream-conf + emptyDir: {} + - name: nginx-main-includes + emptyDir: {} + - name: nginx-secrets + emptyDir: {} + - name: nginx-run + emptyDir: {} + - name: nginx-cache + emptyDir: {} + - name: nginx-includes + emptyDir: {} + - name: nginx-includes-configmap + configMap: + name: nginx-includes diff --git a/deploy/aws-nlb/deploy.yaml b/deploy/aws-nlb/deploy.yaml index 8a9c42f3e3..1e8510022c 100644 --- a/deploy/aws-nlb/deploy.yaml +++ b/deploy/aws-nlb/deploy.yaml @@ -2,3 +2,379 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-type: external + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/azure/deploy.yaml b/deploy/azure/deploy.yaml index 8a9c42f3e3..e97874a423 100644 --- a/deploy/azure/deploy.yaml +++ b/deploy/azure/deploy.yaml @@ -2,3 +2,378 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/default/deploy.yaml b/deploy/default/deploy.yaml index 8a9c42f3e3..e9622296de 100644 --- a/deploy/default/deploy.yaml +++ b/deploy/default/deploy.yaml @@ -2,3 +2,376 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/experimental-nginx-plus/deploy.yaml b/deploy/experimental-nginx-plus/deploy.yaml index 8a9c42f3e3..3bf0330e19 100644 --- a/deploy/experimental-nginx-plus/deploy.yaml +++ b/deploy/experimental-nginx-plus/deploy.yaml @@ -2,3 +2,391 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +imagePullSecrets: +- name: nginx-plus-registry-secret +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - list +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + - backendtlspolicies + - tlsroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + - backendtlspolicies/status + - tlsroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --nginx-plus + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + - --gateway-api-experimental-features + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/experimental/deploy.yaml b/deploy/experimental/deploy.yaml index 8a9c42f3e3..70a4fdef7a 100644 --- a/deploy/experimental/deploy.yaml +++ b/deploy/experimental/deploy.yaml @@ -2,3 +2,382 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + - backendtlspolicies + - tlsroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + - backendtlspolicies/status + - tlsroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + - --gateway-api-experimental-features + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/nginx-plus/deploy.yaml b/deploy/nginx-plus/deploy.yaml index 8a9c42f3e3..1fc1b3090e 100644 --- a/deploy/nginx-plus/deploy.yaml +++ b/deploy/nginx-plus/deploy.yaml @@ -2,3 +2,387 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +imagePullSecrets: +- name: nginx-plus-registry-secret +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - list +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --nginx-plus + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + - --usage-report-secret=nginx-gateway/ngf-usage-auth + - --usage-report-server-url=https://my-instance-nim.example.com + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/nodeport/deploy.yaml b/deploy/nodeport/deploy.yaml index 8a9c42f3e3..5d75a8bc8e 100644 --- a/deploy/nodeport/deploy.yaml +++ b/deploy/nodeport/deploy.yaml @@ -2,3 +2,376 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: NodePort +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/openshift/deploy.yaml b/deploy/openshift/deploy.yaml index 8a9c42f3e3..fc3b9f36cf 100644 --- a/deploy/openshift/deploy.yaml +++ b/deploy/openshift/deploy.yaml @@ -2,3 +2,426 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - nginx-gateway-scc + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info +--- +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: false +allowPrivilegedContainer: false +allowedCapabilities: +- NET_BIND_SERVICE +- KILL +apiVersion: security.openshift.io/v1 +fsGroup: + ranges: + - max: 1001 + min: 1001 + type: MustRunAs +kind: SecurityContextConstraints +metadata: + name: nginx-gateway-scc +readOnlyRootFilesystem: true +requiredDropCapabilities: +- ALL +runAsUser: + type: MustRunAsRange + uidRangeMax: 102 + uidRangeMin: 101 +seLinuxContext: + type: MustRunAs +seccompProfiles: +- runtime/default +supplementalGroups: + ranges: + - max: 1001 + min: 1001 + type: MustRunAs +users: +- system:serviceaccount:nginx-gateway:nginx-gateway +volumes: +- emptyDir +- secret +- configMap diff --git a/deploy/snippets-filters-nginx-plus/deploy.yaml b/deploy/snippets-filters-nginx-plus/deploy.yaml index 8a9c42f3e3..d9c0bf4f9d 100644 --- a/deploy/snippets-filters-nginx-plus/deploy.yaml +++ b/deploy/snippets-filters-nginx-plus/deploy.yaml @@ -2,3 +2,388 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +imagePullSecrets: +- name: nginx-plus-registry-secret +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - list +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + - snippetsfilters + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + - snippetsfilters/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --nginx-plus + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + - --snippets-filters + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info diff --git a/deploy/snippets-filters/deploy.yaml b/deploy/snippets-filters/deploy.yaml index 8a9c42f3e3..49540b9fa3 100644 --- a/deploy/snippets-filters/deploy.yaml +++ b/deploy/snippets-filters/deploy.yaml @@ -2,3 +2,379 @@ apiVersion: v1 kind: Namespace metadata: name: nginx-gateway +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - grpcroutes + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + - grpcroutes/status + verbs: + - update +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways + verbs: + - get + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxproxies + - clientsettingspolicies + - observabilitypolicies + - snippetsfilters + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - nginxgateways/status + - clientsettingspolicies/status + - observabilitypolicies/status + - snippetsfilters/status + verbs: + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +apiVersion: v1 +data: + main.conf: | + error_log stderr info; +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-includes + namespace: nginx-gateway +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway + namespace: nginx-gateway +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + template: + metadata: + annotations: + prometheus.io/port: "9113" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - --config=nginx-gateway-config + - --service=nginx-gateway + - --metrics-port=9113 + - --health-port=8081 + - --leader-election-lock-name=nginx-gateway-leader-election + - --snippets-filters + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx-gateway + ports: + - containerPort: 9113 + name: metrics + - containerPort: 8081 + name: health + readinessProbe: + httpGet: + path: /readyz + port: health + initialDelaySeconds: 3 + periodSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /etc/nginx/includes + name: nginx-includes + - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/nginx/conf.d + name: nginx-conf + - mountPath: /etc/nginx/stream-conf.d + name: nginx-stream-conf + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + - mountPath: /etc/nginx/secrets + name: nginx-secrets + - mountPath: /var/run/nginx + name: nginx-run + - mountPath: /var/cache/nginx + name: nginx-cache + - mountPath: /etc/nginx/includes + name: nginx-includes + initContainers: + - command: + - /usr/bin/gateway + - copy + - --source + - /includes/main.conf + - --destination + - /etc/nginx/main-includes/main.conf + image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 + imagePullPolicy: IfNotPresent + name: copy-nginx-config + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsUser: 102 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /includes + name: nginx-includes-configmap + - mountPath: /etc/nginx/main-includes + name: nginx-main-includes + securityContext: + fsGroup: 1001 + runAsNonRoot: true + serviceAccountName: nginx-gateway + shareProcessNamespace: true + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: nginx-conf + - emptyDir: {} + name: nginx-stream-conf + - emptyDir: {} + name: nginx-main-includes + - emptyDir: {} + name: nginx-secrets + - emptyDir: {} + name: nginx-run + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-includes + - configMap: + name: nginx-includes + name: nginx-includes-configmap +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx +spec: + controllerName: gateway.nginx.org/nginx-gateway-controller +--- +apiVersion: gateway.nginx.org/v1alpha1 +kind: NginxGateway +metadata: + labels: + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/version: 1.5.0 + name: nginx-gateway-config + namespace: nginx-gateway +spec: + logging: + level: info From 7d1b3cb24b49aa475cf1d1f61c0ddfb707802213 Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Fri, 15 Nov 2024 15:35:32 -0800 Subject: [PATCH 03/14] update CHANGELOG.md --- CHANGELOG.md | 55 +++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f23bb24601..870b9f7b80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,54 +6,61 @@ and includes links to all PRs that went into the release. ## Release 1.5.0 -* Add guide for TLS Route in site by @sarthyparty in https://github.com/nginxinc/nginx-gateway-fabric/pull/2363 -* Adds configuration to retain client IP information by @salonichf5 in https://github.com/nginxinc/nginx-gateway-fabric/pull/2284 -* Change validation in Duration type in CRDs and NGF by @bjee19 in https://github.com/nginxinc/nginx-gateway-fabric/pull/2525 -* Use correct indentation in lifecyce examples by @defrank in https://github.com/nginxinc/nginx-gateway-fabric/pull/2588 -* Add Helm schema by @lucacome in https://github.com/nginxinc/nginx-gateway-fabric/pull/2492 -* Add SnippetsFilter API by @sjberman in https://github.com/nginxinc/nginx-gateway-fabric/pull/2667 -* Only set stream status zone if hostname exists by @sjberman in https://github.com/nginxinc/nginx-gateway-fabric/pull/2684 -* Add loadBalancerSourceRanges to helm parameters by @salonichf5 in https://github.com/nginxinc/nginx-gateway-fabric/pull/2773 - -%%DATE%% +_November 20, 2024_ FEATURES: -- +- Add support to retain client IP information by @salonichf5 in https://github.com/nginxinc/nginx-gateway-fabric/pull/2284 +- NGINX Plus R33 support added by @sjberman in [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760). This release of NGINX Plus requires a valid JSON Web Token (JWT) in order to run. Users of NGINX Plus _must_ have this JWT added to a Secret before installing NGINX Gateway Fabric v1.5.0. See the [NGINX Plus JWT](https://docs.nginx.com/nginx-gateway-fabric/installation/nginx-plus-jwt/) guide for information on setting this up in [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760) +- Add ability to assign a log level for the data plane by @bjee19 in [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) +- Add support to apply SnippetsFilter in NGINX configuration by @kate-osborn in [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) +- Reduced logging verbosity of default Info log level by @sjberman in [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) BUG FIXES: -- +- Only set stream status zone if hostname exists by @sjberman in [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) +- Use correct indentation in lifecyce examples in [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). +- Update backend group name with a prefix when splitting traffic weights by @salonichf5 in [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) +- Return 503 when service has no ready endpoints by @bjee19 in [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) +- Define main includes config only once by @@sjberman in [2666](https://github.com/nginxinc/nginx-gateway-fabric/pull/2666) + DOCUMENTATION: -- +- Add guide for TLS Route in site by @sarthyparty in [2363](https://github.com/nginxinc/nginx-gateway-fabric/pull/2363) +- Add guide for SnippetsFilter by @bjee19 in [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) +- Consolidate how-to guide for request and response header modifiers @salonichf5 in [2715](https://github.com/nginxinc/nginx-gateway-fabric/pull/2715) +- Add a new "Get started" document by @ADubhlaoich in [2717](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) +- Add documentation for rewrite client IP settings by @salonichf5 by [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) +- Add description for enabling experimental features by @bjee19 in [2546](https://github.com/nginxinc/nginx-gateway-fabric/pull/2546) +- Add documentation explaining how to do CRD versioning by @sjberman in [2404](https://github.com/nginxinc/nginx-gateway-fabric/pull/2404) HELM CHART: - The version of the Helm chart is now 1.5.0 -- - -UPGRADE: - -- +- Add `loadBalancerSourceRanges` to helm parameters by @salonichf5 in [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) +- Add `loadBalancerIP` as a helm parameter to use during install/upgrade by @salonichf5 in [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) +- Add Helm schema by @lucacome in [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492) +- Add capability to configure `topologySpreadConstraints` in [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86) -KNOWN ISSUES: +DEPENDENCIES: -- +- NGINX Plus was updated to R33. [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760) +- Update to v1.2.0 of the Gateway API. [2694](https://github.com/nginxinc/nginx-gateway-fabric/pull/2694) COMPATIBILITY: -- Gateway API version: `` -- NGINX version: `` -- NGINX Plus version: `` -- Kubernetes version: `` +- Gateway API version: `1.2.0` +- NGINX version: `1.27.2` +- NGINX Plus version: `R33` +- Kubernetes version: `1.25+` CONTAINER IMAGES: - Control plane: `ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0` - Data plane: `ghcr.io/nginxinc/nginx-gateway-fabric/nginx:1.5.0` - Data plane with NGINX Plus: `private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:1.5.0` + ## Release 1.4.0 _August 20, 2024_ From fc92b9c261bd0caa7e7450e993c6590fd7eaf276 Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Mon, 18 Nov 2024 08:39:33 -0800 Subject: [PATCH 04/14] update based on reviews --- CHANGELOG.md | 16 ++++++++-------- README.md | 1 + 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 870b9f7b80..1ebba44cd5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,10 +8,13 @@ and includes links to all PRs that went into the release. _November 20, 2024_ -FEATURES: +BREAKING CHANGES: -- Add support to retain client IP information by @salonichf5 in https://github.com/nginxinc/nginx-gateway-fabric/pull/2284 - NGINX Plus R33 support added by @sjberman in [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760). This release of NGINX Plus requires a valid JSON Web Token (JWT) in order to run. Users of NGINX Plus _must_ have this JWT added to a Secret before installing NGINX Gateway Fabric v1.5.0. See the [NGINX Plus JWT](https://docs.nginx.com/nginx-gateway-fabric/installation/nginx-plus-jwt/) guide for information on setting this up in [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760) + +FEATURES: + +- Add support to retain client IP information by @salonichf5 in [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) - Add ability to assign a log level for the data plane by @bjee19 in [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) - Add support to apply SnippetsFilter in NGINX configuration by @kate-osborn in [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) - Reduced logging verbosity of default Info log level by @sjberman in [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) @@ -19,15 +22,12 @@ FEATURES: BUG FIXES: - Only set stream status zone if hostname exists by @sjberman in [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) -- Use correct indentation in lifecyce examples in [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). -- Update backend group name with a prefix when splitting traffic weights by @salonichf5 in [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) +- Use correct indentation in lifecycle examples in [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). +- Fix an issue with upstream names when split clients are used with a namespace name that starts with a number by @salonichf5 in [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) - Return 503 when service has no ready endpoints by @bjee19 in [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) -- Define main includes config only once by @@sjberman in [2666](https://github.com/nginxinc/nginx-gateway-fabric/pull/2666) - DOCUMENTATION: -- Add guide for TLS Route in site by @sarthyparty in [2363](https://github.com/nginxinc/nginx-gateway-fabric/pull/2363) - Add guide for SnippetsFilter by @bjee19 in [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) - Consolidate how-to guide for request and response header modifiers @salonichf5 in [2715](https://github.com/nginxinc/nginx-gateway-fabric/pull/2715) - Add a new "Get started" document by @ADubhlaoich in [2717](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) @@ -38,7 +38,7 @@ DOCUMENTATION: HELM CHART: - The version of the Helm chart is now 1.5.0 -- Add `loadBalancerSourceRanges` to helm parameters by @salonichf5 in [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) +- Add `loadBalancerSourceRanges` to helm parameters to use during install/upgrade by @salonichf5 in [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) - Add `loadBalancerIP` as a helm parameter to use during install/upgrade by @salonichf5 in [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) - Add Helm schema by @lucacome in [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492) - Add capability to configure `topologySpreadConstraints` in [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86) diff --git a/README.md b/README.md index 67569dc965..8a368b980e 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,7 @@ The following table lists the software versions NGINX Gateway Fabric supports. | NGINX Gateway Fabric | Gateway API | Kubernetes | NGINX OSS | NGINX Plus | |----------------------|-------------|------------|-----------|------------| | Edge | 1.2.0 | 1.25+ | 1.27.2 | R32 | +| 1.5.0 | 1.2.0 | 1.25+ | 1.27.2 | R33 | | 1.4.0 | 1.1.0 | 1.25+ | 1.27.1 | R32 | | 1.3.0 | 1.1.0 | 1.25+ | 1.27.0 | R32 | | 1.2.0 | 1.0.0 | 1.23+ | 1.25.4 | R31 | From bc35539f014235ea511e6cd8e57e1e862f804239 Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Mon, 18 Nov 2024 11:34:34 -0800 Subject: [PATCH 05/14] update based on reviews --- CHANGELOG.md | 32 ++++++++++++++++---------------- README.md | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ebba44cd5..302091dac7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,36 +10,36 @@ _November 20, 2024_ BREAKING CHANGES: -- NGINX Plus R33 support added by @sjberman in [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760). This release of NGINX Plus requires a valid JSON Web Token (JWT) in order to run. Users of NGINX Plus _must_ have this JWT added to a Secret before installing NGINX Gateway Fabric v1.5.0. See the [NGINX Plus JWT](https://docs.nginx.com/nginx-gateway-fabric/installation/nginx-plus-jwt/) guide for information on setting this up in [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760) +- NGINX Plus R33 support added. This release of NGINX Plus requires a valid JSON Web Token (JWT) in order to run. Users of NGINX Plus _must_ have this JWT added to a Secret before installing NGINX Gateway Fabric v1.5.0. See the [NGINX Plus JWT](https://docs.nginx.com/nginx-gateway-fabric/installation/nginx-plus-jwt/) guide for information on setting this up in [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760) FEATURES: -- Add support to retain client IP information by @salonichf5 in [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) -- Add ability to assign a log level for the data plane by @bjee19 in [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) -- Add support to apply SnippetsFilter in NGINX configuration by @kate-osborn in [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) -- Reduced logging verbosity of default Info log level by @sjberman in [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) +- Add support to retain client IP information in [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) +- Add ability to configure data plane log level in [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) +- Add support to apply SnippetsFilter in NGINX configuration in [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) +- Reduced logging verbosity of default Info log level in [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) BUG FIXES: -- Only set stream status zone if hostname exists by @sjberman in [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) +- Only set stream status zone if hostname exists in [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) - Use correct indentation in lifecycle examples in [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). -- Fix an issue with upstream names when split clients are used with a namespace name that starts with a number by @salonichf5 in [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) -- Return 503 when service has no ready endpoints by @bjee19 in [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) +- Fix an issue with upstream names when split clients are used with a namespace name that starts with a number in [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) +- Return 503 when service has no ready endpoints in [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) DOCUMENTATION: -- Add guide for SnippetsFilter by @bjee19 in [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) -- Consolidate how-to guide for request and response header modifiers @salonichf5 in [2715](https://github.com/nginxinc/nginx-gateway-fabric/pull/2715) -- Add a new "Get started" document by @ADubhlaoich in [2717](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) -- Add documentation for rewrite client IP settings by @salonichf5 by [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) -- Add description for enabling experimental features by @bjee19 in [2546](https://github.com/nginxinc/nginx-gateway-fabric/pull/2546) -- Add documentation explaining how to do CRD versioning by @sjberman in [2404](https://github.com/nginxinc/nginx-gateway-fabric/pull/2404) +- Add guide for SnippetsFilter in [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) +- Consolidate how-to guide for request and response header modifiers in [2715](https://github.com/nginxinc/nginx-gateway-fabric/pull/2715) +- Add a new "Get started" document in [2717](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) +- Add documentation for rewrite client IP settings by [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) +- Add description for enabling experimental features in [2546](https://github.com/nginxinc/nginx-gateway-fabric/pull/2546) +- Add documentation explaining how to do CRD versioning in [2404](https://github.com/nginxinc/nginx-gateway-fabric/pull/2404) HELM CHART: - The version of the Helm chart is now 1.5.0 -- Add `loadBalancerSourceRanges` to helm parameters to use during install/upgrade by @salonichf5 in [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) -- Add `loadBalancerIP` as a helm parameter to use during install/upgrade by @salonichf5 in [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) +- Add `loadBalancerSourceRanges` to helm parameters to use during install/upgrade in [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) +- Add `loadBalancerIP` as a helm parameter to use during install/upgrade in [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) - Add Helm schema by @lucacome in [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492) - Add capability to configure `topologySpreadConstraints` in [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86) diff --git a/README.md b/README.md index 8a368b980e..5a4111acb4 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ The following table lists the software versions NGINX Gateway Fabric supports. | NGINX Gateway Fabric | Gateway API | Kubernetes | NGINX OSS | NGINX Plus | |----------------------|-------------|------------|-----------|------------| -| Edge | 1.2.0 | 1.25+ | 1.27.2 | R32 | +| Edge | 1.2.0 | 1.25+ | 1.27.2 | R33 | | 1.5.0 | 1.2.0 | 1.25+ | 1.27.2 | R33 | | 1.4.0 | 1.1.0 | 1.25+ | 1.27.1 | R32 | | 1.3.0 | 1.1.0 | 1.25+ | 1.27.0 | R32 | From d1fd9a2b5c67eaee4190b9727b5a26ea79644e7c Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Mon, 18 Nov 2024 13:11:24 -0800 Subject: [PATCH 06/14] update the release note format --- CHANGELOG.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 302091dac7..3049896eec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,38 +10,38 @@ _November 20, 2024_ BREAKING CHANGES: -- NGINX Plus R33 support added. This release of NGINX Plus requires a valid JSON Web Token (JWT) in order to run. Users of NGINX Plus _must_ have this JWT added to a Secret before installing NGINX Gateway Fabric v1.5.0. See the [NGINX Plus JWT](https://docs.nginx.com/nginx-gateway-fabric/installation/nginx-plus-jwt/) guide for information on setting this up in [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760) +- NGINX Plus R33 support added. This release of NGINX Plus requires a valid JSON Web Token (JWT) in order to run. Users of NGINX Plus _must_ have this JWT added to a Secret before installing NGINX Gateway Fabric v1.5.0. See the [NGINX Plus JWT](https://docs.nginx.com/nginx-gateway-fabric/installation/nginx-plus-jwt/) guide for information on setting this up. [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760) FEATURES: -- Add support to retain client IP information in [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) -- Add ability to configure data plane log level in [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) -- Add support to apply SnippetsFilter in NGINX configuration in [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) -- Reduced logging verbosity of default Info log level in [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) +- Add support to retain client IP information. [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) +- Add ability to configure data plane log level. [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) +- Add support to apply SnippetsFilter in NGINX configuration. [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) +- Reduced logging verbosity of default Info log level. [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) BUG FIXES: -- Only set stream status zone if hostname exists in [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) -- Use correct indentation in lifecycle examples in [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). -- Fix an issue with upstream names when split clients are used with a namespace name that starts with a number in [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) -- Return 503 when service has no ready endpoints in [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) +- Only set stream status zone if hostname exists. [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) +- Use correct indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). +- Fix an issue with upstream names when split clients are used with a namespace name that starts with a number. [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) +- Return 503 when service has no ready endpoints. [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) DOCUMENTATION: -- Add guide for SnippetsFilter in [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) -- Consolidate how-to guide for request and response header modifiers in [2715](https://github.com/nginxinc/nginx-gateway-fabric/pull/2715) -- Add a new "Get started" document in [2717](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) -- Add documentation for rewrite client IP settings by [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) -- Add description for enabling experimental features in [2546](https://github.com/nginxinc/nginx-gateway-fabric/pull/2546) -- Add documentation explaining how to do CRD versioning in [2404](https://github.com/nginxinc/nginx-gateway-fabric/pull/2404) +- Add guide for SnippetsFilter. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) +- Consolidate how-to guide for request and response header modifiers. [2715](https://github.com/nginxinc/nginx-gateway-fabric/pull/2715) +- Add a new "Get started" document. [2717](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) +- Add documentation for rewrite client IP settings. [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) +- Add description for enabling experimental features. [2546](https://github.com/nginxinc/nginx-gateway-fabric/pull/2546) +- Add documentation explaining how to do CRD versioning. [2404](https://github.com/nginxinc/nginx-gateway-fabric/pull/2404) HELM CHART: - The version of the Helm chart is now 1.5.0 -- Add `loadBalancerSourceRanges` to helm parameters to use during install/upgrade in [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) -- Add `loadBalancerIP` as a helm parameter to use during install/upgrade in [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) -- Add Helm schema by @lucacome in [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492) -- Add capability to configure `topologySpreadConstraints` in [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86) +- Add `loadBalancerSourceRanges` to helm parameters to use during install/upgrade. [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) +- Add `loadBalancerIP` as a helm parameter to use during install/upgrade. [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) +- Add Helm schema. [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492) +- Add capability to configure `topologySpreadConstraints`. [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86) DEPENDENCIES: From 30f0f16b66b25864d68e59f7d9373aa0843244ee Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Mon, 18 Nov 2024 15:27:32 -0800 Subject: [PATCH 07/14] update --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3049896eec..a672f2a876 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,14 +15,13 @@ BREAKING CHANGES: FEATURES: - Add support to retain client IP information. [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) -- Add ability to configure data plane log level. [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) -- Add support to apply SnippetsFilter in NGINX configuration. [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) +- Add ability to configure data plane error log level. [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) +- Introduce SnippetsFilter API, which allows users to inject custom NGINX configuration via an HTTPRoute or GRPCRoute filter. See the [SnippetsFilter guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets/) for information on how to use SnippetsFilters. [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) - Reduced logging verbosity of default Info log level. [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) BUG FIXES: - Only set stream status zone if hostname exists. [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) -- Use correct indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). - Fix an issue with upstream names when split clients are used with a namespace name that starts with a number. [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) - Return 503 when service has no ready endpoints. [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) @@ -34,6 +33,7 @@ DOCUMENTATION: - Add documentation for rewrite client IP settings. [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) - Add description for enabling experimental features. [2546](https://github.com/nginxinc/nginx-gateway-fabric/pull/2546) - Add documentation explaining how to do CRD versioning. [2404](https://github.com/nginxinc/nginx-gateway-fabric/pull/2404) +- Use correct indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). HELM CHART: From 6651a5117c68578f92693cd0ae5fabbbbb6a2550 Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Mon, 18 Nov 2024 15:56:54 -0800 Subject: [PATCH 08/14] update --- CHANGELOG.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a672f2a876..a6a5262b02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,12 +27,10 @@ BUG FIXES: DOCUMENTATION: -- Add guide for SnippetsFilter. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) -- Consolidate how-to guide for request and response header modifiers. [2715](https://github.com/nginxinc/nginx-gateway-fabric/pull/2715) -- Add a new "Get started" document. [2717](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) -- Add documentation for rewrite client IP settings. [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) -- Add description for enabling experimental features. [2546](https://github.com/nginxinc/nginx-gateway-fabric/pull/2546) -- Add documentation explaining how to do CRD versioning. [2404](https://github.com/nginxinc/nginx-gateway-fabric/pull/2404) +- Add [guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets) for SnippetsFilter. +- Add a new [Get started](https://docs.nginx.com/nginx-gateway-fabric/get-started/) document. +- Add documentation for [proxyProtocol and rewriteClientIP](https://docs.nginx.com/nginx-gateway-fabric/how-to/data-plane-configuration/) settings. +- Add description for enabling [experimental](https://docs.nginx.com/nginx-gateway-fabric/installation/installing-ngf/helm/) features. - Use correct indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). HELM CHART: From 58bc8ba1873e843eb873cf8abbf9565c169ac8bd Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Tue, 19 Nov 2024 14:45:51 -0800 Subject: [PATCH 09/14] update based on reviews --- CHANGELOG.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6a5262b02..e571f5265e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,36 +10,36 @@ _November 20, 2024_ BREAKING CHANGES: -- NGINX Plus R33 support added. This release of NGINX Plus requires a valid JSON Web Token (JWT) in order to run. Users of NGINX Plus _must_ have this JWT added to a Secret before installing NGINX Gateway Fabric v1.5.0. See the [NGINX Plus JWT](https://docs.nginx.com/nginx-gateway-fabric/installation/nginx-plus-jwt/) guide for information on setting this up. [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760) +- NGINX Plus R33 support added. The NGINX Plus release now requires a valid JSON Web Token (JWT) in order to run. Users of NGINX Plus _must_ have this JWT added to a Secret before installing NGINX Gateway Fabric v1.5.0. See the [NGINX Plus JWT](https://docs.nginx.com/nginx-gateway-fabric/installation/nginx-plus-jwt/) guide for information on setting this up. [2760](https://github.com/nginxinc/nginx-gateway-fabric/pull/2760) FEATURES: -- Add support to retain client IP information. [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) -- Add ability to configure data plane error log level. [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) -- Introduce SnippetsFilter API, which allows users to inject custom NGINX configuration via an HTTPRoute or GRPCRoute filter. See the [SnippetsFilter guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets/) for information on how to use SnippetsFilters. [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) +- Added support to retain client IP information. [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) +- Added the ability to configure data plane error log level. [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) +- Introduced SnippetsFilter API, which allows users to inject custom NGINX configuration via an HTTPRoute or GRPCRoute filter. See the [SnippetsFilter guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets/) for information on how to use SnippetsFilters. [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) - Reduced logging verbosity of default Info log level. [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) BUG FIXES: -- Only set stream status zone if hostname exists. [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) -- Fix an issue with upstream names when split clients are used with a namespace name that starts with a number. [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) -- Return 503 when service has no ready endpoints. [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) +- Fixed an issue of only setting stream status zone if hostname exists. [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) +- Fixed an issue with upstream names when split clients are used with a namespace name that starts with a number. [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) +- A 503 http response code is now returned to the client when a service has no ready endpoints. [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) DOCUMENTATION: -- Add [guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets) for SnippetsFilter. -- Add a new [Get started](https://docs.nginx.com/nginx-gateway-fabric/get-started/) document. -- Add documentation for [proxyProtocol and rewriteClientIP](https://docs.nginx.com/nginx-gateway-fabric/how-to/data-plane-configuration/) settings. -- Add description for enabling [experimental](https://docs.nginx.com/nginx-gateway-fabric/installation/installing-ngf/helm/) features. -- Use correct indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). +- Added a [guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets) for SnippetsFilter. +- Added a new [Get started](https://docs.nginx.com/nginx-gateway-fabric/get-started/) document. +- Added documentation for [proxyProtocol and rewriteClientIP](https://docs.nginx.com/nginx-gateway-fabric/how-to/data-plane-configuration/) settings. +- Added description for enabling [experimental](https://docs.nginx.com/nginx-gateway-fabric/installation/installing-ngf/helm/) features. +- Fixed indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). HELM CHART: - The version of the Helm chart is now 1.5.0 -- Add `loadBalancerSourceRanges` to helm parameters to use during install/upgrade. [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) -- Add `loadBalancerIP` as a helm parameter to use during install/upgrade. [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) -- Add Helm schema. [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492) -- Add capability to configure `topologySpreadConstraints`. [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86) +- Added `loadBalancerSourceRanges` to helm parameters to use during install/upgrade. [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) +- Added `loadBalancerIP` as a helm parameter to use during install/upgrade. [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) +- Added Helm schema. [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492) +- Added capability to configure `topologySpreadConstraints`. [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86) DEPENDENCIES: From 9ca2ff5a4f6c6bfeb516555f211c058f5585bff3 Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Tue, 19 Nov 2024 14:56:24 -0800 Subject: [PATCH 10/14] regenerate files after rebase --- config/tests/static-deployment.yaml | 8 ++--- deploy/aws-nlb/deploy.yaml | 10 +++---- deploy/azure/deploy.yaml | 10 +++---- deploy/default/deploy.yaml | 10 +++---- deploy/experimental-nginx-plus/deploy.yaml | 27 +++++++++++++---- deploy/experimental/deploy.yaml | 10 +++---- deploy/nginx-plus/deploy.yaml | 29 ++++++++++++++----- deploy/nodeport/deploy.yaml | 10 +++---- deploy/openshift/deploy.yaml | 11 +++---- .../snippets-filters-nginx-plus/deploy.yaml | 27 +++++++++++++---- deploy/snippets-filters/deploy.yaml | 10 +++---- 11 files changed, 106 insertions(+), 56 deletions(-) diff --git a/config/tests/static-deployment.yaml b/config/tests/static-deployment.yaml index 1d56a596de..9d4d4beb1d 100644 --- a/config/tests/static-deployment.yaml +++ b/config/tests/static-deployment.yaml @@ -31,7 +31,7 @@ spec: - --source - /includes/main.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes securityContext: seccompProfile: type: RuntimeDefault @@ -44,7 +44,7 @@ spec: runAsUser: 102 runAsGroup: 1001 volumeMounts: - - name: nginx-includes-configmap + - name: nginx-includes-bootstrap mountPath: /includes - name: nginx-main-includes mountPath: /etc/nginx/main-includes @@ -164,6 +164,6 @@ spec: emptyDir: {} - name: nginx-includes emptyDir: {} - - name: nginx-includes-configmap + - name: nginx-includes-bootstrap configMap: - name: nginx-includes + name: nginx-includes-bootstrap diff --git a/deploy/aws-nlb/deploy.yaml b/deploy/aws-nlb/deploy.yaml index 1e8510022c..5c4f34b22e 100644 --- a/deploy/aws-nlb/deploy.yaml +++ b/deploy/aws-nlb/deploy.yaml @@ -152,7 +152,7 @@ metadata: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -310,7 +310,7 @@ spec: - --source - /includes/main.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -327,7 +327,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: @@ -352,8 +352,8 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass diff --git a/deploy/azure/deploy.yaml b/deploy/azure/deploy.yaml index e97874a423..79635f1ed3 100644 --- a/deploy/azure/deploy.yaml +++ b/deploy/azure/deploy.yaml @@ -152,7 +152,7 @@ metadata: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -307,7 +307,7 @@ spec: - --source - /includes/main.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -324,7 +324,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes nodeSelector: @@ -351,8 +351,8 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass diff --git a/deploy/default/deploy.yaml b/deploy/default/deploy.yaml index e9622296de..0c2eb963f0 100644 --- a/deploy/default/deploy.yaml +++ b/deploy/default/deploy.yaml @@ -152,7 +152,7 @@ metadata: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -307,7 +307,7 @@ spec: - --source - /includes/main.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -324,7 +324,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: @@ -349,8 +349,8 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass diff --git a/deploy/experimental-nginx-plus/deploy.yaml b/deploy/experimental-nginx-plus/deploy.yaml index 3bf0330e19..4da464b0d7 100644 --- a/deploy/experimental-nginx-plus/deploy.yaml +++ b/deploy/experimental-nginx-plus/deploy.yaml @@ -159,13 +159,17 @@ apiVersion: v1 data: main.conf: | error_log stderr info; + mgmt.conf: | + mgmt { + enforce_initial_report off; + } kind: ConfigMap metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -225,6 +229,7 @@ spec: - --config=nginx-gateway-config - --service=nginx-gateway - --nginx-plus + - --usage-report-secret=nplus-license - --metrics-port=9113 - --health-port=8081 - --leader-election-lock-name=nginx-gateway-leader-election @@ -315,14 +320,21 @@ spec: name: nginx-cache - mountPath: /etc/nginx/includes name: nginx-includes + - mountPath: /var/lib/nginx/state + name: nginx-lib + - mountPath: /etc/nginx/license.jwt + name: nginx-plus-license + subPath: license.jwt initContainers: - command: - /usr/bin/gateway - copy - --source - /includes/main.conf + - --source + - /includes/mgmt.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -339,7 +351,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: @@ -364,8 +376,13 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap + - emptyDir: {} + name: nginx-lib + - name: nginx-plus-license + secret: + secretName: nplus-license --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass diff --git a/deploy/experimental/deploy.yaml b/deploy/experimental/deploy.yaml index 70a4fdef7a..33a6359ccb 100644 --- a/deploy/experimental/deploy.yaml +++ b/deploy/experimental/deploy.yaml @@ -157,7 +157,7 @@ metadata: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -313,7 +313,7 @@ spec: - --source - /includes/main.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -330,7 +330,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: @@ -355,8 +355,8 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass diff --git a/deploy/nginx-plus/deploy.yaml b/deploy/nginx-plus/deploy.yaml index 1fc1b3090e..4816576b9b 100644 --- a/deploy/nginx-plus/deploy.yaml +++ b/deploy/nginx-plus/deploy.yaml @@ -154,13 +154,17 @@ apiVersion: v1 data: main.conf: | error_log stderr info; + mgmt.conf: | + mgmt { + enforce_initial_report off; + } kind: ConfigMap metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -220,11 +224,10 @@ spec: - --config=nginx-gateway-config - --service=nginx-gateway - --nginx-plus + - --usage-report-secret=nplus-license - --metrics-port=9113 - --health-port=8081 - --leader-election-lock-name=nginx-gateway-leader-election - - --usage-report-secret=nginx-gateway/ngf-usage-auth - - --usage-report-server-url=https://my-instance-nim.example.com env: - name: POD_IP valueFrom: @@ -311,14 +314,21 @@ spec: name: nginx-cache - mountPath: /etc/nginx/includes name: nginx-includes + - mountPath: /var/lib/nginx/state + name: nginx-lib + - mountPath: /etc/nginx/license.jwt + name: nginx-plus-license + subPath: license.jwt initContainers: - command: - /usr/bin/gateway - copy - --source - /includes/main.conf + - --source + - /includes/mgmt.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -335,7 +345,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: @@ -360,8 +370,13 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap + - emptyDir: {} + name: nginx-lib + - name: nginx-plus-license + secret: + secretName: nplus-license --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass diff --git a/deploy/nodeport/deploy.yaml b/deploy/nodeport/deploy.yaml index 5d75a8bc8e..5ddc8f4890 100644 --- a/deploy/nodeport/deploy.yaml +++ b/deploy/nodeport/deploy.yaml @@ -152,7 +152,7 @@ metadata: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -307,7 +307,7 @@ spec: - --source - /includes/main.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -324,7 +324,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: @@ -349,8 +349,8 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass diff --git a/deploy/openshift/deploy.yaml b/deploy/openshift/deploy.yaml index fc3b9f36cf..d538cf48c1 100644 --- a/deploy/openshift/deploy.yaml +++ b/deploy/openshift/deploy.yaml @@ -160,7 +160,7 @@ metadata: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -315,7 +315,7 @@ spec: - --source - /includes/main.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -332,7 +332,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: @@ -357,8 +357,8 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass @@ -425,3 +425,4 @@ volumes: - emptyDir - secret - configMap +- projected diff --git a/deploy/snippets-filters-nginx-plus/deploy.yaml b/deploy/snippets-filters-nginx-plus/deploy.yaml index d9c0bf4f9d..8773cb5cc2 100644 --- a/deploy/snippets-filters-nginx-plus/deploy.yaml +++ b/deploy/snippets-filters-nginx-plus/deploy.yaml @@ -156,13 +156,17 @@ apiVersion: v1 data: main.conf: | error_log stderr info; + mgmt.conf: | + mgmt { + enforce_initial_report off; + } kind: ConfigMap metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -222,6 +226,7 @@ spec: - --config=nginx-gateway-config - --service=nginx-gateway - --nginx-plus + - --usage-report-secret=nplus-license - --metrics-port=9113 - --health-port=8081 - --leader-election-lock-name=nginx-gateway-leader-election @@ -312,14 +317,21 @@ spec: name: nginx-cache - mountPath: /etc/nginx/includes name: nginx-includes + - mountPath: /var/lib/nginx/state + name: nginx-lib + - mountPath: /etc/nginx/license.jwt + name: nginx-plus-license + subPath: license.jwt initContainers: - command: - /usr/bin/gateway - copy - --source - /includes/main.conf + - --source + - /includes/mgmt.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -336,7 +348,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: @@ -361,8 +373,13 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap + - emptyDir: {} + name: nginx-lib + - name: nginx-plus-license + secret: + secretName: nplus-license --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass diff --git a/deploy/snippets-filters/deploy.yaml b/deploy/snippets-filters/deploy.yaml index 49540b9fa3..f0f0426c18 100644 --- a/deploy/snippets-filters/deploy.yaml +++ b/deploy/snippets-filters/deploy.yaml @@ -154,7 +154,7 @@ metadata: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: 1.5.0 - name: nginx-includes + name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 @@ -310,7 +310,7 @@ spec: - --source - /includes/main.conf - --destination - - /etc/nginx/main-includes/main.conf + - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:1.5.0 imagePullPolicy: IfNotPresent name: copy-nginx-config @@ -327,7 +327,7 @@ spec: type: RuntimeDefault volumeMounts: - mountPath: /includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: @@ -352,8 +352,8 @@ spec: - emptyDir: {} name: nginx-includes - configMap: - name: nginx-includes - name: nginx-includes-configmap + name: nginx-includes-bootstrap + name: nginx-includes-bootstrap --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass From f07dde13debf820c4b07b7b2cf161cbb5571453d Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:06:58 -0800 Subject: [PATCH 11/14] missing links for doc changes --- CHANGELOG.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e571f5265e..48f083ba77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,10 +27,9 @@ BUG FIXES: DOCUMENTATION: -- Added a [guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets) for SnippetsFilter. -- Added a new [Get started](https://docs.nginx.com/nginx-gateway-fabric/get-started/) document. -- Added documentation for [proxyProtocol and rewriteClientIP](https://docs.nginx.com/nginx-gateway-fabric/how-to/data-plane-configuration/) settings. -- Added description for enabling [experimental](https://docs.nginx.com/nginx-gateway-fabric/installation/installing-ngf/helm/) features. +- Added a [guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets) for SnippetsFilter. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) +- Added a new [Get started](https://docs.nginx.com/nginx-gateway-fabric/get-started/) document. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) +- Added documentation for [proxyProtocol and rewriteClientIP](https://docs.nginx.com/nginx-gateway-fabric/how-to/data-plane-configuration/#configure-proxy-protocol-and-rewriteclientip-settings) settings. [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) - Fixed indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). HELM CHART: From 5f35c2ec2ca470078faf9e6de5fca489a1306329 Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Wed, 20 Nov 2024 09:14:56 -0800 Subject: [PATCH 12/14] update tense for release points --- CHANGELOG.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 48f083ba77..902c0915f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,31 +14,31 @@ BREAKING CHANGES: FEATURES: -- Added support to retain client IP information. [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) -- Added the ability to configure data plane error log level. [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) -- Introduced SnippetsFilter API, which allows users to inject custom NGINX configuration via an HTTPRoute or GRPCRoute filter. See the [SnippetsFilter guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets/) for information on how to use SnippetsFilters. [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) -- Reduced logging verbosity of default Info log level. [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) +- Add support to retain client IP information. [2284](https://github.com/nginxinc/nginx-gateway-fabric/pull/2284) +- Add the ability to configure data plane error log level. [2603](https://github.com/nginxinc/nginx-gateway-fabric/pull/2603) +- Introduce SnippetsFilter API, which allows users to inject custom NGINX configuration via an HTTPRoute or GRPCRoute filter. See the [SnippetsFilter guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets/) for information on how to use SnippetsFilters. [2604](https://github.com/nginxinc/nginx-gateway-fabric/pull/2604) +- Reduce logging verbosity of default Info log level. [2455](https://github.com/nginxinc/nginx-gateway-fabric/pull/2455) BUG FIXES: -- Fixed an issue of only setting stream status zone if hostname exists. [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) -- Fixed an issue with upstream names when split clients are used with a namespace name that starts with a number. [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) +- Fix an issue of only setting stream status zone if hostname exists. [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) +- Fix an issue with upstream names when split clients are used with a namespace name that starts with a number. [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) - A 503 http response code is now returned to the client when a service has no ready endpoints. [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) DOCUMENTATION: -- Added a [guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets) for SnippetsFilter. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) -- Added a new [Get started](https://docs.nginx.com/nginx-gateway-fabric/get-started/) document. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) -- Added documentation for [proxyProtocol and rewriteClientIP](https://docs.nginx.com/nginx-gateway-fabric/how-to/data-plane-configuration/#configure-proxy-protocol-and-rewriteclientip-settings) settings. [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) -- Fixed indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). +- Add a [guide](https://docs.nginx.com/nginx-gateway-fabric/how-to/traffic-management/snippets) for SnippetsFilter. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2721) +- Add a new [Get started](https://docs.nginx.com/nginx-gateway-fabric/get-started/) document. [2721](https://github.com/nginxinc/nginx-gateway-fabric/pull/2717) +- Add documentation for [proxyProtocol and rewriteClientIP](https://docs.nginx.com/nginx-gateway-fabric/how-to/data-plane-configuration/#configure-proxy-protocol-and-rewriteclientip-settings) settings. [2701](https://github.com/nginxinc/nginx-gateway-fabric/pull/2701) +- Fix indentation in lifecycle examples. [2588](https://github.com/nginxinc/nginx-gateway-fabric/pull/2588). Thanks to [Derek F](https://github.com/defrank). HELM CHART: - The version of the Helm chart is now 1.5.0 -- Added `loadBalancerSourceRanges` to helm parameters to use during install/upgrade. [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) -- Added `loadBalancerIP` as a helm parameter to use during install/upgrade. [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) -- Added Helm schema. [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492) -- Added capability to configure `topologySpreadConstraints`. [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86) +- Add `loadBalancerSourceRanges` to helm parameters to use during install/upgrade. [2773](https://github.com/nginxinc/nginx-gateway-fabric/pull/2773) +- Add `loadBalancerIP` as a helm parameter to use during install/upgrade. [2766](https://github.com/nginxinc/nginx-gateway-fabric/pull/2766) +- Add Helm schema. [2492](https://github.com/nginxinc/nginx-gateway-fabric/pull/2492) +- Add capability to configure `topologySpreadConstraints`. [2703](https://github.com/nginxinc/nginx-gateway-fabric/pull/2703). Thanks to [Robsta86](https://github.com/Robsta86) DEPENDENCIES: From e851c0392d311756253ea133829a4bf5e9a7936d Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Wed, 20 Nov 2024 11:21:59 -0800 Subject: [PATCH 13/14] update release note --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 902c0915f9..6838f8dab9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,7 +21,7 @@ FEATURES: BUG FIXES: -- Fix an issue of only setting stream status zone if hostname exists. [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) +- Stream status_zone directive is no longer set if its value is empty. [2684](https://github.com/nginxinc/nginx-gateway-fabric/pull/2684) - Fix an issue with upstream names when split clients are used with a namespace name that starts with a number. [2730](https://github.com/nginxinc/nginx-gateway-fabric/pull/2730) - A 503 http response code is now returned to the client when a service has no ready endpoints. [2696](https://github.com/nginxinc/nginx-gateway-fabric/pull/2696) From 5bb6ba9ec9598161dab72bc82070937cbb6704c7 Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Wed, 20 Nov 2024 11:25:07 -0800 Subject: [PATCH 14/14] update release note --- Makefile | 2 +- .../ngf-images/pulling-ngf-image.md | 104 ------------------ 2 files changed, 1 insertion(+), 105 deletions(-) delete mode 100644 site/content/installation/ngf-images/pulling-ngf-image.md diff --git a/Makefile b/Makefile index b922d1df2b..168599d9a6 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # variables that should not be overridden by the user VERSION = 1.5.0 -SELF_DIR := $(dir $(lastword $(MAKEFILE_LIST))) +SELF_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) CHART_DIR = $(SELF_DIR)charts/nginx-gateway-fabric NGINX_CONF_DIR = internal/mode/static/nginx/conf NJS_DIR = internal/mode/static/nginx/modules/src diff --git a/site/content/installation/ngf-images/pulling-ngf-image.md b/site/content/installation/ngf-images/pulling-ngf-image.md deleted file mode 100644 index 7953bb1142..0000000000 --- a/site/content/installation/ngf-images/pulling-ngf-image.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: "Push an NGINX Plus image to a private registry" -weight: 200 -doctypes: ["install"] -toc: true -docs: "DOCS-1433" ---- - -## Overview - -This document describes how to pull a NGINX Plus image for NGINX Gateway Fabric from the official F5 Docker registry and upload it to your private registry - -## Before you begin - -Before you start, you'll need these installed on your machine: - -- [Docker v18.09 or higher](https://docs.docker.com/engine/release-notes/18.09/). -- The certificate (**nginx-repo.crt**) and key (**nginx-repo.key**) for a Connectivity Stack for Kubernetes subscription, obtainable from [MyF5l](https://my.f5.com) An NGINX Plus certificate and key will not work. - -## Configuring Docker for the F5 Container Registry - -To configure Docker to communicate with the F5 Container Registry, first create a folder containing your certificate and key files: - -```shell -mkdir -p /etc/docker/certs.d/private-registry.nginx.com -cp /etc/docker/certs.d/private-registry.nginx.com/client.cert -cp /etc/docker/certs.d/private-registry.nginx.com/client.key -``` - -If you are not using a Linux operating system, read the [Docker for Windows](https://docs.docker.com/desktop/faqs/windowsfaqs/#how-do-i-add-custom-ca-certificates) or [Docker for Mac](https://docs.docker.com/desktop/faqs/macfaqs/#add-custom-ca-certificates-server-side) instructions. For more details on Docker Engine security, you can refer to the [Docker Engine Security documentation](https://docs.docker.com/engine/security/). - - -## Pulling the image - -Once configured, you can now pull images from `private-registry.nginx.com`. To find your desired image, read the [Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric#technical-specifications). - -Run this command step to pull an image, replacing `` with the specific version you need, such as `1.5.0`. - - - ```shell - docker pull private-registry.nginx.com/nginx-gateway-fabric/nginx-plus:1.5.0 - ``` - -You can use the Docker registry API to list available image tags using your client certificate and key. The `jq` command is used to format the JSON output for easier reading. - -```shell -curl https://private-registry.nginx.com/nginx-gateway-fabric/nginx-plus/tags/list --key --cert | jq -``` - -```json -{ - "name": "nginx-gateway-fabric/nginx-plus", - "tags": [ - "edge", - "nightly" - ] -} -``` - - -Once you have pulled an image, you can tag it and push it to a private registry. - -1. Log into your private registry: - - ```shell - docker login - ``` - -1. Tag the image, replacing `` with your registry's path and `` with the version you're using: - - - ```shell - docker tag private-registry.nginx.com/nginx-gateway-fabric/nginx-plus: /nginx-gateway-fabric/nginx-plus: - docker push /nginx-gateway-fabric/nginx-plus: - ``` - - -## Troubleshooting - -If you encounter issues while following this guide, here are solutions to common problems: - -- **Certificate errors**: - - *Likely cause*: Incorrect certificate or key location, or using an NGINX Plus certificate. - - *Solution*: Check you have the correct NGINX Gateway Fabric certificate and key, their files are named correctly, and they are in the correct directory. - -- **Docker version compatibility** - - *Likely cause*: Outdated Docker version. - - *Solution*: Make sure you're running [Docker v18.09 or higher](https://docs.docker.com/engine/release-notes/18.09/), and upgrade if necessary. - -- **Can't pull the image** - - *Likely cause*: Mismatched image name or tag. - - *Solution*: Compare the image name and tag to the [Technical Specifications table](https://github.com/nginxinc/nginx-gateway-fabric?tab=readme-ov-file#technical-specifications). - -- **Failed to push to private registry** - - *Likely cause*: Not logged into your private registry or incorrect image tagging. - - *Solution*: Verify your login status and correct the image tag before pushing. Read the [Docker documentation](https://docs.docker.com/docker-hub/repos/) for more guidance. - - -## Alternative installation options - -There are alternative ways to get an NGINX Plus image for NGINX Gateway Fabric: - -- [Install by pulling a docker image]({{}}). -- [Build the Gateway Fabric image]({{}}) using the source code from the GitHub repository and your NGINX Plus subscription certificate and key.