From 8792927cd5fba10c5d6ff04b8002a832ace497d5 Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Thu, 22 May 2025 10:51:36 -0700 Subject: [PATCH 1/2] Add provisioning of Gateway in helm chart --- charts/nginx-gateway-fabric/README.md | 5 ++- charts/nginx-gateway-fabric/README.md.gotmpl | 4 +- .../templates/gateway.yaml | 41 +++++++++++++++++++ .../nginx-gateway-fabric/values.schema.json | 9 ++++ charts/nginx-gateway-fabric/values.yaml | 29 +++++++++++++ 5 files changed, 84 insertions(+), 4 deletions(-) create mode 100644 charts/nginx-gateway-fabric/templates/gateway.yaml diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md index 7904cbaacc..d2a1f953a4 100644 --- a/charts/nginx-gateway-fabric/README.md +++ b/charts/nginx-gateway-fabric/README.md @@ -214,8 +214,8 @@ being performed on NGF), you may need to configure delayed termination on the NG > [!NOTE] > -> More information on container lifecycle hooks can be found -> [here](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks) and a detailed +> More information on container lifecycle hooks can be found in the official +> [kubernetes documentation](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks) and a detailed > description of Pod termination behavior can be found in > [Termination of Pods](https://kubernetes.io/docs/concepts/workloads/Pods/Pod-lifecycle/#Pod-termination). @@ -258,6 +258,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `certGenerator.overwrite` | Overwrite existing TLS Secrets on startup. | bool | `false` | | `certGenerator.serverTLSSecretName` | The name of the Secret containing TLS CA, certificate, and key for the NGINX Gateway Fabric control plane to securely communicate with the NGINX Agent. Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). | string | `"server-tls"` | | `clusterDomain` | The DNS cluster domain of your Kubernetes cluster. | string | `"cluster.local"` | +| `gateways` | A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference. | list | `[]` | | `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` | | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` | | `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` | diff --git a/charts/nginx-gateway-fabric/README.md.gotmpl b/charts/nginx-gateway-fabric/README.md.gotmpl index f757a7cc8f..b60f166072 100644 --- a/charts/nginx-gateway-fabric/README.md.gotmpl +++ b/charts/nginx-gateway-fabric/README.md.gotmpl @@ -212,8 +212,8 @@ being performed on NGF), you may need to configure delayed termination on the NG > [!NOTE] > -> More information on container lifecycle hooks can be found -> [here](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks) and a detailed +> More information on container lifecycle hooks can be found in the official +> [kubernetes documentation](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks) and a detailed > description of Pod termination behavior can be found in > [Termination of Pods](https://kubernetes.io/docs/concepts/workloads/Pods/Pod-lifecycle/#Pod-termination). diff --git a/charts/nginx-gateway-fabric/templates/gateway.yaml b/charts/nginx-gateway-fabric/templates/gateway.yaml new file mode 100644 index 0000000000..bf521f3a5a --- /dev/null +++ b/charts/nginx-gateway-fabric/templates/gateway.yaml @@ -0,0 +1,41 @@ +{{- range .Values.gateways }} +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: {{ default "gateway" .name }} + {{- with .namespace }} + namespace: {{ .}} + {{- end }} + {{- with .labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + gatewayClassName: {{ default "nginx" .spec.gatewayClassName }} + {{- with .spec.infrastructure }} + infrastructure: + {{- toYaml . | nindent 4 }} + {{- end }} + listeners: + {{- range $listener := .spec.listeners }} + - name: {{ $listener.name }} + {{- with $listener.hostname }} + hostname: {{ . | toYaml }} + {{- end }} + port: {{ $listener.port }} + protocol: {{ $listener.protocol }} + {{- with $listener.allowedRoutes }} + allowedRoutes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $listener.tls }} + tls: + {{- toYaml . | nindent 8 }} + {{- end}} + {{- end }} +{{- end }} diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json index 67250a526f..46efef785f 100644 --- a/charts/nginx-gateway-fabric/values.schema.json +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -43,6 +43,15 @@ "title": "clusterDomain", "type": "string" }, + "gateways": { + "description": "A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference.", + "items": { + "required": [] + }, + "required": [], + "title": "gateways", + "type": "array" + }, "global": { "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.", "required": [], diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index a42779b1c2..97269c2277 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -477,3 +477,32 @@ certGenerator: # -- Overwrite existing TLS Secrets on startup. overwrite: false + +# Example gateway object: +# name: nginx-gateway +# namespace: default +# labels: +# key: value +# annotations: +# annotationKey: annotationValue +# spec: +# gatewayClassName: nginx +# infrastructure: +# annotations: +# service.annotations.networking.gke.io/load-balancer-type: Internal +# listeners: +# - name: https +# port: 80 +# protocol: HTTPS +# tls: +# mode: Terminate +# certificateRefs: +# - kind: Secret +# name: my-secret +# namespace: certificate +# allowedRoutes: +# namespaces: +# from: Same + +# -- A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference. +gateways: [] From 6ce4773ba6c476c0d773e72a1a303c43df4c30fa Mon Sep 17 00:00:00 2001 From: Benjamin Jee Date: Thu, 22 May 2025 11:10:41 -0700 Subject: [PATCH 2/2] Move example comment to better position --- charts/nginx-gateway-fabric/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index 97269c2277..535e07305c 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -478,6 +478,9 @@ certGenerator: # -- Overwrite existing TLS Secrets on startup. overwrite: false +# -- A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference. +gateways: [] + # Example gateway object: # name: nginx-gateway # namespace: default @@ -503,6 +506,3 @@ certGenerator: # allowedRoutes: # namespaces: # from: Same - -# -- A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference. -gateways: []