Skip to content

feat: Support ExternalName Services #3759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Aug 21, 2025
Merged

feat: Support ExternalName Services #3759

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
bc40737
feat: Support ExternalName Services
ciarams87 Aug 18, 2025
a912491
Review feedback and fix CRD validation
ciarams87 Aug 20, 2025
b70b2ee
Fix example
ciarams87 Aug 20, 2025
5b35a13
Fix dataplane defaults and typos
ciarams87 Aug 20, 2025
414e62f
Add white space
ciarams87 Aug 21, 2025
b5c2241
Review feedback
ciarams87 Aug 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions apis/v1alpha2/nginxproxy_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,11 @@ type NginxProxySpec struct {
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
WorkerConnections *int32 `json:"workerConnections,omitempty"`
// DNSResolver specifies the DNS resolver configuration for external name resolution.
// This enables support for routing to ExternalName Services.
//
// +optional
DNSResolver *DNSResolver `json:"dnsResolver,omitempty"`
}

// Telemetry specifies the OpenTelemetry configuration.
Expand Down Expand Up @@ -355,6 +360,61 @@ type NginxPlus struct {
AllowedAddresses []NginxPlusAllowAddress `json:"allowedAddresses,omitempty"`
}

// DNSResolver specifies the DNS resolver configuration for NGINX.
// This enables dynamic DNS resolution for ExternalName Services.
// Corresponds to the NGINX resolver directive: https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
type DNSResolver struct {
// Timeout specifies the timeout for name resolution.
//
// +optional
Timeout *v1alpha1.Duration `json:"timeout,omitempty"`

// CacheTTL specifies how long to cache DNS responses.
//
// +optional
CacheTTL *v1alpha1.Duration `json:"cacheTTL,omitempty"`

// DisableIPv6 disables IPv6 lookups.
// If not specified, or set to false, IPv6 lookups will be enabled.
//
// +optional
DisableIPv6 *bool `json:"disableIPv6,omitempty"`

// Addresses specifies the list of DNS server addresses.
// Each address can be an IP address or hostname.
// Example: [{"type": "IPAddress", "value": "8.8.8.8"}, {"type": "Hostname", "value": "dns.google"}]
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
Addresses []DNSResolverAddress `json:"addresses"`
}

// DNSResolverAddress specifies the address type and value for a DNS resolver address.
type DNSResolverAddress struct {
// Type specifies the type of address.
Type DNSResolverAddressType `json:"type"`

// Value specifies the address value.
// When Type is "IPAddress", this must be a valid IPv4 or IPv6 address.
// When Type is "Hostname", this must be a valid hostname.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
Value string `json:"value"`
}

// DNSResolverAddressType specifies the type of DNS resolver address.
// +kubebuilder:validation:Enum=IPAddress;Hostname
type DNSResolverAddressType string

const (
// DNSResolverIPAddressType specifies that the address is an IP address.
DNSResolverIPAddressType DNSResolverAddressType = "IPAddress"

// DNSResolverHostnameType specifies that the address is a hostname.
DNSResolverHostnameType DNSResolverAddressType = "Hostname"
)

// NginxPlusAllowAddress specifies the address type and value for an NginxPlus allow address.
type NginxPlusAllowAddress struct {
// Type specifies the type of address.
Expand Down
55 changes: 55 additions & 0 deletions apis/v1alpha2/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

56 changes: 56 additions & 0 deletions charts/nginx-gateway-fabric/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,62 @@
"required": [],
"type": "boolean"
},
"dnsResolver": {
"description": "DNSResolver specifies the DNS resolver configuration for external name resolution. This enables support for routing to ExternalName Services.",
"properties": {
"addresses": {
"description": "List of DNS server addresses. Each address specifies a type and value.",
"items": {
"properties": {
"type": {
"description": "Type specifies the type of address.",
"enum": [
"IPAddress",
"Hostname"
],
"required": [],
"type": "string"
},
"value": {
"description": "Value specifies the address value.",
"maxItems": 253,
"minItems": 1,
"required": [],
"type": "string"
}
},
"required": [
"type",
"value"
],
"type": "object"
},
"maxItems": 16,
"minItems": 1,
"required": [],
"type": "array"
},
"cacheTTL": {
"description": "CacheTTL specifies how long to cache DNS responses.",
"pattern": "^\\d+[smhd]?$",
"required": [],
"type": "string"
},
"disableIPv6": {
"description": "DisableIPv6 disables DisableIPv6 lookups. If not specified, or set to false, IPv6 lookups will be enabled.",
"required": [],
"type": "boolean"
},
"timeout": {
"description": "Timeout specifies the timeout for name resolution.",
"pattern": "^\\d+[smhd]?$",
"required": [],
"type": "string"
}
},
"required": [],
"type": "object"
},
"ipFamily": {
"description": "IPFamily specifies the IP family to be used by the NGINX.",
"enum": [
Expand Down
37 changes: 37 additions & 0 deletions charts/nginx-gateway-fabric/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -462,6 +462,43 @@ nginx:
# minimum: 1
# maximum: 65535
# description: The number of worker connections for NGINX. Default is 1024.
# dnsResolver:
# type: object
# description: DNSResolver specifies the DNS resolver configuration for external name resolution. This enables support for routing to ExternalName Services.
# properties:
# addresses:
# type: array
# description: List of DNS server addresses. Each address specifies a type and value.
# items:
# type: object
# properties:
# type:
# type: string
# enum:
# - IPAddress
# - Hostname
# description: Type specifies the type of address.
# value:
# type: string
# minItems: 1
# maxItems: 253
# description: Value specifies the address value.
# required:
# - type
# - value
# minItems: 1
# maxItems: 16
# timeout:
# type: string
# description: Timeout specifies the timeout for name resolution.
# pattern: ^\d+[smhd]?$
# cacheTTL:
# type: string
# description: CacheTTL specifies how long to cache DNS responses.
# pattern: ^\d+[smhd]?$
# disableIPv6:
# type: boolean
# description: DisableIPv6 disables DisableIPv6 lookups. If not specified, or set to false, IPv6 lookups will be enabled.
# @schema
# -- The configuration for the data plane that is contained in the NginxProxy resource. This is applied globally to all Gateways
# managed by this instance of NGINX Gateway Fabric.
Expand Down
51 changes: 51 additions & 0 deletions config/crd/bases/gateway.nginx.org_nginxproxies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,57 @@ spec:
introduces security risks as described in Gateway API GEP-3567.
If not specified, defaults to false (validation enabled).
type: boolean
dnsResolver:
description: |-
DNSResolver specifies the DNS resolver configuration for external name resolution.
This enables support for routing to ExternalName Services.
properties:
addresses:
description: |-
Addresses specifies the list of DNS server addresses.
Each address can be an IP address or hostname.
Example: [{"type": "IPAddress", "value": "8.8.8.8"}, {"type": "Hostname", "value": "dns.google"}]
items:
description: DNSResolverAddress specifies the address type and
value for a DNS resolver address.
properties:
type:
description: Type specifies the type of address.
enum:
- IPAddress
- Hostname
type: string
value:
description: |-
Value specifies the address value.
When Type is "IPAddress", this must be a valid IPv4 or IPv6 address.
When Type is "Hostname", this must be a valid hostname.
maxLength: 253
minLength: 1
type: string
required:
- type
- value
type: object
maxItems: 16
minItems: 1
type: array
cacheTTL:
description: CacheTTL specifies how long to cache DNS responses.
pattern: ^[0-9]{1,4}(ms|s|m|h)?$
type: string
disableIPv6:
description: |-
DisableIPv6 disables IPv6 lookups.
If not specified, or set to false, IPv6 lookups will be enabled.
type: boolean
timeout:
description: Timeout specifies the timeout for name resolution.
pattern: ^[0-9]{1,4}(ms|s|m|h)?$
type: string
required:
- addresses
type: object
ipFamily:
default: dual
description: |-
Expand Down
51 changes: 51 additions & 0 deletions deploy/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -650,6 +650,57 @@ spec:
introduces security risks as described in Gateway API GEP-3567.
If not specified, defaults to false (validation enabled).
type: boolean
dnsResolver:
description: |-
DNSResolver specifies the DNS resolver configuration for external name resolution.
This enables support for routing to ExternalName Services.
properties:
addresses:
description: |-
Addresses specifies the list of DNS server addresses.
Each address can be an IP address or hostname.
Example: [{"type": "IPAddress", "value": "8.8.8.8"}, {"type": "Hostname", "value": "dns.google"}]
items:
description: DNSResolverAddress specifies the address type and
value for a DNS resolver address.
properties:
type:
description: Type specifies the type of address.
enum:
- IPAddress
- Hostname
type: string
value:
description: |-
Value specifies the address value.
When Type is "IPAddress", this must be a valid IPv4 or IPv6 address.
When Type is "Hostname", this must be a valid hostname.
maxLength: 253
minLength: 1
type: string
required:
- type
- value
type: object
maxItems: 16
minItems: 1
type: array
cacheTTL:
description: CacheTTL specifies how long to cache DNS responses.
pattern: ^[0-9]{1,4}(ms|s|m|h)?$
type: string
disableIPv6:
description: |-
DisableIPv6 disables IPv6 lookups.
If not specified, or set to false, IPv6 lookups will be enabled.
type: boolean
timeout:
description: Timeout specifies the timeout for name resolution.
pattern: ^[0-9]{1,4}(ms|s|m|h)?$
type: string
required:
- addresses
type: object
ipFamily:
default: dual
description: |-
Expand Down
Loading
Loading