From 5d59c0482ecd085b0685c612024aed02c00fabbb Mon Sep 17 00:00:00 2001 From: Gasoid Date: Thu, 24 Apr 2025 12:09:15 +0200 Subject: [PATCH 01/23] feat: hostPort configurable --- charts/nginx-gateway-fabric/templates/deployment.yaml | 6 ++++++ charts/nginx-gateway-fabric/values.yaml | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/charts/nginx-gateway-fabric/templates/deployment.yaml b/charts/nginx-gateway-fabric/templates/deployment.yaml index 25d0547f3a..d710b53a45 100644 --- a/charts/nginx-gateway-fabric/templates/deployment.yaml +++ b/charts/nginx-gateway-fabric/templates/deployment.yaml @@ -212,8 +212,14 @@ spec: ports: - containerPort: 80 name: http + {{- if .Values.nginx.hostPort.enable }} + hostPort: {{ .Values.nginx.hostPort.http }} + {{- end }} - containerPort: 443 name: https + {{- if .Values.nginx.hostPort.enable }} + hostPort: {{ .Values.nginx.hostPort.https }} + {{- end }} securityContext: seccompProfile: type: RuntimeDefault diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index c817fb76b7..f18f7da8bb 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -160,6 +160,16 @@ nginx: # Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). clientSSLSecretName: "" + hostPort: + ## Enables hostPort. + enable: false + + ## The HTTP hostPort configuration for NGINX. + http: 80 + + ## The HTTPS hostPort configuration for NGINX. + https: 443 + # @schema # type: object # properties: From 185ced73dd5a18b61e03e9b444a8b3265852a453 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Thu, 29 May 2025 11:29:03 +0200 Subject: [PATCH 02/23] feat: hostPort for agent-grpc configurable --- charts/nginx-gateway-fabric/templates/deployment.yaml | 3 +++ charts/nginx-gateway-fabric/values.yaml | 7 ++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/nginx-gateway-fabric/templates/deployment.yaml b/charts/nginx-gateway-fabric/templates/deployment.yaml index 8fee4b36f2..8320644733 100644 --- a/charts/nginx-gateway-fabric/templates/deployment.yaml +++ b/charts/nginx-gateway-fabric/templates/deployment.yaml @@ -135,6 +135,9 @@ spec: ports: - name: agent-grpc containerPort: 8443 + {{- if .Values.nginx.hostPort.enable }} + hostPort: {{ .Values.nginx.hostPort.port }} + {{- end }} {{- if .Values.nginxGateway.metrics.enable }} - name: metrics containerPort: {{ .Values.nginxGateway.metrics.port }} diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index a8e1aa7778..912c731d30 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -245,11 +245,8 @@ nginx: ## Enables hostPort. enable: false - ## The HTTP hostPort configuration for NGINX. - http: 80 - - ## The HTTPS hostPort configuration for NGINX. - https: 443 + ## The hostPort configuration for NGINX. + port: 443 # @schema # type: object From 40f2b70450a16dac09b3ba4dd0fad24ef23cca76 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Thu, 29 May 2025 12:01:14 +0200 Subject: [PATCH 03/23] feat: helm schema --- charts/nginx-gateway-fabric/values.yaml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index 912c731d30..33ea77c44d 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -241,13 +241,19 @@ nginx: # Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). clientSSLSecretName: "" + # -- The hostPort configuration hostPort: - ## Enables hostPort. + # -- Enables hostPort. enable: false - ## The hostPort configuration for NGINX. + # @schema + # type: integer + # minimum: 1 + # maximum: 65535 + # @schema + # -- The port configuration for NGINX. port: 443 - + # @schema # type: object # properties: From bbf9a6738e5a3fe5f86428bb2ae34ea3d64ca76a Mon Sep 17 00:00:00 2001 From: Gasoid Date: Thu, 29 May 2025 12:13:06 +0200 Subject: [PATCH 04/23] feat: helm config --- charts/nginx-gateway-fabric/README.md | 5 +++- .../nginx-gateway-fabric/values.schema.json | 24 +++++++++++++++++++ charts/nginx-gateway-fabric/values.yaml | 2 +- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md index d2a1f953a4..2e8972496c 100644 --- a/charts/nginx-gateway-fabric/README.md +++ b/charts/nginx-gateway-fabric/README.md @@ -259,10 +259,13 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `certGenerator.serverTLSSecretName` | The name of the Secret containing TLS CA, certificate, and key for the NGINX Gateway Fabric control plane to securely communicate with the NGINX Agent. Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). | string | `"server-tls"` | | `clusterDomain` | The DNS cluster domain of your Kubernetes cluster. | string | `"cluster.local"` | | `gateways` | A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference. | list | `[]` | -| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` | +| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{},"debug":false,"hostPort":{"enable":false,"port":443},"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` | | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` | | `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` | | `nginx.debug` | Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource. | bool | `false` | +| `nginx.hostPort` | The hostPort configuration | object | `{"enable":false,"port":443}` | +| `nginx.hostPort.enable` | Enables hostPort. | bool | `false` | +| `nginx.hostPort.port` | The port | int | `443` | | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginx/nginx-gateway-fabric/nginx"` | | `nginx.imagePullSecret` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. The control plane will copy this secret into any namespace where NGINX is deployed. | string | `""` | | `nginx.imagePullSecrets` | A list of secret names containing docker registry credentials. Secrets must exist in the same namespace as the helm release. The control plane will copy these secrets into any namespace where NGINX is deployed. | list | `[]` | diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json index f78fedae4d..b7c283de1e 100644 --- a/charts/nginx-gateway-fabric/values.schema.json +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -287,6 +287,30 @@ "title": "debug", "type": "boolean" }, + "hostPort": { + "description": "The hostPort configuration", + "properties": { + "enable": { + "default": false, + "description": "Enables hostPort.", + "required": [], + "title": "enable", + "type": "boolean" + }, + "port": { + "default": 443, + "description": "The port", + "maximum": 65535, + "minimum": 1, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [], + "title": "hostPort", + "type": "object" + }, "image": { "properties": { "pullPolicy": { diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index 33ea77c44d..2646bd629d 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -251,7 +251,7 @@ nginx: # minimum: 1 # maximum: 65535 # @schema - # -- The port configuration for NGINX. + # -- The port port: 443 # @schema From 8317adef9744f6a09f33815bf6f6fe499817d8ee Mon Sep 17 00:00:00 2001 From: Gasoid Date: Tue, 10 Jun 2025 16:17:02 +0200 Subject: [PATCH 05/23] hostPort crds --- apis/v1alpha2/nginxproxy_types.go | 68 ++++++------------- charts/nginx-gateway-fabric/README.md | 10 +-- .../templates/deployment.yaml | 3 - .../nginx-gateway-fabric/values.schema.json | 50 +++++++------- charts/nginx-gateway-fabric/values.yaml | 29 ++++---- internal/controller/provisioner/objects.go | 5 ++ 6 files changed, 72 insertions(+), 93 deletions(-) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index 43b509d06d..fbf71fdd22 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -383,33 +383,15 @@ type KubernetesSpec struct { // Deployment is the configuration for the NGINX Deployment. type DeploymentSpec struct { - // Number of desired Pods. - // - // +optional - Replicas *int32 `json:"replicas,omitempty"` - - // Pod defines Pod-specific fields. - // - // +optional - Pod PodSpec `json:"pod"` - - // Container defines container fields for the NGINX container. - // - // +optional Container ContainerSpec `json:"container"` + Replicas *int32 `json:"replicas,omitempty"` + Pod PodSpec `json:"pod"` } // DaemonSet is the configuration for the NGINX DaemonSet. type DaemonSetSpec struct { - // Pod defines Pod-specific fields. - // - // +optional - Pod PodSpec `json:"pod"` - - // Container defines container fields for the NGINX container. - // - // +optional Container ContainerSpec `json:"container"` + Pod PodSpec `json:"pod"` } // PodSpec defines Pod-specific fields. @@ -457,32 +439,12 @@ type PodSpec struct { // ContainerSpec defines container fields for the NGINX container. type ContainerSpec struct { - // Debug enables debugging for NGINX by using the nginx-debug binary. - // - // +optional - Debug *bool `json:"debug,omitempty"` - - // Image is the NGINX image to use. - // - // +optional - Image *Image `json:"image,omitempty"` - - // Resources describes the compute resource requirements. - // - // +optional - Resources *corev1.ResourceRequirements `json:"resources,omitempty"` - - // Lifecycle describes actions that the management system should take in response to container lifecycle - // events. For the PostStart and PreStop lifecycle handlers, management of the container blocks - // until the action is complete, unless the container process fails, in which case the handler is aborted. - // - // +optional - Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"` - - // VolumeMounts describe the mounting of Volumes within a container. - // - // +optional - VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"` + Debug *bool `json:"debug,omitempty"` + Image *Image `json:"image,omitempty"` + Resources *corev1.ResourceRequirements `json:"resources,omitempty"` + Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"` + HostPort *HostPort `json:"hostPort,omitempty"` + VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"` } // Image is the NGINX image to use. @@ -608,3 +570,15 @@ type NodePort struct { // kubebuilder:validation:Maximum=65535 ListenerPort int32 `json:"listenerPort"` } + +type HostPort struct { + // Whether to enable hostPort feature + // If not specified, or set to false, hostPort will not be enabled. + // +optional + Enable bool `json:"enable,omitempty"` + + // Number of port to expose on the host. + // kubebuilder:validation:Minimum=1 + // kubebuilder:validation:Maximum=65535 + Port int32 `json:"port"` +} diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md index 2e8972496c..607140e961 100644 --- a/charts/nginx-gateway-fabric/README.md +++ b/charts/nginx-gateway-fabric/README.md @@ -259,13 +259,13 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `certGenerator.serverTLSSecretName` | The name of the Secret containing TLS CA, certificate, and key for the NGINX Gateway Fabric control plane to securely communicate with the NGINX Agent. Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). | string | `"server-tls"` | | `clusterDomain` | The DNS cluster domain of your Kubernetes cluster. | string | `"cluster.local"` | | `gateways` | A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference. | list | `[]` | -| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{},"debug":false,"hostPort":{"enable":false,"port":443},"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` | +| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{"hostPort":{"enable":false,"port":443}},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` | | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` | -| `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` | +| `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{"hostPort":{"enable":false,"port":443}}` | +| `nginx.container.hostPort` | The hostPort configuration | object | `{"enable":false,"port":443}` | +| `nginx.container.hostPort.enable` | Enables hostPort. | bool | `false` | +| `nginx.container.hostPort.port` | The port | int | `443` | | `nginx.debug` | Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource. | bool | `false` | -| `nginx.hostPort` | The hostPort configuration | object | `{"enable":false,"port":443}` | -| `nginx.hostPort.enable` | Enables hostPort. | bool | `false` | -| `nginx.hostPort.port` | The port | int | `443` | | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginx/nginx-gateway-fabric/nginx"` | | `nginx.imagePullSecret` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. The control plane will copy this secret into any namespace where NGINX is deployed. | string | `""` | | `nginx.imagePullSecrets` | A list of secret names containing docker registry credentials. Secrets must exist in the same namespace as the helm release. The control plane will copy these secrets into any namespace where NGINX is deployed. | list | `[]` | diff --git a/charts/nginx-gateway-fabric/templates/deployment.yaml b/charts/nginx-gateway-fabric/templates/deployment.yaml index 8320644733..8fee4b36f2 100644 --- a/charts/nginx-gateway-fabric/templates/deployment.yaml +++ b/charts/nginx-gateway-fabric/templates/deployment.yaml @@ -135,9 +135,6 @@ spec: ports: - name: agent-grpc containerPort: 8443 - {{- if .Values.nginx.hostPort.enable }} - hostPort: {{ .Values.nginx.hostPort.port }} - {{- end }} {{- if .Values.nginxGateway.metrics.enable }} - name: metrics containerPort: {{ .Values.nginxGateway.metrics.port }} diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json index b7c283de1e..3b7121ebc7 100644 --- a/charts/nginx-gateway-fabric/values.schema.json +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -276,6 +276,32 @@ }, "container": { "description": "The container configuration for the NGINX container. This is applied globally to all Gateways managed by this\ninstance of NGINX Gateway Fabric.", + "properties": { + "hostPort": { + "description": "The hostPort configuration", + "properties": { + "enable": { + "default": false, + "description": "Enables hostPort.", + "required": [], + "title": "enable", + "type": "boolean" + }, + "port": { + "default": 443, + "description": "The port", + "maximum": 65535, + "minimum": 1, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [], + "title": "hostPort", + "type": "object" + } + }, "required": [], "title": "container", "type": "object" @@ -287,30 +313,6 @@ "title": "debug", "type": "boolean" }, - "hostPort": { - "description": "The hostPort configuration", - "properties": { - "enable": { - "default": false, - "description": "Enables hostPort.", - "required": [], - "title": "enable", - "type": "boolean" - }, - "port": { - "default": 443, - "description": "The port", - "maximum": 65535, - "minimum": 1, - "required": [], - "title": "port", - "type": "integer" - } - }, - "required": [], - "title": "hostPort", - "type": "object" - }, "image": { "properties": { "pullPolicy": { diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index 2646bd629d..b13b2ff9ea 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -241,19 +241,6 @@ nginx: # Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). clientSSLSecretName: "" - # -- The hostPort configuration - hostPort: - # -- Enables hostPort. - enable: false - - # @schema - # type: integer - # minimum: 1 - # maximum: 65535 - # @schema - # -- The port - port: 443 - # @schema # type: object # properties: @@ -409,7 +396,21 @@ nginx: # -- The container configuration for the NGINX container. This is applied globally to all Gateways managed by this # instance of NGINX Gateway Fabric. - container: {} + container: + + # -- The hostPort configuration + hostPort: + # -- Enables hostPort. + enable: false + + # @schema + # type: integer + # minimum: 1 + # maximum: 65535 + # @schema + # -- The port + port: 443 + # -- The resource requirements of the NGINX container. # resources: {} diff --git a/internal/controller/provisioner/objects.go b/internal/controller/provisioner/objects.go index e4afe5b194..635f12949f 100644 --- a/internal/controller/provisioner/objects.go +++ b/internal/controller/provisioner/objects.go @@ -766,6 +766,11 @@ func (p *NginxProvisioner) buildNginxPodTemplateSpec( container.Command = append(container.Command, "/agent/entrypoint.sh") container.Args = append(container.Args, "debug") } + + if containerSpec.HostPort != nil && containerSpec.HostPort.Enable && len(container.Ports) > 1 { + container.Ports[0].HostPort = containerSpec.HostPort.Port + } + spec.Spec.Containers[0] = container } } From bfe712d8c689cb9f78074597e34e4cee6d04d3ff Mon Sep 17 00:00:00 2001 From: Gasoid Date: Tue, 10 Jun 2025 16:55:02 +0200 Subject: [PATCH 06/23] hostPort crds --- apis/v1alpha2/nginxproxy_types.go | 61 ++++++++++++++++--- .../bases/gateway.nginx.org_nginxproxies.yaml | 13 ++++ deploy/crds.yaml | 13 ++++ 3 files changed, 78 insertions(+), 9 deletions(-) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index fbf71fdd22..41b796ac61 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -383,15 +383,33 @@ type KubernetesSpec struct { // Deployment is the configuration for the NGINX Deployment. type DeploymentSpec struct { + // Number of desired Pods. + // + // +optional + Replicas *int32 `json:"replicas,omitempty"` + + // Pod defines Pod-specific fields. + // + // +optional + Pod PodSpec `json:"pod"` + + // Container defines container fields for the NGINX container. + // + // +optional Container ContainerSpec `json:"container"` - Replicas *int32 `json:"replicas,omitempty"` - Pod PodSpec `json:"pod"` } // DaemonSet is the configuration for the NGINX DaemonSet. type DaemonSetSpec struct { + // Pod defines Pod-specific fields. + // + // +optional + Pod PodSpec `json:"pod"` + + // Container defines container fields for the NGINX container. + // + // +optional Container ContainerSpec `json:"container"` - Pod PodSpec `json:"pod"` } // PodSpec defines Pod-specific fields. @@ -439,12 +457,37 @@ type PodSpec struct { // ContainerSpec defines container fields for the NGINX container. type ContainerSpec struct { - Debug *bool `json:"debug,omitempty"` - Image *Image `json:"image,omitempty"` - Resources *corev1.ResourceRequirements `json:"resources,omitempty"` - Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"` - HostPort *HostPort `json:"hostPort,omitempty"` - VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"` + // Debug enables debugging for NGINX by using the nginx-debug binary. + // + // +optional + Debug *bool `json:"debug,omitempty"` + + // Image is the NGINX image to use. + // + // +optional + Image *Image `json:"image,omitempty"` + + // Resources describes the compute resource requirements. + // + // +optional + Resources *corev1.ResourceRequirements `json:"resources,omitempty"` + + // Lifecycle describes actions that the management system should take in response to container lifecycle + // events. For the PostStart and PreStop lifecycle handlers, management of the container blocks + // until the action is complete, unless the container process fails, in which case the handler is aborted. + // + // +optional + Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"` + + // HostPort configuration + // + // +optional + HostPort *HostPort `json:"hostPort,omitempty"` + + // VolumeMounts describe the mounting of Volumes within a container. + // + // +optional + VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"` } // Image is the NGINX image to use. diff --git a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml index 9947e34eb7..8a7700947f 100644 --- a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml +++ b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml @@ -337,6 +337,19 @@ spec: StopSignal can only be set for Pods with a non-empty .spec.os.name type: string type: object + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + properties: + enable: + description: |- + Whether to enable hostPort + type: boolean + port: + description: |- + Port number + type: integer resources: description: Resources describes the compute resource requirements. diff --git a/deploy/crds.yaml b/deploy/crds.yaml index 7517ce1c4a..c14da6ba4e 100644 --- a/deploy/crds.yaml +++ b/deploy/crds.yaml @@ -922,6 +922,19 @@ spec: StopSignal can only be set for Pods with a non-empty .spec.os.name type: string type: object + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + properties: + enable: + description: |- + Whether to enable hostPort + type: boolean + port: + description: |- + Port number + type: integer resources: description: Resources describes the compute resource requirements. From 343d24a00abc5b4c54dae59e5dd7aeecc7d3a659 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Tue, 10 Jun 2025 20:47:36 +0200 Subject: [PATCH 07/23] omitempty is obsolete --- apis/v1alpha2/nginxproxy_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index 41b796ac61..202a7c8d3d 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -618,7 +618,7 @@ type HostPort struct { // Whether to enable hostPort feature // If not specified, or set to false, hostPort will not be enabled. // +optional - Enable bool `json:"enable,omitempty"` + Enable bool `json:"enable"` // Number of port to expose on the host. // kubebuilder:validation:Minimum=1 From f9ba83d485e827a829f84d5c1bbd93e6e0ed72b8 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Wed, 11 Jun 2025 11:55:50 +0200 Subject: [PATCH 08/23] hostPort tests --- internal/controller/provisioner/objects.go | 2 +- internal/controller/provisioner/objects_test.go | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/internal/controller/provisioner/objects.go b/internal/controller/provisioner/objects.go index 8ad74b5b53..71357953d8 100644 --- a/internal/controller/provisioner/objects.go +++ b/internal/controller/provisioner/objects.go @@ -781,7 +781,7 @@ func (p *NginxProvisioner) buildNginxPodTemplateSpec( container.Args = append(container.Args, "debug") } - if containerSpec.HostPort != nil && containerSpec.HostPort.Enable && len(container.Ports) > 1 { + if containerSpec.HostPort != nil && containerSpec.HostPort.Enable && len(container.Ports) > 0 { container.Ports[0].HostPort = containerSpec.HostPort.Port } diff --git a/internal/controller/provisioner/objects_test.go b/internal/controller/provisioner/objects_test.go index 96710f8902..9faede770d 100644 --- a/internal/controller/provisioner/objects_test.go +++ b/internal/controller/provisioner/objects_test.go @@ -257,6 +257,9 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) { Name: "gw", Namespace: "default", }, + Spec: gatewayv1.GatewaySpec{ + Listeners: []gatewayv1.Listener{}, + }, } resourceName := "gw-nginx" @@ -293,6 +296,7 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) { corev1.ResourceCPU: resource.Quantity{Format: "100m"}, }, }, + HostPort: &ngfAPIv1alpha2.HostPort{Enable: true, Port: int32(8443)}, }, }, }, @@ -338,6 +342,7 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) { g.Expect(container.Ports).To(ContainElement(corev1.ContainerPort{ ContainerPort: 8080, Name: "metrics", + HostPort: int32(8443), })) g.Expect(container.Image).To(Equal("nginx-repo:1.1.1")) From eed409356cb219ea1758a99fe081dc3eac347fb6 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Wed, 11 Jun 2025 12:24:55 +0200 Subject: [PATCH 09/23] gateway listener is ok --- internal/controller/provisioner/objects_test.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/internal/controller/provisioner/objects_test.go b/internal/controller/provisioner/objects_test.go index 9faede770d..20262f78f3 100644 --- a/internal/controller/provisioner/objects_test.go +++ b/internal/controller/provisioner/objects_test.go @@ -257,9 +257,6 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) { Name: "gw", Namespace: "default", }, - Spec: gatewayv1.GatewaySpec{ - Listeners: []gatewayv1.Listener{}, - }, } resourceName := "gw-nginx" From 50b3400d86cfd10f36fa4ab06e44f9fb88fbe8a1 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Wed, 11 Jun 2025 12:31:07 +0200 Subject: [PATCH 10/23] comments typo --- apis/v1alpha2/nginxproxy_types.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index 202a7c8d3d..9215742c39 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -614,9 +614,11 @@ type NodePort struct { ListenerPort int32 `json:"listenerPort"` } +// HostPort to expose on the host. type HostPort struct { // Whether to enable hostPort feature // If not specified, or set to false, hostPort will not be enabled. + // // +optional Enable bool `json:"enable"` From 995eaa53b6569631a630361af21be037a9ef4dd5 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Thu, 12 Jun 2025 08:41:30 +0200 Subject: [PATCH 11/23] hostPorts list --- apis/v1alpha2/nginxproxy_types.go | 15 ++++---- charts/nginx-gateway-fabric/README.md | 8 ++-- .../nginx-gateway-fabric/values.schema.json | 38 +++++++++---------- charts/nginx-gateway-fabric/values.yaml | 30 +++++++++------ .../bases/gateway.nginx.org_nginxproxies.yaml | 21 +++++----- deploy/crds.yaml | 19 ++++++---- internal/controller/provisioner/objects.go | 8 +++- .../controller/provisioner/objects_test.go | 3 +- 8 files changed, 78 insertions(+), 64 deletions(-) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index 9215742c39..5128d38b24 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -479,10 +479,10 @@ type ContainerSpec struct { // +optional Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"` - // HostPort configuration + // HostPorts are the list of ports to expose on the host // // +optional - HostPort *HostPort `json:"hostPort,omitempty"` + HostPorts []HostPort `json:"hostPorts,omitempty"` // VolumeMounts describe the mounting of Volumes within a container. // @@ -616,14 +616,13 @@ type NodePort struct { // HostPort to expose on the host. type HostPort struct { - // Whether to enable hostPort feature - // If not specified, or set to false, hostPort will not be enabled. - // - // +optional - Enable bool `json:"enable"` + // ContainerPort is nginx port. + // kubebuilder:validation:Minimum=1 + // kubebuilder:validation:Maximum=65535 + ContainerPort int32 `json:"containerPort"` // Number of port to expose on the host. // kubebuilder:validation:Minimum=1 // kubebuilder:validation:Maximum=65535 - Port int32 `json:"port"` + HostPort int32 `json:"hostPort"` } diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md index b5dfc47cc9..1eecddfd4b 100644 --- a/charts/nginx-gateway-fabric/README.md +++ b/charts/nginx-gateway-fabric/README.md @@ -264,12 +264,10 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `certGenerator.ttlSecondsAfterFinished` | How long to wait after the cert generator job has finished before it is removed by the job controller. | int | `30` | | `clusterDomain` | The DNS cluster domain of your Kubernetes cluster. | string | `"cluster.local"` | | `gateways` | A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference. | list | `[]` | -| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{"hostPort":{"enable":false,"port":443}},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` | +| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{"hostPorts":[]},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` | | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` | -| `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{"hostPort":{"enable":false,"port":443}}` | -| `nginx.container.hostPort` | The hostPort configuration | object | `{"enable":false,"port":443}` | -| `nginx.container.hostPort.enable` | Enables hostPort. | bool | `false` | -| `nginx.container.hostPort.port` | The port | int | `443` | +| `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{"hostPorts":[]}` | +| `nginx.container.hostPorts` | The hostPort configuration | list | `[]` | | `nginx.debug` | Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource. | bool | `false` | | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginx/nginx-gateway-fabric/nginx"` | | `nginx.imagePullSecret` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. The control plane will copy this secret into any namespace where NGINX is deployed. | string | `""` | diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json index dc2ce7f0e4..7c33f3b0e8 100644 --- a/charts/nginx-gateway-fabric/values.schema.json +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -314,29 +314,29 @@ "container": { "description": "The container configuration for the NGINX container. This is applied globally to all Gateways managed by this\ninstance of NGINX Gateway Fabric.", "properties": { - "hostPort": { + "hostPorts": { "description": "The hostPort configuration", - "properties": { - "enable": { - "default": false, - "description": "Enables hostPort.", - "required": [], - "title": "enable", - "type": "boolean" + "items": { + "properties": { + "containerPort": { + "maximum": 65535, + "minimum": 1, + "required": [], + "type": "integer" + }, + "hostPort": { + "maximum": 65535, + "minimum": 1, + "required": [], + "type": "integer" + } }, - "port": { - "default": 443, - "description": "The port", - "maximum": 65535, - "minimum": 1, - "required": [], - "title": "port", - "type": "integer" - } + "required": [], + "type": "object" }, "required": [], - "title": "hostPort", - "type": "object" + "title": "hostPorts", + "type": "array" } }, "required": [], diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index 4530c71b82..ad24848167 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -398,18 +398,26 @@ nginx: # instance of NGINX Gateway Fabric. container: + # @schema + # type: array + # items: + # type: object + # properties: + # containerPort: + # type: integer + # required: true + # minimum: 1 + # maximum: 65535 + # hostPort: + # type: integer + # required: true + # minimum: 1 + # maximum: 65535 + # @schema # -- The hostPort configuration - hostPort: - # -- Enables hostPort. - enable: false - - # @schema - # type: integer - # minimum: 1 - # maximum: 65535 - # @schema - # -- The port - port: 443 + hostPorts: [] + # - containerPort: 80 + # hostPort: 80 # -- The resource requirements of the NGINX container. # resources: {} diff --git a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml index 8a7700947f..27b1ebf538 100644 --- a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml +++ b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml @@ -337,19 +337,22 @@ spec: StopSignal can only be set for Pods with a non-empty .spec.os.name type: string type: object - hostPort: + hostPorts: description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - properties: - enable: + List of ports to expose on the host. + items: + containerPort: description: |- - Whether to enable hostPort - type: boolean - port: + ContainerPort number of nginx + type: integer + hostPort: description: |- - Port number + HostPort number to expose on the host type: integer + required: + - containerPort + - hostPort + type: array resources: description: Resources describes the compute resource requirements. diff --git a/deploy/crds.yaml b/deploy/crds.yaml index c14da6ba4e..7e730e9c84 100644 --- a/deploy/crds.yaml +++ b/deploy/crds.yaml @@ -924,17 +924,20 @@ spec: type: object hostPort: description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - properties: - enable: + List of ports to expose on the host. + items: + containerPort: description: |- - Whether to enable hostPort - type: boolean - port: + ContainerPort number of nginx + type: integer + hostPort: description: |- - Port number + HostPort number to expose on the host type: integer + required: + - containerPort + - hostPort + type: array resources: description: Resources describes the compute resource requirements. diff --git a/internal/controller/provisioner/objects.go b/internal/controller/provisioner/objects.go index 71357953d8..cf3e828464 100644 --- a/internal/controller/provisioner/objects.go +++ b/internal/controller/provisioner/objects.go @@ -781,8 +781,12 @@ func (p *NginxProvisioner) buildNginxPodTemplateSpec( container.Args = append(container.Args, "debug") } - if containerSpec.HostPort != nil && containerSpec.HostPort.Enable && len(container.Ports) > 0 { - container.Ports[0].HostPort = containerSpec.HostPort.Port + for _, hostPort := range containerSpec.HostPorts { + for i, port := range container.Ports { + if hostPort.ContainerPort == port.ContainerPort { + container.Ports[i].HostPort = hostPort.HostPort + } + } } spec.Spec.Containers[0] = container diff --git a/internal/controller/provisioner/objects_test.go b/internal/controller/provisioner/objects_test.go index 20262f78f3..ebf2409598 100644 --- a/internal/controller/provisioner/objects_test.go +++ b/internal/controller/provisioner/objects_test.go @@ -293,7 +293,7 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) { corev1.ResourceCPU: resource.Quantity{Format: "100m"}, }, }, - HostPort: &ngfAPIv1alpha2.HostPort{Enable: true, Port: int32(8443)}, + HostPorts: []ngfAPIv1alpha2.HostPort{{ContainerPort: int32(8443), HostPort: int32(8443)}}, }, }, }, @@ -339,7 +339,6 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) { g.Expect(container.Ports).To(ContainElement(corev1.ContainerPort{ ContainerPort: 8080, Name: "metrics", - HostPort: int32(8443), })) g.Expect(container.Image).To(Equal("nginx-repo:1.1.1")) From 8f2e721357dc02af12734f36ca26fa04b8eacf82 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Thu, 12 Jun 2025 08:54:10 +0200 Subject: [PATCH 12/23] hostPorts list --- internal/controller/provisioner/objects_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/internal/controller/provisioner/objects_test.go b/internal/controller/provisioner/objects_test.go index ebf2409598..0ce5db1a58 100644 --- a/internal/controller/provisioner/objects_test.go +++ b/internal/controller/provisioner/objects_test.go @@ -257,6 +257,11 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) { Name: "gw", Namespace: "default", }, + Spec: gatewayv1.GatewaySpec{ + Listeners: []gatewayv1.Listener{ + {Name: "port-8443", Port: 8443, Protocol: "tcp"}, + }, + }, } resourceName := "gw-nginx" @@ -345,6 +350,12 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) { g.Expect(container.ImagePullPolicy).To(Equal(corev1.PullAlways)) g.Expect(container.Resources.Limits).To(HaveKey(corev1.ResourceCPU)) g.Expect(container.Resources.Limits[corev1.ResourceCPU].Format).To(Equal(resource.Format("100m"))) + + g.Expect(container.Ports).To(ContainElement(corev1.ContainerPort{ + ContainerPort: 8443, + Name: "port-8443", + HostPort: 8443, + })) } func TestBuildNginxResourceObjects_Plus(t *testing.T) { From 3253d5624653d24b4847b47479d0f309932b8011 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Thu, 12 Jun 2025 08:57:41 +0200 Subject: [PATCH 13/23] hostPorts list --- deploy/crds.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/crds.yaml b/deploy/crds.yaml index 7e730e9c84..54aeb66432 100644 --- a/deploy/crds.yaml +++ b/deploy/crds.yaml @@ -922,13 +922,13 @@ spec: StopSignal can only be set for Pods with a non-empty .spec.os.name type: string type: object - hostPort: + hostPorts: description: |- List of ports to expose on the host. items: containerPort: description: |- - ContainerPort number of nginx + ContainerPort of nginx type: integer hostPort: description: |- From aba383d59879a29795ab3ccf3dce02eaa36af83b Mon Sep 17 00:00:00 2001 From: Rinat Date: Sat, 14 Jun 2025 11:02:22 +0200 Subject: [PATCH 14/23] Update apis/v1alpha2/nginxproxy_types.go Co-authored-by: Saylor Berman --- apis/v1alpha2/nginxproxy_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index 5128d38b24..2a034ede49 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -479,7 +479,7 @@ type ContainerSpec struct { // +optional Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"` - // HostPorts are the list of ports to expose on the host + // HostPorts are the list of ports to expose on the host. // // +optional HostPorts []HostPort `json:"hostPorts,omitempty"` From e8522bb2a320c820ab4aa5b0aab7cf0f0b58e1f6 Mon Sep 17 00:00:00 2001 From: Rinat Date: Sat, 14 Jun 2025 11:02:44 +0200 Subject: [PATCH 15/23] Update apis/v1alpha2/nginxproxy_types.go Co-authored-by: Saylor Berman --- apis/v1alpha2/nginxproxy_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index 2a034ede49..cd43f332d5 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -616,7 +616,7 @@ type NodePort struct { // HostPort to expose on the host. type HostPort struct { - // ContainerPort is nginx port. + // ContainerPort is the port on the nginx container to map to the HostPort. // kubebuilder:validation:Minimum=1 // kubebuilder:validation:Maximum=65535 ContainerPort int32 `json:"containerPort"` From cc0b1161bd4105b58716b590c825a17b4202abc7 Mon Sep 17 00:00:00 2001 From: Rinat Date: Sat, 14 Jun 2025 11:03:05 +0200 Subject: [PATCH 16/23] Update apis/v1alpha2/nginxproxy_types.go Co-authored-by: Saylor Berman --- apis/v1alpha2/nginxproxy_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index cd43f332d5..16f8ae806f 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -614,7 +614,7 @@ type NodePort struct { ListenerPort int32 `json:"listenerPort"` } -// HostPort to expose on the host. +// HostPort exposes an nginx container port on the host. type HostPort struct { // ContainerPort is the port on the nginx container to map to the HostPort. // kubebuilder:validation:Minimum=1 From abefe49eda4c31e1615baab714fbd9ce14c0e0b7 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Sat, 14 Jun 2025 11:13:46 +0200 Subject: [PATCH 17/23] hostPort consistent naming --- apis/v1alpha2/nginxproxy_types.go | 8 ++++---- charts/nginx-gateway-fabric/values.schema.json | 2 +- charts/nginx-gateway-fabric/values.yaml | 8 ++++---- config/crd/bases/gateway.nginx.org_nginxproxies.yaml | 10 +++++----- deploy/crds.yaml | 10 +++++----- internal/controller/provisioner/objects.go | 2 +- internal/controller/provisioner/objects_test.go | 2 +- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index 16f8ae806f..b07096aaf5 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -616,13 +616,13 @@ type NodePort struct { // HostPort exposes an nginx container port on the host. type HostPort struct { - // ContainerPort is the port on the nginx container to map to the HostPort. + // Number of port to expose on the host. // kubebuilder:validation:Minimum=1 // kubebuilder:validation:Maximum=65535 - ContainerPort int32 `json:"containerPort"` + Port int32 `json:"port"` - // Number of port to expose on the host. + // ContainerPort is the port on the nginx container to map to the HostPort. // kubebuilder:validation:Minimum=1 // kubebuilder:validation:Maximum=65535 - HostPort int32 `json:"hostPort"` + ContainerPort int32 `json:"containerPort"` } diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json index 86fc9653f2..f320f37468 100644 --- a/charts/nginx-gateway-fabric/values.schema.json +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -324,7 +324,7 @@ "required": [], "type": "integer" }, - "hostPort": { + "port": { "maximum": 65535, "minimum": 1, "required": [], diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index 3ff114c94e..d25e9433c7 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -406,12 +406,12 @@ nginx: # items: # type: object # properties: - # containerPort: + # port: # type: integer # required: true # minimum: 1 # maximum: 65535 - # hostPort: + # containerPort: # type: integer # required: true # minimum: 1 @@ -419,8 +419,8 @@ nginx: # @schema # -- The hostPort configuration hostPorts: [] - # - containerPort: 80 - # hostPort: 80 + # - port: 80 + # containerPort: 80 # -- The resource requirements of the NGINX container. # resources: {} diff --git a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml index 27b1ebf538..fedf99e01f 100644 --- a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml +++ b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml @@ -341,17 +341,17 @@ spec: description: |- List of ports to expose on the host. items: - containerPort: + port: description: |- - ContainerPort number of nginx + HostPort number to expose on the host type: integer - hostPort: + containerPort: description: |- - HostPort number to expose on the host + ContainerPort number of nginx type: integer required: + - port - containerPort - - hostPort type: array resources: description: Resources describes the compute resource diff --git a/deploy/crds.yaml b/deploy/crds.yaml index 54aeb66432..cf44351d48 100644 --- a/deploy/crds.yaml +++ b/deploy/crds.yaml @@ -926,17 +926,17 @@ spec: description: |- List of ports to expose on the host. items: - containerPort: + port: description: |- - ContainerPort of nginx + HostPort number to expose on the host type: integer - hostPort: + containerPort: description: |- - HostPort number to expose on the host + ContainerPort of nginx type: integer required: + - port - containerPort - - hostPort type: array resources: description: Resources describes the compute resource diff --git a/internal/controller/provisioner/objects.go b/internal/controller/provisioner/objects.go index cf3e828464..f9140ef48f 100644 --- a/internal/controller/provisioner/objects.go +++ b/internal/controller/provisioner/objects.go @@ -784,7 +784,7 @@ func (p *NginxProvisioner) buildNginxPodTemplateSpec( for _, hostPort := range containerSpec.HostPorts { for i, port := range container.Ports { if hostPort.ContainerPort == port.ContainerPort { - container.Ports[i].HostPort = hostPort.HostPort + container.Ports[i].HostPort = hostPort.Port } } } diff --git a/internal/controller/provisioner/objects_test.go b/internal/controller/provisioner/objects_test.go index 0ce5db1a58..632b5c437c 100644 --- a/internal/controller/provisioner/objects_test.go +++ b/internal/controller/provisioner/objects_test.go @@ -298,7 +298,7 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) { corev1.ResourceCPU: resource.Quantity{Format: "100m"}, }, }, - HostPorts: []ngfAPIv1alpha2.HostPort{{ContainerPort: int32(8443), HostPort: int32(8443)}}, + HostPorts: []ngfAPIv1alpha2.HostPort{{ContainerPort: int32(8443), Port: int32(8443)}}, }, }, }, From 809f71462d988c53fcbdf3c5b3ed2695367ae9ed Mon Sep 17 00:00:00 2001 From: Gasoid Date: Sat, 14 Jun 2025 11:57:12 +0200 Subject: [PATCH 18/23] hostPort consistent naming --- charts/nginx-gateway-fabric/README.md | 2 +- charts/nginx-gateway-fabric/values.schema.json | 2 +- charts/nginx-gateway-fabric/values.yaml | 7 ++++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md index 689e1e03e3..c84f34f98f 100644 --- a/charts/nginx-gateway-fabric/README.md +++ b/charts/nginx-gateway-fabric/README.md @@ -267,7 +267,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri | `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{"hostPorts":[]},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` | | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` | | `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{"hostPorts":[]}` | -| `nginx.container.hostPorts` | The hostPort configuration | list | `[]` | +| `nginx.container.hostPorts` | A list of HostPorts to expose on the host. This configuration allows containers to bind to a specific port on the host node, enabling external network traffic to reach the container directly through the host's IP address and port. Use this option when you need to expose container ports on the host for direct access, such as for debugging, legacy integrations, or when NodePort/LoadBalancer services are not suitable. Note: Using hostPort may have security and scheduling implications, as it ties pods to specific nodes and ports. | list | `[]` | | `nginx.debug` | Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource. | bool | `false` | | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginx/nginx-gateway-fabric/nginx"` | | `nginx.imagePullSecret` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. The control plane will copy this secret into any namespace where NGINX is deployed. | string | `""` | diff --git a/charts/nginx-gateway-fabric/values.schema.json b/charts/nginx-gateway-fabric/values.schema.json index f320f37468..f19c0b0f9a 100644 --- a/charts/nginx-gateway-fabric/values.schema.json +++ b/charts/nginx-gateway-fabric/values.schema.json @@ -315,7 +315,7 @@ "description": "The container configuration for the NGINX container. This is applied globally to all Gateways managed by this\ninstance of NGINX Gateway Fabric.", "properties": { "hostPorts": { - "description": "The hostPort configuration", + "description": "A list of HostPorts to expose on the host.\nThis configuration allows containers to bind to a specific port on the host node,\nenabling external network traffic to reach the container directly through the host's IP address and port.\nUse this option when you need to expose container ports on the host for direct access,\nsuch as for debugging, legacy integrations, or when NodePort/LoadBalancer services are not suitable.\nNote: Using hostPort may have security and scheduling implications, as it ties pods to specific nodes and ports.", "items": { "properties": { "containerPort": { diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index d25e9433c7..1277cbf574 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -417,7 +417,12 @@ nginx: # minimum: 1 # maximum: 65535 # @schema - # -- The hostPort configuration + # -- A list of HostPorts to expose on the host. + # This configuration allows containers to bind to a specific port on the host node, + # enabling external network traffic to reach the container directly through the host's IP address and port. + # Use this option when you need to expose container ports on the host for direct access, + # such as for debugging, legacy integrations, or when NodePort/LoadBalancer services are not suitable. + # Note: Using hostPort may have security and scheduling implications, as it ties pods to specific nodes and ports. hostPorts: [] # - port: 80 # containerPort: 80 From 837e6da176b4f8cf8cde0b0e95e83e660470c011 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Sat, 14 Jun 2025 17:08:24 +0200 Subject: [PATCH 19/23] description fixed --- config/crd/bases/gateway.nginx.org_nginxproxies.yaml | 4 ++-- deploy/crds.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml index fedf99e01f..5e1b4990a2 100644 --- a/config/crd/bases/gateway.nginx.org_nginxproxies.yaml +++ b/config/crd/bases/gateway.nginx.org_nginxproxies.yaml @@ -343,11 +343,11 @@ spec: items: port: description: |- - HostPort number to expose on the host + Number of port to expose on the host. type: integer containerPort: description: |- - ContainerPort number of nginx + ContainerPort is the port on the nginx container to map to the HostPort. type: integer required: - port diff --git a/deploy/crds.yaml b/deploy/crds.yaml index cf44351d48..a59c4d6b19 100644 --- a/deploy/crds.yaml +++ b/deploy/crds.yaml @@ -928,11 +928,11 @@ spec: items: port: description: |- - HostPort number to expose on the host + Number of port to expose on the host. type: integer containerPort: description: |- - ContainerPort of nginx + ContainerPort is the port on the nginx container to map to the HostPort. type: integer required: - port From 7bdf85b81b13cfb735506fab562668ee0ac06311 Mon Sep 17 00:00:00 2001 From: Rinat Date: Mon, 16 Jun 2025 16:41:56 +0200 Subject: [PATCH 20/23] Update apis/v1alpha2/nginxproxy_types.go Co-authored-by: Saylor Berman --- apis/v1alpha2/nginxproxy_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apis/v1alpha2/nginxproxy_types.go b/apis/v1alpha2/nginxproxy_types.go index b07096aaf5..e923d4a7ca 100644 --- a/apis/v1alpha2/nginxproxy_types.go +++ b/apis/v1alpha2/nginxproxy_types.go @@ -616,7 +616,7 @@ type NodePort struct { // HostPort exposes an nginx container port on the host. type HostPort struct { - // Number of port to expose on the host. + // Port to expose on the host. // kubebuilder:validation:Minimum=1 // kubebuilder:validation:Maximum=65535 Port int32 `json:"port"` From 53fa9e6bb5607e11765f8a35f2025960234642a1 Mon Sep 17 00:00:00 2001 From: Rinat Date: Mon, 16 Jun 2025 16:42:14 +0200 Subject: [PATCH 21/23] Update charts/nginx-gateway-fabric/values.yaml Co-authored-by: Saylor Berman --- charts/nginx-gateway-fabric/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/nginx-gateway-fabric/values.yaml b/charts/nginx-gateway-fabric/values.yaml index 1277cbf574..daf3b9e33c 100644 --- a/charts/nginx-gateway-fabric/values.yaml +++ b/charts/nginx-gateway-fabric/values.yaml @@ -400,7 +400,6 @@ nginx: # -- The container configuration for the NGINX container. This is applied globally to all Gateways managed by this # instance of NGINX Gateway Fabric. container: - # @schema # type: array # items: From 7053cd4494af7ddfcd33e526a450c300e06c9641 Mon Sep 17 00:00:00 2001 From: Gasoid Date: Mon, 16 Jun 2025 17:40:05 +0200 Subject: [PATCH 22/23] feat: filterEmptyFields --- charts/nginx-gateway-fabric/templates/_helpers.tpl | 4 +++- .../nginx-gateway-fabric/templates/nginxproxy.yaml | 12 ++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/charts/nginx-gateway-fabric/templates/_helpers.tpl b/charts/nginx-gateway-fabric/templates/_helpers.tpl index 01155eb707..bedf7bc8a1 100644 --- a/charts/nginx-gateway-fabric/templates/_helpers.tpl +++ b/charts/nginx-gateway-fabric/templates/_helpers.tpl @@ -102,5 +102,7 @@ Filters out empty fields from a struct. {{- $result = merge $result (dict $key $value) }} {{- end }} {{- end }} -{{- $result | toYaml }} +{{- if $result }} + {{- $result | toYaml }} +{{- end }} {{- end }} diff --git a/charts/nginx-gateway-fabric/templates/nginxproxy.yaml b/charts/nginx-gateway-fabric/templates/nginxproxy.yaml index b5e33292c8..25d4892bbf 100644 --- a/charts/nginx-gateway-fabric/templates/nginxproxy.yaml +++ b/charts/nginx-gateway-fabric/templates/nginxproxy.yaml @@ -18,9 +18,11 @@ spec: {{- toYaml .Values.nginx.pod | nindent 8 }} {{- end }} container: - {{- if .Values.nginx.container }} - {{- toYaml .Values.nginx.container | nindent 8 }} + {{- if .Values.nginx.container }} + {{- with .Values.nginx.container }} + {{- include "filterEmptyFields" . | nindent 8 }} {{- end }} + {{- end }} image: {{- toYaml .Values.nginx.image | nindent 10 }} {{- if .Values.nginx.debug }} @@ -34,9 +36,11 @@ spec: {{- toYaml .Values.nginx.pod | nindent 8 }} {{- end }} container: - {{- if .Values.nginx.container }} - {{- toYaml .Values.nginx.container | nindent 8 }} + {{- if .Values.nginx.container }} + {{- with .Values.nginx.container }} + {{- include "filterEmptyFields" . | nindent 8 }} {{- end }} + {{- end }} image: {{- toYaml .Values.nginx.image | nindent 10 }} {{- if .Values.nginx.debug }} From e8545ded9c83370684ea01efc7267ea109b51c8b Mon Sep 17 00:00:00 2001 From: Gasoid Date: Mon, 16 Jun 2025 18:05:21 +0200 Subject: [PATCH 23/23] feat: proper indentation --- .../templates/nginxproxy.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/nginx-gateway-fabric/templates/nginxproxy.yaml b/charts/nginx-gateway-fabric/templates/nginxproxy.yaml index 25d4892bbf..88975202fd 100644 --- a/charts/nginx-gateway-fabric/templates/nginxproxy.yaml +++ b/charts/nginx-gateway-fabric/templates/nginxproxy.yaml @@ -18,11 +18,11 @@ spec: {{- toYaml .Values.nginx.pod | nindent 8 }} {{- end }} container: - {{- if .Values.nginx.container }} - {{- with .Values.nginx.container }} - {{- include "filterEmptyFields" . | nindent 8 }} + {{- if .Values.nginx.container }} + {{- with .Values.nginx.container }} + {{- include "filterEmptyFields" . | nindent 8 }} + {{- end }} {{- end }} - {{- end }} image: {{- toYaml .Values.nginx.image | nindent 10 }} {{- if .Values.nginx.debug }} @@ -36,11 +36,11 @@ spec: {{- toYaml .Values.nginx.pod | nindent 8 }} {{- end }} container: - {{- if .Values.nginx.container }} - {{- with .Values.nginx.container }} - {{- include "filterEmptyFields" . | nindent 8 }} + {{- if .Values.nginx.container }} + {{- with .Values.nginx.container }} + {{- include "filterEmptyFields" . | nindent 8 }} + {{- end }} {{- end }} - {{- end }} image: {{- toYaml .Values.nginx.image | nindent 10 }} {{- if .Values.nginx.debug }}