diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bd9a540248..25a661b04e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,12 +52,15 @@ jobs: - name: Check if go.mod and go.sum are up to date run: go mod tidy && git diff --exit-code -- go.mod go.sum - - name: Check if generated files are up to date + - name: Check if generated go files are up to date run: make generate && git diff --exit-code - name: Check if njs-modules yaml is up to date run: make generate-njs-yaml && git diff --exit-code + - name: Check if generated manifests are up to date + run: make generate-manifests && git diff --exit-code + unit-tests: name: Unit Tests runs-on: ubuntu-22.04 diff --git a/Makefile b/Makefile index 041069be26..c5b3807f9a 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,8 @@ TARGET ?= local## The target of the build. Possible values: local and container KIND_KUBE_CONFIG=$${HOME}/.kube/kind/config## The location of the kind kubeconfig OUT_DIR ?= $(shell pwd)/build/out## The folder where the binary will be stored ARCH ?= amd64## The architecture of the image and/or binary. For example: amd64 or arm64 +override HELM_TEMPLATE_COMMON_ARGS += --set creator=template --set nameOverride=nginx-gateway## The common options for the Helm template command. +override HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE += --set service.create=false## The options to be passed to the full Helm templating command only. override DOCKER_BUILD_OPTIONS += --build-arg VERSION=$(VERSION) --build-arg GIT_COMMIT=$(GIT_COMMIT) --build-arg DATE=$(DATE)## The options for the docker build command. For example, --pull .DEFAULT_GOAL := help @@ -117,5 +119,13 @@ debug-build: build ## Build binary with debug info, symbols, and no optimization .PHONY: debug-container debug-container: debug-build container ## Build container with debug binary +.PHONY: generate-manifests +generate-manifests: ## Generate manifests using Helm. + helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-gateway.yaml + helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) -n nginx-gateway -s templates/deployment.yaml > conformance/provisioner/static-deployment.yaml + helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/loadbalancer.yaml + helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set service.annotations.'service\.beta\.kubernetes\.io\/aws-load-balancer-type'="nlb" -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/loadbalancer-aws-nlb.yaml + helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set service.type=NodePort --set service.externalTrafficPolicy="" -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/nodeport.yaml + .PHONY: dev-all dev-all: deps fmt njs-fmt vet lint unit-test njs-unit-test ## Run all the development checks diff --git a/conformance/Makefile b/conformance/Makefile index 11641e5d0b..4520a19c48 100644 --- a/conformance/Makefile +++ b/conformance/Makefile @@ -6,8 +6,11 @@ SUPPORTED_FEATURES = HTTPRoute,HTTPRouteQueryParamMatching,HTTPRouteMethodMatchi KIND_KUBE_CONFIG=$${HOME}/.kube/kind/config TAG = latest PREFIX = conformance-test-runner -NKG_DEPLOYMENT_MANIFEST=../deploy/manifests/deployment.yaml -NGINX_IMAGE=$(shell yq '.spec.template.spec.containers[1].image as $$nginx_ver | $$nginx_ver' $(NKG_DEPLOYMENT_MANIFEST)) +NKG_MANIFEST=../deploy/manifests/nginx-gateway.yaml +SERVICE_MANIFEST=../deploy/manifests/service/nodeport.yaml +STATIC_MANIFEST=provisioner/static-deployment.yaml +PROVISIONER_MANIFEST=provisioner/provisioner.yaml +NGINX_IMAGE=$(shell yq '.spec.template.spec.containers[1].image as $$nginx_ver | $$nginx_ver' $(STATIC_MANIFEST)) .DEFAULT_GOAL := help .PHONY: help @@ -36,10 +39,10 @@ preload-nginx-container: ## Preload NGINX container on configured kind cluster .PHONY: update-nkg-manifest update-nkg-manifest: ## Update the NKG deployment manifest image name and imagePullPolicy - yq -i 'with(.spec.template.spec.containers[0]; .image = "$(NKG_PREFIX):$(NKG_TAG)" | .imagePullPolicy = "Never")' $(NKG_DEPLOYMENT_MANIFEST) + cd .. && make generate-manifests HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE="--set nginxGateway.kind=skip" HELM_TEMPLATE_COMMON_ARGS="--set nginxGateway.image.repository=$(NKG_PREFIX) --set nginxGateway.image.tag=$(NKG_TAG) --set nginxGateway.image.pullPolicy=Never" && cd - .PHONY: build-nkg-image -build-nkg-image: update-nkg-manifest ## Build NKG container and load it and NGINX container on configured kind cluster +build-nkg-image: ## Build NKG container and load it and NGINX container on configured kind cluster cd .. && make PREFIX=$(NKG_PREFIX) TAG=$(NKG_TAG) container .PHONY: load-images @@ -47,31 +50,26 @@ load-images: preload-nginx-container ## Load NKG and NGINX containers on configu kind load docker-image $(NKG_PREFIX):$(NKG_TAG) .PHONY: prepare-nkg-dependencies -prepare-nkg-dependencies: ## Install NKG dependencies on configured kind cluster +prepare-nkg-dependencies: update-nkg-manifest ## Install NKG dependencies on configured kind cluster ./scripts/install-gateway.sh $(GW_API_VERSION) kubectl wait --for=condition=available --timeout=60s deployment gateway-api-admission-server -n gateway-system - kubectl apply -f ../deploy/manifests/namespace.yaml - cd .. && make generate-njs-yaml && cd - - kubectl apply -f ../deploy/manifests/njs-modules.yaml -n nginx-gateway - kubectl apply -f ../deploy/manifests/nginx-conf.yaml - kubectl apply -f ../deploy/manifests/rbac.yaml - kubectl apply -f ../deploy/manifests/gatewayclass.yaml - kubectl apply -f ../deploy/manifests/service/nodeport.yaml + kubectl apply -f $(NKG_MANIFEST) + kubectl apply -f $(SERVICE_MANIFEST) .PHONY: deploy-updated-provisioner deploy-updated-provisioner: ## Update provisioner manifest and deploy to the configured kind cluster - yq '(select(di != 3))' provisioner/provisioner.yaml | kubectl apply -f - - yq '(select(.spec.template.spec.containers[].image) | .spec.template.spec.containers[].image="$(NKG_PREFIX):$(NKG_TAG)" | .spec.template.spec.containers[].imagePullPolicy = "Never")' provisioner/provisioner.yaml | kubectl apply -f - + yq '(select(di != 3))' $(PROVISIONER_MANIFEST) | kubectl apply -f - + yq '(select(.spec.template.spec.containers[].image) | .spec.template.spec.containers[].image="$(NKG_PREFIX):$(NKG_TAG)" | .spec.template.spec.containers[].imagePullPolicy = "Never")' $(PROVISIONER_MANIFEST) | kubectl apply -f - .PHONY: install-nkg-local-build -install-nkg-local-build: build-nkg-image load-images prepare-nkg-dependencies deploy-updated-provisioner ## Install NKG from local build with provisioner on configured kind cluster +install-nkg-local-build: prepare-nkg-dependencies build-nkg-image load-images deploy-updated-provisioner ## Install NKG from local build with provisioner on configured kind cluster -.PHONY: install-nkg-local-build -install-nkg-local-no-build: load-images prepare-nkg-dependencies deploy-updated-provisioner ## Install NKG from local build with provisioner on configured kind cluster but do not build the NKG image +.PHONY: install-nkg-local-no-build +install-nkg-local-no-build: prepare-nkg-dependencies load-images deploy-updated-provisioner ## Install NKG from local build with provisioner on configured kind cluster but do not build the NKG image .PHONY: install-nkg-edge install-nkg-edge: preload-nginx-container prepare-nkg-dependencies ## Install NKG with provisioner from edge on configured kind cluster - kubectl apply -f provisioner/provisioner.yaml + kubectl apply -f $(PROVISIONER_MANIFEST) .PHONY: run-conformance-tests run-conformance-tests: ## Run conformance tests @@ -89,16 +87,18 @@ cleanup-conformance-tests: ## Clean up conformance tests fixtures kubectl delete -f tests/conformance-rbac.yaml .PHONY: uninstall-nkg -uninstall-nkg: ## Uninstall NKG on configured kind cluster +uninstall-nkg: uninstall-k8s-components undo-manifests-update ## Uninstall NKG on configured kind cluster and undo manifest changes + +.PHONY: uninstall-k8s-components +uninstall-k8s-components: ## Uninstall installed components on configured kind cluster + kubectl delete -f $(NKG_MANIFEST) ./scripts/uninstall-gateway.sh $(GW_API_VERSION) - kubectl delete -f ../deploy/manifests/rbac.yaml - kubectl delete -f ../deploy/manifests/namespace.yaml kubectl delete clusterrole nginx-gateway-provisioner kubectl delete clusterrolebinding nginx-gateway-provisioner -.PHONY: undo-image-update -undo-image-update: ## Undo the NKG image name and tag in deployment manifest - git checkout -- $(NKG_DEPLOYMENT_MANIFEST) +.PHONY: undo-manifests-update +undo-manifests-update: ## Undo the changes in the manifest files + cd .. && make generate-manifests && cd - .PHONY: reset-go-modules reset-go-modules: ## Reset the go modules changes diff --git a/conformance/README.md b/conformance/README.md index b375fef3b8..a549e055f6 100644 --- a/conformance/README.md +++ b/conformance/README.md @@ -31,8 +31,8 @@ preload-nginx-container Preload NGINX container on configured kind cluste prepare-nkg-dependencies Install NKG dependencies on configured kind cluster reset-go-modules Reset the go modules changes run-conformance-tests Run conformance tests -undo-image-update Undo the NKG image name and tag in deployment manifest -uninstall-nkg Uninstall NKG on configured kind cluster +undo-manifests-update Undo the changes in the manifest files +uninstall-nkg Uninstall NKG on configured kind cluster and undo manifest changes update-go-modules Update the gateway-api go modules to latest main version update-nkg-manifest Update the NKG deployment manifest image name and imagePullPolicy ``` @@ -50,8 +50,11 @@ update-nkg-manifest Update the NKG deployment manifest image name and | GATEWAY_CLASS | nginx | The gateway class that should be used for the tests | | SUPPORTED_FEATURES | HTTPRoute,HTTPRouteQueryParamMatching, HTTPRouteMethodMatching,HTTPRoutePortRedirect, HTTPRouteSchemeRedirect | The supported features that should be tested by the conformance tests. Ensure the list is comma separated with no spaces. | | EXEMPT_FEATURES | ReferenceGrant | The features that should not be tested by the conformance tests | -| NGINX_IMAGE | as defined in the ../deploy/manifests/deployment.yaml file | The NGINX image for the NKG deployments | -| NKG_DEPLOYMENT_MANIFEST | ../deploy/manifests/deployment.yaml | The location of the NKG deployment manifest | +| NGINX_IMAGE | as defined in the provisioner/static-deployment.yaml file | The NGINX image for the NKG deployments | +| NKG_MANIFEST | ../deploy/manifests/nginx-gateway.yaml | The location of the NKG manifest | +| SERVICE_MANIFEST | ../deploy/manifests/service/nodeport.yaml | The location of the NKG Service manifest | +| STATIC_MANIFEST | provisioner/static-deployment.yaml | The location of the NKG static deployment manifest | +| PROVISIONER_MANIFEST | provisioner/provisioner.yaml | The location of the NKG provisioner manifest | ### Step 1 - Create a kind Cluster @@ -77,27 +80,17 @@ make install-nkg-local-build ``` #### *Option 2* Install Nginx Kubernetes Gateway from local already built image to configured kind cluster +You can optionally skip the actual *build* step. ```makefile make install-nkg-local-no-build ``` -**Note:** You can optionally skip the actual *build* step. However, if choosing -this option, the following step *must* be completed manually *before* the build step: - -- Set NKG_PREFIX= NKG_TAG= to preferred values. -- Navigate to `deploy/manifests` and update values in `deployment.yaml` as specified in below code-block. -- Save the changes. - - ```text - . - .. - containers: - - image: : - imagePullPolicy: Never - .. - . - ``` +> Note: If choosing this option, the following step *must* be completed manually *before* you build the image: + +```makefile +make update-nkg-manifest NKG_PREFIX= NKG_TAG= +``` #### *Option 3* Install Nginx Kubernetes Gateway from edge to configured kind cluster You can also skip the build NKG image step and prepare the environment to instead use the `edge` image @@ -153,15 +146,7 @@ make uninstall-nkg make reset-go-modules ``` -### Step 7 - Revert changes to the NKG deployment manifest -**Optional** Not required if using `edge` image -**Warning**: `make undo-image-update` will hard reset changes to the deploy/manifests/deployment.yaml file! - -```makefile -make undo-image-update -``` - -### Step 8 - Delete kind cluster +### Step 7 - Delete kind cluster ```makefile make delete-kind-cluster diff --git a/conformance/provisioner/static-deployment.yaml b/conformance/provisioner/static-deployment.yaml new file mode 100644 index 0000000000..f2a3415392 --- /dev/null +++ b/conformance/provisioner/static-deployment.yaml @@ -0,0 +1,99 @@ +--- +# Source: nginx-kubernetes-gateway/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-gateway + namespace: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" +spec: + # We only support a single replica for now + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + template: + metadata: + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=k8s-gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: ghcr.io/nginxinc/nginx-kubernetes-gateway:edge + imagePullPolicy: Always + name: nginx-gateway + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + runAsUser: 1001 + volumeMounts: + - mountPath: /etc/nginx + name: nginx + - image: nginx:1.25 + imagePullPolicy: Always + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - CHOWN + - NET_BIND_SERVICE + - SETGID + - SETUID + - DAC_OVERRIDE + drop: + - ALL + volumeMounts: + - mountPath: /etc/nginx + name: nginx + - mountPath: /etc/nginx/nginx.conf + name: nginx-conf + subPath: nginx.conf + - mountPath: /var/lib/nginx + name: var-lib-nginx + - mountPath: /usr/lib/nginx/modules/njs + name: njs-modules + initContainers: + - command: + - sh + - -c + - rm -r /etc/nginx/conf.d /etc/nginx/secrets; mkdir /etc/nginx/conf.d /etc/nginx/secrets + && chown 1001:0 /etc/nginx/conf.d /etc/nginx/secrets + image: busybox:1.36 + name: set-permissions + volumeMounts: + - mountPath: /etc/nginx + name: nginx + serviceAccountName: nginx-gateway + shareProcessNamespace: true + volumes: + - emptyDir: {} + name: nginx + - configMap: + name: nginx-gateway-conf + name: nginx-conf + - emptyDir: {} + name: var-lib-nginx + - configMap: + name: nginx-gateway-njs-modules + name: njs-modules diff --git a/deploy/helm-chart/Chart.yaml b/deploy/helm-chart/Chart.yaml index 56269135a6..be6b022242 100644 --- a/deploy/helm-chart/Chart.yaml +++ b/deploy/helm-chart/Chart.yaml @@ -3,7 +3,7 @@ name: nginx-kubernetes-gateway description: NGINX Kubernetes Gateway type: application version: 0.1.0 -appVersion: "0.4.0" +appVersion: "edge" home: https://github.com/nginxinc/nginx-kubernetes-gateway icon: https://raw.githubusercontent.com/nginxinc/nginx-kubernetes-gateway/tree/main/deploy/helm-chart/chart-icon.png sources: diff --git a/deploy/helm-chart/README.md b/deploy/helm-chart/README.md index 07a5100cf8..07ed4d41f4 100644 --- a/deploy/helm-chart/README.md +++ b/deploy/helm-chart/README.md @@ -9,9 +9,6 @@ This chart deploys the NGINX Kubernetes Gateway in your Kubernetes cluster. - [Helm 3.0+](https://helm.sh/docs/intro/install/) - [kubectl](https://kubernetes.io/docs/tasks/tools/) -> Note: NGINX Kubernetes Gateway can only run in the `nginx-gateway` namespace. This limitation will be addressed in -the future releases. - ### Installing the Gateway API resources > Note: The Gateway API resources from the standard channel (the CRDs and the validating webhook) must be installed @@ -87,9 +84,10 @@ To uninstall/delete the release `my-release`: ```shell helm uninstall my-release -n nginx-gateway +kubectl delete ns nginx-gateway ``` -The command removes all the Kubernetes components associated with the release and deletes the release. +These commands remove all the Kubernetes components associated with the release and deletes the release. ### Uninstalling the Gateway Resources @@ -114,6 +112,7 @@ The following tables lists the configurable parameters of the NGINX Kubernetes G |`nginxGateway.image.pullPolicy` | The `imagePullPolicy` for the NGINX Kubernetes Gateway image. | Always | |`nginxGateway.gatewayClassName` | The name of the GatewayClass for the NGINX Kubernetes Gateway deployment. | nginx | |`nginxGateway.gatewayControllerName` | The name of the Gateway controller. The controller name must be of the form: DOMAIN/PATH. The controller's domain is k8s-gateway.nginx.org. | k8s-gateway.nginx.org/nginx-gateway-controller | +|`nginxGateway.kind` | The kind of the NGINX Kubernetes Gateway installation - currently, only Deployment is supported. | deployment | |`nginx.image.repository` | The repository for the NGINX image. | nginx | |`nginx.image.tag` | The tag for the NGINX image. | 1.25 | |`nginx.image.pullPolicy` | The `imagePullPolicy` for the NGINX image. | Always | diff --git a/deploy/helm-chart/templates/_helpers.tpl b/deploy/helm-chart/templates/_helpers.tpl index 3d687344c5..5488944e85 100644 --- a/deploy/helm-chart/templates/_helpers.tpl +++ b/deploy/helm-chart/templates/_helpers.tpl @@ -34,12 +34,14 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "nginx-gateway.labels" -}} -helm.sh/chart: {{ include "nginx-gateway.chart" . }} {{ include "nginx-gateway.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} +{{- if eq (default "helm" .Values.creator) "helm" }} app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "nginx-gateway.chart" . }} +{{- end -}} {{- end }} {{/* diff --git a/deploy/helm-chart/templates/deployment.yaml b/deploy/helm-chart/templates/deployment.yaml index a98d20a3ce..e1cae67599 100644 --- a/deploy/helm-chart/templates/deployment.yaml +++ b/deploy/helm-chart/templates/deployment.yaml @@ -1,7 +1,9 @@ +{{- if eq .Values.nginxGateway.kind "deployment" }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "nginx-gateway.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "nginx-gateway.labels" . | nindent 4 }} spec: @@ -9,12 +11,10 @@ spec: replicas: 1 selector: matchLabels: - app: nginx-gateway {{- include "nginx-gateway.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: nginx-gateway {{- include "nginx-gateway.selectorLabels" . | nindent 8 }} spec: containers: @@ -28,7 +28,7 @@ spec: fieldRef: fieldPath: status.podIP image: {{ .Values.nginxGateway.image.repository }}:{{ .Values.nginxGateway.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.nginxGateway.imagePullPolicy }} + imagePullPolicy: {{ .Values.nginxGateway.image.pullPolicy }} name: nginx-gateway securityContext: capabilities: @@ -41,7 +41,7 @@ spec: - mountPath: /etc/nginx name: nginx - image: {{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }} - imagePullPolicy: {{ .Values.nginx.imagePullPolicy }} + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} name: nginx ports: - containerPort: 80 @@ -92,3 +92,4 @@ spec: - configMap: name: {{ include "nginx-gateway.njs-modules" . }} name: njs-modules +{{- end }} diff --git a/deploy/helm-chart/templates/nginx-conf.yaml b/deploy/helm-chart/templates/nginx-conf.yaml index 4574b11d6f..dd64888508 100644 --- a/deploy/helm-chart/templates/nginx-conf.yaml +++ b/deploy/helm-chart/templates/nginx-conf.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "nginx-gateway.nginx-conf" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "nginx-gateway.labels" . | nindent 4 }} data: diff --git a/deploy/helm-chart/templates/njs-modules.yaml b/deploy/helm-chart/templates/njs-modules.yaml index 00ac33ec41..d67650d584 100644 --- a/deploy/helm-chart/templates/njs-modules.yaml +++ b/deploy/helm-chart/templates/njs-modules.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "nginx-gateway.njs-modules" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "nginx-gateway.labels" . | nindent 4 }} data: diff --git a/deploy/helm-chart/templates/rbac.yaml b/deploy/helm-chart/templates/rbac.yaml index 8b7f70b4d7..08119a2ac8 100644 --- a/deploy/helm-chart/templates/rbac.yaml +++ b/deploy/helm-chart/templates/rbac.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "nginx-gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "nginx-gateway.labels" . | nindent 4 }} annotations: diff --git a/deploy/helm-chart/templates/service.yaml b/deploy/helm-chart/templates/service.yaml index 0ef5c0e6fc..21b802308d 100644 --- a/deploy/helm-chart/templates/service.yaml +++ b/deploy/helm-chart/templates/service.yaml @@ -17,10 +17,10 @@ spec: {{- end }} {{- end }} type: {{ .Values.service.type }} - ports: + selector: + {{- include "nginx-gateway.selectorLabels" . | nindent 4 }} + ports: # Update the following ports to match your Gateway Listener ports {{- if .Values.service.ports }} {{ toYaml .Values.service.ports | indent 2 }} {{ end }} - selector: - {{- include "nginx-gateway.selectorLabels" . | nindent 4 }} {{- end }} diff --git a/deploy/helm-chart/values.yaml b/deploy/helm-chart/values.yaml index afd7192a7f..28158bcd8a 100644 --- a/deploy/helm-chart/values.yaml +++ b/deploy/helm-chart/values.yaml @@ -1,4 +1,6 @@ nginxGateway: + ## The kind of the NGINX Kubernetes Gateway installation - currently, only deployment is supported. + kind: deployment ## gatewayClassName is the name of the GatewayClass that will be created as part of this release. Every NGINX Gateway ## must have a unique corresponding GatewayClass resource. NGINX Kubernetes Gateway only processes resources that ## belong to its class - i.e. have the "gatewayClassName" field resource equal to the class. diff --git a/deploy/manifests/deployment.yaml b/deploy/manifests/deployment.yaml deleted file mode 100644 index 80b408a1d4..0000000000 --- a/deploy/manifests/deployment.yaml +++ /dev/null @@ -1,86 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-gateway - namespace: nginx-gateway -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-gateway - template: - metadata: - labels: - app: nginx-gateway - spec: - shareProcessNamespace: true - serviceAccountName: nginx-gateway - volumes: - - name: nginx - emptyDir: { } - - name: nginx-conf - configMap: - name: nginx-conf - - name: var-lib-nginx - emptyDir: { } - - name: njs-modules - configMap: - name: njs-modules - initContainers: - - image: busybox:1.36 - name: set-permissions - command: [ 'sh', '-c', 'rm -r /etc/nginx/conf.d /etc/nginx/secrets; mkdir /etc/nginx/conf.d /etc/nginx/secrets && chown 1001:0 /etc/nginx/conf.d /etc/nginx/secrets' ] - volumeMounts: - - name: nginx - mountPath: /etc/nginx - containers: - - image: ghcr.io/nginxinc/nginx-kubernetes-gateway:edge - imagePullPolicy: Always - name: nginx-gateway - volumeMounts: - - name: nginx - mountPath: /etc/nginx - securityContext: - runAsUser: 1001 - capabilities: - drop: - - ALL - add: - - KILL - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - args: - - static-mode - - --gateway-ctlr-name=k8s-gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - image: nginx:1.25 - imagePullPolicy: Always - name: nginx - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - volumeMounts: - - name: nginx - mountPath: /etc/nginx - - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: var-lib-nginx - mountPath: /var/lib/nginx - - name: njs-modules - mountPath: /usr/lib/nginx/modules/njs - securityContext: - capabilities: - drop: - - ALL - add: - - CHOWN - - NET_BIND_SERVICE - - SETGID - - SETUID - - DAC_OVERRIDE diff --git a/deploy/manifests/gatewayclass.yaml b/deploy/manifests/gatewayclass.yaml deleted file mode 100644 index bfa14bb077..0000000000 --- a/deploy/manifests/gatewayclass.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: GatewayClass -metadata: - name: nginx -spec: - controllerName: k8s-gateway.nginx.org/nginx-gateway-controller diff --git a/deploy/manifests/nginx-conf.yaml b/deploy/manifests/nginx-conf.yaml deleted file mode 100644 index c1747aeba9..0000000000 --- a/deploy/manifests/nginx-conf.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf - namespace: nginx-gateway -data: - nginx.conf: | - load_module /usr/lib/nginx/modules/ngx_http_js_module.so; - - events {} - - pid /etc/nginx/nginx.pid; - error_log stderr debug; - - http { - include /etc/nginx/conf.d/*.conf; - js_import /usr/lib/nginx/modules/njs/httpmatches.js; - proxy_headers_hash_bucket_size 512; - proxy_headers_hash_max_size 1024; - server_names_hash_bucket_size 256; - server_names_hash_max_size 1024; - variables_hash_bucket_size 512; - variables_hash_max_size 1024; - } diff --git a/deploy/manifests/nginx-gateway.yaml b/deploy/manifests/nginx-gateway.yaml new file mode 100644 index 0000000000..79837d0253 --- /dev/null +++ b/deploy/manifests/nginx-gateway.yaml @@ -0,0 +1,452 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nginx-gateway +--- +# Source: nginx-kubernetes-gateway/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-gateway + namespace: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" + annotations: + {} +--- +# Source: nginx-kubernetes-gateway/templates/nginx-conf.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-gateway-conf + namespace: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" +data: + nginx.conf: |- + load_module /usr/lib/nginx/modules/ngx_http_js_module.so; + events {} + pid /etc/nginx/nginx.pid; + error_log stderr debug; + http { + include /etc/nginx/conf.d/*.conf; + js_import /usr/lib/nginx/modules/njs/httpmatches.js; + proxy_headers_hash_bucket_size 512; + proxy_headers_hash_max_size 1024; + server_names_hash_bucket_size 256; + server_names_hash_max_size 1024; + variables_hash_bucket_size 512; + variables_hash_max_size 1024; + } +--- +# Source: nginx-kubernetes-gateway/templates/njs-modules.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-gateway-njs-modules + namespace: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" +data: + httpmatches.js: | + const MATCHES_VARIABLE = 'http_matches'; + const HTTP_CODES = { + notFound: 404, + internalServerError: 500, + }; + + function redirect(r) { + let matches; + + try { + matches = extractMatchesFromRequest(r); + } catch (e) { + r.error(e.message); + r.return(HTTP_CODES.internalServerError); + return; + } + + // Matches is a list of http matches in order of precedence. + // We will accept the first match that the request satisfies. + // If there's a match, redirect request to internal location block. + // If an exception occurs, return 500. + // If no matches are found, return 404. + let match; + try { + match = findWinningMatch(r, matches); + } catch (e) { + r.error(e.message); + r.return(HTTP_CODES.internalServerError); + return; + } + + if (!match) { + r.return(HTTP_CODES.notFound); + return; + } + + if (!match.redirectPath) { + r.error( + `cannot redirect the request; the match ${JSON.stringify( + match, + )} does not have a redirectPath set`, + ); + r.return(HTTP_CODES.internalServerError); + return; + } + + r.internalRedirect(match.redirectPath); + } + + function extractMatchesFromRequest(r) { + if (!r.variables[MATCHES_VARIABLE]) { + throw Error( + `cannot redirect the request; the variable ${MATCHES_VARIABLE} is not defined on the request object`, + ); + } + + let matches; + + try { + matches = JSON.parse(r.variables[MATCHES_VARIABLE]); + } catch (e) { + throw Error( + `cannot redirect the request; error parsing ${r.variables[MATCHES_VARIABLE]} into a JSON object: ${e}`, + ); + } + + if (!Array.isArray(matches)) { + throw Error(`cannot redirect the request; expected a list of matches, got ${matches}`); + } + + if (matches.length === 0) { + throw Error(`cannot redirect the request; matches is an empty list`); + } + + return matches; + } + + function findWinningMatch(r, matches) { + for (let i = 0; i < matches.length; i++) { + try { + let found = testMatch(r, matches[i]); + if (found) { + return matches[i]; + } + } catch (e) { + throw e; + } + } + + return null; + } + + function testMatch(r, match) { + // check for any + if (match.any) { + return true; + } + + // check method + if (match.method && r.method !== match.method) { + return false; + } + + // check headers + if (match.headers) { + try { + let found = headersMatch(r.headersIn, match.headers); + if (!found) { + return false; + } + } catch (e) { + throw e; + } + } + + // check params + if (match.params) { + try { + let found = paramsMatch(r.args, match.params); + if (!found) { + return false; + } + } catch (e) { + throw e; + } + } + + // all match conditions are satisfied so return true + return true; + } + + function headersMatch(requestHeaders, headers) { + for (let i = 0; i < headers.length; i++) { + const h = headers[i]; + const kv = h.split(':'); + + if (kv.length !== 2) { + throw Error(`invalid header match: ${h}`); + } + // Header names are compared in a case-insensitive manner, meaning header name "FOO" is equivalent to "foo". + // The NGINX request's headersIn object lookup is case-insensitive as well. + // This means that requestHeaders['FOO'] is equivalent to requestHeaders['foo']. + let val = requestHeaders[kv[0]]; + + if (!val) { + return false; + } + + // split on comma because nginx uses commas to delimit multiple header values + const values = val.split(','); + if (!values.includes(kv[1])) { + return false; + } + } + + return true; + } + + function paramsMatch(requestParams, params) { + for (let i = 0; i < params.length; i++) { + let p = params[i]; + // We store query parameter matches as strings with the format "key=value"; however, there may be more than one + // instance of "=" in the string. + // To recover the key and value, we need to find the first occurrence of "=" in the string. + const idx = params[i].indexOf('='); + // Check for an improperly constructed query parameter match. There are three possible error cases: + // (1) if the index is -1, then there are no "=" in the string (e.g. "keyvalue") + // (2) if the index is 0, then there is no value in the string (e.g. "key="). + // (3) if the index is equal to length -1, then there is no key in the string (e.g. "=value"). + if (idx === -1 || (idx === 0) | (idx === p.length - 1)) { + throw Error(`invalid query parameter: ${p}`); + } + + // Divide string into key value using the index. + let kv = [p.slice(0, idx), p.slice(idx + 1)]; + + // val can either be a string or an array of strings. + // Also, the NGINX request's args object lookup is case-sensitive. + // For example, 'a=1&b=2&A=3&b=4' will be parsed into {a: "1", b: ["2", "4"], A: "3"} + let val = requestParams[kv[0]]; + if (!val) { + return false; + } + + // If val is an array, we will match against the first element in the array according to the Gateway API spec. + if (Array.isArray(val)) { + val = val[0]; + } + + if (val !== kv[1]) { + return false; + } + } + + return true; + } + + export default { + redirect, + testMatch, + findWinningMatch, + headersMatch, + paramsMatch, + extractMatchesFromRequest, + HTTP_CODES, + MATCHES_VARIABLE, + }; +--- +# Source: nginx-kubernetes-gateway/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" +rules: +- apiGroups: + - "" + resources: + - namespaces + - services + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + verbs: + - list + - watch +- apiGroups: + - gateway.nginx.org + resources: + - gatewayconfigs + verbs: + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - gateways/status + - gatewayclasses/status + verbs: + - update +--- +# Source: nginx-kubernetes-gateway/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-gateway +subjects: +- kind: ServiceAccount + name: nginx-gateway + namespace: nginx-gateway +--- +# Source: nginx-kubernetes-gateway/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-gateway + namespace: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" +spec: + # We only support a single replica for now + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + template: + metadata: + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + spec: + containers: + - args: + - static-mode + - --gateway-ctlr-name=k8s-gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: ghcr.io/nginxinc/nginx-kubernetes-gateway:edge + imagePullPolicy: Always + name: nginx-gateway + securityContext: + capabilities: + add: + - KILL + drop: + - ALL + runAsUser: 1001 + volumeMounts: + - mountPath: /etc/nginx + name: nginx + - image: nginx:1.25 + imagePullPolicy: Always + name: nginx + ports: + - containerPort: 80 + name: http + - containerPort: 443 + name: https + securityContext: + capabilities: + add: + - CHOWN + - NET_BIND_SERVICE + - SETGID + - SETUID + - DAC_OVERRIDE + drop: + - ALL + volumeMounts: + - mountPath: /etc/nginx + name: nginx + - mountPath: /etc/nginx/nginx.conf + name: nginx-conf + subPath: nginx.conf + - mountPath: /var/lib/nginx + name: var-lib-nginx + - mountPath: /usr/lib/nginx/modules/njs + name: njs-modules + initContainers: + - command: + - sh + - -c + - rm -r /etc/nginx/conf.d /etc/nginx/secrets; mkdir /etc/nginx/conf.d /etc/nginx/secrets + && chown 1001:0 /etc/nginx/conf.d /etc/nginx/secrets + image: busybox:1.36 + name: set-permissions + volumeMounts: + - mountPath: /etc/nginx + name: nginx + serviceAccountName: nginx-gateway + shareProcessNamespace: true + volumes: + - emptyDir: {} + name: nginx + - configMap: + name: nginx-gateway-conf + name: nginx-conf + - emptyDir: {} + name: var-lib-nginx + - configMap: + name: nginx-gateway-njs-modules + name: njs-modules +--- +# Source: nginx-kubernetes-gateway/templates/gatewayclass.yaml +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: GatewayClass +metadata: + name: nginx + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" +spec: + controllerName: k8s-gateway.nginx.org/nginx-gateway-controller diff --git a/deploy/manifests/rbac.yaml b/deploy/manifests/rbac.yaml deleted file mode 100644 index c60f0145b4..0000000000 --- a/deploy/manifests/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nginx-gateway - namespace: nginx-gateway ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: nginx-gateway -rules: -- apiGroups: - - "" - resources: - - namespaces - - services - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - referencegrants - verbs: - - list - - watch -- apiGroups: - - gateway.nginx.org - resources: - - gatewayconfigs - verbs: - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/status - - gateways/status - - gatewayclasses/status - verbs: - - update ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: nginx-gateway -subjects: -- kind: ServiceAccount - name: nginx-gateway - namespace: nginx-gateway -roleRef: - kind: ClusterRole - name: nginx-gateway - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/manifests/service/loadbalancer-aws-nlb.yaml b/deploy/manifests/service/loadbalancer-aws-nlb.yaml index 8bbf959f7e..81efdeaf13 100644 --- a/deploy/manifests/service/loadbalancer-aws-nlb.yaml +++ b/deploy/manifests/service/loadbalancer-aws-nlb.yaml @@ -1,20 +1,28 @@ +--- +# Source: nginx-kubernetes-gateway/templates/service.yaml apiVersion: v1 kind: Service metadata: name: nginx-gateway namespace: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-type: nlb spec: + externalTrafficPolicy: Local type: LoadBalancer + selector: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway ports: # Update the following ports to match your Gateway Listener ports - - port: 80 + - name: http + port: 80 + protocol: TCP targetPort: 80 + - name: https + port: 443 protocol: TCP - name: http - - port: 443 targetPort: 443 - protocol: TCP - name: https - selector: - app: nginx-gateway diff --git a/deploy/manifests/service/loadbalancer.yaml b/deploy/manifests/service/loadbalancer.yaml index e915aeb3e9..1aed2a6aab 100644 --- a/deploy/manifests/service/loadbalancer.yaml +++ b/deploy/manifests/service/loadbalancer.yaml @@ -1,19 +1,26 @@ +--- +# Source: nginx-kubernetes-gateway/templates/service.yaml apiVersion: v1 kind: Service metadata: name: nginx-gateway namespace: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" spec: externalTrafficPolicy: Local type: LoadBalancer + selector: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway ports: # Update the following ports to match your Gateway Listener ports - - port: 80 + - name: http + port: 80 + protocol: TCP targetPort: 80 + - name: https + port: 443 protocol: TCP - name: http - - port: 443 targetPort: 443 - protocol: TCP - name: https - selector: - app: nginx-gateway diff --git a/deploy/manifests/service/nodeport.yaml b/deploy/manifests/service/nodeport.yaml index 759e83fe89..64c9f3d86a 100644 --- a/deploy/manifests/service/nodeport.yaml +++ b/deploy/manifests/service/nodeport.yaml @@ -1,18 +1,25 @@ +--- +# Source: nginx-kubernetes-gateway/templates/service.yaml apiVersion: v1 kind: Service metadata: name: nginx-gateway namespace: nginx-gateway + labels: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway + app.kubernetes.io/version: "edge" spec: type: NodePort + selector: + app.kubernetes.io/name: nginx-gateway + app.kubernetes.io/instance: nginx-gateway ports: # Update the following ports to match your Gateway Listener ports - - port: 80 + - name: http + port: 80 + protocol: TCP targetPort: 80 + - name: https + port: 443 protocol: TCP - name: http - - port: 443 targetPort: 443 - protocol: TCP - name: https - selector: - app: nginx-gateway diff --git a/docs/developer/implementing-a-feature.md b/docs/developer/implementing-a-feature.md index 371b83af3b..fad70cabee 100644 --- a/docs/developer/implementing-a-feature.md +++ b/docs/developer/implementing-a-feature.md @@ -50,7 +50,7 @@ practices to ensure a successful feature development process. 11. **Lint code**: See the [run the linter](/docs/developer/quickstart.md#run-the-linter) section of the quickstart guide for instructions. 12. **Run generators**: See the [Run go generate](/docs/developer/quickstart.md#run-go-generate) and the - [Update NJS module ConfigMaps](/docs/developer/quickstart.md#update-njs-module-configmaps) sections of the + [Update Generated Manifests](/docs/developer/quickstart.md#update-generated-manifests) sections of the quickstart guide for instructions. 13. **Open pull request**: Open a pull request targeting the `main` branch of the [nginx-kubernetes-gateway](https://github.com/nginxinc/nginx-kubernetes-gateway/tree/main) repository. The diff --git a/docs/developer/quickstart.md b/docs/developer/quickstart.md index 91ccde545b..12f132df05 100644 --- a/docs/developer/quickstart.md +++ b/docs/developer/quickstart.md @@ -84,19 +84,30 @@ This will build the docker image `nginx-kubernetes-gateway:`. kind load docker-image nginx-kubernetes-gateway:$(whoami) ``` -3. Modify the image name and image pull policy for the `nginx-gateway` container in the - NKG [deployment manifest](/deploy/manifests/deployment.yaml). Set the image name to the image you built in - the previous step and the image pull policy to `IfNotPresent`, so that Kubernetes will not try to pull it from - the DockerHub. Once the changes are made, follow - the [installation instructions](/docs/installation.md) to install NKG on your `kind` cluster. - - Alternatively, you can update the image name and pull policy by using the following command when applying - `deployment.yaml`: +3. Install Gateway API Resources ```shell - cat deploy/manifests/deployment.yaml | sed "s|image: ghcr.io/nginxinc/nginx-kubernetes-gateway.*|image: nginx-kubernetes-gateway:$(whoami)|" | sed "s|imagePullPolicy: Always|imagePullPolicy: IfNotPresent|" | kubectl apply -f - + kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v0.7.1/standard-install.yaml ``` +4. Install NKG using your custom image and expose NKG with a NodePort Service: + + - To install with Helm (where your release name is `my-release`): + + ```shell + helm install my-release ./deploy/helm-chart --create-namespace --wait --set service.type=NodePort --set nginxGateway.image.repository=nginx-kubernetes-gateway --set nginxGateway.image.tag=$(whoami) --set nginxGateway.image.pullPolicy=Never -n nginx-gateway + ``` + + > For more information on helm configuration options see the Helm [README](/deploy/helm-chart/README.md). + + - To install with manifests: + + ```shell + make generate-manifests HELM_TEMPLATE_COMMON_ARGS="--set nginxGateway.image.repository=nginx-kubernetes-gateway --set nginxGateway.image.tag=$(whoami) --set nginxGateway.image.pullPolicy=Never" + kubectl apply -f deploy/manifests/nginx-gateway.yaml + kubectl apply -f deploy/manifests/nodeport.yaml + ``` + ### Run Examples To make sure NKG is running properly, try out the [examples](/examples). @@ -142,7 +153,7 @@ To ensure all the generated code is up to date, run the following make command f make generate ``` -## Update NJS module ConfigMaps +## Update Generated Manifests To update the NJS ConfigMap yaml, run the following make command from the project's root directory: @@ -153,3 +164,9 @@ make generate-njs-yaml Additionally, the [NJS ConfigMap Helm template](/deploy/helm-chart/templates/njs-modules.yaml) will need to be updated. This is currently a manual process - ensure the content in the `data` field matches that in the [NJS ConfigMap manifest](/deploy/manifests/njs-modules.yaml) `data` field. + +Finally, to update all other generated manifests, run the following make command from the project's root directory: + +```shell +make generate-manifests +``` diff --git a/docs/installation.md b/docs/installation.md index c3186f7e44..b1ce91af94 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -13,8 +13,9 @@ page. ## Deploy NGINX Kubernetes Gateway from Manifests -> Note: NGINX Kubernetes Gateway can only run in the `nginx-gateway` namespace. -> This limitation will be addressed in the future releases. +> Note: By default, NGINX Kubernetes Gateway (NKG) will be installed into the nginx-gateway Namespace. +> It is possible to run NKG in a different Namespace, although you'll need to make modifications to the installation +> manifests. 1. Clone the repo and change into the `nginx-kubernetes-gateway` directory: @@ -29,40 +30,10 @@ page. kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v0.7.1/standard-install.yaml ``` -1. Create the nginx-gateway Namespace: - - ```shell - kubectl apply -f deploy/manifests/namespace.yaml - ``` - -1. Create the njs-modules ConfigMap: - - ```shell - kubectl apply -f deploy/manifests/njs-modules.yaml -n nginx-gateway - ``` - -1. Create the ConfigMap with the main NGINX configuration file: - - ```shell - kubectl apply -f deploy/manifests/nginx-conf.yaml - ``` - -1. Configure RBAC: - - ```shell - kubectl apply -f deploy/manifests/rbac.yaml - ``` - -1. Create the GatewayClass resource: - - ```shell - kubectl apply -f deploy/manifests/gatewayclass.yaml - ``` - 1. Deploy the NGINX Kubernetes Gateway: ```shell - kubectl apply -f deploy/manifests/deployment.yaml + kubectl apply -f deploy/manifests/nginx-gateway.yaml ``` 1. Confirm the NGINX Kubernetes Gateway is running in `nginx-gateway` namespace: @@ -140,3 +111,28 @@ Create a Service with type `LoadBalancer` using the appropriate manifest for you ### Use NGINX Kubernetes Gateway To get started, follow the tutorials in the [examples](../examples) directory. + +## Uninstalling NGINX Kubernetes Gateway + +### Uninstall NGINX Kubernetes Gateway from Manifests + +1. Uninstall the NGINX Kubernetes Gateway: + + ```shell + kubectl delete -f deploy/manifests/nginx-gateway.yaml + ``` + +1. Uninstall the Gateway API resources from the standard channel (the CRDs and the validating webhook): + + >**Warning: This command will delete all the corresponding custom resources in your cluster across all namespaces! + Please ensure there are no custom resources that you want to keep and there are no other Gateway API implementations + running in the cluster!** + + ```shell + kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v0.7.1/standard-install.yaml + ``` + +### Uninstall NGINX Kubernetes Gateway using Helm + +To uninstall NGINX Kubernetes Gateway when the deployment method is Helm, please follow the instructions +[here](/deploy/helm-chart/README.md#uninstalling-the-chart). diff --git a/docs/release-process.md b/docs/release-process.md index 4c7e50a684..49c61f6312 100644 --- a/docs/release-process.md +++ b/docs/release-process.md @@ -32,21 +32,20 @@ To create a new release, follow these steps: 4. If a problem is found, prepare a fix PR, merge it into the main branch and return to the previous step. 5. Create a release branch with a name that follows the `release-X.Y` format. 6. Prepare and merge a PR into the release branch to update the repo files for the release: - 1. Update the tag of NKG container images used in the installation manifests (both the - [deployment manifest](../deploy/manifests/deployment.yaml) and the - [provisioner manifest](../conformance/provisioner/provisioner.yaml)), - the Helm [values.yaml](../deploy/helm-chart/values.yaml) file, and docs to `X.Y.Z`. - 2. Ensure that the `imagePullPolicy` is `IfNotPresent` in the installation manifests and the Helm - [values.yaml](../deploy/helm-chart/values.yaml) file. - 3. Modify any `git clone` instructions to use `vX.Y.Z` tag. - 4. Update the Helm [Chart.yaml](../deploy/helm-chart/Chart.yaml): the `appVersion` to `X.Y.Z`, the icon and source + 1. Update the Helm [Chart.yaml](../deploy/helm-chart/Chart.yaml): the `appVersion` to `X.Y.Z`, the icon and source URLs to point at `vX.Y.Z`, and bump the `version`. - 5. Update the Helm [README](../deploy/helm-chart/README.md) `--version` flags in the helm commands to use the stable + 2. Update the Helm [README](../deploy/helm-chart/README.md) `--version` flags in the helm commands to use the stable `appVersion` from the previous step. - 6. Adjust the `VERSION` variable in the [Makefile](../Makefile) and the `NKG_TAG` in the + 3. Adjust the `VERSION` variable in the [Makefile](../Makefile) and the `NKG_TAG` in the [conformance tests Makefile](../conformance/Makefile) to `X.Y.Z`. - 7. Update the [README](../README.md) to include information about the release. - 8. Update the [changelog](../CHANGELOG.md). The changelog includes only important (from the user perspective) + 4. Update the tag of NKG container images used in the Helm [values.yaml](../deploy/helm-chart/values.yaml) file, the + [provisioner manifest](../conformance/provisioner/provisioner.yaml)), and all docs to `X.Y.Z`. + 5. Ensure that the `imagePullPolicy` is `IfNotPresent` in the Helm [values.yaml](../deploy/helm-chart/values.yaml) + file. + 6. Generate the installation manifests by running `make generate-manifests`. + 7. Modify any `git clone` instructions to use `vX.Y.Z` tag. + 8. Update the [README](../README.md) to include information about the release. + 9. Update the [changelog](../CHANGELOG.md). The changelog includes only important (from the user perspective) changes to NKG. This is in contrast with the autogenerated full changelog, which is created in the next step. As a starting point, copy the important features, bug fixes, and dependencies from the autogenerated draft of the full changelog. This draft can be found under diff --git a/embedded.go b/embedded.go index 2edc141b17..8c24e6db65 100644 --- a/embedded.go +++ b/embedded.go @@ -3,9 +3,9 @@ package embeddedfiles import _ "embed" // StaticModeDeploymentYAML contains the YAML manifest of the Deployment resource for the static mode. -// // We put this in the root of the repo because goembed doesn't support relative/absolute paths and symlinks, -// and we want to keep the manifests in the deploy/manifests directory. +// and we want to keep the static mode deployment manifest for the provisioner in the conformance/provisioner/ +// directory. // -//go:embed deploy/manifests/deployment.yaml +//go:embed conformance/provisioner/static-deployment.yaml var StaticModeDeploymentYAML []byte