Add document for installing NGF on OpenShift through OperatorHub #1332
Conversation
Update compatability doc with Port for ParentRef
Update gateway addresses compatibility document.
…omment (#1126) Add a small comment on IP families to gateway addresses compatibility document.
Added mention about unsupported fields for RouteRules and Gateways Closes nginx/nginx-gateway-fabric#3784
feat: Update advanced routing guide for regex path
…cs (#1284) * Add details on BuildOS and InferencePoolCount to Product Telemetry docs * Add InferencePoolCount * Move InferencePool resource into "Count of Resources" section
github-actions
bot
added
documentation
✅ Deploy Preview will be available once build job completes!
|
|
Changing the base branch to |
| Please note that while we make every effort to reflect the support status of experimental fields in our code and documentation, there may be instances where this is not explicitly | ||
| indicated. Support for such fields is provided on a best-effort basis.{{< /call-out >}} |
There was a problem hiding this comment.
| Please note that while we make every effort to reflect the support status of experimental fields in our code and documentation, there may be instances where this is not explicitly | |
| indicated. Support for such fields is provided on a best-effort basis.{{< /call-out >}} | |
| Please note that while we make every effort to reflect the support status of experimental fields in our code and documentation, there may be instances where this is not explicitly indicated. Support for such fields is provided on a best-effort basis.{{< /call-out >}} |
There was a problem hiding this comment.
Lets avoid making this update here as it's not part of the new document
Did you change base branch too? or only the aim of merge? I see many commits difference |
There was a problem hiding this comment.
Broadly speaking, the new page needs to be restructured.
It doesn't adhere to our contemporary page standards:
- It's missing the documentation metadata
- The requirements section is not named correctly
- It uses the NGF three letter acronym: we do not use TLAs in public-facing documentation
- It uses
bashas a formatting language, whenshellhas been the norm for months - It doesn't use Hugo for list enumeration
Many of the structural issues could have been avoided by using Hugo archetypes, for which we maintain documentation which is part of the Contributing guidelines as the first item in the PR checklist.
Effectively no commits on this branch adhere to the Git conventions as the second item in the PR checklist, though this does not need to be fixed in retrospect as long as the eventual merge message is correct.
content/ngf/install/openshift.md
Outdated
| 1. Navigate to Operators → OperatorHub. | ||
| 2. Search for "NGINX Gateway Fabric". | ||
| 3. Select the NGF Operator (provider: NGINX, Inc) and click Install. | ||
| 4. Choose an update channel (for example, stable 2.x), installation mode (All namespaces or a specific namespace), and approve automatic updates as desired. |
There was a problem hiding this comment.
We don't currently support specific namespace or automatic updates
content/ngf/install/openshift.md
Outdated
| ## Optional: NGINX Plus licensing | ||
|
|
||
| If you plan to use NGINX Plus, you will need to: | ||
| - Set `spec.nginx.nginxOneConsole.plus: true` |
There was a problem hiding this comment.
| - Set `spec.nginx.nginxOneConsole.plus: true` | |
| - Set `spec.nginx.plus: true` |
content/ngf/install/openshift.md
Outdated
|
|
||
| ## Create the NginxGatewayFabric CR | ||
|
|
||
| Minimal example for OpenShift: |
There was a problem hiding this comment.
All the pre-populated or empty fields can be omitted - keep the image ones etc as makes sense, but all these fields just correspond to the helm command and don't need to be explicitly set. We display them in the UI for user convenience, but they are not required for a minimal example.
content/ngf/install/openshift.md
Outdated
|
|
||
| Wait for the Operator to reconcile. It will provision the NGF controller and data plane deployments, services, and related resources. | ||
|
|
||
| ## OpenShift-specific exposure options |
There was a problem hiding this comment.
Is this section required?
There was a problem hiding this comment.
It feels like it would be helpful just for anyone starting out on Openshift. Happy to remove it if we feel it adds to much to the document
content/ngf/install/openshift.md
Outdated
| - `terminationGracePeriodSeconds`: Default 30 seconds. | ||
| - `topologySpreadConstraints`, `tolerations`, `nodeSelector`, `affinity`: Pod scheduling controls. | ||
|
|
||
| ## Pod scheduling and security (OpenShift) |
There was a problem hiding this comment.
This is a useful section, thanks! SCCs are a headache 😅
content/ngf/install/openshift.md
Outdated
| ``` | ||
| - For TLS passthrough, use `--passthrough` and target the appropriate service port. | ||
|
|
||
| ## Operator-specific configuration options (NginxGatewayFabric spec) |
There was a problem hiding this comment.
I'm not convinced we should maintain a list here - I think the Helm values should be the source of truth, with generic guidelines on how these values are translated into the NginxGatewayFabric CRD fields
content/ngf/install/openshift.md
Outdated
|
|
||
| - NGF Helm chart defaults (values): See `helm-charts/nginx-gateway-fabric/values.yaml` in the NGF repository. | ||
|
|
||
| ## Notes |
There was a problem hiding this comment.
Based on my previous comments, these notes can probably be removed also
|
I made changes to the PR to reflect these points of feedback:
I'm confused by these points
The second items says
There is a Title and Description in this document. Is there other metadata missing? The most reset set of commits adds
This document doesn't have a requirements section at all, so it's not clear what you mean by this. Should we have a requirements section?
Again, not sure what this means. The Hugo Content page says As a point of feedback for the feedback, |
shaun-nx
requested review from
ADubhlaoich,
ciarams87,
salonichf5 and
tataruty
content/ngf/install/openshift.md
Outdated
|
|
||
| ## Overview | ||
|
|
||
| This guide details how to install F5 NGINX Gateway Fabric on Red Hat OpenShift through OperatorHub and configure it with the `NginxGatewayFabric` custom resource. |
There was a problem hiding this comment.
General style: shorter sentences are easier to read
| This guide details how to install F5 NGINX Gateway Fabric on Red Hat OpenShift through OperatorHub and configure it with the `NginxGatewayFabric` custom resource. | |
| This guide details how to install F5 NGINX Gateway Fabric on Red Hat OpenShift through OperatorHub. You can then configure it with the `NginxGatewayFabric` custom resource. |
| - F5 NGINX One dataplane API key if you plan to integrate with [F5 NGINX One Console](https://docs.nginx.com/nginx-one/). | ||
| - F5 NGINX Plus entitlements if you plan to run NGINX Gateway Fabric with F5 NGINX Plus. | ||
|
|
||
| NGINX Gateway Fabric provides first-class OpenShift support with Universal Base Image (UBI)-based images. Use the `-ubi` tags shown in the custom resource definition (CRD) examples. Defaults are compatible with OpenShift Security Context Constraints (SCCs) for non-root operation. If your cluster enforces custom SCCs or policies, bind the appropriate SCC to NGINX Gateway Fabric service accounts. |
There was a problem hiding this comment.
I discourage marketing terms in docs. It hurts credibility with our target audience
| NGINX Gateway Fabric provides first-class OpenShift support with Universal Base Image (UBI)-based images. Use the `-ubi` tags shown in the custom resource definition (CRD) examples. Defaults are compatible with OpenShift Security Context Constraints (SCCs) for non-root operation. If your cluster enforces custom SCCs or policies, bind the appropriate SCC to NGINX Gateway Fabric service accounts. | |
| NGINX Gateway Fabric provides OpenShift support with Universal Base Image (UBI)-based images. Use the `-ubi` tags shown in the custom resource definition (CRD) examples. Defaults are compatible with OpenShift Security Context Constraints (SCCs) for non-root operation. If your cluster enforces custom SCCs or policies, bind the appropriate SCC to NGINX Gateway Fabric service accounts. |
There was a problem hiding this comment.
@ciarams87 @mkingst what are your thoughts on this one?
content/ngf/install/openshift.md
Outdated
| -n nginx-gateway-fabric | ||
| ``` | ||
|
|
||
| ### Integrate with NGINX One (optional) |
There was a problem hiding this comment.
I presume you mean the UI, not the product (which includes NIM, N Plus, etc.)
| ### Integrate with NGINX One (optional) | |
| ### Integrate with NGINX One Console (optional) |
content/ngf/install/openshift.md
Outdated
|
|
||
| ### Integrate with NGINX One (optional) | ||
|
|
||
| If you want NGINX Gateway Fabric to connect to NGINX One, create a secret for the dataplane key (replace VALUE with your key). |
There was a problem hiding this comment.
| If you want NGINX Gateway Fabric to connect to NGINX One, create a secret for the dataplane key (replace VALUE with your key). | |
| If you want to use NGINX One Console to monitor NGINX Gateway Fabric, create a secret for the dataplane key (replace VALUE with your key). |
content/ngf/install/openshift.md
Outdated
|
|
||
| ### Create the NginxGatewayFabric custom resource | ||
|
|
||
| Create a minimal `NginxGatewayFabric` custom resource for OpenShift. |
There was a problem hiding this comment.
| Create a minimal `NginxGatewayFabric` custom resource for OpenShift. | |
| Create a minimal `NginxGatewayFabric` custom resource for OpenShift. Include this code in a file named `nginx-gateway-fabric.yaml`. |
|
|
||
| ### Validate the installation | ||
|
|
||
| Verify that deployments and services are running, and confirm the GatewayClass: |
There was a problem hiding this comment.
Is there a thing called GatewayClass? If not, I'd rephrase this to the actual directive:
| Verify that deployments and services are running, and confirm the GatewayClass: | |
| Verify that deployments and services are running, and confirm the `gatewayclass`: |
There was a problem hiding this comment.
Yes, GatewayClass is an Object in the Gateway API.
https://gateway-api.sigs.k8s.io/api-types/gatewayclass/
content/ngf/install/openshift.md
Outdated
|
|
||
| ### Perform a functional check (optional) | ||
|
|
||
| 9. Create a simple Gateway and HTTPRoute to validate routing: |
There was a problem hiding this comment.
This implies steps 1-8.
Also, our style guide discourages words like "simple"
| 9. Create a simple Gateway and HTTPRoute to validate routing: | |
| Create a Gateway and HTTPRoute to validate routing: |
Co-authored-by: Mike Jang <3287976+mjang@users.noreply.github.com>
8 participants
Proposed changes
This change adds a new page to the NGF Install section on how to install the NGF on OpenShift using the RedHat Operator Hub.
This guide also includes Operator specific configurations as well as troubleshooting.
Closes nginx/nginx-gateway-fabric#3911
Checklist
Before sharing this pull request, I completed the following checklist:
Footnotes
Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content. ↩