From d64ed18a710ccc840958b764a4cc53490be60cc7 Mon Sep 17 00:00:00 2001 From: Saylor Berman Date: Thu, 13 Nov 2025 12:27:41 -0700 Subject: [PATCH 1/3] Update Service language for NGF Problem: The language around accessing the NGINX Service is outdated after the architecture change. Solution: Update this language to make it clear how the Service is deployed and accesssed. --- .../expose-nginx-gateway-fabric.md | 26 +++++++++---------- content/ngf/install/helm.md | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md index 1e87ac7ce..70c84df28 100644 --- a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md +++ b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md @@ -4,32 +4,34 @@ weight: 300 nd-docs: "DOCS-1427" --- -There are two options for accessing NGINX Gateway Fabric depending on the type of LoadBalancer service you chose during installation: +When a Gateway resource is created, the NGINX Gateway Fabric control plane will provision an NGINX service. By default, this is a LoadBalancer service. -- If the LoadBalancer type is `NodePort`, Kubernetes will randomly allocate two ports on every node of the cluster. - To access the NGINX Gateway Fabric, use an IP address of any node of the cluster along with the two allocated ports. +There are two options for accessing the NGINX service depending on the type of LoadBalancer service you chose during installation: + +- If the Service type is `NodePort`, Kubernetes will randomly allocate two ports on every node of the cluster. + To access NGINX, use an IP address of any node of the cluster along with the two allocated ports. {{< call-out "tip" >}} Read more about the type NodePort in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). {{< /call-out >}} -- If the LoadBalancer type is `LoadBalancer`: +- If the Service type is `LoadBalancer`: - - For GCP or Azure, Kubernetes will allocate a cloud load balancer for load balancing the NGINX Gateway Fabric pods. - Use the public IP of the load balancer to access NGINX Gateway Fabric. + - For GCP or Azure, Kubernetes will allocate a cloud load balancer for load balancing the NGINX pods. + Use the public IP of the load balancer to access NGINX. - For AWS, Kubernetes will allocate a Network Load Balancer (NLB) in TCP mode with the PROXY protocol enabled to pass the client's information (the IP address and the port). - Use the public IP of the load balancer to access NGINX Gateway Fabric. To get the public IP which is reported in the `EXTERNAL-IP` column: + Use the public IP of the load balancer to access NGINX. The NGINX Service exists in the same namespace that you deployed your Gateway in, and its name is ``. To get the public IP which is reported in the `EXTERNAL-IP` column: - For GCP or Azure, run: ```shell - kubectl get svc nginx-gateway -n nginx-gateway + kubectl get svc -n ``` - - In AWS, the NLB (Network Load Balancer) DNS (directory name system) name will be reported by Kubernetes instead of a public IP. To get the DNS name, run: + - In AWS, the NLB (Network Load Balancer) DNS name will be reported by Kubernetes instead of a public IP. To get the DNS name, run: ```shell - kubectl get svc nginx-gateway -n nginx-gateway + kubectl get svc -n ``` {{< call-out "note" >}} We recommend using the NLB DNS whenever possible, but for testing purposes, you can resolve the DNS name to get the IP address of the load balancer: @@ -46,8 +48,6 @@ There are two options for accessing NGINX Gateway Fabric depending on the type o termination. Read the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) to learn more. {{< /call-out >}} -{{< call-out "important" >}}By default Helm and manifests configure NGINX Gateway Fabric on ports `80` and `443`, affecting any gateway [listeners](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Listener) on these ports. To use different ports, update the configuration. NGINX Gateway Fabric requires a configured [gateway](https://gateway-api.sigs.k8s.io/api-types/gateway/#gateway) resource with a valid listener to listen on any ports.{{< /call-out >}} - NGINX Gateway Fabric uses the created service to update the **Addresses** field in the **Gateway Status** resource. Using a **LoadBalancer** service sets this field to the IP address and/or hostname of that service. Without a service, the pod IP address is used. -This gateway is associated with the NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a **GatewayClass** with the name **nginx**. NGINX Gateway Fabric will only configure gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag]({{< ref "/ngf/reference/cli-help.md#controller">}}). +This gateway is associated with NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a **GatewayClass** with the name **nginx**. NGINX Gateway Fabric will only configure gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag]({{< ref "/ngf/reference/cli-help.md#controller">}}). diff --git a/content/ngf/install/helm.md b/content/ngf/install/helm.md index 0daf283e5..219133acc 100644 --- a/content/ngf/install/helm.md +++ b/content/ngf/install/helm.md @@ -133,7 +133,7 @@ kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric - #### Service type -By default, the NGINX Gateway Fabric helm chart deploys a LoadBalancer Service. +By default, the NGINX Gateway Fabric control plane deploys a LoadBalancer Service when a Gateway is created. To use a NodePort Service instead: From 8dcf7886c910fc341368d076c5a6c6614a2dfe64 Mon Sep 17 00:00:00 2001 From: Saylor Berman Date: Thu, 13 Nov 2025 12:37:36 -0700 Subject: [PATCH 2/3] Add more context --- .../includes/ngf/installation/expose-nginx-gateway-fabric.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md index 70c84df28..4d20e7e88 100644 --- a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md +++ b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md @@ -4,7 +4,7 @@ weight: 300 nd-docs: "DOCS-1427" --- -When a Gateway resource is created, the NGINX Gateway Fabric control plane will provision an NGINX service. By default, this is a LoadBalancer service. +When a Gateway resource is created, the NGINX Gateway Fabric control plane will provision an NGINX service in the same namespace as the Gateway. By default, this is a LoadBalancer service. This is not the same service that is deployed when NGINX Gateway Fabric is first installed. The NGINX Gateway Fabric control plane has its own ClusterIP service for internal communication with the NGINX data planes. There are two options for accessing the NGINX service depending on the type of LoadBalancer service you chose during installation: From 8ace9abc5f788e80e1e94ef752c3944ab68aecef Mon Sep 17 00:00:00 2001 From: Saylor Berman Date: Fri, 14 Nov 2025 08:24:34 -0700 Subject: [PATCH 3/3] Add installation step --- content/ngf/install/secure-certificates.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/content/ngf/install/secure-certificates.md b/content/ngf/install/secure-certificates.md index 2f5425168..01c46e240 100644 --- a/content/ngf/install/secure-certificates.md +++ b/content/ngf/install/secure-certificates.md @@ -28,6 +28,12 @@ To complete this guide, you will need the following prerequisites: - Administrator access to a Kubernetes cluster. - [Helm](https://helm.sh) and [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) must be installed locally. +## Install Gateway API CRDs + +```shell +kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v{{< version-ngf >}}" | kubectl apply -f - +``` + ## Install cert-manager Add the Helm repository: