Skip to content

DEPLOYING.md

Latest commit

 

History

History
147 lines (104 loc) · 5.17 KB

DEPLOYING.md

File metadata and controls

147 lines (104 loc) · 5.17 KB

Lab deployment

See the prerequisites

Installing

  1. Create NGINX Gateway Fabric namespace
kubectl create namespace nginx-gateway
  1. Create Kubernetes secret to pull images from NGINX private registry
kubectl create secret docker-registry nginx-plus-registry-secret --docker-server=private-registry.nginx.com --docker-username=`cat <nginx-one-eval.jwt>` --docker-password=none -n nginx-gateway

Note: <nginx-one-eval.jwt> is the path and filename of your nginx-one-eval.jwt file

  1. Create Kubernetes secret holding the NGINX Plus license
kubectl create secret generic nplus-license --from-file license.jwt=<nginx-one-eval.jwt> -n nginx-gateway

Note: <nginx-one-eval.jwt> is the path and filename of your nginx-one-eval.jwt file

  1. List available NGINX Gateway Fabric docker images
curl -s https://private-registry.nginx.com/v2/nginx-gateway-fabric/nginx-plus/tags/list --key <nginx-one-eval.key> --cert <nginx-one-eval.crt> | jq

Note: <nginx-one-eval.key> and <nginx-one-eval.key> are the path and filename of your nginx-one-eval.crt and nginx-one-eval.crt files respectively

Pick the latest version (2.6.0 at the time of writing)

  1. Apply NGINX Gateway Fabric custom resources (make sure ref= the latest available NGINX Gateway Fabric version)
kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v2.6.0" | kubectl apply -f -
kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/inference-extension/?ref=v2.6.0" | kubectl apply -f -
  1. Install NGINX Gateway Fabric through its Helm chart (set nginx.image.tag to the latest available NGINX Gateway Fabric version)
helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
  --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus-f5waf \
  --set nginx.image.tag=2.6.0 \
  --set nginx.plus=true \
  --set nginx.config.waf.enable=true \
  --set serviceAccount.imagePullSecret=nginx-plus-registry-secret \
  --set nginx.imagePullSecret=nginx-plus-registry-secret \
  --set nginx.usage.secretName=nplus-license \
  --set nginx.service.type=NodePort \
  --set nginxGateway.snippets.enable=true \
  --set nginxGateway.gwAPIInferenceExtension.enable=true \
  -n nginx-gateway
  1. Check NGINX Gateway Fabric pod status
kubectl get pods -n nginx-gateway

Pod should be in the Running state

NAME                                            READY   STATUS      RESTARTS   AGE
ngf-nginx-gateway-fabric-54c4c85974-tpkkk       1/1     Running     0          14s
  1. Check NGINX Gateway Fabric logs
kubectl logs -l app.kubernetes.io/instance=ngf -n nginx-gateway -c nginx-gateway

Output should be similar to

{"level":"info","ts":"2026-05-15T08:48:37Z","msg":"Starting the NGINX Gateway Fabric control plane","version":"2.6.0","commit":"95a66d8cec0ce98e1985aeab728317c5ba7ec0c6","date":"2026-05-07T08:45:21Z","dirty":"true"}
{"level":"info","ts":"2026-05-15T08:48:37Z","msg":"Starting manager"}
{"level":"info","ts":"2026-05-15T08:48:37Z","logger":"controller-runtime.metrics","msg":"Starting metrics server"}
{"level":"info","ts":"2026-05-15T08:48:37Z","logger":"controller-runtime.metrics","msg":"Serving metrics server","bindAddress":":9113","secure":false}
{"level":"info","ts":"2026-05-15T08:48:37Z","msg":"starting server","name":"health probe","addr":"[::]:8081"}
{"level":"info","ts":"2026-05-15T08:48:37Z","msg":"Attempting to acquire leader lease...","lock":"nginx-gateway/ngf-nginx-gateway-fabric-leader-election"}
{"level":"info","ts":"2026-05-15T08:48:37Z","msg":"Successfully acquired lease","lock":"nginx-gateway/ngf-nginx-gateway-fabric-leader-election"}
{"level":"info","ts":"2026-05-15T08:48:38Z","logger":"telemetryJob","msg":"Starting cronjob"}
{"level":"info","ts":"2026-05-15T08:48:38Z","logger":"eventLoop.eventHandler","msg":"Reconfigured control plane.","batchID":2}
  1. Check Kubernetes service status
kubectl get svc -n nginx-gateway

NGINX Gateway Fabric control plane should be listening on TCP port 443

NAME                       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
ngf-nginx-gateway-fabric   ClusterIP   10.106.141.189   <none>        443/TCP   37s
  1. Check the gatewayclass
kubectl get gatewayclass

The nginx gatewayclass should have been accepted correctly

NAME    CONTROLLER                                   ACCEPTED   AGE
nginx   gateway.nginx.org/nginx-gateway-controller   True       50s

Uninstalling

  1. Uninstall NGINX Gateway Fabric through its Helm chart
helm uninstall ngf -n nginx-gateway
  1. Delete the namespace
kubectl delete namespace nginx-gateway
  1. Remove all CRDs
kubectl delete -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.6.0/deploy/crds.yaml
  1. Remove the Gateway API resources
kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v2.6.0" | kubectl delete -f -
kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/inference-extension/?ref=v2.6.0" | kubectl apply -f -