hostPort crds

Author: Gasoid

apis/v1alpha2/nginxproxy_types.go

@@ -383,33 +383,15 @@ type KubernetesSpec struct {
 
 // Deployment is the configuration for the NGINX Deployment.
 type DeploymentSpec struct {
-	// Number of desired Pods.
-	//
-	// +optional
-	Replicas *int32 `json:"replicas,omitempty"`
-
-	// Pod defines Pod-specific fields.
-	//
-	// +optional
-	Pod PodSpec `json:"pod"`
-
-	// Container defines container fields for the NGINX container.
-	//
-	// +optional
 	Container ContainerSpec `json:"container"`
+	Replicas  *int32        `json:"replicas,omitempty"`
+	Pod       PodSpec       `json:"pod"`
 }
 
 // DaemonSet is the configuration for the NGINX DaemonSet.
 type DaemonSetSpec struct {
-	// Pod defines Pod-specific fields.
-	//
-	// +optional
-	Pod PodSpec `json:"pod"`
-
-	// Container defines container fields for the NGINX container.
-	//
-	// +optional
 	Container ContainerSpec `json:"container"`
+	Pod       PodSpec       `json:"pod"`
 }
 
 // PodSpec defines Pod-specific fields.
@@ -457,32 +439,12 @@ type PodSpec struct {
 
 // ContainerSpec defines container fields for the NGINX container.
 type ContainerSpec struct {
-	// Debug enables debugging for NGINX by using the nginx-debug binary.
-	//
-	// +optional
-	Debug *bool `json:"debug,omitempty"`
-
-	// Image is the NGINX image to use.
-	//
-	// +optional
-	Image *Image `json:"image,omitempty"`
-
-	// Resources describes the compute resource requirements.
-	//
-	// +optional
-	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
-
-	// Lifecycle describes actions that the management system should take in response to container lifecycle
-	// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks
-	// until the action is complete, unless the container process fails, in which case the handler is aborted.
-	//
-	// +optional
-	Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"`
-
-	// VolumeMounts describe the mounting of Volumes within a container.
-	//
-	// +optional
-	VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"`
+	Debug        *bool                        `json:"debug,omitempty"`
+	Image        *Image                       `json:"image,omitempty"`
+	Resources    *corev1.ResourceRequirements `json:"resources,omitempty"`
+	Lifecycle    *corev1.Lifecycle            `json:"lifecycle,omitempty"`
+	HostPort     *HostPort                    `json:"hostPort,omitempty"`
+	VolumeMounts []corev1.VolumeMount         `json:"volumeMounts,omitempty"`
 }
 
 // Image is the NGINX image to use.
@@ -608,3 +570,15 @@ type NodePort struct {
 	// kubebuilder:validation:Maximum=65535
 	ListenerPort int32 `json:"listenerPort"`
 }
+
+type HostPort struct {
+	// Whether to enable hostPort feature
+	// If not specified, or set to false, hostPort will not be enabled.
+	// +optional
+	Enable bool `json:"enable,omitempty"`
+
+	// Number of port to expose on the host.
+	// kubebuilder:validation:Minimum=1
+	// kubebuilder:validation:Maximum=65535
+	Port int32 `json:"port"`
+}

charts/nginx-gateway-fabric/README.md

@@ -259,13 +259,13 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 | `certGenerator.serverTLSSecretName` | The name of the Secret containing TLS CA, certificate, and key for the NGINX Gateway Fabric control plane to securely communicate with the NGINX Agent. Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway). | string | `"server-tls"` |
 | `clusterDomain` | The DNS cluster domain of your Kubernetes cluster. | string | `"cluster.local"` |
 | `gateways` | A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference. | list | `[]` |
-| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{},"debug":false,"hostPort":{"enable":false,"port":443},"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` |
+| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{"hostPort":{"enable":false,"port":443}},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` |
 | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` |
-| `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` |
+| `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{"hostPort":{"enable":false,"port":443}}` |
+| `nginx.container.hostPort` | The hostPort configuration | object | `{"enable":false,"port":443}` |
+| `nginx.container.hostPort.enable` | Enables hostPort. | bool | `false` |
+| `nginx.container.hostPort.port` | The port | int | `443` |
 | `nginx.debug` | Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource. | bool | `false` |
-| `nginx.hostPort` | The hostPort configuration | object | `{"enable":false,"port":443}` |
-| `nginx.hostPort.enable` | Enables hostPort. | bool | `false` |
-| `nginx.hostPort.port` | The port | int | `443` |
 | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginx/nginx-gateway-fabric/nginx"` |
 | `nginx.imagePullSecret` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. The control plane will copy this secret into any namespace where NGINX is deployed. | string | `""` |
 | `nginx.imagePullSecrets` | A list of secret names containing docker registry credentials. Secrets must exist in the same namespace as the helm release. The control plane will copy these secrets into any namespace where NGINX is deployed. | list | `[]` |

charts/nginx-gateway-fabric/templates/deployment.yaml

@@ -135,9 +135,6 @@ spec:
         ports:
         - name: agent-grpc
           containerPort: 8443
-          {{- if .Values.nginx.hostPort.enable }}
-          hostPort: {{ .Values.nginx.hostPort.port }}
-          {{- end }}
         {{- if .Values.nginxGateway.metrics.enable }}
         - name: metrics
           containerPort: {{ .Values.nginxGateway.metrics.port }}

charts/nginx-gateway-fabric/values.schema.json

@@ -276,6 +276,32 @@
         },
         "container": {
           "description": "The container configuration for the NGINX container. This is applied globally to all Gateways managed by this\ninstance of NGINX Gateway Fabric.",
+          "properties": {
+            "hostPort": {
+              "description": "The hostPort configuration",
+              "properties": {
+                "enable": {
+                  "default": false,
+                  "description": "Enables hostPort.",
+                  "required": [],
+                  "title": "enable",
+                  "type": "boolean"
+                },
+                "port": {
+                  "default": 443,
+                  "description": "The port",
+                  "maximum": 65535,
+                  "minimum": 1,
+                  "required": [],
+                  "title": "port",
+                  "type": "integer"
+                }
+              },
+              "required": [],
+              "title": "hostPort",
+              "type": "object"
+            }
+          },
           "required": [],
           "title": "container",
           "type": "object"
@@ -287,30 +313,6 @@
           "title": "debug",
           "type": "boolean"
         },
-        "hostPort": {
-          "description": "The hostPort configuration",
-          "properties": {
-            "enable": {
-              "default": false,
-              "description": "Enables hostPort.",
-              "required": [],
-              "title": "enable",
-              "type": "boolean"
-            },
-            "port": {
-              "default": 443,
-              "description": "The port",
-              "maximum": 65535,
-              "minimum": 1,
-              "required": [],
-              "title": "port",
-              "type": "integer"
-            }
-          },
-          "required": [],
-          "title": "hostPort",
-          "type": "object"
-        },
         "image": {
           "properties": {
             "pullPolicy": {

charts/nginx-gateway-fabric/values.yaml

@@ -241,19 +241,6 @@ nginx:
     # Must exist in the same namespace that the NGINX Gateway Fabric control plane is running in (default namespace: nginx-gateway).
     clientSSLSecretName: ""
 
-  # -- The hostPort configuration
-  hostPort:
-    # -- Enables hostPort.
-    enable: false
-
-    # @schema
-    # type: integer
-    # minimum: 1
-    # maximum: 65535
-    # @schema
-    # -- The port
-    port: 443
-
   # @schema
   # type: object
   # properties:
@@ -409,7 +396,21 @@ nginx:
 
   # -- The container configuration for the NGINX container. This is applied globally to all Gateways managed by this
   # instance of NGINX Gateway Fabric.
-  container: {}
+  container:
+
+    # -- The hostPort configuration
+    hostPort:
+      # -- Enables hostPort.
+      enable: false
+
+      # @schema
+      # type: integer
+      # minimum: 1
+      # maximum: 65535
+      # @schema
+      # -- The port
+      port: 443
+
     # -- The resource requirements of the NGINX container.
     # resources: {}
 

internal/controller/provisioner/objects.go

@@ -766,6 +766,11 @@ func (p *NginxProvisioner) buildNginxPodTemplateSpec(
 				container.Command = append(container.Command, "/agent/entrypoint.sh")
 				container.Args = append(container.Args, "debug")
 			}
+
+			if containerSpec.HostPort != nil && containerSpec.HostPort.Enable && len(container.Ports) > 1 {
+				container.Ports[0].HostPort = containerSpec.HostPort.Port
+			}
+
 			spec.Spec.Containers[0] = container
 		}
 	}