Connect NGINX Gateway Fabric with Manifests
This document explains how to connect F5 NGINX Gateway Fabric to F5 NGINX One Console with Manifests. Connecting NGINX Gateway Fabric to NGINX One Console enables centralized monitoring of all controller instances.
Once connected, you’ll see a read-only configuration of NGINX Gateway Fabric. For each instance, you can review:
- Read-only configuration file
- Unmanaged SSL/TLS certificates for Control Planes
Log in to NGINX One Console. If you need more information, review our Get started guide.
To complete this guide, you’ll need to install:
- kubectl, a command-line interface for managing Kubernetes clusters.
- Add certificates for secure authentication in a production environment.
If you’d like to use NGINX Plus, some additional setup is also required:
A data plane key is a security token that ensures only trusted NGINX instances can register and communicate with NGINX One.
To generate a data plane key, select Manage > Instances > Add Instance:
- For a new key: In the Add Instance pane, select Generate Data Plane Key.
- To reuse an existing key: If you already have a data plane key and want to use it again, select Use existing key. Then, enter the key’s value in the Data Plane Key box.
Data plane key guidelinesData plane keys are displayed only once and cannot be retrieved later. Be sure to copy and store this key securely.
Data plane keys expire after one year. You can change this expiration date later by editing the key. If you revoke a data plane key you disconnect all instances registered with that key.
For more options associated with data plane keys, see Create and manage data plane keys.
For more information, review how you can Secure traffic using Let’s Encrypt and cert-manager
The Gateway API resources from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - see the Technical Specifications.
To install the Gateway API resources, run the following:
kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v2.1.0" | kubectl apply -f -If you plan to use theedgeversion of NGINX Gateway Fabric, you can replace the version inrefwithmain, for exampleref=main.
Alternatively, you can install the Gateway API resources from the experimental channel. Installing Gateway API resources from the experimental channel includes everything in the standard release channel plus additional experimental resources and fields. NGINX Gateway Fabric currently supports a subset of the additional features provided by the experimental channel. To install from the experimental channel, run the following:
kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v2.1.0" | kubectl apply -f -To learn more about what Gateway API resources NGINX Gateway Fabric currently supports, visit our Gateway API Compatibility document.
kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.1.0/deploy/crds.yamlkubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/main/deploy/crds.yamlBy default, NGINX Gateway Fabric is installed in the nginx-gateway namespace. You can deploy in another namespace by modifying the manifest files.
Deploys NGINX Gateway Fabric with NGINX OSS.
kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.1.0/deploy/default/deploy.yamlDeploys NGINX Gateway Fabric with NGINX OSS.
kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.1.0/deploy/default/deploy.yamlTo set up an AWS Network Load Balancer service, add these annotations to your Gateway infrastructure field:
spec:
infrastructure:
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "external"
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"Deploys NGINX Gateway Fabric with NGINX OSS and nodeSelector to deploy on Linux nodes.
kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.1.0/deploy/azure/deploy.yamlDeploys NGINX Gateway Fabric with NGINX Plus. The image is pulled from the
NGINX Plus Docker registry, and the imagePullSecretName is the name of the Secret to use to pull the image.
The NGINX Plus JWT Secret used to run NGINX Plus is also specified in a volume mount and the --usage-report-secret parameter. These Secrets are created as part of the Before you begin section.
kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.1.0/deploy/nginx-plus/deploy.yamlDeploys NGINX Gateway Fabric with NGINX OSS and experimental features.
kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.1.0/deploy/experimental/deploy.yamlRequires the Gateway APIs installed from the experimental channel.
Deploys NGINX Gateway Fabric with NGINX Plus and experimental features. The image is pulled from the
NGINX Plus Docker registry, and the imagePullSecretName is the name of the Secret to use to pull the image.
The NGINX Plus JWT Secret used to run NGINX Plus is also specified in a volume mount and the --usage-report-secret parameter. These Secrets are created as part of the Before you begin section.
kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.1.0/deploy/nginx-plus-experimental/deploy.yamlRequires the Gateway APIs installed from the experimental channel.
Deploys NGINX Gateway Fabric with NGINX OSS using a Service type of NodePort.
kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.1.0/deploy/nodeport/deploy.yamlDeploys NGINX Gateway Fabric with NGINX OSS on OpenShift.
kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v2.1.0/deploy/openshift/deploy.yamlTo confirm that NGINX Gateway Fabric is running, check the pods in the nginx-gateway namespace:
kubectl get pods -n nginx-gatewayThe output should look similar to this (note that the pod name will include a unique string):
NAME READY STATUS RESTARTS AGE
nginx-gateway-5d4f4c7db7-xk2kq 1/1 Running 0 112sFor more details, see: