apiVersion: v1 kind: Namespace metadata: name: nginx-gateway --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: edge name: nginx-gateway namespace: nginx-gateway --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: edge name: nginx-gateway rules: - apiGroups: - "" resources: - namespaces - services - secrets verbs: - get - list - watch - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - apps resources: - replicasets verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - list - watch - apiGroups: - gateway.networking.k8s.io resources: - gatewayclasses - gateways - httproutes - referencegrants - grpcroutes verbs: - list - watch - apiGroups: - gateway.networking.k8s.io resources: - httproutes/status - gateways/status - gatewayclasses/status - grpcroutes/status verbs: - update - apiGroups: - gateway.nginx.org resources: - nginxgateways verbs: - get - list - watch - apiGroups: - gateway.nginx.org resources: - nginxproxies - clientsettingspolicies - observabilitypolicies - snippetsfilters verbs: - list - watch - apiGroups: - gateway.nginx.org resources: - nginxgateways/status - clientsettingspolicies/status - observabilitypolicies/status - snippetsfilters/status verbs: - update - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - get - update - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: edge name: nginx-gateway roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nginx-gateway subjects: - kind: ServiceAccount name: nginx-gateway namespace: nginx-gateway --- apiVersion: v1 data: main.conf: | error_log stderr info; kind: ConfigMap metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: edge name: nginx-includes-bootstrap namespace: nginx-gateway --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: edge name: nginx-gateway namespace: nginx-gateway spec: externalTrafficPolicy: Local ports: - name: http port: 80 protocol: TCP targetPort: 80 - name: https port: 443 protocol: TCP targetPort: 443 selector: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway type: LoadBalancer --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: edge name: nginx-gateway namespace: nginx-gateway spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway template: metadata: annotations: prometheus.io/port: "9113" prometheus.io/scrape: "true" labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway spec: containers: - args: - static-mode - --gateway-ctlr-name=gateway.nginx.org/nginx-gateway-controller - --gatewayclass=nginx - --config=nginx-gateway-config - --service=nginx-gateway - --metrics-port=9113 - --health-port=8081 - --leader-election-lock-name=nginx-gateway-leader-election - --snippets-filters env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name image: ghcr.io/nginxinc/nginx-gateway-fabric:edge imagePullPolicy: Always name: nginx-gateway ports: - containerPort: 9113 name: metrics - containerPort: 8081 name: health readinessProbe: httpGet: path: /readyz port: health initialDelaySeconds: 3 periodSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: add: - KILL drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1001 runAsUser: 102 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /etc/nginx/conf.d name: nginx-conf - mountPath: /etc/nginx/stream-conf.d name: nginx-stream-conf - mountPath: /etc/nginx/main-includes name: nginx-main-includes - mountPath: /etc/nginx/secrets name: nginx-secrets - mountPath: /var/run/nginx name: nginx-run - mountPath: /etc/nginx/includes name: nginx-includes - image: ghcr.io/nginxinc/nginx-gateway-fabric/nginx:edge imagePullPolicy: Always name: nginx ports: - containerPort: 80 name: http - containerPort: 443 name: https securityContext: capabilities: add: - NET_BIND_SERVICE drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1001 runAsUser: 101 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /etc/nginx/conf.d name: nginx-conf - mountPath: /etc/nginx/stream-conf.d name: nginx-stream-conf - mountPath: /etc/nginx/main-includes name: nginx-main-includes - mountPath: /etc/nginx/secrets name: nginx-secrets - mountPath: /var/run/nginx name: nginx-run - mountPath: /var/cache/nginx name: nginx-cache - mountPath: /etc/nginx/includes name: nginx-includes initContainers: - command: - /usr/bin/gateway - copy - --source - /includes/main.conf - --destination - /etc/nginx/main-includes image: ghcr.io/nginxinc/nginx-gateway-fabric:edge imagePullPolicy: Always name: copy-nginx-config securityContext: capabilities: add: - KILL drop: - ALL readOnlyRootFilesystem: true runAsGroup: 1001 runAsUser: 102 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /includes name: nginx-includes-bootstrap - mountPath: /etc/nginx/main-includes name: nginx-main-includes securityContext: fsGroup: 1001 runAsNonRoot: true serviceAccountName: nginx-gateway shareProcessNamespace: true terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: nginx-conf - emptyDir: {} name: nginx-stream-conf - emptyDir: {} name: nginx-main-includes - emptyDir: {} name: nginx-secrets - emptyDir: {} name: nginx-run - emptyDir: {} name: nginx-cache - emptyDir: {} name: nginx-includes - configMap: name: nginx-includes-bootstrap name: nginx-includes-bootstrap --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: edge name: nginx spec: controllerName: gateway.nginx.org/nginx-gateway-controller --- apiVersion: gateway.nginx.org/v1alpha1 kind: NginxGateway metadata: labels: app.kubernetes.io/instance: nginx-gateway app.kubernetes.io/name: nginx-gateway app.kubernetes.io/version: edge name: nginx-gateway-config namespace: nginx-gateway spec: logging: level: info