NGF: Add supported images to tech specs and guidance around WAF containers#1948
NGF: Add supported images to tech specs and guidance around WAF containers#1948ciarams87 wants to merge 2 commits into
Conversation
github-actions
Bot
added
documentation
✅ Deploy Preview will be available once build job completes!
|
|
We still need to update the WAF getting started guide to say that NGF needs to be installed with the nginx image set to |
|
|
||
| ### Data plane images with NGINX | ||
|
|
||
| _All images include NGINX 1.30.0._ |
There was a problem hiding this comment.
This will be a pain to keep up to date.
There was a problem hiding this comment.
Yeah I'm going to remove it. It actually seems redundant given the tech specs table above
|
|
||
| | Name | Base image | Image | Architectures | | ||
| |-----------------|----------------------------|--------------------------------------------------------------------|----------------| | ||
| | Default image | `nginx:1.30.0-alpine-otel` | `ghcr.io/nginx/nginx-gateway-fabric/nginx:{{< version-ngf >}}` | amd64<br>arm64 | |
There was a problem hiding this comment.
This as well. Can the version itself be made generic?
|
|
||
| NGINX Plus images are available through the F5 Container registry `private-registry.nginx.com`. For setup instructions and authentication details, see [Install NGINX Gateway Fabric with NGINX Plus]({{< ref "/ngf/install/nginx-plus.md" >}}). | ||
|
|
||
| _All images include NGINX Plus R36._ |
There was a problem hiding this comment.
should we also have a short code for this like version-ngf
There was a problem hiding this comment.
As above, I'm going to remove this. It actually seems redundant given the tech specs table above
|
|
||
| When WAF is enabled, NGINX Gateway Fabric deploys two sidecar containers — `waf-enforcer` and `waf-config-mgr` — alongside the main NGINX container. You can customize the image, resource requirements, and additional volume mounts for each container using the `NginxProxy` resource. | ||
|
|
||
| These settings are configured under `spec.kubernetes.deployment.wafContainers` (or `spec.kubernetes.daemonSet.wafContainers` for DaemonSet mode). This follows the same infrastructure configuration pattern described in [Configure infrastructure-related settings]({{< ref "/ngf/how-to/data-plane-configuration.md#configure-infrastructure-related-settings" >}}). For the full list of configurable fields, see the `NginxProxy` spec in the [API reference]({{< ref "/ngf/reference/api.md" >}}). |
There was a problem hiding this comment.
| This follows the same infrastructure configuration pattern described in [Configure infrastructure-related settings]({{< ref "/ngf/how-to/data-plane-configuration.md#configure-infrastructure-related-settings" >}})
Do we need this? The document clearly says we set it using NginxProxy resources so seems extra
@sjberman Our installation docs don't specify the image to use for plus. If the image is not specified, then the WAF one will be used by default if WAF is enabled but no bespoke image was specified |
@ciarams87 I see |
@sjberman I forgot to toggle to the plus command in the installation docs so I missed it 🤦🏼♀️ Yeah I'll explain this in the waf docs so |
| deployment: | ||
| container: | ||
| image: | ||
| repository: private-registry.nginx.com/nginx-gateway-fabric/nginx-plus-f5waf |
There was a problem hiding this comment.
Would it make more sense to just have installation instructions to set this image up front, that way it's in the GatewayClass NginxProxy? (this is assuming that having WAF on all Gateways is the more common use case)
3 participants
Proposed changes
This change enhances the NGF technical specifications to include tables of the images provided through our repositories, and adds references to different sections where appropriate linking back to this section.
This change also adds a section to the WAF configuration guide outlining how the WAF sidecar containers can be optionally customised with different images and other infrastructure settings.
Checklist
Before sharing this pull request, I completed the following checklist:
Footnotes
Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content. ↩