Skip to content

Commit 8545aa1

Browse files
mjangsylwang
andauthored
feature: incorporate NIC into NGINX 1 Console (not yet for NGF) (#736)
* feature: incorporate NIC and NGF into NGINX 1 Console * Include changelog Co-authored-by: Alan Dooley <[email protected]> Co-authored-by: Jodie Putrino <[email protected]> Co-authored-by: Travis Martin <[email protected]> Co-authored-by: Sylvia Wang <[email protected]> --------- Co-authored-by: Sylvia Wang <[email protected]>
1 parent 166a2a0 commit 8545aa1

File tree

7 files changed

+199
-4
lines changed

7 files changed

+199
-4
lines changed

content/nginx-one/_index.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,9 @@ F5 NGINX One Console makes it easy to manage NGINX instances across locations an
4040
{{<card title="Secure with NGINX App Protect" titleUrl="/nginx-one/nap-integration/" >}}
4141
Manage one instance or groups of instances. Monitor certificates. Set up metrics.
4242
{{</card>}}
43+
{{<card title="Connect Kubernetes deployments" titleUrl="/nginx-one/k8s/">}}
44+
Monitor deployments for CVEs and certificates
45+
{{</ card >}}
4346
{{<card title="Organize users with RBAC" titleUrl="/nginx-one/rbac/" >}}
4447
Assign responsibilities with role-based access control
4548
{{</card>}}

content/nginx-one/api/_index.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
title: Automate with the NGINX One API
33
description:
4-
weight: 700
4+
weight: 800
55
url: /nginx-one/api
66
---

content/nginx-one/changelog.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,13 @@ In NGINX One Console, you can:
4141
- Toggle between [Default policy bundles]({{< ref "/nap-waf/v5/configuration-guide/configuration/#updating-default-policy-bundles" >}})
4242
- Set a blocking or transparant [Policy enforcement mode]({{< ref "/nap-waf/v5/configuration-guide/configuration/#policy-enforcement-modes" >}})
4343

44+
### Monitor F5 NGINX Ingress Controller deployments
45+
46+
You can now monitor your NGINX Ingress Controller deployments. For details, see how
47+
you can [Connect to NGINX One Console]({{< ref "/nginx-one/k8s/add-nic.md" >}}).
48+
49+
Unlike other NGINX instances, when you connect NGINX Ingress Controller to NGINX One Console, access is read-only. Refer to our [NGINX Ingress Controller]({{< ref "/nic/" >}}) for details on how to modify these instances.
50+
4451
## July 1, 2025
4552

4653
### NGINX Agent version 3 support

content/nginx-one/glossary.md

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,8 @@ description: ''
33
nd-docs: DOCS-1396
44
title: Glossary
55
toc: true
6-
weight: 800
7-
type:
8-
- reference
6+
weight: 1000
7+
nd-content-type: reference
98
---
109

1110
This glossary defines terms used in the F5 NGINX One Console and F5 Distributed Cloud.

content/nginx-one/k8s/_index.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
---
2+
title: Connect Kubernetes deployments
3+
description:
4+
weight: 700
5+
url: /nginx-one/k8s
6+
nd-product: NGINX One
7+
---
8+

content/nginx-one/k8s/add-nic.md

Lines changed: 159 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,159 @@
1+
---
2+
title: Connect to NGINX One Console
3+
toc: true
4+
weight: 200
5+
nd-content-type: how-to
6+
nd-product: NGINX One
7+
---
8+
9+
This document explains how to connect F5 NGINX Ingress Controller <!-- and F5 NGINX Gateway Fabric -->to F5 NGINX One Console using NGINX Agent.
10+
Connecting NGINX Ingress Controller to NGINX One Console enables centralized monitoring of all controller instances.
11+
12+
Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller. For each instance, you can review:
13+
14+
- Read-only configuration file
15+
- Unmanaged SSL/TLS certificates for Control Planes
16+
17+
## Before you begin
18+
19+
Before connecting NGINX Ingress Controller to NGINX One Console, you need to create a Kubernetes Secret with the data plane key. Use the following command:
20+
21+
```shell
22+
kubectl create secret generic dataplane-key \
23+
--from-literal=dataplane.key=<Your Dataplane Key> \
24+
-n <namespace>
25+
```
26+
27+
When you create a Kubernetes Secret, use the same namespace where NGINX Ingress Controller is running.
28+
If you use [`-watch-namespace`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#watch-namespace-string" >}}) or [`watch-secret-namespace`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#watch-secret-namespace-string" >}}) arguments with NGINX Ingress Controller,
29+
you need to add the dataplane key secret to the watched namespaces. This secret will take approximately 60 - 90 seconds to reload on the pod.
30+
31+
{{<note>}}
32+
You can also create a data plane key through the NGINX One Console. Once loggged in, select **Manage > Control Planes > Add Control Plane**, and follow the steps shown.
33+
{{</note>}}
34+
35+
## Deploy NGINX Ingress Controller with NGINX Agent
36+
37+
{{<tabs name="deploy-config-resource">}}
38+
{{%tab name="Helm"%}}
39+
40+
Edit your `values.yaml` file to enable NGINX Agent and configure it to connect to NGINX One Console:
41+
42+
```yaml
43+
nginxAgent:
44+
enable: true
45+
dataplaneKeySecretName: "<data_plane_key_secret_name>"
46+
```
47+
48+
The `dataplaneKeySecretName` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}})
49+
for instructions on how to generate your dataplane key from the NGINX One Console.
50+
51+
Follow the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) instructions to deploy NGINX Ingress Controller.
52+
53+
{{%/tab%}}
54+
{{%tab name="Manifests"%}}
55+
56+
Add the following flag to the Deployment/DaemonSet file of NGINX Ingress Controller:
57+
58+
```yaml
59+
args:
60+
- -agent=true
61+
```
62+
63+
Create a `ConfigMap` with an `nginx-agent.conf` file:
64+
65+
```yaml
66+
kind: ConfigMap
67+
apiVersion: v1
68+
metadata:
69+
name: nginx-agent-config
70+
namespace: <namespace>
71+
data:
72+
nginx-agent.conf: |-
73+
log:
74+
# set log level (error, info, debug; default "info")
75+
level: info
76+
# set log path. if empty, don't log to file.
77+
path: ""
78+
79+
allowed_directories:
80+
- /etc/nginx
81+
- /usr/lib/nginx/modules
82+
83+
features:
84+
- certificates
85+
- connection
86+
- metrics
87+
- file-watcher
88+
89+
## command server settings
90+
command:
91+
server:
92+
host: product.connect.nginx.com
93+
port: 443
94+
auth:
95+
tokenpath: "/etc/nginx-agent/secrets/dataplane.key"
96+
tls:
97+
skip_verify: false
98+
```
99+
100+
Make sure to set the namespace in the nginx-agent.config to the same namespace as NGINX Ingress Controller.
101+
Mount the ConfigMap to the Deployment/DaemonSet file of NGINX Ingress Controller:
102+
103+
```yaml
104+
volumeMounts:
105+
- name: nginx-agent-config
106+
mountPath: /etc/nginx-agent/nginx-agent.conf
107+
subPath: nginx-agent.conf
108+
- name: dataplane-key
109+
mountPath: /etc/nginx-agent/secrets
110+
volumes:
111+
- name: nginx-agent-config
112+
configMap:
113+
name: nginx-agent-config
114+
- name: dataplane-key
115+
secret:
116+
secretName: "<data_plane_key_secret_name>"
117+
```
118+
119+
Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller.
120+
121+
{{%/tab%}}
122+
{{</tabs>}}
123+
124+
## Verify a connection to NGINX One Console
125+
126+
After deploying NGINX Ingress Controller <!-- or NGINX Gateway Fabric --> with NGINX Agent, you can verify the connection to NGINX One Console.
127+
Log in to your F5 Distributed Cloud Console account. Select **NGINX One > Visit Service**. In the dashboard, go to **Manage > Instances**. You should see your instances listed by name. The instance name matches both the hostname and the pod name.
128+
129+
## Troubleshooting
130+
131+
If you encounter issues connecting your instances to NGINX One Console, try the following commands:
132+
133+
Check the NGINX Agent version:
134+
135+
```shell
136+
kubectl exec -it -n <namespace> <nginx_ingress_pod_name> -- nginx-agent -v
137+
```
138+
139+
If nginx-agent version is v3, continue with the following steps.
140+
Otherwise, make sure you are using an image that does not include NGINX App Protect.
141+
142+
Check the NGINX Agent configuration:
143+
144+
```shell
145+
kubectl exec -it -n <namespace> <nginx_ingress_pod_name> -- cat /etc/nginx-agent/nginx-agent.conf
146+
```
147+
148+
Check NGINX Agent logs:
149+
150+
```shell
151+
kubectl exec -it -n <namespace> <nginx_ingress_pod_name> -- nginx-agent
152+
```
153+
154+
Select the instance associated with your deployment of NGINX Ingress Controller. Under the **Details** tab, you'll see information associated with:
155+
156+
- Unmanaged SSL/TLS certificates for Control Planes
157+
- Configuration recommendations
158+
159+
Under the **Configuration** tab, you'll see a **read-only** view of the configuration files.

content/nginx-one/k8s/overview.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
---
2+
# We use sentence case and present imperative tone
3+
title: "Integrate Kubernetes control planes"
4+
# Weights are assigned in increments of 100: determines sorting order
5+
weight: 100
6+
# Creates a table of contents and sidebar, useful for large documents
7+
toc: false
8+
# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
9+
nd-content-type: concept
10+
# Intended for internal catalogue and search, case sensitive:
11+
# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
12+
nd-product: NGINX One
13+
---
14+
15+
You can now include Kubernetes systems through the [control plane](https://www.f5.com/glossary/control-plane). In related documentation, you can learn how to:
16+
17+
- Set up a connection to F5 NGINX One Console through a data plane key.
18+
- Review the NGINX Ingress Controller instances that are part of your fleet.
19+

0 commit comments

Comments
 (0)