From 3becc88563bacb2a59f16aa983dfae25072b5d2f Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 24 Jun 2025 09:32:32 -0600 Subject: [PATCH 01/17] feature: incorporate NIC and NGF into NGINX 1 Console --- content/nginx-one/nic-ngf/_index.md | 8 + content/nginx-one/nic-ngf/add-nic.md | 159 ++++++++++++++++++ content/nginx-one/nic-ngf/overview.md | 20 +++ .../nginx-one/nic-ngf/security-policy-api.md | 9 + 4 files changed, 196 insertions(+) create mode 100644 content/nginx-one/nic-ngf/_index.md create mode 100644 content/nginx-one/nic-ngf/add-nic.md create mode 100644 content/nginx-one/nic-ngf/overview.md create mode 100644 content/nginx-one/nic-ngf/security-policy-api.md diff --git a/content/nginx-one/nic-ngf/_index.md b/content/nginx-one/nic-ngf/_index.md new file mode 100644 index 000000000..e3a6d2923 --- /dev/null +++ b/content/nginx-one/nic-ngf/_index.md @@ -0,0 +1,8 @@ +--- +title: Connect NGINX Ingress Controller to NGINX One Console +description: +weight: 750 +url: /nginx-one/nic-ngf +nd-product: NGINX One +--- + diff --git a/content/nginx-one/nic-ngf/add-nic.md b/content/nginx-one/nic-ngf/add-nic.md new file mode 100644 index 000000000..4630dc148 --- /dev/null +++ b/content/nginx-one/nic-ngf/add-nic.md @@ -0,0 +1,159 @@ +--- +title: Connect NGINX Ingress Controller to NGINX One Console +toc: true +weight: 200 +nd-content-type: how-to +nd-product: NGINX One +--- + +This document explains how to connect F5 NGINX Ingress Controller and F5 NGINX Gateway Fabric to F5 NGINX One Console using NGINX Agent. +Connecting NGINX Ingress Controller to NGINX One Console enables centralized monitoring of all controller instances. + +Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller and NGINX Gateway Fabric. For each instance, you can review: + +- Read-only configuration file +- F5 NGINX App Protect WAF policies +- SSL/TLS certificates +- CVEs + +## Prerequisites + +Before connecting NGINX Ingress Controller to NGINX One Console, you need to create a Kubernetes Secret with the data plane key. Use the following command: + +```shell +kubectl create secret generic dataplane-key --from-literal=dataplane.key= -n +``` + +When you create a Kubernetes Secret, use the same namespace where NGINX Ingress Controller is running. +If you use `-watch-namespace` or `watch-secret-namespace` arguments with NGINX Ingress Controller, +you need to add the dataplane key secret to the watched namespaces. This secret will take approximately 60 - 90 seconds to reload on the pod. + +{{}} +You can also create a data plane key through the NGINX One Console. Once loggged in, select **Manage > Control Planes > Add Control Plane**, and follow the steps shown. +{{}} + +## Deploy NGINX Ingress Controller with NGINX Agent + +{{}} +{{%tab name="Helm"%}} + +Edit your `values.yaml` file to enable NGINX Agent and configure it to connect to NGINX One Console: + +```yaml +nginxAgent: + enable: true + dataplaneKeySecretName: "" +``` + +The `dataplaneKey` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) +for instructions on to generate your dataplane key from the NGINX One Console. + +Follow the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) instructions to deploy NGINX Ingress Controller. + +{{%/tab%}} +{{%tab name="Manifests"%}} + +Add the following flag to the Deployment/DaemonSet file of NGINX Ingress Controller: + +```yaml +args: +- -agent=true +``` + +Create a `ConfigMap` with an `nginx-agent.conf` file: + +```yaml +kind: ConfigMap +apiVersion: v1 +metadata: + name: nginx-agent-config + namespace: +data: + nginx-agent.conf: |- + log: + # set log level (error, info, debug; default "info") + level: info + # set log path. if empty, don't log to file. + path: "" + + allowed_directories: + - /etc/nginx + - /usr/lib/nginx/modules + + features: + - certificates + - connection + - metrics + - file-watcher + + ## command server settings + command: + server: + host: product.connect.nginx.com + port: 443 + auth: + tokenpath: "/etc/nginx-agent/secrets/dataplane.key" + tls: + skip_verify: false +``` + +Make sure to set the namespace in the nginx-agent.config to the same namespace as NGINX Ingress Controller. +Mount the ConfigMap to the deployment/daemonset file of NGINX Ingress Controller: + +```yaml +volumeMounts: +- name: nginx-agent-config + mountPath: /etc/nginx-agent/nginx-agent.conf + subPath: nginx-agent.conf +- name: dataplane-key + mountPath: /etc/nginx-agent/secrets +volumes: +- name: nginx-agent-config + configMap: + name: nginx-agent-config +- name: dataplane-key + secret: + secretName: +``` + +Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller. + +{{%/tab%}} +{{}} + +## Verify a connection to NGINX One Console + +After deploying NGINX Ingress Controller or NGINX Gateway Fabricwith NGINX Agent, you can verify the connection to NGINX One Console. +Log in to your NGINX One Console account and navigate to the Instances dashboard. Your instances should appear in the list, where the instance name will be the pod name. + +## Troubleshooting + +If you encounter issues connecting your instances to NGINX One Console, try the following commands: + +Check the NGINX Agent version: + +```shell +kubectl exec -it -n -- nginx-agent -v +``` + +If nginx-agent version is v3, continue with the following steps. +Otherwise, make sure you are using an image that does not include NGINX App Protect. + +Check the NGINX Agent configuration: + +```shell +kubectl exec -it -n -- cat /etc/nginx-agent/nginx-agent.conf +``` + +Check NGINX Agent logs: + +```shell +kubectl exec -it -n -- nginx-agent +``` + +For each connected NGINX Ingress Controller and Gateway Fabric instance, you can review: + +- Read-only configuration file +- F5 NGINX App Protect WAF policies +- SSL/TLS certificates +- CVEs diff --git a/content/nginx-one/nic-ngf/overview.md b/content/nginx-one/nic-ngf/overview.md new file mode 100644 index 000000000..dad0777ed --- /dev/null +++ b/content/nginx-one/nic-ngf/overview.md @@ -0,0 +1,20 @@ +--- +# We use sentence case and present imperative tone +title: "Integrate Kubernetes control planes" +# Weights are assigned in increments of 100: determines sorting order +weight: 100 +# Creates a table of contents and sidebar, useful for large documents +toc: false +# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this +nd-content-type: concept +# Intended for internal catalogue and search, case sensitive: +# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit +nd-product: NGINX One +--- + +You can now include Kubernetes systems through the [control plane](https://www.f5.com/glossary/control-plane). In related documentation, you can learn how to: + +- Set up a connection to F5 NGINX One Console through a data plane key. +- Monitor each connected Kubernetes system for CVEs. +- Review the NGINX Ingress Controller and NGINX Gateway Fabric instances that are part of your fleet + diff --git a/content/nginx-one/nic-ngf/security-policy-api.md b/content/nginx-one/nic-ngf/security-policy-api.md new file mode 100644 index 000000000..9b2341782 --- /dev/null +++ b/content/nginx-one/nic-ngf/security-policy-api.md @@ -0,0 +1,9 @@ +--- +title: "Set security policies through the API" +weight: 700 +toc: true +type: reference +product: NGINX One +docs: DOCS-000 +--- + From 8248f49beee19e51861276a00dbcf099885ddc7d Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 24 Jun 2025 10:02:32 -0600 Subject: [PATCH 02/17] update --- content/nginx-one/nic-ngf/_index.md | 2 +- content/nginx-one/nic-ngf/add-nic.md | 2 +- content/nginx-one/nic-ngf/security-policy-api.md | 9 --------- 3 files changed, 2 insertions(+), 11 deletions(-) delete mode 100644 content/nginx-one/nic-ngf/security-policy-api.md diff --git a/content/nginx-one/nic-ngf/_index.md b/content/nginx-one/nic-ngf/_index.md index e3a6d2923..71edfe4b4 100644 --- a/content/nginx-one/nic-ngf/_index.md +++ b/content/nginx-one/nic-ngf/_index.md @@ -1,5 +1,5 @@ --- -title: Connect NGINX Ingress Controller to NGINX One Console +title: Connect Kubernetes deployments description: weight: 750 url: /nginx-one/nic-ngf diff --git a/content/nginx-one/nic-ngf/add-nic.md b/content/nginx-one/nic-ngf/add-nic.md index 4630dc148..6962c97df 100644 --- a/content/nginx-one/nic-ngf/add-nic.md +++ b/content/nginx-one/nic-ngf/add-nic.md @@ -1,5 +1,5 @@ --- -title: Connect NGINX Ingress Controller to NGINX One Console +title: Connect to NGINX One Console toc: true weight: 200 nd-content-type: how-to diff --git a/content/nginx-one/nic-ngf/security-policy-api.md b/content/nginx-one/nic-ngf/security-policy-api.md deleted file mode 100644 index 9b2341782..000000000 --- a/content/nginx-one/nic-ngf/security-policy-api.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: "Set security policies through the API" -weight: 700 -toc: true -type: reference -product: NGINX One -docs: DOCS-000 ---- - From 268f0460a1350282cc8f9981c71424d106531a14 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 24 Jun 2025 10:02:55 -0600 Subject: [PATCH 03/17] update --- content/nginx-one/_index.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md index 85e0d0596..407d6998e 100644 --- a/content/nginx-one/_index.md +++ b/content/nginx-one/_index.md @@ -28,7 +28,10 @@ nd-product: NGINX One {{}} Review your deployments in a dashboard {{}} - {{}} + {{< card title="Connect Kubernetes deployments" >}} + Monitor deployments for CVEs and certificates + {{}} + {{< card title="Organize users with RBAC" >}} Assign responsibilities with role-based access control {{}} {{}} @@ -72,4 +75,8 @@ nd-product: NGINX One Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs. {{}} {{}} -{{}} \ No newline at end of file +<<<<<<< HEAD +{{}} +======= +{{}} +>>>>>>> 484cb0a2 (update) From 1a65be95160e96553c5eb5c005c69adb62fbcf35 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 24 Jun 2025 10:31:56 -0600 Subject: [PATCH 04/17] More --- content/nginx-one/nic-ngf/add-nic.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/nginx-one/nic-ngf/add-nic.md b/content/nginx-one/nic-ngf/add-nic.md index 6962c97df..b38cc25e4 100644 --- a/content/nginx-one/nic-ngf/add-nic.md +++ b/content/nginx-one/nic-ngf/add-nic.md @@ -6,10 +6,10 @@ nd-content-type: how-to nd-product: NGINX One --- -This document explains how to connect F5 NGINX Ingress Controller and F5 NGINX Gateway Fabric to F5 NGINX One Console using NGINX Agent. +This document explains how to connect F5 NGINX Ingress Controller to F5 NGINX One Console using NGINX Agent. Connecting NGINX Ingress Controller to NGINX One Console enables centralized monitoring of all controller instances. -Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller and NGINX Gateway Fabric. For each instance, you can review: +Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller. For each instance, you can review: - Read-only configuration file - F5 NGINX App Protect WAF policies @@ -45,7 +45,7 @@ nginxAgent: dataplaneKeySecretName: "" ``` -The `dataplaneKey` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) +The `dataplaneKeySecretName` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) for instructions on to generate your dataplane key from the NGINX One Console. Follow the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) instructions to deploy NGINX Ingress Controller. @@ -151,7 +151,7 @@ Check NGINX Agent logs: kubectl exec -it -n -- nginx-agent ``` -For each connected NGINX Ingress Controller and Gateway Fabric instance, you can review: +For each connected NGINX Ingress Controller instance, you can review: - Read-only configuration file - F5 NGINX App Protect WAF policies From bfce117efddde53c0ac1b7b02cba42a508c6f208 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 24 Jun 2025 12:07:41 -0600 Subject: [PATCH 05/17] More --- content/nginx-one/nic-ngf/add-nic.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/nginx-one/nic-ngf/add-nic.md b/content/nginx-one/nic-ngf/add-nic.md index b38cc25e4..31c882311 100644 --- a/content/nginx-one/nic-ngf/add-nic.md +++ b/content/nginx-one/nic-ngf/add-nic.md @@ -151,7 +151,7 @@ Check NGINX Agent logs: kubectl exec -it -n -- nginx-agent ``` -For each connected NGINX Ingress Controller instance, you can review: +Select the instance associated with your deployment of NGINX Ingress Controller. You'll be able to review: - Read-only configuration file - F5 NGINX App Protect WAF policies From 38f615702e5269948861ab3c2f081a8a5cdd84d2 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 24 Jun 2025 12:08:50 -0600 Subject: [PATCH 06/17] change directory --- content/nginx-one/{nic-ngf => k8s}/_index.md | 0 content/nginx-one/{nic-ngf => k8s}/add-nic.md | 0 content/nginx-one/{nic-ngf => k8s}/overview.md | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename content/nginx-one/{nic-ngf => k8s}/_index.md (100%) rename content/nginx-one/{nic-ngf => k8s}/add-nic.md (100%) rename content/nginx-one/{nic-ngf => k8s}/overview.md (100%) diff --git a/content/nginx-one/nic-ngf/_index.md b/content/nginx-one/k8s/_index.md similarity index 100% rename from content/nginx-one/nic-ngf/_index.md rename to content/nginx-one/k8s/_index.md diff --git a/content/nginx-one/nic-ngf/add-nic.md b/content/nginx-one/k8s/add-nic.md similarity index 100% rename from content/nginx-one/nic-ngf/add-nic.md rename to content/nginx-one/k8s/add-nic.md diff --git a/content/nginx-one/nic-ngf/overview.md b/content/nginx-one/k8s/overview.md similarity index 100% rename from content/nginx-one/nic-ngf/overview.md rename to content/nginx-one/k8s/overview.md From d359005ddf9fc04118db046dc819733aa5aeb31c Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Wed, 25 Jun 2025 06:19:41 -0600 Subject: [PATCH 07/17] fix broken link --- content/nginx-one/k8s/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/nginx-one/k8s/_index.md b/content/nginx-one/k8s/_index.md index 71edfe4b4..1159c49d8 100644 --- a/content/nginx-one/k8s/_index.md +++ b/content/nginx-one/k8s/_index.md @@ -2,7 +2,7 @@ title: Connect Kubernetes deployments description: weight: 750 -url: /nginx-one/nic-ngf +url: /nginx-one/k8s nd-product: NGINX One --- From a586dba799179a5ed4391b7f7f8b3298698bf0f3 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Wed, 25 Jun 2025 09:35:08 -0600 Subject: [PATCH 08/17] Change ordering --- content/nginx-one/api/_index.md | 2 +- content/nginx-one/glossary.md | 2 +- content/nginx-one/k8s/_index.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/nginx-one/api/_index.md b/content/nginx-one/api/_index.md index 5b3284d5e..3a1598f3f 100644 --- a/content/nginx-one/api/_index.md +++ b/content/nginx-one/api/_index.md @@ -1,6 +1,6 @@ --- title: Automate with the NGINX One API description: -weight: 700 +weight: 800 url: /nginx-one/api --- diff --git a/content/nginx-one/glossary.md b/content/nginx-one/glossary.md index 04951c14c..b6d4b6783 100644 --- a/content/nginx-one/glossary.md +++ b/content/nginx-one/glossary.md @@ -3,7 +3,7 @@ description: '' docs: DOCS-1396 title: Glossary toc: true -weight: 800 +weight: 1000 type: - reference --- diff --git a/content/nginx-one/k8s/_index.md b/content/nginx-one/k8s/_index.md index 1159c49d8..794456588 100644 --- a/content/nginx-one/k8s/_index.md +++ b/content/nginx-one/k8s/_index.md @@ -1,7 +1,7 @@ --- title: Connect Kubernetes deployments description: -weight: 750 +weight: 700 url: /nginx-one/k8s nd-product: NGINX One --- From 9cd90026197b38360853470e9da38a2e418b8f8a Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Thu, 26 Jun 2025 05:18:01 -0700 Subject: [PATCH 09/17] Apply suggestions from code review --- content/nginx-one/k8s/add-nic.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md index 31c882311..23eb9e2f4 100644 --- a/content/nginx-one/k8s/add-nic.md +++ b/content/nginx-one/k8s/add-nic.md @@ -12,7 +12,6 @@ Connecting NGINX Ingress Controller to NGINX One Console enables centralized mon Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller. For each instance, you can review: - Read-only configuration file -- F5 NGINX App Protect WAF policies - SSL/TLS certificates - CVEs @@ -123,8 +122,8 @@ Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-n ## Verify a connection to NGINX One Console -After deploying NGINX Ingress Controller or NGINX Gateway Fabricwith NGINX Agent, you can verify the connection to NGINX One Console. -Log in to your NGINX One Console account and navigate to the Instances dashboard. Your instances should appear in the list, where the instance name will be the pod name. +After deploying NGINX Ingress Controller or NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console. +Log in to your F5 Distributed Console cloud account. Select **NGINX One > Visit Service**. In the dashboard that appears, navigate to **Manage > Instances**. Your instances should appear in the list, where the instance name is the hostname and also the pod name. ## Troubleshooting @@ -151,9 +150,10 @@ Check NGINX Agent logs: kubectl exec -it -n -- nginx-agent ``` -Select the instance associated with your deployment of NGINX Ingress Controller. You'll be able to review: +Select the instance associated with your deployment of NGINX Ingress Controller. Under the **Details** tab, you'll see You'll see information associated with: -- Read-only configuration file -- F5 NGINX App Protect WAF policies - SSL/TLS certificates - CVEs +- Configuration recommendations + +Under the **Configuration** tab, you'll see a **read-only** view of the configuration files. From 7f2aff092d4b26d43174fae04376a48162b20814 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Fri, 27 Jun 2025 12:41:46 -0600 Subject: [PATCH 10/17] Include changelog --- content/nginx-one/changelog.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/content/nginx-one/changelog.md b/content/nginx-one/changelog.md index ab541049a..48c43c5ff 100644 --- a/content/nginx-one/changelog.md +++ b/content/nginx-one/changelog.md @@ -30,6 +30,15 @@ h2 { Stay up-to-date with what's new and improved in the F5 NGINX One Console. +## June 30, 2025 + +### Monitor F5 NGINX Ingress Controller deployments + +You can now montior your NGINX Ingress Controller deployments. For details, see how +you can [Connect to NGINX One Console]({{< ref "/nginx-one/k8s/add-nic.md" >}}). + +Unlike other NGINX instances, when you connect NGINX Ingress Controller to NGINX One Console, access is read-only. Refer to our [NGINX Ingress Controller]({{< ref "/nic/" >}}) for details on how to modify these instances. + ## May 19, 2025 ### Import and export your Staged Configs From 1161599c10bd53c08b1ea3a2fe5e518e7b324274 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Fri, 27 Jun 2025 12:48:42 -0600 Subject: [PATCH 11/17] Fix index XML issue --- content/nginx-one/_index.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md index 407d6998e..b23e2507e 100644 --- a/content/nginx-one/_index.md +++ b/content/nginx-one/_index.md @@ -28,10 +28,10 @@ nd-product: NGINX One {{}} Review your deployments in a dashboard {{}} - {{< card title="Connect Kubernetes deployments" >}} - Monitor deployments for CVEs and certificates - {{}} - {{< card title="Organize users with RBAC" >}} + {{}} + Monitor deployments for CVEs and certificatesd + {{}} + {{}} Assign responsibilities with role-based access control {{}} {{}} @@ -75,8 +75,4 @@ nd-product: NGINX One Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs. {{}} {{}} -<<<<<<< HEAD {{}} -======= -{{}} ->>>>>>> 484cb0a2 (update) From 69eeca657ffbb374dc984fe6e937dfa10a0421ae Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Mon, 30 Jun 2025 10:02:51 -0700 Subject: [PATCH 12/17] Apply suggestions from code review Co-authored-by: Alan Dooley --- content/nginx-one/glossary.md | 3 +-- content/nginx-one/k8s/add-nic.md | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/content/nginx-one/glossary.md b/content/nginx-one/glossary.md index b6d4b6783..552eba33c 100644 --- a/content/nginx-one/glossary.md +++ b/content/nginx-one/glossary.md @@ -4,8 +4,7 @@ docs: DOCS-1396 title: Glossary toc: true weight: 1000 -type: -- reference +nd-content-type: reference --- This glossary defines terms used in the F5 NGINX One Console and F5 Distributed Cloud. diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md index 23eb9e2f4..da662a7b6 100644 --- a/content/nginx-one/k8s/add-nic.md +++ b/content/nginx-one/k8s/add-nic.md @@ -15,7 +15,7 @@ Once connected, you'll see a **read-only** configuration of NGINX Ingress Contro - SSL/TLS certificates - CVEs -## Prerequisites +## Before you begin Before connecting NGINX Ingress Controller to NGINX One Console, you need to create a Kubernetes Secret with the data plane key. Use the following command: From 3e5671c498d8894ecbb2573f5e463984448df9d7 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Mon, 30 Jun 2025 11:40:38 -0700 Subject: [PATCH 13/17] Apply suggestions from code review Co-authored-by: Jodie Putrino --- content/nginx-one/_index.md | 2 +- content/nginx-one/changelog.md | 2 +- content/nginx-one/k8s/add-nic.md | 6 +++--- content/nginx-one/k8s/overview.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md index b23e2507e..f71040d5d 100644 --- a/content/nginx-one/_index.md +++ b/content/nginx-one/_index.md @@ -29,7 +29,7 @@ nd-product: NGINX One Review your deployments in a dashboard {{}} {{}} - Monitor deployments for CVEs and certificatesd + Monitor deployments for CVEs and certificates {{}} {{}} Assign responsibilities with role-based access control diff --git a/content/nginx-one/changelog.md b/content/nginx-one/changelog.md index ea73318e8..63b3942bc 100644 --- a/content/nginx-one/changelog.md +++ b/content/nginx-one/changelog.md @@ -34,7 +34,7 @@ Stay up-to-date with what's new and improved in the F5 NGINX One Console. ### Monitor F5 NGINX Ingress Controller deployments -You can now montior your NGINX Ingress Controller deployments. For details, see how +You can now monitor your NGINX Ingress Controller deployments. For details, see how you can [Connect to NGINX One Console]({{< ref "/nginx-one/k8s/add-nic.md" >}}). Unlike other NGINX instances, when you connect NGINX Ingress Controller to NGINX One Console, access is read-only. Refer to our [NGINX Ingress Controller]({{< ref "/nic/" >}}) for details on how to modify these instances. diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md index da662a7b6..df06a3c8f 100644 --- a/content/nginx-one/k8s/add-nic.md +++ b/content/nginx-one/k8s/add-nic.md @@ -24,7 +24,7 @@ kubectl create secret generic dataplane-key --from-literal=dataplane.key=}}) or [`watch-secret-namespace`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#watch-secret-namespace-string" >}}) arguments with NGINX Ingress Controller, you need to add the dataplane key secret to the watched namespaces. This secret will take approximately 60 - 90 seconds to reload on the pod. {{}} @@ -45,7 +45,7 @@ nginxAgent: ``` The `dataplaneKeySecretName` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) -for instructions on to generate your dataplane key from the NGINX One Console. +for instructions on how to generate your dataplane key from the NGINX One Console. Follow the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) instructions to deploy NGINX Ingress Controller. @@ -122,7 +122,7 @@ Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-n ## Verify a connection to NGINX One Console -After deploying NGINX Ingress Controller or NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console. +After deploying NGINX Ingress Controller with NGINX Agent, you can verify the connection to NGINX One Console. Log in to your F5 Distributed Console cloud account. Select **NGINX One > Visit Service**. In the dashboard that appears, navigate to **Manage > Instances**. Your instances should appear in the list, where the instance name is the hostname and also the pod name. ## Troubleshooting diff --git a/content/nginx-one/k8s/overview.md b/content/nginx-one/k8s/overview.md index dad0777ed..3709eb5b8 100644 --- a/content/nginx-one/k8s/overview.md +++ b/content/nginx-one/k8s/overview.md @@ -16,5 +16,5 @@ You can now include Kubernetes systems through the [control plane](https://www.f - Set up a connection to F5 NGINX One Console through a data plane key. - Monitor each connected Kubernetes system for CVEs. -- Review the NGINX Ingress Controller and NGINX Gateway Fabric instances that are part of your fleet +- Review the NGINX Ingress Controller instances that are part of your fleet. From 334fb42811ce0aad50d700fcda627ebdc4754866 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Mon, 30 Jun 2025 14:00:24 -0700 Subject: [PATCH 14/17] Apply suggestions from code review Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com> --- content/nginx-one/k8s/add-nic.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md index df06a3c8f..1360e1830 100644 --- a/content/nginx-one/k8s/add-nic.md +++ b/content/nginx-one/k8s/add-nic.md @@ -20,7 +20,9 @@ Once connected, you'll see a **read-only** configuration of NGINX Ingress Contro Before connecting NGINX Ingress Controller to NGINX One Console, you need to create a Kubernetes Secret with the data plane key. Use the following command: ```shell -kubectl create secret generic dataplane-key --from-literal=dataplane.key= -n +kubectl create secret generic dataplane-key \ + --from-literal=dataplane.key= \ + -n ``` When you create a Kubernetes Secret, use the same namespace where NGINX Ingress Controller is running. @@ -123,7 +125,7 @@ Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-n ## Verify a connection to NGINX One Console After deploying NGINX Ingress Controller with NGINX Agent, you can verify the connection to NGINX One Console. -Log in to your F5 Distributed Console cloud account. Select **NGINX One > Visit Service**. In the dashboard that appears, navigate to **Manage > Instances**. Your instances should appear in the list, where the instance name is the hostname and also the pod name. +Log in to your F5 Distributed Cloud Console account. Select **NGINX One > Visit Service**. In the dashboard, go to **Manage > Instances**. You should see your instances listed by name. The instance name matches both the hostname and the pod name. ## Troubleshooting From 8c2c65822bcce03c9771d6bb7a4a30976e19631b Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Mon, 30 Jun 2025 16:58:04 -0700 Subject: [PATCH 15/17] Apply suggestions from code review Co-authored-by: Sylvia Wang <139922338+sylwang@users.noreply.github.com> --- content/nginx-one/_index.md | 2 +- content/nginx-one/k8s/add-nic.md | 18 ++++++++---------- content/nginx-one/k8s/overview.md | 1 - 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md index f71040d5d..418d75822 100644 --- a/content/nginx-one/_index.md +++ b/content/nginx-one/_index.md @@ -29,7 +29,7 @@ nd-product: NGINX One Review your deployments in a dashboard {{}} {{}} - Monitor deployments for CVEs and certificates + Monitor deployments for certificates {{}} {{}} Assign responsibilities with role-based access control diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md index 1360e1830..679311579 100644 --- a/content/nginx-one/k8s/add-nic.md +++ b/content/nginx-one/k8s/add-nic.md @@ -12,8 +12,7 @@ Connecting NGINX Ingress Controller to NGINX One Console enables centralized mon Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller. For each instance, you can review: - Read-only configuration file -- SSL/TLS certificates -- CVEs +- Unmanaged SSL/TLS certificates for Control Planes ## Before you begin @@ -43,7 +42,7 @@ Edit your `values.yaml` file to enable NGINX Agent and configure it to connect t ```yaml nginxAgent: enable: true - dataplaneKeySecretName: "" + dataplaneKeySecretName: "" ``` The `dataplaneKeySecretName` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) @@ -99,7 +98,7 @@ data: ``` Make sure to set the namespace in the nginx-agent.config to the same namespace as NGINX Ingress Controller. -Mount the ConfigMap to the deployment/daemonset file of NGINX Ingress Controller: +Mount the ConfigMap to the Deployment/DaemonSet file of NGINX Ingress Controller: ```yaml volumeMounts: @@ -114,7 +113,7 @@ volumes: name: nginx-agent-config - name: dataplane-key secret: - secretName: + secretName: "" ``` Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller. @@ -134,7 +133,7 @@ If you encounter issues connecting your instances to NGINX One Console, try the Check the NGINX Agent version: ```shell -kubectl exec -it -n -- nginx-agent -v +kubectl exec -it -n -- nginx-agent -v ``` If nginx-agent version is v3, continue with the following steps. @@ -143,19 +142,18 @@ Otherwise, make sure you are using an image that does not include NGINX App Prot Check the NGINX Agent configuration: ```shell -kubectl exec -it -n -- cat /etc/nginx-agent/nginx-agent.conf +kubectl exec -it -n -- cat /etc/nginx-agent/nginx-agent.conf ``` Check NGINX Agent logs: ```shell -kubectl exec -it -n -- nginx-agent +kubectl exec -it -n -- nginx-agent ``` -Select the instance associated with your deployment of NGINX Ingress Controller. Under the **Details** tab, you'll see You'll see information associated with: +Select the instance associated with your deployment of NGINX Ingress Controller. Under the **Details** tab, you'll see information associated with: - SSL/TLS certificates -- CVEs - Configuration recommendations Under the **Configuration** tab, you'll see a **read-only** view of the configuration files. diff --git a/content/nginx-one/k8s/overview.md b/content/nginx-one/k8s/overview.md index 3709eb5b8..b2da7f2d1 100644 --- a/content/nginx-one/k8s/overview.md +++ b/content/nginx-one/k8s/overview.md @@ -15,6 +15,5 @@ nd-product: NGINX One You can now include Kubernetes systems through the [control plane](https://www.f5.com/glossary/control-plane). In related documentation, you can learn how to: - Set up a connection to F5 NGINX One Console through a data plane key. -- Monitor each connected Kubernetes system for CVEs. - Review the NGINX Ingress Controller instances that are part of your fleet. From 351a25ee4b758c8cf75b0e02f5e045a46ff87f4d Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Mon, 30 Jun 2025 16:58:17 -0700 Subject: [PATCH 16/17] Apply suggestions from code review --- content/nginx-one/k8s/add-nic.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md index 679311579..23619c6d2 100644 --- a/content/nginx-one/k8s/add-nic.md +++ b/content/nginx-one/k8s/add-nic.md @@ -153,7 +153,7 @@ kubectl exec -it -n -- nginx-agent Select the instance associated with your deployment of NGINX Ingress Controller. Under the **Details** tab, you'll see information associated with: -- SSL/TLS certificates +- Unmanaged SSL/TLS certificates for Control Planes - Configuration recommendations Under the **Configuration** tab, you'll see a **read-only** view of the configuration files. From 19f7defd4cb0f7f2141c425e0aeace2c3ff46129 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 1 Jul 2025 08:35:15 -0700 Subject: [PATCH 17/17] Apply suggestions from code review Co-authored-by: Sylvia Wang <139922338+sylwang@users.noreply.github.com> --- content/nginx-one/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md index 418d75822..e93ea61e5 100644 --- a/content/nginx-one/_index.md +++ b/content/nginx-one/_index.md @@ -29,7 +29,7 @@ nd-product: NGINX One Review your deployments in a dashboard {{}} {{}} - Monitor deployments for certificates + Monitor deployments for control planes {{}} {{}} Assign responsibilities with role-based access control