Conversation

ab-andresc

Proposed changes

This feature adds an extra variable to the deployment template to add extra containers.

Problem: Users would like to inject additional sidecars, these can do a variety of things.

Example: Install sigsci agent as a sidecar

https://www.fastly.com/documentation/guides/next-gen-waf/setup-and-configuration/kubernetes/kubernetes-agent-module/

Use case 2:

Do JWT validation with a separate container

Solution: Adds an entry to the template.

Testing: Manually added a sidecar, rendering looks correct.

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@ab-andrescab-andresc requested a review from a team as a code owner June 10, 2025 10:53
@nginx-botnginx-bot

Hi @ab-andresc! Welcome to the project! 🎉

Thanks for opening this pull request!
Be sure to check out our Contributing Guidelines while you wait for someone on the team to review this.

Please make sure to include the issue number in the PR description to automatically close the issue when the PR is merged.
See Linking a pull request to an issue and our Pull Request Guidelines for more information.

@nginx-botnginx-bot bot added the community label Jun 10, 2025
@github-actionsGitHub Actions

✅ All required contributors have signed the F5 CLA for this PR. Thank you!
Posted by the CLA Assistant Lite bot.

@github-actions-actions bot added the helm-chartRelates to helm chartlabel Jun 10, 2025
@ab-andrescab-andresc changed the title add extra containers Add extra containers entry to inject side cars into deployment Jun 10, 2025
@ab-andrescab-andresc force-pushed the -1 branch 3 times, most recently from 20fcf9f to 2040ee0 Compare June 10, 2025 11:19
@ab-andresc

I have hereby read the F5 CLA and agree to its terms

@ab-andrescab-andresc force-pushed the -1 branch 2 times, most recently from e1b1ab5 to 66936a3 Compare June 10, 2025 11:26
@github-actions-actions bot added the documentationImprovements or additions to documentationlabel Jun 10, 2025
@sjberman

Hi @ab-andresc, I'm curious about the use cases you mention. What benefit does the sigsci-agent or JWT validation do for the control plane? What connections are these sidecars handling?

@sjberman

Per offline conversation, it seems the intention is to actually configure containers for the NGINX deployment, not the NGF control plane deployment. Since the control plane now provisions the NGINX data plane, the latter is no longer exposed directly in the helm chart. Instead, we include these configurable fields in the NginxProxy CRD and then the control plane uses that to set the deployment config when provisioning. An example of how we add a new field for this type of use case can be seen here: #3319.

@sindhushivsindhushiv added this to the v2.0.1 milestone Jun 10, 2025
@sindhushivsindhushiv moved this from 🆕 New to External Pull Requests in NGINX Gateway Fabric Jun 10, 2025
salonichf5
salonichf5 reviewed Jun 10, 2025
View reviewed changes
apis/v1alpha2/nginxproxy_types.go
@@ -410,6 +416,11 @@ type DaemonSetSpec struct {
//
// +optional
Container ContainerSpec `json:"container"`
// ExtraContainers defines additional containers to be added to the NGINX Pod.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// ExtraContainers defines additional containers to be added to the NGINX Pod.
// ExtraContainers defines additional containers to be added to the NGINX Pod.

salonichf5
salonichf5 reviewed Jun 10, 2025
View reviewed changes
apis/v1alpha2/nginxproxy_types.go
Comment on lines +401 to +402
// ExtraContainers defines additional containers to be added to the NGINX Pod.
// Uses upstream corev1.Container to allow arbitrary sidecars.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would be great if you could specify one example of the sidecars users can use.

salonichf5
salonichf5 reviewed Jun 10, 2025
View reviewed changes
salonichf5
salonichf5 reviewed Jun 10, 2025
View reviewed changes
salonichf5
salonichf5 reviewed Jun 10, 2025
View reviewed changes
salonichf5
salonichf5 reviewed Jun 10, 2025
View reviewed changes
Sign up for free to join this conversation on . Already have an account? Sign in to comment

@sjberman sjberman sjberman left review comments

@salonichf5 salonichf5 salonichf5 left review comments

At least 2 approving reviews are required to merge this pull request.

No one assigned
community documentationImprovements or additions to documentationhelm-chartRelates to helm chart
NGINX Gateway Fabric
Status: External Pull Requests
v2.0.1

Successfully merging this pull request may close these issues.