deploy template via a config map

Author: pleshakov

deploy/manifests/nginx-config-template.tmpl

@@ -0,0 +1,135 @@
+user  nginx;
+worker_processes  auto;
+
+error_log stderr debug;
+pid /etc/nginx/nginx.pid;
+
+load_module /usr/lib/nginx/modules/ngx_http_js_module.so;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    # include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  stdout  main;
+
+    js_import /usr/lib/nginx/modules/njs/httpmatches.js;
+
+    server_names_hash_bucket_size 256;
+    server_names_hash_max_size 1024;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    #############
+    # upstreams #
+    #############
+
+    {{ range $u := .Upstreams }}
+    upstream {{ $u.Name }} {
+        random two least_conn;
+        zone {{ $u.Name }} 512k;
+        {{ range $server := $u.Servers }}
+        server {{ $server.Address }};
+        {{- end }}
+    }
+    {{ end }}
+
+    #################
+    # split clients #
+    #################
+
+    {{ range $sc := .SplitClients }}
+    split_clients $request_id ${{ $sc.VariableName }} {
+        {{- range $d := $sc.Distributions }}
+            {{- if eq $d.Percent "0.00" }}
+        # {{ $d.Percent }}% {{ $d.Value }};
+            {{- else }}
+        {{ $d.Percent }}% {{ $d.Value }};
+            {{- end }}
+        {{- end }}
+    }
+    {{ end }}
+
+    ###########
+    # servers #
+    ###########
+
+    {{ range $s := .Servers -}}
+        {{ if $s.IsDefaultSSL -}}
+    server {
+        listen 443 ssl default_server;
+
+        ssl_reject_handshake on;
+    }
+        {{- else if $s.IsDefaultHTTP }}
+    server {
+        listen 80 default_server;
+
+        default_type text/html;
+        return 404;
+    }
+        {{- else }}
+    server {
+            {{- if $s.SSL }}
+        listen 443 ssl;
+        ssl_certificate {{ $s.SSL.Certificate }};
+        ssl_certificate_key {{ $s.SSL.CertificateKey }};
+
+        if ($ssl_server_name != $host) {
+            return 421;
+        }
+            {{- end }}
+
+        server_name {{ $s.ServerName }};
+
+            {{ range $l := $s.Locations }}
+        location {{ if $l.Exact }}= {{ end }}{{ $l.Path }} {
+            {{ if $l.Internal -}}
+            internal;
+            {{ end }}
+
+            {{- if $l.Return -}}
+            return {{ $l.Return.Code }} "{{ $l.Return.Body }}";
+            {{ end }}
+
+            {{- if $l.HTTPMatchVar -}}
+            set $http_matches {{ $l.HTTPMatchVar | printf "%q" }};
+            js_content httpmatches.redirect;
+            {{ end }}
+
+            {{- if $l.ProxyPass -}}
+            proxy_set_header Host $host;
+            proxy_pass {{ $l.ProxyPass }}$request_uri;
+            {{- end }}
+        }
+            {{ end }}
+    }
+        {{- end }}
+    {{ end }}
+    server {
+        listen unix:/var/lib/nginx/nginx-502-server.sock;
+        access_log off;
+
+        return 502;
+    }
+
+    server {
+        listen unix:/var/lib/nginx/nginx-500-server.sock;
+        access_log off;
+
+        return 500;
+    }
+}

deploy/manifests/nginx-gateway.yaml

@@ -94,6 +94,9 @@ spec:
       - name: njs-modules
         configMap:
           name: njs-modules
+      - name: nginx-config-template
+        configMap:
+          name: nginx-config-template
       initContainers:
       - image: busybox:1.34 # FIXME(pleshakov): use gateway container to init the Config with proper main config
         name: nginx-config-initializer
@@ -108,6 +111,8 @@ spec:
         volumeMounts:
         - name: nginx-config
           mountPath: /etc/nginx
+        - name: nginx-config-template
+          mountPath: /etc/nginx-config-template
         securityContext:
           runAsUser: 1001
           # FIXME(pleshakov) - figure out which capabilities are required

docs/installation.md

@@ -34,6 +34,12 @@ This guide walks you through how to install NGINX Kubernetes Gateway on a generi
     ```
     kubectl create configmap njs-modules --from-file=internal/nginx/modules/src/httpmatches.js -n nginx-gateway
     ```
+   
+1. Create the NGINX config template ConfigMap:
+
+    ```
+    kubectl create configmap nginx-config-template --from-file=deploy/manifests/nginx-config-template.tmpl -n nginx-gateway
+    ```
 
 1. Create the GatewayClass resource:
 

internal/nginx/config/generator.go

@@ -23,7 +23,8 @@ type GeneratorImpl struct {
 
 // NewGeneratorImpl creates a new GeneratorImpl.
 func NewGeneratorImpl() GeneratorImpl {
-	t, err := template.New("nginx").Parse(mainTemplate)
+	// t, err := template.New("nginx").Parse(mainTemplate)
+	t, err := template.ParseFiles("/etc/nginx-config-template/nginx-config-template.tmpl")
 	if err != nil {
 		panic(err)
 	}