CP/DP split: Support nginx debug mode when provisioning Data Plane

apis/v1alpha2/nginxproxy_types.go

@@ -435,6 +435,11 @@ type PodSpec struct {
 
 // ContainerSpec defines container fields for the NGINX container.
 type ContainerSpec struct {
+	// Debug enables debugging for NGINX by using the nginx-debug binary.
+	//
+	// +optional
+	Debug *bool `json:"debug,omitempty"`
+
 	// Image is the NGINX image to use.
 	//
 	// +optional

build/entrypoint.sh

@@ -16,7 +16,13 @@ rm -rf /var/run/nginx/*.sock
 
 # Launch nginx
 echo "starting nginx ..."
-/usr/sbin/nginx -g "daemon off;" &
+
+# if we want to use the nginx-debug binary, we will call this script with an argument "debug"
+if [ "${1:-false}" = "debug" ]; then
+    /usr/sbin/nginx-debug -g "daemon off;" &
+else
+    /usr/sbin/nginx -g "daemon off;" &
+fi
 
 nginx_pid=$!
 
@@ -31,7 +37,7 @@ done
 
 # start nginx-agent, pass args
 echo "starting nginx-agent ..."
-nginx-agent "$@" &
+nginx-agent &
 
 agent_pid=$!
 

charts/nginx-gateway-fabric/README.md

@@ -258,10 +258,9 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 
 | Key | Description | Type | Default |
 |-----|-------------|------|---------|
-| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` |
+| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{},"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` |
 | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. | object | `{}` |
 | `nginx.container` | The container configuration for the NGINX container. | object | `{}` |
-| `nginx.debug` | Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource. | bool | `false` |
 | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginx/nginx-gateway-fabric/nginx"` |
 | `nginx.imagePullSecret` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. The control plane will copy this secret into any namespace where NGINX is deployed. | string | `""` |
 | `nginx.imagePullSecrets` | A list of secret names containing docker registry credentials. Secrets must exist in the same namespace as the helm release. The control plane will copy these secrets into any namespace where NGINX is deployed. | list | `[]` |

charts/nginx-gateway-fabric/templates/nginxproxy.yaml

@@ -23,6 +23,9 @@ spec:
         {{- end }}
         image:
           {{- toYaml .Values.nginx.image | nindent 10 }}
+        {{- if .Values.nginx.debug }}
+        debug: {{ .Values.nginx.debug }}
+        {{- end }}
     {{- end }}
     {{- if .Values.nginx.service }}
     service:

charts/nginx-gateway-fabric/values.schema.json

@@ -229,13 +229,6 @@
           "title": "container",
           "type": "object"
         },
-        "debug": {
-          "default": false,
-          "description": "Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource.",
-          "required": [],
-          "title": "debug",
-          "type": "boolean"
-        },
         "image": {
           "properties": {
             "pullPolicy": {

charts/nginx-gateway-fabric/values.yaml

@@ -425,4 +425,4 @@ nginx:
     # loadBalancerSourceRanges: []
 
   # -- Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource.
-  debug: false
+  # debug: false

config/crd/bases/gateway.nginx.org_nginxproxies.yaml

@@ -79,6 +79,10 @@ spec:
                         description: Container defines container fields for the NGINX
                           container.
                         properties:
+                          debug:
+                            description: Debug enables debugging for NGINX by using
+                              the nginx-debug binary.
+                            type: boolean
                           image:
                             description: Image is the NGINX image to use.
                             properties:

deploy/crds.yaml

@@ -664,6 +664,10 @@ spec:
                         description: Container defines container fields for the NGINX
                           container.
                         properties:
+                          debug:
+                            description: Debug enables debugging for NGINX by using
+                              the nginx-debug binary.
+                            type: boolean
                           image:
                             description: Image is the NGINX image to use.
                             properties:

internal/mode/static/provisioner/objects.go

@@ -447,6 +447,11 @@
 			}
 			container.Lifecycle = containerSpec.Lifecycle
 			container.VolumeMounts = append(container.VolumeMounts, containerSpec.VolumeMounts...)
+
+			if containerSpec.Debug != nil && *containerSpec.Debug {
+				container.Command = append(container.Command, "/agent/entrypoint.sh")
+				container.Args = append(container.Args, "debug")
+			}
 			spec.Spec.Containers[0] = container
 		}
 	}

internal/mode/static/state/graph/nginxproxy_test.go

@@ -55,6 +55,7 @@ func TestBuildEffectiveNginxProxy(t *testing.T) {
 		logLevel ngfAPIv1alpha2.NginxErrorLogLevel,
 		setIP bool,
 		disableHTTP bool,
+		nginxDebug bool,
 	) *ngfAPIv1alpha2.NginxProxy {
 		return &ngfAPIv1alpha2.NginxProxy{
 			Spec: ngfAPIv1alpha2.NginxProxySpec{
@@ -79,6 +80,13 @@ func TestBuildEffectiveNginxProxy(t *testing.T) {
 					ErrorLevel: &logLevel,
 				},
 				DisableHTTP2: &disableHTTP,
+				Kubernetes: &ngfAPIv1alpha2.KubernetesSpec{
+					Deployment: &ngfAPIv1alpha2.DeploymentSpec{
+						Container: ngfAPIv1alpha2.ContainerSpec{
+							Debug: &nginxDebug,
+						},
+					},
+				},
 			},
 		}
 	}
@@ -100,6 +108,7 @@ func TestBuildEffectiveNginxProxy(t *testing.T) {
 			ngfAPIv1alpha2.NginxLogLevelAlert,
 			true,
 			false,
+			false,
 		)
 	}
 
@@ -120,6 +129,7 @@ func TestBuildEffectiveNginxProxy(t *testing.T) {
 			ngfAPIv1alpha2.NginxLogLevelError,
 			false,
 			true,
+			true,
 		)
 	}