You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|**Namespaces**| - _Namespace: applications_: Contains Gateway A for `*.example.com`, handling Application A and Application B.<br>- _Namespace: applications-2_: Contains Gateway B for `*.other-example.com`, handling Application C.|
158
-
|**Users**| - _Cluster Operator_: Sets up NGF and manages Gateway API resources by provisioning Gateways (A and B) and the NGF Pod.<br>- _Developers A & B_: Developers deploy their applications and create HTTPRoutes. |
159
+
|**Namespaces**| - _Namespace: nginx-gateway_: Contains the NGINX Gateway Fabric Control Plane Pod, responsible for managing Gateway API configurations and provisioning NGINX Data Plane Pods.<br>- _Namespace: applications_: Contains Gateway A for `*.example.com`, handling Application A and Application B.<br>- _Namespace: applications-2_: Contains Gateway B for `*.other-example.com`, handling Application C. |
160
+
|**Users**| - _Cluster Operator_: Sets up the NGINX Gateway Fabric Control Plane Pod and manages Gateway API resources by provisioning Gateways (A and B).<br>- _Developers A & B_: Developers deploy their applications and create HTTPRoutes associated with their Gateways. |
159
161
|**Clients**| - _Client A_: Interacts with Application A through `a.example.com`.<br>- _Client B_: Interacts with Application C through `c.other-example.com`. |
160
-
|**NGF Pod**| The control plane component, deployed in `nginx-gateway`, communicates with the Kubernetes API to:<br>- Fetch Gateway API resources.<br>- Dynamically manage NGINX data plane deployments. |
161
-
|**Gateways**| - _Gateway A_: Listens for requests under `*.example.com`. Routes:<br> • _HTTPRoute A_: Routes `a.example.com`to Application A.<br> • _HTTPRoute B_: Routes `b.example.com`to Application B.<br>- _Gateway B_: Listens for requests under `*.other-example.com`. Routes:<br> • _HTTPRoute C_: Routes `c.other-example.com`to Application C. |
162
-
|**Applications**| - _Application A_: Deployed by Developer A (2 pods) and routed to by Gateway A.<br>- _Application B_: Deployed by Developer A (1 pod) and routed to by Gateway A.<br>- _Application C_: Deployed by Developer B (1 pod) and routed to by Gateway B. |
163
-
|**NGINX Pods**| - _NGINX Pod A_: Handles traffic from Gateway A:<br> • _NGINX Process A_: Routes to Application A and Application B.<br> • _NGINX Agent A_: Updates configuration via gRPC.<br>- _NGINX Pod B_: Handles traffic from Gateway B:<br> • _NGINX Process B_: Routes to Application C.<br> • _NGINX Agent B_: Updates configuration via gRPC. |
164
-
|**Traffic Flow**| - _Client A_:<br> 1. Sends requests to `a.example.com` via Public Endpoint.<br> 2. Routed to Application A by NGINX Process A.<br>- _Client B_:<br> 1. Sends requests to `c.other-example.com` via Public Endpoint.<br> 2. Routed to Application C by NGINX Process B. |
165
-
|**Public Endpoint**| A shared entry point (TCP Load Balancer or NodePort) that exposes the NGINX Service externally and forwards client traffic into the cluster. |
166
-
|**Kubernetes API**| Acts as the central hub for resource management:<br>- Fetches Gateway API resources.<br>- Updates NGINX configuration dynamically via the NGF Pod. |
162
+
|**NGINX Gateway Fabric Control Plane Pod**| The control plane pod, deployed in the `nginx-gateway` namespace, communicates with the Kubernetes API to:<br>- Fetch Gateway API resources.<br>- Dynamically provision and configure NGINX Data Plane Pods.<br>- Deliver traffic routing and configuration updates to NGINX Agent instances over gRPC. |
163
+
|**Gateways**| - _Gateway A_: Listens for requests under `*.example.com`. Routes:<br> • _HTTPRoute A_: Routes requests to `a.example.com`into Application A.<br> • _HTTPRoute B_: Routes requests to `b.example.com`into Application B.<br>- _Gateway B_: Listens for requests under `*.other-example.com`. Routes:<br> • _HTTPRoute C_: Routes requests to `c.other-example.com`into Application C. |
164
+
|**Applications**| - _Application A_: Deployed by Developer A (2 pods), routed by Gateway A via HTTPRoute A.<br>- _Application B_: Deployed by Developer A (1 pod), routed by Gateway A via HTTPRoute B.<br>- _Application C_: Deployed by Developer B (1 pod), routed by Gateway B via HTTPRoute C. |
165
+
|**NGINX Data Plane Pods**| - _NGINX Data Plane Pod A_: Handles traffic routed from Gateway A:<br> • _NGINX Process A_: Forwards requests to Application A and Application B as defined in Gateway A's HTTPRoutes.<br> • _NGINX Agent A_: Receives configuration updates from the NGINX Gateway Fabric Control Plane Pod via gRPC.<br>- _NGINX Data Plane Pod B_: Manages traffic routed from Gateway B:<br> • _NGINX Process B_: Forwards requests to Application C as defined in Gateway B’s HTTPRoute.<br> • _NGINX Agent B_: Receives configuration updates via gRPC from the NGINX Gateway Fabric Control Plane Pod. |
166
+
|**Traffic Flow**| - _Client A_:<br> 1. Sends requests to `a.example.com` via the Public Endpoint.<br> 2. Requests are routed by Gateway A and processed by NGINX Process A.<br> 3. Traffic is forwarded to Application A.<br>- _Client B_:<br> 1. Sends requests to `c.other-example.com` via the Public Endpoint.<br> 2. Requests are routed by Gateway B and processed by NGINX Process B.<br> 3. Traffic is forwarded to Application C. |
167
+
|**Public Endpoint**| A shared entry point (TCP Load Balancer or NodePort) that exposes the NGINX Data Plane externally to forward client traffic into the cluster. |
168
+
|**Kubernetes API**| Acts as the central hub for resource management:<br>- Fetches Gateway API resources for Gateway A and Gateway B.<br>- Facilitates NGINX configuration updates via the NGINX Gateway Fabric Control Plane Pod.|
The following table describes the connections, preceeded by their types in parentheses. For brevity, the suffix "process" has been omitted from the process descriptions.
| 1 | Kubernetes API (HTTPS) |_Kubernetes API → NGF Pod_: The NGF Pod watches the Kubernetes API for Gateway API resources (e.g., Gateways, HTTPRoutes) to fetch the latest cluster configuration. |
226
-
| 2 | gRPC |_NGF Pod → NGINX Agent_: The NGF Pod processes the Gateway API resources, generates NGINX configuration metadata, and sends it securely to the NGINX Agent over gRPC. |
227
-
| 3 | File I/O |_NGINX Agent → Config Files_: The NGINX Agent validates the configuration and writes the configuration files. |
228
-
| 4 | Signal |_NGINX Agent → NGINX Master_: The NGINX Agent signals the NGINX Master process to reload the updated configuration. This ensures the updated routes and settings are live. |
229
-
| 5 | HTTP/HTTPS |_Prometheus → NGINX Worker_: Prometheus collects runtime metrics (e.g., traffic stats, request details) directly from the NGINX Worker via the HTTP endpoint (`:9113/metrics`). This data helps monitor the operational state of the data plane. |
230
-
| 6 | HTTPS |_NGF Pod → F5 Telemetry Service_: The NGF Pod sends system and usage telemetry data (like API requests handled, error rates, and performance metrics) to the F5 Telemetry Service for analytics. |
231
-
| 7 | HTTP, HTTPS |_Client → NGINX Worker_: Clients send traffic (e.g., HTTP/HTTPS requests) to the NGINX Worker. These are typically routed via a public LoadBalancer or NodePort to expose NGINX. |
232
-
{{% /bootstrap-table %}}
234
+
| 1 | Kubernetes API (HTTPS) |_Kubernetes API → NGINX Gateway Fabric Control Plane Pod_: The NGINX Gateway Fabric Control Plane Pod (in the `nginx-gateway` namespace) watches the Kubernetes API for updates to Gateway API resources (e.g., Gateways, HTTPRoutes), fetching the latest configuration to manage routing and traffic control. |
235
+
| 2 | gRPC |_NGINX Gateway Fabric Control Plane Pod → NGINX Agent_: The NGINX Gateway Fabric Control Plane Pod processes Gateway API resources, generates NGINX configuration settings, and securely delivers them to the NGINX Agent inside the NGINX Data Plane Pod via gRPC. |
236
+
| 3 | File I/O |_NGINX Agent → Config Files_: The NGINX Agent (within the NGINX Data Plane Pod) validates the configuration metadata received from the Control Plane Pod and writes it to NGINX configuration files within the pod. These files store dynamic routing rules and traffic settings. |
237
+
| 4 | Signal |_NGINX Agent → NGINX Master_: After writing the configuration files, the NGINX Agent signals the NGINX Master process to reload the configuration. This ensures the NGINX Data Plane Pod immediately applies the updated routes and settings. |
238
+
| 5 | HTTP/HTTPS |_Prometheus → NGINX Worker_: Prometheus collects runtime metrics (e.g., traffic statistics, request rates, and active connections) from the NGINX Worker process, which is part of the NGINX Data Plane Pod. The `/metrics` endpoint exposes these metrics for monitoring and observability. |
239
+
| 6 | HTTPS |_NGINX Gateway Fabric Control Plane Pod → F5 Telemetry Service_: The NGINX Gateway Fabric Control Plane Pod sends telemetry data (e.g., API requests handled, usage metrics, performance stats, error rates) to the external F5 Telemetry Service for centralized monitoring and diagnostics. |
240
+
| 7 | HTTP/HTTPS |_Client → NGINX Worker_: Clients send incoming application traffic (e.g., HTTP/HTTPS requests) to the NGINX Worker process within the NGINX Data Plane Pod. These requests are typically routed through a shared Public Endpoint (e.g., LoadBalancer or NodePort) before reaching the NGINX Data Plane. |
241
+
| 8 | HTTP/HTTPS |_NGINX Worker → Backend Application_: The NGINX Worker process forwards client traffic to the appropriate backend application services (e.g., Pods) as defined in the routing rules and configuration received from the Control Plane Pod. |
242
+
243
+
{{< /bootstrap-table >}}
233
244
234
245
---
235
246
236
-
### NGINX Plus Features and Benefits
247
+
### Additional features and enhancements when using NGINX Plus
237
248
238
249
NGINX Gateway Fabric supports both NGINX Open Source and NGINX Plus. While the previous diagram shows NGINX Open Source, using NGINX Plus provides additional capabilities, including:
239
250
@@ -248,7 +259,7 @@ These features enable reduced downtime, improved performance during scaling even
248
259
249
260
### Resilience and fault isolation
250
261
251
-
This architecture separates the control plane and data plane, creating clear operational boundaries that improve resilience and fault isolation. It also enhances scalability, security, and reliability while reducing the risk of failures affecting both components.
262
+
This architecture separates the control plane and data plane, creating clear operational boundaries that improve resilience and fault isolation:
0 commit comments