From 75758c63d9c715c8b432e7c45c76b7892404339f Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Tue, 24 Jun 2025 09:32:32 -0600
Subject: [PATCH 1/2] feature: incorporate NIC and NGF into NGINX 1 Console
---
content/nginx-one/_index.md | 3 +
content/nginx-one/api/_index.md | 2 +-
content/nginx-one/glossary.md | 2 +-
content/nginx-one/k8s/_index.md | 8 ++
content/nginx-one/k8s/add-nic.md | 159 ++++++++++++++++++++++++++++++
content/nginx-one/k8s/overview.md | 20 ++++
6 files changed, 192 insertions(+), 2 deletions(-)
create mode 100644 content/nginx-one/k8s/_index.md
create mode 100644 content/nginx-one/k8s/add-nic.md
create mode 100644 content/nginx-one/k8s/overview.md
diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md
index 34a88e88e..624af7c04 100644
--- a/content/nginx-one/_index.md
+++ b/content/nginx-one/_index.md
@@ -40,6 +40,9 @@ F5 NGINX One Console makes it easy to manage NGINX instances across locations an
{{}}
Manage one instance or groups of instances. Monitor certificates. Set up metrics.
{{}}
+ {{}}
+ Monitor deployments for CVEs and certificates
+ {{}}
{{}}
Assign responsibilities with role-based access control
{{}}
diff --git a/content/nginx-one/api/_index.md b/content/nginx-one/api/_index.md
index 5b3284d5e..3a1598f3f 100644
--- a/content/nginx-one/api/_index.md
+++ b/content/nginx-one/api/_index.md
@@ -1,6 +1,6 @@
---
title: Automate with the NGINX One API
description:
-weight: 700
+weight: 800
url: /nginx-one/api
---
diff --git a/content/nginx-one/glossary.md b/content/nginx-one/glossary.md
index fe3608390..07d5ab60c 100644
--- a/content/nginx-one/glossary.md
+++ b/content/nginx-one/glossary.md
@@ -3,7 +3,7 @@ description: ''
nd-docs: DOCS-1396
title: Glossary
toc: true
-weight: 800
+weight: 1000
type:
- reference
---
diff --git a/content/nginx-one/k8s/_index.md b/content/nginx-one/k8s/_index.md
new file mode 100644
index 000000000..794456588
--- /dev/null
+++ b/content/nginx-one/k8s/_index.md
@@ -0,0 +1,8 @@
+---
+title: Connect Kubernetes deployments
+description:
+weight: 700
+url: /nginx-one/k8s
+nd-product: NGINX One
+---
+
diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md
new file mode 100644
index 000000000..23eb9e2f4
--- /dev/null
+++ b/content/nginx-one/k8s/add-nic.md
@@ -0,0 +1,159 @@
+---
+title: Connect to NGINX One Console
+toc: true
+weight: 200
+nd-content-type: how-to
+nd-product: NGINX One
+---
+
+This document explains how to connect F5 NGINX Ingress Controller to F5 NGINX One Console using NGINX Agent.
+Connecting NGINX Ingress Controller to NGINX One Console enables centralized monitoring of all controller instances.
+
+Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller. For each instance, you can review:
+
+- Read-only configuration file
+- SSL/TLS certificates
+- CVEs
+
+## Prerequisites
+
+Before connecting NGINX Ingress Controller to NGINX One Console, you need to create a Kubernetes Secret with the data plane key. Use the following command:
+
+```shell
+kubectl create secret generic dataplane-key --from-literal=dataplane.key= -n
+```
+
+When you create a Kubernetes Secret, use the same namespace where NGINX Ingress Controller is running.
+If you use `-watch-namespace` or `watch-secret-namespace` arguments with NGINX Ingress Controller,
+you need to add the dataplane key secret to the watched namespaces. This secret will take approximately 60 - 90 seconds to reload on the pod.
+
+{{}}
+You can also create a data plane key through the NGINX One Console. Once loggged in, select **Manage > Control Planes > Add Control Plane**, and follow the steps shown.
+{{}}
+
+## Deploy NGINX Ingress Controller with NGINX Agent
+
+{{}}
+{{%tab name="Helm"%}}
+
+Edit your `values.yaml` file to enable NGINX Agent and configure it to connect to NGINX One Console:
+
+```yaml
+nginxAgent:
+ enable: true
+ dataplaneKeySecretName: ""
+```
+
+The `dataplaneKeySecretName` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}})
+for instructions on to generate your dataplane key from the NGINX One Console.
+
+Follow the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) instructions to deploy NGINX Ingress Controller.
+
+{{%/tab%}}
+{{%tab name="Manifests"%}}
+
+Add the following flag to the Deployment/DaemonSet file of NGINX Ingress Controller:
+
+```yaml
+args:
+- -agent=true
+```
+
+Create a `ConfigMap` with an `nginx-agent.conf` file:
+
+```yaml
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: nginx-agent-config
+ namespace:
+data:
+ nginx-agent.conf: |-
+ log:
+ # set log level (error, info, debug; default "info")
+ level: info
+ # set log path. if empty, don't log to file.
+ path: ""
+
+ allowed_directories:
+ - /etc/nginx
+ - /usr/lib/nginx/modules
+
+ features:
+ - certificates
+ - connection
+ - metrics
+ - file-watcher
+
+ ## command server settings
+ command:
+ server:
+ host: product.connect.nginx.com
+ port: 443
+ auth:
+ tokenpath: "/etc/nginx-agent/secrets/dataplane.key"
+ tls:
+ skip_verify: false
+```
+
+Make sure to set the namespace in the nginx-agent.config to the same namespace as NGINX Ingress Controller.
+Mount the ConfigMap to the deployment/daemonset file of NGINX Ingress Controller:
+
+```yaml
+volumeMounts:
+- name: nginx-agent-config
+ mountPath: /etc/nginx-agent/nginx-agent.conf
+ subPath: nginx-agent.conf
+- name: dataplane-key
+ mountPath: /etc/nginx-agent/secrets
+volumes:
+- name: nginx-agent-config
+ configMap:
+ name: nginx-agent-config
+- name: dataplane-key
+ secret:
+ secretName:
+```
+
+Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller.
+
+{{%/tab%}}
+{{}}
+
+## Verify a connection to NGINX One Console
+
+After deploying NGINX Ingress Controller or NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console.
+Log in to your F5 Distributed Console cloud account. Select **NGINX One > Visit Service**. In the dashboard that appears, navigate to **Manage > Instances**. Your instances should appear in the list, where the instance name is the hostname and also the pod name.
+
+## Troubleshooting
+
+If you encounter issues connecting your instances to NGINX One Console, try the following commands:
+
+Check the NGINX Agent version:
+
+```shell
+kubectl exec -it -n -- nginx-agent -v
+```
+
+If nginx-agent version is v3, continue with the following steps.
+Otherwise, make sure you are using an image that does not include NGINX App Protect.
+
+Check the NGINX Agent configuration:
+
+```shell
+kubectl exec -it -n -- cat /etc/nginx-agent/nginx-agent.conf
+```
+
+Check NGINX Agent logs:
+
+```shell
+kubectl exec -it -n -- nginx-agent
+```
+
+Select the instance associated with your deployment of NGINX Ingress Controller. Under the **Details** tab, you'll see You'll see information associated with:
+
+- SSL/TLS certificates
+- CVEs
+- Configuration recommendations
+
+Under the **Configuration** tab, you'll see a **read-only** view of the configuration files.
diff --git a/content/nginx-one/k8s/overview.md b/content/nginx-one/k8s/overview.md
new file mode 100644
index 000000000..dad0777ed
--- /dev/null
+++ b/content/nginx-one/k8s/overview.md
@@ -0,0 +1,20 @@
+---
+# We use sentence case and present imperative tone
+title: "Integrate Kubernetes control planes"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 100
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: concept
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NGINX One
+---
+
+You can now include Kubernetes systems through the [control plane](https://www.f5.com/glossary/control-plane). In related documentation, you can learn how to:
+
+- Set up a connection to F5 NGINX One Console through a data plane key.
+- Monitor each connected Kubernetes system for CVEs.
+- Review the NGINX Ingress Controller and NGINX Gateway Fabric instances that are part of your fleet
+
From e0c031bc15efdbd8e3c1882a8b19125f484a9c90 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Fri, 27 Jun 2025 12:41:46 -0600
Subject: [PATCH 2/2] Include changelog
Co-authored-by: Alan Dooley
Co-authored-by: Jodie Putrino
Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com>
Co-authored-by: Sylvia Wang <139922338+sylwang@users.noreply.github.com>
---
content/nginx-one/changelog.md | 7 +++++++
content/nginx-one/glossary.md | 3 +--
content/nginx-one/k8s/add-nic.md | 34 +++++++++++++++----------------
content/nginx-one/k8s/overview.md | 3 +--
4 files changed, 26 insertions(+), 21 deletions(-)
diff --git a/content/nginx-one/changelog.md b/content/nginx-one/changelog.md
index 1c38199b4..e66dd29f8 100644
--- a/content/nginx-one/changelog.md
+++ b/content/nginx-one/changelog.md
@@ -41,6 +41,13 @@ In NGINX One Console, you can:
- Toggle between [Default policy bundles]({{< ref "/nap-waf/v5/configuration-guide/configuration/#updating-default-policy-bundles" >}})
- Set a blocking or transparant [Policy enforcement mode]({{< ref "/nap-waf/v5/configuration-guide/configuration/#policy-enforcement-modes" >}})
+### Monitor F5 NGINX Ingress Controller deployments
+
+You can now monitor your NGINX Ingress Controller deployments. For details, see how
+you can [Connect to NGINX One Console]({{< ref "/nginx-one/k8s/add-nic.md" >}}).
+
+Unlike other NGINX instances, when you connect NGINX Ingress Controller to NGINX One Console, access is read-only. Refer to our [NGINX Ingress Controller]({{< ref "/nic/" >}}) for details on how to modify these instances.
+
## July 1, 2025
### NGINX Agent version 3 support
diff --git a/content/nginx-one/glossary.md b/content/nginx-one/glossary.md
index 07d5ab60c..06c017cd3 100644
--- a/content/nginx-one/glossary.md
+++ b/content/nginx-one/glossary.md
@@ -4,8 +4,7 @@ nd-docs: DOCS-1396
title: Glossary
toc: true
weight: 1000
-type:
-- reference
+nd-content-type: reference
---
This glossary defines terms used in the F5 NGINX One Console and F5 Distributed Cloud.
diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md
index 23eb9e2f4..23619c6d2 100644
--- a/content/nginx-one/k8s/add-nic.md
+++ b/content/nginx-one/k8s/add-nic.md
@@ -12,19 +12,20 @@ Connecting NGINX Ingress Controller to NGINX One Console enables centralized mon
Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller. For each instance, you can review:
- Read-only configuration file
-- SSL/TLS certificates
-- CVEs
+- Unmanaged SSL/TLS certificates for Control Planes
-## Prerequisites
+## Before you begin
Before connecting NGINX Ingress Controller to NGINX One Console, you need to create a Kubernetes Secret with the data plane key. Use the following command:
```shell
-kubectl create secret generic dataplane-key --from-literal=dataplane.key= -n
+kubectl create secret generic dataplane-key \
+ --from-literal=dataplane.key= \
+ -n
```
When you create a Kubernetes Secret, use the same namespace where NGINX Ingress Controller is running.
-If you use `-watch-namespace` or `watch-secret-namespace` arguments with NGINX Ingress Controller,
+If you use [`-watch-namespace`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#watch-namespace-string" >}}) or [`watch-secret-namespace`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#watch-secret-namespace-string" >}}) arguments with NGINX Ingress Controller,
you need to add the dataplane key secret to the watched namespaces. This secret will take approximately 60 - 90 seconds to reload on the pod.
{{}}
@@ -41,11 +42,11 @@ Edit your `values.yaml` file to enable NGINX Agent and configure it to connect t
```yaml
nginxAgent:
enable: true
- dataplaneKeySecretName: ""
+ dataplaneKeySecretName: ""
```
The `dataplaneKeySecretName` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}})
-for instructions on to generate your dataplane key from the NGINX One Console.
+for instructions on how to generate your dataplane key from the NGINX One Console.
Follow the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) instructions to deploy NGINX Ingress Controller.
@@ -97,7 +98,7 @@ data:
```
Make sure to set the namespace in the nginx-agent.config to the same namespace as NGINX Ingress Controller.
-Mount the ConfigMap to the deployment/daemonset file of NGINX Ingress Controller:
+Mount the ConfigMap to the Deployment/DaemonSet file of NGINX Ingress Controller:
```yaml
volumeMounts:
@@ -112,7 +113,7 @@ volumes:
name: nginx-agent-config
- name: dataplane-key
secret:
- secretName:
+ secretName: ""
```
Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller.
@@ -122,8 +123,8 @@ Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-n
## Verify a connection to NGINX One Console
-After deploying NGINX Ingress Controller or NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console.
-Log in to your F5 Distributed Console cloud account. Select **NGINX One > Visit Service**. In the dashboard that appears, navigate to **Manage > Instances**. Your instances should appear in the list, where the instance name is the hostname and also the pod name.
+After deploying NGINX Ingress Controller with NGINX Agent, you can verify the connection to NGINX One Console.
+Log in to your F5 Distributed Cloud Console account. Select **NGINX One > Visit Service**. In the dashboard, go to **Manage > Instances**. You should see your instances listed by name. The instance name matches both the hostname and the pod name.
## Troubleshooting
@@ -132,7 +133,7 @@ If you encounter issues connecting your instances to NGINX One Console, try the
Check the NGINX Agent version:
```shell
-kubectl exec -it -n -- nginx-agent -v
+kubectl exec -it -n -- nginx-agent -v
```
If nginx-agent version is v3, continue with the following steps.
@@ -141,19 +142,18 @@ Otherwise, make sure you are using an image that does not include NGINX App Prot
Check the NGINX Agent configuration:
```shell
-kubectl exec -it -n -- cat /etc/nginx-agent/nginx-agent.conf
+kubectl exec -it -n -- cat /etc/nginx-agent/nginx-agent.conf
```
Check NGINX Agent logs:
```shell
-kubectl exec -it -n -- nginx-agent
+kubectl exec -it -n -- nginx-agent
```
-Select the instance associated with your deployment of NGINX Ingress Controller. Under the **Details** tab, you'll see You'll see information associated with:
+Select the instance associated with your deployment of NGINX Ingress Controller. Under the **Details** tab, you'll see information associated with:
-- SSL/TLS certificates
-- CVEs
+- Unmanaged SSL/TLS certificates for Control Planes
- Configuration recommendations
Under the **Configuration** tab, you'll see a **read-only** view of the configuration files.
diff --git a/content/nginx-one/k8s/overview.md b/content/nginx-one/k8s/overview.md
index dad0777ed..b2da7f2d1 100644
--- a/content/nginx-one/k8s/overview.md
+++ b/content/nginx-one/k8s/overview.md
@@ -15,6 +15,5 @@ nd-product: NGINX One
You can now include Kubernetes systems through the [control plane](https://www.f5.com/glossary/control-plane). In related documentation, you can learn how to:
- Set up a connection to F5 NGINX One Console through a data plane key.
-- Monitor each connected Kubernetes system for CVEs.
-- Review the NGINX Ingress Controller and NGINX Gateway Fabric instances that are part of your fleet
+- Review the NGINX Ingress Controller instances that are part of your fleet.