feat: Support ExternalName Services

Problem: NGF does not support routing to services outside the cluster

Solution: Add support for ExternalName type Services

Author: ciarams87

apis/v1alpha2/nginxproxy_types.go

@@ -94,6 +94,11 @@ type NginxProxySpec struct {
 	// +kubebuilder:validation:Minimum=1
 	// +kubebuilder:validation:Maximum=65535
 	WorkerConnections *int32 `json:"workerConnections,omitempty"`
+	// DNSResolver specifies the DNS resolver configuration for external name resolution.
+	// This enables support for routing to ExternalName Services.
+	//
+	// +optional
+	DNSResolver *DNSResolver `json:"dnsResolver,omitempty"`
 }
 
 // Telemetry specifies the OpenTelemetry configuration.
@@ -355,6 +360,59 @@ type NginxPlus struct {
 	AllowedAddresses []NginxPlusAllowAddress `json:"allowedAddresses,omitempty"`
 }
 
+// DNSResolver specifies the DNS resolver configuration for NGINX.
+// This enables dynamic DNS resolution for ExternalName Services.
+// Corresponds to the NGINX resolver directive: https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
+type DNSResolver struct {
+	// Timeout specifies the timeout for name resolution.
+	// Default: 30s.
+	//
+	// +optional
+	Timeout *v1alpha1.Duration `json:"timeout,omitempty"`
+
+	// CacheTTL specifies how long to cache DNS responses.
+	// Default: 30s.
+	//
+	// +optional
+	CacheTTL *v1alpha1.Duration `json:"cacheTTL,omitempty"`
+
+	// IPv6 enables IPv6 lookups.
+	// Default: true.
+	//
+	// +optional
+	IPv6 *bool `json:"ipv6,omitempty"`
+
+	// Addresses specifies the list of DNS server addresses.
+	// Each address can be an IP address or hostname.
+	// Example: [{"type": "IPAddress", "value": "8.8.8.8"}, {"type": "Hostname", "value": "dns.google"}]
+	//
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=16
+	// +listType=set
+	Addresses []DNSResolverAddress `json:"addresses"`
+}
+
+// DNSResolverAddress specifies the address type and value for a DNS resolver address.
+type DNSResolverAddress struct {
+	// Type specifies the type of address.
+	Type DNSResolverAddressType `json:"type"`
+
+	// Value specifies the address value.
+	Value string `json:"value"`
+}
+
+// DNSResolverAddressType specifies the type of DNS resolver address.
+// +kubebuilder:validation:Enum=IPAddress;Hostname
+type DNSResolverAddressType string
+
+const (
+	// DNSResolverIPAddressType specifies that the address is an IP address.
+	DNSResolverIPAddressType DNSResolverAddressType = "IPAddress"
+
+	// DNSResolverHostnameType specifies that the address is a hostname.
+	DNSResolverHostnameType DNSResolverAddressType = "Hostname"
+)
+
 // NginxPlusAllowAddress specifies the address type and value for an NginxPlus allow address.
 type NginxPlusAllowAddress struct {
 	// Type specifies the type of address.

apis/v1alpha2/zz_generated.deepcopy.go

@@ -126,6 +126,59 @@
               "required": [],
               "type": "boolean"
             },
+            "dnsResolver": {
+              "description": "DNSResolver specifies the DNS resolver configuration for external name resolution. This enables support for routing to ExternalName Services.",
+              "properties": {
+                "addresses": {
+                  "description": "List of DNS server addresses. Each address specifies a type and value.",
+                  "items": {
+                    "properties": {
+                      "type": {
+                        "description": "Type specifies the type of address.",
+                        "enum": [
+                          "IPAddress",
+                          "Hostname"
+                        ],
+                        "required": [],
+                        "type": "string"
+                      },
+                      "value": {
+                        "description": "Value specifies the address value.",
+                        "required": [],
+                        "type": "string"
+                      }
+                    },
+                    "required": [
+                      "type",
+                      "value"
+                    ],
+                    "type": "object"
+                  },
+                  "minItems": 1,
+                  "required": [],
+                  "type": "array"
+                },
+                "cacheTTL": {
+                  "description": "CacheTTL specifies how long to cache DNS responses. Default is 30s.",
+                  "pattern": "^\\d+[smhd]?$",
+                  "required": [],
+                  "type": "string"
+                },
+                "ipv6": {
+                  "description": "IPv6 enables IPv6 lookups. Default is true.",
+                  "required": [],
+                  "type": "boolean"
+                },
+                "timeout": {
+                  "description": "Timeout specifies the timeout for name resolution. Default is 30s.",
+                  "pattern": "^\\d+[smhd]?$",
+                  "required": [],
+                  "type": "string"
+                }
+              },
+              "required": [],
+              "type": "object"
+            },
             "ipFamily": {
               "description": "IPFamily specifies the IP family to be used by the NGINX.",
               "enum": [

charts/nginx-gateway-fabric/values.schema.json

@@ -462,6 +462,40 @@ nginx:
   #     minimum: 1
   #     maximum: 65535
   #     description: The number of worker connections for NGINX. Default is 1024.
+  #   dnsResolver:
+  #     type: object
+  #     description: DNSResolver specifies the DNS resolver configuration for external name resolution. This enables support for routing to ExternalName Services.
+  #     properties:
+  #       addresses:
+  #         type: array
+  #         description: List of DNS server addresses. Each address specifies a type and value.
+  #         items:
+  #           type: object
+  #           properties:
+  #             type:
+  #               type: string
+  #               enum:
+  #                 - IPAddress
+  #                 - Hostname
+  #               description: Type specifies the type of address.
+  #             value:
+  #               type: string
+  #               description: Value specifies the address value.
+  #           required:
+  #             - type
+  #             - value
+  #         minItems: 1
+  #       timeout:
+  #         type: string
+  #         description: Timeout specifies the timeout for name resolution. Default is 30s.
+  #         pattern: ^\d+[smhd]?$
+  #       cacheTTL:
+  #         type: string
+  #         description: CacheTTL specifies how long to cache DNS responses. Default is 30s.
+  #         pattern: ^\d+[smhd]?$
+  #       ipv6:
+  #         type: boolean
+  #         description: IPv6 enables IPv6 lookups. Default is true.
   # @schema
   # -- The configuration for the data plane that is contained in the NginxProxy resource. This is applied globally to all Gateways
   # managed by this instance of NGINX Gateway Fabric.

charts/nginx-gateway-fabric/values.yaml

@@ -65,6 +65,57 @@ spec:
                   introduces security risks as described in Gateway API GEP-3567.
                   If not specified, defaults to false (validation enabled).
                 type: boolean
+              dnsResolver:
+                description: |-
+                  DNSResolver specifies the DNS resolver configuration for external name resolution.
+                  This enables support for routing to ExternalName Services.
+                properties:
+                  addresses:
+                    description: |-
+                      Addresses specifies the list of DNS server addresses.
+                      Each address can be an IP address or hostname.
+                      Example: [{"type": "IPAddress", "value": "8.8.8.8"}, {"type": "Hostname", "value": "dns.google"}]
+                    items:
+                      description: DNSResolverAddress specifies the address type and
+                        value for a DNS resolver address.
+                      properties:
+                        type:
+                          description: Type specifies the type of address.
+                          enum:
+                          - IPAddress
+                          - Hostname
+                          type: string
+                        value:
+                          description: Value specifies the address value.
+                          type: string
+                      required:
+                      - type
+                      - value
+                      type: object
+                    maxItems: 16
+                    minItems: 1
+                    type: array
+                    x-kubernetes-list-type: set
+                  cacheTTL:
+                    description: |-
+                      CacheTTL specifies how long to cache DNS responses.
+                      Default: 30s.
+                    pattern: ^[0-9]{1,4}(ms|s|m|h)?$
+                    type: string
+                  ipv6:
+                    description: |-
+                      IPv6 enables IPv6 lookups.
+                      Default: true.
+                    type: boolean
+                  timeout:
+                    description: |-
+                      Timeout specifies the timeout for name resolution.
+                      Default: 30s.
+                    pattern: ^[0-9]{1,4}(ms|s|m|h)?$
+                    type: string
+                required:
+                - addresses
+                type: object
               ipFamily:
                 default: dual
                 description: |-

config/crd/bases/gateway.nginx.org_nginxproxies.yaml

@@ -650,6 +650,57 @@ spec:
                   introduces security risks as described in Gateway API GEP-3567.
                   If not specified, defaults to false (validation enabled).
                 type: boolean
+              dnsResolver:
+                description: |-
+                  DNSResolver specifies the DNS resolver configuration for external name resolution.
+                  This enables support for routing to ExternalName Services.
+                properties:
+                  addresses:
+                    description: |-
+                      Addresses specifies the list of DNS server addresses.
+                      Each address can be an IP address or hostname.
+                      Example: [{"type": "IPAddress", "value": "8.8.8.8"}, {"type": "Hostname", "value": "dns.google"}]
+                    items:
+                      description: DNSResolverAddress specifies the address type and
+                        value for a DNS resolver address.
+                      properties:
+                        type:
+                          description: Type specifies the type of address.
+                          enum:
+                          - IPAddress
+                          - Hostname
+                          type: string
+                        value:
+                          description: Value specifies the address value.
+                          type: string
+                      required:
+                      - type
+                      - value
+                      type: object
+                    maxItems: 16
+                    minItems: 1
+                    type: array
+                    x-kubernetes-list-type: set
+                  cacheTTL:
+                    description: |-
+                      CacheTTL specifies how long to cache DNS responses.
+                      Default: 30s.
+                    pattern: ^[0-9]{1,4}(ms|s|m|h)?$
+                    type: string
+                  ipv6:
+                    description: |-
+                      IPv6 enables IPv6 lookups.
+                      Default: true.
+                    type: boolean
+                  timeout:
+                    description: |-
+                      Timeout specifies the timeout for name resolution.
+                      Default: 30s.
+                    pattern: ^[0-9]{1,4}(ms|s|m|h)?$
+                    type: string
+                required:
+                - addresses
+                type: object
               ipFamily:
                 default: dual
                 description: |-