Allow for provisioning NGINX as DaemonSet

Problem: With the initial provisioner implementation, the NGINX gateway could only be installed as a Deployment. Users may want to install NGINX as a DaemonSet.

Solution: Allow for provisioning the NGINX gateway as a DaemonSet.

Author: sjberman

apis/v1alpha2/nginxproxy_types.go

@@ -359,13 +359,22 @@ const (
 )
 
 // KubernetesSpec contains the configuration for the NGINX Deployment and Service Kubernetes objects.
+//
+// +kubebuilder:validation:XValidation:message="only one of deployment or daemonSet can be set",rule="(!has(self.deployment) && !has(self.daemonSet)) || ((has(self.deployment) && !has(self.daemonSet)) || (!has(self.deployment) && has(self.daemonSet)))"
+//
+//nolint:lll
 type KubernetesSpec struct {
 	// Deployment is the configuration for the NGINX Deployment.
 	// This is the default deployment option.
 	//
 	// +optional
 	Deployment *DeploymentSpec `json:"deployment,omitempty"`
 
+	// DaemonSet is the configuration for the NGINX DaemonSet.
+	//
+	// +optional
+	DaemonSet *DaemonSetSpec `json:"daemonSet,omitempty"`
+
 	// Service is the configuration for the NGINX Service.
 	//
 	// +optional
@@ -382,12 +391,25 @@ type DeploymentSpec struct {
 	// Pod defines Pod-specific fields.
 	//
 	// +optional
-	Pod PodSpec `json:"pod,omitempty"`
+	Pod PodSpec `json:"pod"`
+
+	// Container defines container fields for the NGINX container.
+	//
+	// +optional
+	Container ContainerSpec `json:"container"`
+}
+
+// DaemonSet is the configuration for the NGINX DaemonSet.
+type DaemonSetSpec struct {
+	// Pod defines Pod-specific fields.
+	//
+	// +optional
+	Pod PodSpec `json:"pod"`
 
 	// Container defines container fields for the NGINX container.
 	//
 	// +optional
-	Container ContainerSpec `json:"container,omitempty"`
+	Container ContainerSpec `json:"container"`
 }
 
 // PodSpec defines Pod-specific fields.

apis/v1alpha2/zz_generated.deepcopy.go

@@ -14,6 +14,7 @@ rules:
   - serviceaccounts
   - services
   - deployments
+  - daemonsets
   verbs:
   - create
   - update

charts/nginx-gateway-fabric/templates/clusterrole.yaml

@@ -27,6 +27,22 @@ spec:
         debug: {{ .Values.nginx.debug }}
         {{- end }}
     {{- end }}
+    {{- if eq .Values.nginx.kind "daemonSet" }}
+    daemonSet:
+      {{- if .Values.nginx.pod }}
+      pod:
+        {{- toYaml .Values.nginx.pod | nindent 8 }}
+      {{- end }}
+      container:
+        {{- if .Values.nginx.container }}
+          {{- toYaml .Values.nginx.container | nindent 8 }}
+        {{- end }}
+        image:
+          {{- toYaml .Values.nginx.image | nindent 10 }}
+        {{- if .Values.nginx.debug }}
+        debug: {{ .Values.nginx.debug }}
+        {{- end }}
+    {{- end }}
     {{- if .Values.nginx.service }}
     service:
       {{- with .Values.nginx.service }}

charts/nginx-gateway-fabric/templates/nginxproxy.yaml

@@ -328,7 +328,8 @@
           "default": "deployment",
           "description": "The kind of NGINX deployment.",
           "enum": [
-            "deployment"
+            "deployment",
+            "daemonSet"
           ],
           "required": [],
           "title": "kind"

charts/nginx-gateway-fabric/values.schema.json

@@ -185,6 +185,7 @@ nginx:
   # @schema
   # enum:
   #   - deployment
+  #   - daemonSet
   # @schema
   # -- The kind of NGINX deployment.
   kind: deployment

charts/nginx-gateway-fabric/values.yaml

@@ -447,11 +447,15 @@ func (cs *commandService) getPodOwner(podName string) (types.NamespacedName, err
 		return types.NamespacedName{}, fmt.Errorf("expected one owner reference of the nginx Pod, got %d", len(podOwnerRefs))
 	}
 
-	if podOwnerRefs[0].Kind != "ReplicaSet" {
-		err := fmt.Errorf("expected pod owner reference to be ReplicaSet, got %s", podOwnerRefs[0].Kind)
+	if podOwnerRefs[0].Kind != "ReplicaSet" && podOwnerRefs[0].Kind != "DaemonSet" {
+		err := fmt.Errorf("expected pod owner reference to be ReplicaSet or DaemonSet, got %s", podOwnerRefs[0].Kind)
 		return types.NamespacedName{}, err
 	}
 
+	if podOwnerRefs[0].Kind == "DaemonSet" {
+		return types.NamespacedName{Namespace: pod.Namespace, Name: podOwnerRefs[0].Name}, nil
+	}
+
 	var replicaSet appsv1.ReplicaSet
 	var replicaSetErr error
 	if err := wait.PollUntilContextCancel(

config/crd/bases/gateway.nginx.org_nginxproxies.yaml

@@ -690,7 +690,7 @@ func TestGetPodOwner(t *testing.T) {
 		expected   types.NamespacedName
 	}{
 		{
-			name:    "successfully gets pod owner",
+			name:    "successfully gets pod owner; ReplicaSet",
 			podName: "nginx-pod",
 			podList: &v1.PodList{
 				Items: []v1.Pod{
@@ -725,6 +725,31 @@ func TestGetPodOwner(t *testing.T) {
 				Name:      "nginx-deployment",
 			},
 		},
+		{
+			name:    "successfully gets pod owner; DaemonSet",
+			podName: "nginx-pod",
+			podList: &v1.PodList{
+				Items: []v1.Pod{
+					{
+						ObjectMeta: metav1.ObjectMeta{
+							Name:      "nginx-pod",
+							Namespace: "test",
+							OwnerReferences: []metav1.OwnerReference{
+								{
+									Kind: "DaemonSet",
+									Name: "nginx-daemonset",
+								},
+							},
+						},
+					},
+				},
+			},
+			replicaSet: &appsv1.ReplicaSet{},
+			expected: types.NamespacedName{
+				Namespace: "test",
+				Name:      "nginx-daemonset",
+			},
+		},
 		{
 			name:       "error listing pods",
 			podName:    "nginx-pod",
@@ -745,7 +770,7 @@ func TestGetPodOwner(t *testing.T) {
 			errString:  "should only be one pod with name",
 		},
 		{
-			name:    "pod owner reference is not ReplicaSet",
+			name:    "pod owner reference is not ReplicaSet or DaemonSet",
 			podName: "nginx-pod",
 			podList: &v1.PodList{
 				Items: []v1.Pod{
@@ -763,7 +788,7 @@ func TestGetPodOwner(t *testing.T) {
 				},
 			},
 			replicaSet: &appsv1.ReplicaSet{},
-			errString:  "expected pod owner reference to be ReplicaSet",
+			errString:  "expected pod owner reference to be ReplicaSet or DaemonSet",
 		},
 		{
 			name:    "pod has multiple owners",