nginx
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 3 additions & 6 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 3 additions & 6 deletions
diff --git a/‎.yamllint.yaml‎
Lines changed: 2 additions & 4 deletions b/‎.yamllint.yaml‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎build/ubi/Dockerfile.nginx‎
Lines changed: 8 additions & 12 deletions b/‎build/ubi/Dockerfile.nginx‎
Lines changed: 8 additions & 12 deletions
diff --git a/‎build/ubi/Dockerfile.nginxplus‎
Lines changed: 11 additions & 10 deletions b/‎build/ubi/Dockerfile.nginxplus‎
Lines changed: 11 additions & 10 deletions
diff --git a/‎charts/nginx-gateway-fabric/templates/clusterrole.yaml‎
Lines changed: 20 additions & 2 deletions b/‎charts/nginx-gateway-fabric/templates/clusterrole.yaml‎
Lines changed: 20 additions & 2 deletions
diff --git a/‎deploy/azure/deploy.yaml‎
Lines changed: 20 additions & 2 deletions b/‎deploy/azure/deploy.yaml‎
Lines changed: 20 additions & 2 deletions
diff --git a/‎deploy/default/deploy.yaml‎
Lines changed: 20 additions & 2 deletions b/‎deploy/default/deploy.yaml‎
Lines changed: 20 additions & 2 deletions
diff --git a/‎deploy/experimental-nginx-plus/deploy.yaml‎
Lines changed: 20 additions & 2 deletions b/‎deploy/experimental-nginx-plus/deploy.yaml‎
Lines changed: 20 additions & 2 deletions
diff --git a/‎deploy/experimental/deploy.yaml‎
Lines changed: 20 additions & 2 deletions b/‎deploy/experimental/deploy.yaml‎
Lines changed: 20 additions & 2 deletions
diff --git a/‎deploy/nginx-plus/deploy.yaml‎
Lines changed: 20 additions & 2 deletions b/‎deploy/nginx-plus/deploy.yaml‎
Lines changed: 20 additions & 2 deletions
@@ -5,14 +5,11 @@ repos:
     rev: v6.0.0
     hooks:
       - id: trailing-whitespace
-        exclude: (^operators/|^tests/results/|\.avdl$|_generated.go$)
+        exclude: (^tests/results/|\.avdl$|_generated.go$)
       - id: end-of-file-fixer
-        exclude: (^operators/)
       - id: check-yaml
         args: [--allow-multiple-documents]
-        exclude: (^operators/|^charts/nginx-gateway-fabric/templates)
-      - id: check-added-large-files
-        exclude: (^operators/)
+        exclude: (^charts/nginx-gateway-fabric/templates)
       - id: check-merge-conflict
       - id: check-case-conflict
       - id: check-vcs-permalinks
@@ -26,7 +23,7 @@ repos:
         args: [--fix=lf]
       - id: no-commit-to-branch
       - id: detect-private-key
-        exclude: (^operators/|^examples/|^docs/|.*_test.go$)
+        exclude: (^examples/|^docs/|.*_test.go$)
 
   - repo: https://github.com/gitleaks/gitleaks
     rev: v8.28.0
 
@@ -4,7 +4,6 @@ ignore:
   - config/crd/bases/
   - deploy
   - site/static
-  - operators/
 
 rules:
   braces: enable
@@ -18,7 +17,6 @@ rules:
   comments-indentation:
     ignore: |
       charts/nginx-gateway-fabric/values.yaml
-      operators/
   document-end: disable
   document-start: disable
   empty-lines: enable
@@ -30,7 +28,7 @@ rules:
     indent-sequences: consistent
     check-multi-line-strings: true
     ignore: |
-      operators/
+      operators/**/*
   key-duplicates: enable
   key-ordering: disable
   line-length:
@@ -42,6 +40,7 @@ rules:
       tests/suite/manifests/longevity/cronjob.yaml
       .goreleaser.yml
       charts/nginx-gateway-fabric/
+      operators/config/crd/bases/gateway.nginx.org_nginxgatewayfabrics.yaml
   new-line-at-end-of-file: enable
   new-lines: enable
   octal-values: disable
@@ -50,4 +49,3 @@ rules:
   truthy:
     ignore: |
       .github/workflows/
-      operators/
@@ -6,19 +6,17 @@ ADD --link --chown=101:1001 https://nginx.org/keys/nginx_signing.key nginx_signi
 ADD --link --chown=101:1001 build/ubi/repos/nginx.repo nginx.repo
 ADD --link --chown=101:1001 build/ubi/repos/agent.repo agent.repo
 
-FROM redhat/ubi9-minimal:9.6 AS ubi-minimal
-
 FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi9@sha256:01a32246761b9bbe47a6a29bcd8ca6e9b6e331b3bdfa372d8987b622276f7025 AS ubi9-packages
 
-FROM ubi-minimal AS ubi-nginx
+FROM redhat/ubi9-minimal:9.6 AS ubi-nginx
 
 # renovate: datasource=github-tags depName=nginx/agent
 ARG NGINX_AGENT_VERSION=v3.3.1
 ARG NJS_DIR
 ARG NGINX_CONF_DIR
 ARG BUILD_AGENT
 
-LABEL name="F5 NGINX Gateway Fabric NGINX" \
+LABEL name="F5 NGINX Gateway Fabric NGINX OSS" \
 	maintainer="[email protected]" \
 	vendor="F5 NGINX" \
 	summary="NGINX Gateway Fabric" \
@@ -29,7 +27,7 @@ LABEL name="F5 NGINX Gateway Fabric NGINX" \
 
 COPY --link --chown=101:1001 LICENSE /licenses/
 
-# Install NGINX with OTEL support using the same approach as NGINX IC
+# Install NGINX with packages
 RUN --mount=type=bind,from=nginx-files,src=nginx_signing.key,target=/tmp/nginx_signing.key \
     --mount=type=bind,from=nginx-files,src=nginx.repo,target=/etc/yum.repos.d/nginx.repo \
     --mount=type=bind,from=nginx-files,src=agent.repo,target=/etc/yum.repos.d/agent.repo \
@@ -54,20 +52,18 @@ RUN mkdir -p /usr/lib/nginx/modules /var/run/nginx /usr/lib64/nginx/modules \
     # Forward request and error logs to docker log collector
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log \
-    && mv /usr/lib64/nginx/modules/ngx_* /usr/lib/nginx/modules/ \
-    # Set proper permissions for nginx user
-    && chown -R 101:1001 /etc/nginx /var/cache/nginx /var/log/nginx /var/run/nginx
+    && mv /usr/lib64/nginx/modules/ngx_* /usr/lib/nginx/modules/
+
+# Set proper permissions for nginx user
+RUN chown -R 101:1001 /etc/nginx /var/cache/nginx
 
 # Copy configuration files and scripts
 COPY build/entrypoint.sh /agent/entrypoint.sh
-COPY ${NJS_DIR}/httpmatches.js /usr/lib/nginx/modules/njs/httpmatches.js
+COPY ${NJS_DIR}/ /usr/lib/nginx/modules/njs/
 COPY ${NGINX_CONF_DIR}/nginx.conf /etc/nginx/nginx.conf
 COPY ${NGINX_CONF_DIR}/grpc-error-locations.conf /etc/nginx/grpc-error-locations.conf
 COPY ${NGINX_CONF_DIR}/grpc-error-pages.conf /etc/nginx/grpc-error-pages.conf
 
-# Set executable permissions
-RUN chmod +x /agent/entrypoint.sh && chown 101:1001 /agent/entrypoint.sh
-
 # Switch to non-root user
 USER 101:1001
 
 
@@ -6,11 +6,9 @@ ADD --link --chown=101:1001 https://cs.nginx.com/static/files/plus-9.repo nginx-
 ADD --link --chown=101:1001 https://nginx.org/keys/nginx_signing.key nginx_signing.key
 ADD --link --chown=101:1001 build/ubi/repos/agent.repo agent.repo
 
-FROM redhat/ubi9-minimal:9.6 AS ubi-minimal
-
 FROM ghcr.io/nginx/dependencies/nginx-ubi:ubi9@sha256:01a32246761b9bbe47a6a29bcd8ca6e9b6e331b3bdfa372d8987b622276f7025 AS ubi9-packages
 
-FROM ubi-minimal AS ubi-nginx-plus
+FROM redhat/ubi9-minimal:9.6 AS ubi-nginx-plus
 
 ARG NGINX_PLUS_VERSION=R35
 
@@ -52,6 +50,7 @@ RUN --mount=type=bind,from=nginx-files,src=nginx-plus.repo,target=/etc/yum.repos
     # Install nginx-agent
     && microdnf --nodocs install -y nginx-agent-${NGINX_AGENT_VERSION#v}* \
     # Clean up
+    # && microdnf remove -y shadow-utils subscription-manager \
     && microdnf clean all \
     && rm -rf /var/cache/yum
 
@@ -60,20 +59,22 @@ RUN mkdir -p /usr/lib/nginx/modules /var/run/nginx /usr/lib64/nginx/modules \
     # Forward request and error logs to docker log collector
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log \
-    && mv /usr/lib64/nginx/modules/ngx_* /usr/lib/nginx/modules/ \
-    # Set proper permissions for nginx user
-    && chown -R 101:1001 /etc/nginx /var/cache/nginx /var/log/nginx /var/run/nginx
+    && mv /usr/lib64/nginx/modules/ngx_* /usr/lib/nginx/modules/
+
+# Copy default html files to a writable location
+RUN mkdir -p /etc/nginx/html \
+    && cp /usr/share/nginx/html/* /etc/nginx/html/
+
+# Set proper permissions for nginx user
+RUN chown -R 101:1001 /etc/nginx /var/cache/nginx
 
 # Copy configuration files and scripts
 COPY build/entrypoint.sh /agent/entrypoint.sh
-COPY ${NJS_DIR}/httpmatches.js /usr/lib/nginx/modules/njs/httpmatches.js
+COPY ${NJS_DIR}/ /usr/lib/nginx/modules/njs/
 COPY ${NGINX_CONF_DIR}/nginx.conf /etc/nginx/nginx.conf
 COPY ${NGINX_CONF_DIR}/grpc-error-locations.conf /etc/nginx/grpc-error-locations.conf
 COPY ${NGINX_CONF_DIR}/grpc-error-pages.conf /etc/nginx/grpc-error-pages.conf
 
-# Set executable permissions
-RUN chmod +x /agent/entrypoint.sh && chown 101:1001 /agent/entrypoint.sh
-
 # Switch to non-root user
 USER 101:1001
 
 
@@ -7,15 +7,33 @@ metadata:
 rules:
 - apiGroups:
   - ""
-  - apps
-  - autoscaling
   resources:
   - secrets
   - configmaps
   - serviceaccounts
   - services
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - apps
+  resources:
   - deployments
   - daemonsets
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
   - horizontalpodautoscalers
   verbs:
   - create
 
@@ -55,15 +55,33 @@ metadata:
 rules:
 - apiGroups:
   - ""
-  - apps
-  - autoscaling
   resources:
   - secrets
   - configmaps
   - serviceaccounts
   - services
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - apps
+  resources:
   - deployments
   - daemonsets
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
   - horizontalpodautoscalers
   verbs:
   - create
 
@@ -55,15 +55,33 @@ metadata:
 rules:
 - apiGroups:
   - ""
-  - apps
-  - autoscaling
   resources:
   - secrets
   - configmaps
   - serviceaccounts
   - services
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - apps
+  resources:
   - deployments
   - daemonsets
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
   - horizontalpodautoscalers
   verbs:
   - create
 
@@ -55,15 +55,33 @@ metadata:
 rules:
 - apiGroups:
   - ""
-  - apps
-  - autoscaling
   resources:
   - secrets
   - configmaps
   - serviceaccounts
   - services
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - apps
+  resources:
   - deployments
   - daemonsets
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
   - horizontalpodautoscalers
   verbs:
   - create
 
@@ -55,15 +55,33 @@ metadata:
 rules:
 - apiGroups:
   - ""
-  - apps
-  - autoscaling
   resources:
   - secrets
   - configmaps
   - serviceaccounts
   - services
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - apps
+  resources:
   - deployments
   - daemonsets
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
   - horizontalpodautoscalers
   verbs:
   - create
 
@@ -55,15 +55,33 @@ metadata:
 rules:
 - apiGroups:
   - ""
-  - apps
-  - autoscaling
   resources:
   - secrets
   - configmaps
   - serviceaccounts
   - services
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - apps
+  resources:
   - deployments
   - daemonsets
+  verbs:
+  - create
+  - update
+  - delete
+  - list
+  - get
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
   - horizontalpodautoscalers
   verbs:
   - create