Installation with Kubernetes manifests

Learn how to install, upgrade, and uninstall NGINX Gateway Fabric using Kubernetes manifests.

Prerequisites

To complete this guide, you’ll need to install:

  • kubectl, a command-line interface for managing Kubernetes clusters.

Deploy NGINX Gateway Fabric

Deploying NGINX Gateway Fabric with Kubernetes manifests takes only a few steps. With manifests, you can configure your deployment exactly how you want. Manifests also make it easy to replicate deployments across environments or clusters, ensuring consistency.

1. Install the Gateway API resources

Note:
The Gateway API resources from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - see the Technical Specifications.

To install the Gateway API resources, run the following:

kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml

If you are running on Kubernetes 1.23 or 1.24, you also need to install the validating webhook. To do so, run:

kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/webhook-install.yaml
Important:
The validating webhook is not needed if you are running Kubernetes 1.25+. Validation is done using CEL on the CRDs. See the resource validation doc for more information.

2. Deploy the NGINX Gateway Fabric CRDs

Stable release

kubectl apply -f https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.1.0/crds.yaml

Edge version

git clone https://github.com/nginxinc/nginx-gateway-fabric.git
cd nginx-gateway-fabric
kubectl apply -f deploy/manifests/crds

3. Deploy NGINX Gateway Fabric

Note:
By default, NGINX Gateway Fabric is installed in the nginx-gateway namespace. You can deploy in another namespace by modifying the manifest files.

Stable release

kubectl apply -f https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.1.0/nginx-gateway.yaml

Edge version

kubectl apply -f deploy/manifests/nginx-gateway.yaml

4. Verify the Deployment

To confirm that NGINX Gateway Fabric is running, check the pods in the nginx-gateway namespace:

kubectl get pods -n nginx-gateway

The output should look similar to this (note that the pod name will include a unique string):

NAME                             READY   STATUS    RESTARTS   AGE
nginx-gateway-5d4f4c7db7-xk2kq   2/2     Running   0          112s

Upgrade NGINX Gateway Fabric

Tip:
For guidance on zero downtime upgrades, see the Delay Pod Termination section below.

To upgrade NGINX Gateway Fabric and get the latest features and improvements, take the following steps:

  1. Upgrade Gateway API resources:

    • Verify that your NGINX Gateway Fabric version is compatible with the Gateway API resources. Refer to the Technical Specifications for details.

    • Review the release notes for any important upgrade-specific information.

    • To upgrade the Gateway API resources, run:

      kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
      
    • If you are running on Kubernetes 1.23 or 1.24, you also need to update the validating webhook:

      kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/webhook-install.yaml
      
    • If you are running on Kubernetes 1.25 or newer and have the validating webhook installed, you should remove the webhook:

      kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/webhook-install.yaml
      
  2. Upgrade NGINX Gateway Fabric CRDs:

    • To upgrade the Custom Resource Definitions (CRDs), run:

      kubectl apply -f https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.1.0/crds.yaml
      
  3. Upgrade NGINX Gateway Fabric deployment:

    • To upgrade the deployment, run:

      kubectl apply -f https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.1.0/nginx-gateway.yaml
      

Delay pod termination for zero downtime upgrades

To avoid client service interruptions when upgrading NGINX Gateway Fabric, you can configure PreStop hooks to delay terminating the NGINX Gateway Fabric pod, allowing the pod to complete certain actions before shutting down. This ensures a smooth upgrade without any downtime, also known as a zero downtime upgrade.

For an in-depth explanation of how Kubernetes handles pod termination, see the Termination of Pods topic on their official website.

Note:
Keep in mind that NGINX won’t shut down while WebSocket or other long-lived connections are open. NGINX will only stop when these connections are closed by the client or the backend. If these connections stay open during an upgrade, Kubernetes might need to shut down NGINX forcefully. This sudden shutdown could interrupt service for clients.

Follow these steps to configure delayed pod termination:

  1. Open the nginx-gateway.yaml for editing.

  2. Add delayed shutdown hooks:

    • In the nginx-gateway.yaml file, add lifecycle: preStop hooks to both the nginx and nginx-gateway container definitions. These hooks instruct the containers to delay their shutdown process, allowing time for connections to close gracefully. Update the sleep value to what works for your environment.

      <...>
      name: nginx-gateway
      <...>
      lifecycle:
        preStop:
          exec:
            command:
            - /usr/bin/gateway
            - sleep
            - --duration=40s # This flag is optional, the default is 30s
      <...>
      name: nginx
      <...>
      lifecycle:
        preStop:
          exec:
            command:
            - /bin/sleep
            - "40"
      <...>
      
  3. Set the termination grace period:

    • Set terminationGracePeriodSeconds to a value that is equal to or greater than the sleep duration specified in the preStop hook (default is 30). This setting prevents Kubernetes from terminating the pod before before the preStop hook has completed running.

      terminationGracePeriodSeconds: 50
      
  4. Save the changes.

See Also:

For additional information on configuring and understanding the behavior of containers and pods during their lifecycle, refer to the following Kubernetes documentation:

Uninstall NGINX Gateway Fabric

Follow these steps to uninstall NGINX Gateway Fabric and Gateway API from your Kubernetes cluster:

1. Uninstall NGINX Gateway Fabric

Stable release

kubectl delete -f https://github.com/nginxinc/nginx-gateway-fabric/releases/download/v1.1.0/nginx-gateway.yaml

Edge version

kubectl delete -f deploy/manifests/nginx-gateway.yaml
kubectl delete -f deploy/manifests/crds

2. Remove the Gateway API resources

  • Warning:
    This will remove all corresponding custom resources in your entire cluster, across all namespaces. Double-check to make sure you don’t have any custom resources you need to keep, and confirm that there are no other Gateway API implementations active in your cluster.

    To uninstall the Gateway API resources, run the following:

    kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
    

    If you are running on Kubernetes 1.23 or 1.24, you also need to delete the validating webhook. To do so, run:

    kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/webhook-install.yaml
    

Next steps

Expose NGINX Gateway Fabric

After installing NGINX Gateway Fabric, the next step is to make it accessible. Detailed instructions can be found in Expose the NGINX Gateway Fabric.