List - UL
The following list describes the connections, preceeded by their types in parentheses. For brevity, the suffix “process” has been omitted from the process descriptions.
- (HTTPS)
- Read: NGF reads the Kubernetes API to get the latest versions of the resources in the cluster.
- Write: NGF writes to the Kubernetes API to update the handled resources’ statuses and emit events. If there’s more than one replica of NGF and leader election is enabled, only the NGF pod that is leading will write statuses to the Kubernetes API.
- (HTTP, HTTPS) Prometheus fetches the
controller-runtimeand NGINX metrics via an HTTP endpoint that NGF exposes (:9113/metricsby default). Prometheus is not required by NGINX Gateway Fabric, and its endpoint can be turned off. - (File I/O)
- Write: NGF generates NGINX configuration based on the cluster resources and writes them as
.conffiles to the mountednginx-confvolume, located at/etc/nginx/conf.d. It also writes TLS certificates and keys from TLS secrets referenced in the accepted Gateway resource to thenginx-secretsvolume at the path/etc/nginx/secrets. - Read: NGF reads the PID file
nginx.pidfrom thenginx-runvolume, located at/var/run/nginx. NGF extracts the PID of the nginx process from this file in order to send reload signals to NGINX master.
- Write: NGF generates NGINX configuration based on the cluster resources and writes them as
- (File I/O) NGF writes logs to its stdout and stderr, which are collected by the container runtime.
- (HTTP) NGF fetches the NGINX metrics via the unix:/var/run/nginx/nginx-status.sock UNIX socket and converts it to Prometheus format used in #2.
- (Signal) To reload NGINX, NGF sends the reload signal to the NGINX master.
- (File I/O)
- Write: The NGINX master writes its PID to the
nginx.pidfile stored in thenginx-runvolume. - Read: The NGINX master reads configuration files and the TLS cert and keys referenced in the configuration when it starts or during a reload. These files, certificates, and keys are stored in the
nginx-confandnginx-secretsvolumes that are mounted to both thenginx-gatewayandnginxcontainers.
- Write: The NGINX master writes its PID to the
- (File I/O)
- Write: The NGINX master writes to the auxiliary Unix sockets folder, which is located in the
/var/run/nginxdirectory. - Read: The NGINX master reads the
nginx.conffile from the/etc/nginxdirectory. This file contains the global and http configuration settings for NGINX. In addition, NGINX master reads the NJS modules referenced in the configuration when it starts or during a reload. NJS modules are stored in the/usr/lib/nginx/modulesdirectory.
- Write: The NGINX master writes to the auxiliary Unix sockets folder, which is located in the
- (File I/O) The NGINX master sends logs to its stdout and stderr, which are collected by the container runtime.
- (File I/O) An NGINX worker writes logs to its stdout and stderr, which are collected by the container runtime.
- (Signal) The NGINX master controls the lifecycle of NGINX workers it creates workers with the new configuration and shutdowns workers with the old configuration.
- (HTTP) To consider a configuration reload a success, NGF ensures that at least one NGINX worker has the new configuration. To do that, NGF checks a particular endpoint via the unix:/var/run/nginx/nginx-config-version.sock UNIX socket.
- (HTTP, HTTPS) A client sends traffic to and receives traffic from any of the NGINX workers on ports 80 and 443.
- (HTTP, HTTPS) An NGINX worker sends traffic to and receives traffic from the backends.
- (File I/O) NGF writes logs to its stdout and stderr, which are collected by the container runtime.
- (HTTP) NGF fetches the NGINX metrics via the unix:/var/run/nginx/nginx-status.sock UNIX socket and converts it to Prometheus format used in #2.
- (Signal) To reload NGINX, NGF sends the reload signal to the NGINX master.