nginx · Gasoid · Apr 24, 2025 · Apr 30, 2025 · May 29, 2025 · May 29, 2025
@@ -479,6 +479,11 @@ type ContainerSpec struct {
 	// +optional
 	Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"`
 
+	// HostPorts are the list of ports to expose on the host
+	//
+	// +optional
+	HostPorts []HostPort `json:"hostPorts,omitempty"`
+
 	// VolumeMounts describe the mounting of Volumes within a container.
 	//
 	// +optional
@@ -608,3 +613,16 @@ type NodePort struct {
 	// kubebuilder:validation:Maximum=65535
 	ListenerPort int32 `json:"listenerPort"`
 }
+
+// HostPort to expose on the host.
+type HostPort struct {
+	// ContainerPort is nginx port.
+	// kubebuilder:validation:Minimum=1
+	// kubebuilder:validation:Maximum=65535
+	ContainerPort int32 `json:"containerPort"`
+
+	// Number of port to expose on the host.
+	// kubebuilder:validation:Minimum=1
+	// kubebuilder:validation:Maximum=65535
+	HostPort int32 `json:"hostPort"`
+}
@@ -264,9 +264,10 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 | `certGenerator.ttlSecondsAfterFinished` | How long to wait after the cert generator job has finished before it is removed by the job controller. | int | `30` |
 | `clusterDomain` | The DNS cluster domain of your Kubernetes cluster. | string | `"cluster.local"` |
 | `gateways` | A list of Gateway objects. View https://gateway-api.sigs.k8s.io/reference/spec/#gateway for full Gateway reference. | list | `[]` |
-| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` |
+| `nginx` | The nginx section contains the configuration for all NGINX data plane deployments installed by the NGINX Gateway Fabric control plane. | object | `{"config":{},"container":{"hostPorts":[]},"debug":false,"image":{"pullPolicy":"Always","repository":"ghcr.io/nginx/nginx-gateway-fabric/nginx","tag":"edge"},"imagePullSecret":"","imagePullSecrets":[],"kind":"deployment","plus":false,"pod":{},"replicas":1,"service":{"externalTrafficPolicy":"Local","loadBalancerClass":"","loadBalancerIP":"","loadBalancerSourceRanges":[],"nodePorts":[],"type":"LoadBalancer"},"usage":{"caSecretName":"","clientSSLSecretName":"","endpoint":"","resolver":"","secretName":"nplus-license","skipVerify":false}}` |
 | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` |
-| `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{}` |
+| `nginx.container` | The container configuration for the NGINX container. This is applied globally to all Gateways managed by this instance of NGINX Gateway Fabric. | object | `{"hostPorts":[]}` |
+| `nginx.container.hostPorts` | The hostPort configuration | list | `[]` |
 | `nginx.debug` | Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource. | bool | `false` |
 | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginx/nginx-gateway-fabric/nginx"` |
 | `nginx.imagePullSecret` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. The control plane will copy this secret into any namespace where NGINX is deployed. | string | `""` |

@@ -313,6 +313,32 @@
         },
         "container": {
           "description": "The container configuration for the NGINX container. This is applied globally to all Gateways managed by this\ninstance of NGINX Gateway Fabric.",
+          "properties": {
+            "hostPorts": {
+              "description": "The hostPort configuration",
+              "items": {
+                "properties": {
+                  "containerPort": {
+                    "maximum": 65535,
+                    "minimum": 1,
+                    "required": [],
+                    "type": "integer"
+                  },
+                  "hostPort": {
+                    "maximum": 65535,
+                    "minimum": 1,
+                    "required": [],
+                    "type": "integer"
+                  }
+                },
+                "required": [],
+                "type": "object"
+              },
+              "required": [],
+              "title": "hostPorts",
+              "type": "array"
+            }
+          },
           "required": [],
           "title": "container",
           "type": "object"

@@ -399,7 +399,29 @@ nginx:
 
   # -- The container configuration for the NGINX container. This is applied globally to all Gateways managed by this
   # instance of NGINX Gateway Fabric.
-  container: {}
+  container:
+
+    # @schema
+    # type: array
+    # items:
+    #   type: object
+    #   properties:
+    #     containerPort:
+    #       type: integer
+    #       required: true
+    #       minimum: 1
+    #       maximum: 65535
+    #     hostPort:
+    #       type: integer
+    #       required: true
+    #       minimum: 1
+    #       maximum: 65535
+    # @schema
+    # -- The hostPort configuration
+    hostPorts: []
+    # - containerPort: 80
+    #   hostPort: 80
+
     # -- The resource requirements of the NGINX container.
     # resources: {}
 

@@ -337,6 +337,22 @@ spec:
                                   StopSignal can only be set for Pods with a non-empty .spec.os.name
                                 type: string
                             type: object
+                          hostPorts:
+                            description: |-
+                              List of ports to expose on the host.
+                            items:
+                              containerPort:
+                                description: |-
+                                  ContainerPort number of nginx
+                                type: integer
+                              hostPort:
+                                description: |-
+                                  HostPort number to expose on the host
+                                type: integer
+                              required:
+                              - containerPort
+                              - hostPort
+                            type: array
                           resources:
                             description: Resources describes the compute resource
                               requirements.

@@ -922,6 +922,22 @@ spec:
                                   StopSignal can only be set for Pods with a non-empty .spec.os.name
                                 type: string
                             type: object
+                          hostPorts:
+                            description: |-
+                              List of ports to expose on the host.
+                            items:
+                              containerPort:
+                                description: |-
+                                  ContainerPort of nginx
+                                type: integer
+                              hostPort:
+                                description: |-
+                                  HostPort number to expose on the host
+                                type: integer
+                              required:
+                              - containerPort
+                              - hostPort
+                            type: array
                           resources:
                             description: Resources describes the compute resource
                               requirements.

@@ -780,6 +780,15 @@ func (p *NginxProvisioner) buildNginxPodTemplateSpec(
 				container.Command = append(container.Command, "/agent/entrypoint.sh")
 				container.Args = append(container.Args, "debug")
 			}
+
+			for _, hostPort := range containerSpec.HostPorts {
+				for i, port := range container.Ports {
+					if hostPort.ContainerPort == port.ContainerPort {
+						container.Ports[i].HostPort = hostPort.HostPort
+					}
+				}
+			}
+
 			spec.Spec.Containers[0] = container
 		}
 	}

@@ -257,6 +257,11 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) {
 			Name:      "gw",
 			Namespace: "default",
 		},
+		Spec: gatewayv1.GatewaySpec{
+			Listeners: []gatewayv1.Listener{
+				{Name: "port-8443", Port: 8443, Protocol: "tcp"},
+			},
+		},
 	}
 
 	resourceName := "gw-nginx"
@@ -293,6 +298,7 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) {
 							corev1.ResourceCPU: resource.Quantity{Format: "100m"},
 						},
 					},
+					HostPorts: []ngfAPIv1alpha2.HostPort{{ContainerPort: int32(8443), HostPort: int32(8443)}},
 				},
 			},
 		},
@@ -344,6 +350,12 @@ func TestBuildNginxResourceObjects_NginxProxyConfig(t *testing.T) {
 	g.Expect(container.ImagePullPolicy).To(Equal(corev1.PullAlways))
 	g.Expect(container.Resources.Limits).To(HaveKey(corev1.ResourceCPU))
 	g.Expect(container.Resources.Limits[corev1.ResourceCPU].Format).To(Equal(resource.Format("100m")))
+
+	g.Expect(container.Ports).To(ContainElement(corev1.ContainerPort{
+		ContainerPort: 8443,
+		Name:          "port-8443",
+		HostPort:      8443,
+	}))
 }
 
 func TestBuildNginxResourceObjects_Plus(t *testing.T) {