add support for ipv6

apis/v1alpha1/nginxproxy_types.go

@@ -10,7 +10,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 // NginxProxy is a configuration object that is attached to a GatewayClass parametersRef. It provides a way
 // to configure global settings for all Gateways defined from the GatewayClass.
-type NginxProxy struct { //nolint:govet // standard field alignment, don't change it
+type NginxProxy struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
@@ -27,12 +27,31 @@ type NginxProxyList struct {
 	Items           []NginxProxy `json:"items"`
 }
 
+// IPFamilyType specifies the IP family to be used by the server.
+//
+// +kubebuilder:validation:Enum=both;ipv4;ipv6
+type IPFamilyType string
+
+const (
+	// Dual specifies that the server will use both IPv4 and IPv6.
+	Dual IPFamilyType = "dual"
+	// IPv4 specifies that the server will use only IPv4.
+	IPv4 IPFamilyType = "ipv4"
+	// IPv6 specifies that the server will use only IPv6.
+	IPv6 IPFamilyType = "ipv6"
+)
+
 // NginxProxySpec defines the desired state of the NginxProxy.
 type NginxProxySpec struct {
 	// Telemetry specifies the OpenTelemetry configuration.
 	//
 	// +optional
 	Telemetry *Telemetry `json:"telemetry,omitempty"`
+	// IPFamily specifies the IP family to be used by the server.
+	// Default is "dual", meaning the server will use both IPv4 and IPv6.
+	//
+	// +optional
+	IPFamily IPFamilyType `json:"ipFamily,omitempty"`
 	// DisableHTTP2 defines if http2 should be disabled for all servers.
 	// Default is false, meaning http2 will be enabled for all servers.
 	//

charts/nginx-gateway-fabric/README.md

@@ -260,7 +260,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 | `metrics.enable` | Enable exposing metrics in the Prometheus format. | bool | `true` |
 | `metrics.port` | Set the port where the Prometheus metrics are exposed. Format: [1024 - 65535] | int | `9113` |
 | `metrics.secure` | Enable serving metrics via https. By default metrics are served via http. Please note that this endpoint will be secured with a self-signed certificate. | bool | `false` |
-| `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. | object | `{}` |
+| `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. | object | `{"ipFamily":"dual"}` |
 | `nginx.extraVolumeMounts` | extraVolumeMounts are the additional volume mounts for the nginx container. | list | `[]` |
 | `nginx.image.pullPolicy` |  | string | `"Always"` |
 | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginxinc/nginx-gateway-fabric/nginx"` |

charts/nginx-gateway-fabric/values.yaml

@@ -84,8 +84,8 @@ nginx:
 
   # -- The configuration for the data plane that is contained in the NginxProxy resource.
   config:
-    {}
     # disableHTTP2: false
+    ipFamily: dual
     # telemetry:
     #   exporter:
     #     endpoint: otel-collector.default.svc:4317

config/crd/bases/gateway.nginx.org_nginxproxies.yaml

@@ -52,6 +52,15 @@ spec:
                   DisableHTTP2 defines if http2 should be disabled for all servers.
                   Default is false, meaning http2 will be enabled for all servers.
                 type: boolean
+              ipFamily:
+                description: |-
+                  IPFamily specifies the IP family to be used by the server.
+                  Default is "dual", meaning the server will use both IPv4 and IPv6.
+                enum:
+                - both
+                - ipv4
+                - ipv6
+                type: string
               telemetry:
                 description: Telemetry specifies the OpenTelemetry configuration.
                 properties:

deploy/crds.yaml

@@ -697,6 +697,15 @@ spec:
                   DisableHTTP2 defines if http2 should be disabled for all servers.
                   Default is false, meaning http2 will be enabled for all servers.
                 type: boolean
+              ipFamily:
+                description: |-
+                  IPFamily specifies the IP family to be used by the server.
+                  Default is "dual", meaning the server will use both IPv4 and IPv6.
+                enum:
+                - both
+                - ipv4
+                - ipv6
+                type: string
               telemetry:
                 description: Telemetry specifies the OpenTelemetry configuration.
                 properties:

deploy/manifests/nginx-gateway-experimental.yaml

@@ -295,6 +295,10 @@ metadata:
     app.kubernetes.io/version: "edge"
 spec:
   controllerName: gateway.nginx.org/nginx-gateway-controller
+  parametersRef:
+    group: gateway.nginx.org
+    kind: NginxProxy
+    name: nginx-gateway-proxy-config
 ---
 # Source: nginx-gateway-fabric/templates/nginxgateway.yaml
 apiVersion: gateway.nginx.org/v1alpha1
@@ -309,3 +313,15 @@ metadata:
 spec:
   logging:
     level: info
+---
+# Source: nginx-gateway-fabric/templates/nginxproxy.yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: NginxProxy
+metadata:
+  name: nginx-gateway-proxy-config
+  labels:
+    app.kubernetes.io/name: nginx-gateway
+    app.kubernetes.io/instance: nginx-gateway
+    app.kubernetes.io/version: "edge"
+spec:
+  ipFamily: dual

deploy/manifests/nginx-gateway.yaml

@@ -291,6 +291,10 @@ metadata:
     app.kubernetes.io/version: "edge"
 spec:
   controllerName: gateway.nginx.org/nginx-gateway-controller
+  parametersRef:
+    group: gateway.nginx.org
+    kind: NginxProxy
+    name: nginx-gateway-proxy-config
 ---
 # Source: nginx-gateway-fabric/templates/nginxgateway.yaml
 apiVersion: gateway.nginx.org/v1alpha1
@@ -305,3 +309,15 @@ metadata:
 spec:
   logging:
     level: info
+---
+# Source: nginx-gateway-fabric/templates/nginxproxy.yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: NginxProxy
+metadata:
+  name: nginx-gateway-proxy-config
+  labels:
+    app.kubernetes.io/name: nginx-gateway
+    app.kubernetes.io/instance: nginx-gateway
+    app.kubernetes.io/version: "edge"
+spec:
+  ipFamily: dual

deploy/manifests/nginx-plus-gateway-experimental.yaml

@@ -302,6 +302,10 @@ metadata:
     app.kubernetes.io/version: "edge"
 spec:
   controllerName: gateway.nginx.org/nginx-gateway-controller
+  parametersRef:
+    group: gateway.nginx.org
+    kind: NginxProxy
+    name: nginx-gateway-proxy-config
 ---
 # Source: nginx-gateway-fabric/templates/nginxgateway.yaml
 apiVersion: gateway.nginx.org/v1alpha1
@@ -316,3 +320,15 @@ metadata:
 spec:
   logging:
     level: info
+---
+# Source: nginx-gateway-fabric/templates/nginxproxy.yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: NginxProxy
+metadata:
+  name: nginx-gateway-proxy-config
+  labels:
+    app.kubernetes.io/name: nginx-gateway
+    app.kubernetes.io/instance: nginx-gateway
+    app.kubernetes.io/version: "edge"
+spec:
+  ipFamily: dual

deploy/manifests/nginx-plus-gateway.yaml

@@ -298,6 +298,10 @@ metadata:
     app.kubernetes.io/version: "edge"
 spec:
   controllerName: gateway.nginx.org/nginx-gateway-controller
+  parametersRef:
+    group: gateway.nginx.org
+    kind: NginxProxy
+    name: nginx-gateway-proxy-config
 ---
 # Source: nginx-gateway-fabric/templates/nginxgateway.yaml
 apiVersion: gateway.nginx.org/v1alpha1
@@ -312,3 +316,15 @@ metadata:
 spec:
   logging:
     level: info
+---
+# Source: nginx-gateway-fabric/templates/nginxproxy.yaml
+apiVersion: gateway.nginx.org/v1alpha1
+kind: NginxProxy
+metadata:
+  name: nginx-gateway-proxy-config
+  labels:
+    app.kubernetes.io/name: nginx-gateway
+    app.kubernetes.io/instance: nginx-gateway
+    app.kubernetes.io/version: "edge"
+spec:
+  ipFamily: dual

internal/mode/static/nginx/config/http/config.go

@@ -10,6 +10,7 @@ type Server struct {
 	IsDefaultHTTP bool
 	IsDefaultSSL  bool
 	GRPC          bool
+	IPv6Enabled   bool
 }
 
 // Location holds all configuration for an HTTP location.

internal/mode/static/nginx/config/servers.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 	gotemplate "text/template"
 
+	ngfAPI "github.com/nginxinc/nginx-gateway-fabric/apis/v1alpha1"
 	"github.com/nginxinc/nginx-gateway-fabric/internal/framework/helpers"
 	"github.com/nginxinc/nginx-gateway-fabric/internal/mode/static/nginx/config/http"
 	"github.com/nginxinc/nginx-gateway-fabric/internal/mode/static/state/dataplane"
@@ -58,7 +59,8 @@ var grpcBaseHeaders = []http.Header{
 }
 
 func executeServers(conf dataplane.Configuration) []executeResult {
-	servers, httpMatchPairs := createServers(conf.HTTPServers, conf.SSLServers)
+	ipv6Enabled := isIPv6Enabled(conf.BaseHTTPConfig)
+	servers, httpMatchPairs := createServers(conf.HTTPServers, conf.SSLServers, ipv6Enabled)
 
 	serverResult := executeResult{
 		dest: httpConfigFile,
@@ -86,6 +88,14 @@ func executeServers(conf dataplane.Configuration) []executeResult {
 	return allResults
 }
 
+// getIPFamily returns whether or not the configuration is set to use IPv6.
+func isIPv6Enabled(baseHTTPConfig dataplane.BaseHTTPConfig) bool {
+	if baseHTTPConfig.IPFamily == ngfAPI.IPv6 || baseHTTPConfig.IPFamily == ngfAPI.Dual {
+		return true
+	}
+	return false
+}
+
 func createAdditionFileResults(conf dataplane.Configuration) []executeResult {
 	uniqueAdditions := make(map[string][]byte)
 
@@ -141,17 +151,23 @@ func createIncludes(additions []dataplane.Addition) []string {
 	return includes
 }
 
-func createServers(httpServers, sslServers []dataplane.VirtualServer) ([]http.Server, httpMatchPairs) {
+func createServers(
+	httpServers,
+	sslServers []dataplane.VirtualServer,
+	ipv6Enabled bool,
+) ([]http.Server, httpMatchPairs) {
 	servers := make([]http.Server, 0, len(httpServers)+len(sslServers))
 	finalMatchPairs := make(httpMatchPairs)
 
 	for serverID, s := range httpServers {
+		s.IPv6Enabled = ipv6Enabled
 		httpServer, matchPairs := createServer(s, serverID)
 		servers = append(servers, httpServer)
 		maps.Copy(finalMatchPairs, matchPairs)
 	}
 
 	for serverID, s := range sslServers {
+		s.IPv6Enabled = ipv6Enabled
 		sslServer, matchPair := createSSLServer(s, serverID)
 		servers = append(servers, sslServer)
 		maps.Copy(finalMatchPairs, matchPair)
@@ -165,6 +181,7 @@ func createSSLServer(virtualServer dataplane.VirtualServer, serverID int) (http.
 		return http.Server{
 			IsDefaultSSL: true,
 			Port:         virtualServer.Port,
+			IPv6Enabled:  virtualServer.IPv6Enabled,
 		}, nil
 	}
 
@@ -176,10 +193,11 @@ func createSSLServer(virtualServer dataplane.VirtualServer, serverID int) (http.
 			Certificate:    generatePEMFileName(virtualServer.SSL.KeyPairID),
 			CertificateKey: generatePEMFileName(virtualServer.SSL.KeyPairID),
 		},
-		Locations: locs,
-		Port:      virtualServer.Port,
-		GRPC:      grpc,
-		Includes:  createIncludes(virtualServer.Additions),
+		Locations:   locs,
+		Port:        virtualServer.Port,
+		GRPC:        grpc,
+		Includes:    createIncludes(virtualServer.Additions),
+		IPv6Enabled: virtualServer.IPv6Enabled,
 	}, matchPairs
 }
 
@@ -188,17 +206,19 @@ func createServer(virtualServer dataplane.VirtualServer, serverID int) (http.Ser
 		return http.Server{
 			IsDefaultHTTP: true,
 			Port:          virtualServer.Port,
+			IPv6Enabled:   virtualServer.IPv6Enabled,
 		}, nil
 	}
 
 	locs, matchPairs, grpc := createLocations(&virtualServer, serverID)
 
 	return http.Server{
-		ServerName: virtualServer.Hostname,
-		Locations:  locs,
-		Port:       virtualServer.Port,
-		GRPC:       grpc,
-		Includes:   createIncludes(virtualServer.Additions),
+		ServerName:  virtualServer.Hostname,
+		Locations:   locs,
+		Port:        virtualServer.Port,
+		GRPC:        grpc,
+		Includes:    createIncludes(virtualServer.Additions),
+		IPv6Enabled: virtualServer.IPv6Enabled,
 	}, matchPairs
 }
 

internal/mode/static/nginx/config/servers_template.go

@@ -6,12 +6,18 @@ js_preload_object matches from /etc/nginx/conf.d/matches.json;
     {{ if $s.IsDefaultSSL -}}
 server {
     listen {{ $s.Port }} ssl default_server;
+        {{- if $s.IPv6Enabled }}
+    listen [::]:{{ $s.Port }} ssl default_server;
+        {{- end }}
 
     ssl_reject_handshake on;
 }
     {{- else if $s.IsDefaultHTTP }}
 server {
     listen {{ $s.Port }} default_server;
+        {{- if $s.IPv6Enabled }}
+    listen [::]:{{ $s.Port }} default_server;
+        {{- end }}
 
     default_type text/html;
     return 404;
@@ -20,6 +26,9 @@ server {
 server {
         {{- if $s.SSL }}
     listen {{ $s.Port }} ssl;
+        {{- if $s.IPv6Enabled }}
+    listen [::]:{{ $s.Port }} ssl;
+        {{- end }}
     ssl_certificate {{ $s.SSL.Certificate }};
     ssl_certificate_key {{ $s.SSL.CertificateKey }};
 
@@ -28,6 +37,9 @@ server {
     }
         {{- else }}
     listen {{ $s.Port }};
+        {{- if $s.IPv6Enabled }}
+    listen [::]:{{ $s.Port }};
+        {{- end }}
         {{- end }}
 
     server_name {{ $s.ServerName }};
@@ -94,14 +106,14 @@ server {
     {{- end }}
 {{ end }}
 server {
-    listen unix:/var/run/nginx/nginx-502-server.sock;
+    listen unix:/var/lib/nginx/nginx-502-server.sock;
     access_log off;
 
     return 502;
 }
 
 server {
-    listen unix:/var/run/nginx/nginx-500-server.sock;
+    listen unix:/var/lib/nginx/nginx-500-server.sock;
     access_log off;
 
     return 500;