feature: incorporate NIC and NGF into NGINX 1 Console

mjang · mjang · commit 70bd66f93e27 · 2025-06-24T09:32:32.000-06:00
diff --git a/content/nginx-one/nic-ngf/_index.md b/content/nginx-one/nic-ngf/_index.md
@@ -0,0 +1,8 @@
+---
+title: Connect NGINX Ingress Controller to NGINX One Console
+description:
+weight: 750
+url: /nginx-one/nic-ngf
+nd-product: NGINX One
+---
+
diff --git a/content/nginx-one/nic-ngf/add-nic.md b/content/nginx-one/nic-ngf/add-nic.md
@@ -0,0 +1,159 @@
+---
+title: Connect NGINX Ingress Controller to NGINX One Console
+toc: true
+weight: 200
+nd-content-type: how-to
+nd-product: NGINX One
+---
+
+This document explains how to connect F5 NGINX Ingress Controller and F5 NGINX Gateway Fabric to F5 NGINX One Console using NGINX Agent.
+Connecting NGINX Ingress Controller to NGINX One Console enables centralized monitoring of all controller instances.
+
+Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller and NGINX Gateway Fabric. For each instance, you can review:
+
+- Read-only configuration file
+- F5 NGINX App Protect WAF policies
+- SSL/TLS certificates
+- CVEs
+
+## Prerequisites
+
+Before connecting NGINX Ingress Controller to NGINX One Console, you need to create a Kubernetes Secret with the data plane key. Use the following command:
+
+```shell
+kubectl create secret generic dataplane-key --from-literal=dataplane.key=<Your Dataplane Key> -n <namespace>
+```
+
+When you create a Kubernetes Secret, use the same namespace where NGINX Ingress Controller is running. 
+If you use `-watch-namespace` or `watch-secret-namespace` arguments with NGINX Ingress Controller, 
+you need to add the dataplane key secret to the watched namespaces. This secret will take approximately 60 - 90 seconds to reload on the pod.
+
+{{<note>}}
+You can also create a data plane key through the NGINX One Console. Once loggged in, select **Manage > Control Planes > Add Control Plane**, and follow the steps shown.
+{{</note>}}
+
+## Deploy NGINX Ingress Controller with NGINX Agent
+
+{{<tabs name="deploy-config-resource">}}
+{{%tab name="Helm"%}}
+
+Edit your `values.yaml` file to enable NGINX Agent and configure it to connect to NGINX One Console:
+
+```yaml
+nginxAgent:
+  enable: true
+  dataplaneKeySecretName: "<Your Dataplane Key Secret Name>"
+```
+
+The `dataplaneKey` is used to authenticate the agent with NGINX One Console. See the [NGINX One Console Docs]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}})
+for instructions on to generate your dataplane key from the NGINX One Console.
+
+Follow the [Installation with Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md" >}}) instructions to deploy NGINX Ingress Controller.
+
+{{%/tab%}}
+{{%tab name="Manifests"%}}
+
+Add the following flag to the Deployment/DaemonSet file of NGINX Ingress Controller:
+
+```yaml
+args:
+- -agent=true
+```
+
+Create a `ConfigMap` with an `nginx-agent.conf` file:
+
+```yaml
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: nginx-agent-config
+  namespace: <namespace>
+data:
+  nginx-agent.conf: |-
+    log:
+      # set log level (error, info, debug; default "info")
+      level: info
+      # set log path. if empty, don't log to file.
+      path: ""
+  
+    allowed_directories:
+      - /etc/nginx
+      - /usr/lib/nginx/modules
+  
+    features:
+      - certificates
+      - connection
+      - metrics
+      - file-watcher
+  
+    ## command server settings
+    command:
+      server:
+        host: product.connect.nginx.com
+        port: 443
+      auth:
+        tokenpath: "/etc/nginx-agent/secrets/dataplane.key"
+      tls:
+        skip_verify: false
+```      
+
+Make sure to set the namespace in the nginx-agent.config to the same namespace as NGINX Ingress Controller.
+Mount the ConfigMap to the deployment/daemonset file of NGINX Ingress Controller:
+
+```yaml
+volumeMounts:
+- name: nginx-agent-config
+  mountPath: /etc/nginx-agent/nginx-agent.conf
+  subPath: nginx-agent.conf
+- name: dataplane-key
+  mountPath: /etc/nginx-agent/secrets
+volumes:
+- name: nginx-agent-config
+  configMap:
+    name: nginx-agent-config
+- name: dataplane-key
+  secret:
+    secretName: <Your Dataplane Key Secret Name>
+```
+
+Follow the [Installation with Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md" >}}) instructions to deploy NGINX Ingress Controller.
+
+{{%/tab%}}
+{{</tabs>}}
+
+## Verify a connection to NGINX One Console
+
+After deploying NGINX Ingress Controller or NGINX Gateway Fabricwith NGINX Agent, you can verify the connection to NGINX One Console.
+Log in to your NGINX One Console account and navigate to the Instances dashboard. Your instances should appear in the list, where the instance name will be the pod name.
+
+## Troubleshooting
+
+If you encounter issues connecting your instances to NGINX One Console, try the following commands:
+
+Check the NGINX Agent version:
+
+```shell
+kubectl exec -it -n <namespace> <nginx-ingress-pod-name> -- nginx-agent -v
+```
+  
+If nginx-agent version is v3, continue with the following steps.
+Otherwise, make sure you are using an image that does not include NGINX App Protect. 
+
+Check the NGINX Agent configuration:
+
+```shell
+kubectl exec -it -n <namespace> <nginx-ingress-pod-name> -- cat /etc/nginx-agent/nginx-agent.conf
+```
+
+Check NGINX Agent logs:
+
+```shell
+kubectl exec -it -n <namespace> <nginx-ingress-pod-name> -- nginx-agent
+```
+
+For each connected NGINX Ingress Controller and Gateway Fabric instance, you can review:
+
+- Read-only configuration file
+- F5 NGINX App Protect WAF policies
+- SSL/TLS certificates
+- CVEs
diff --git a/content/nginx-one/nic-ngf/overview.md b/content/nginx-one/nic-ngf/overview.md
@@ -0,0 +1,20 @@
+---
+# We use sentence case and present imperative tone
+title: "Integrate Kubernetes control planes"
+# Weights are assigned in increments of 100: determines sorting order
+weight: 100
+# Creates a table of contents and sidebar, useful for large documents
+toc: false
+# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
+nd-content-type: concept
+# Intended for internal catalogue and search, case sensitive:
+# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
+nd-product: NGINX One
+---
+
+You can now include Kubernetes systems through the [control plane](https://www.f5.com/glossary/control-plane). In related documentation, you can learn how to:
+
+- Set up a connection to F5 NGINX One Console through a data plane key.
+- Monitor each connected Kubernetes system for CVEs.
+- Review the NGINX Ingress Controller and NGINX Gateway Fabric instances that are part of your fleet
+
diff --git a/content/nginx-one/nic-ngf/security-policy-api.md b/content/nginx-one/nic-ngf/security-policy-api.md
@@ -0,0 +1,9 @@
+---
+title: "Set security policies through the API"
+weight: 700
+toc: true
+type: reference
+product: NGINX One
+docs: DOCS-000
+---
+
