Add ability to assign a log level for the data plane

Author: bjee19

Diff for: apis/v1alpha1/nginxproxy_types.go

@@ -59,6 +59,10 @@ type NginxProxySpec struct {
 	// +optional
 	//nolint:lll
 	RewriteClientIP *RewriteClientIP `json:"rewriteClientIP,omitempty"`
+	// Logging defines logging related settings for NGINX.
+	//
+	// +optional
+	Logging *NginxLogging `json:"logging,omitempty"`
 	// DisableHTTP2 defines if http2 should be disabled for all servers.
 	// Default is false, meaning http2 will be enabled for all servers.
 	//
@@ -203,3 +207,46 @@ const (
 	// kubebuilder:validation:Pattern=`^[\.a-zA-Z0-9:]*(\/([0-9]?[0-9]?[0-9]))$`
 	AddressTypeCIDR AddressType = "cidr"
 )
+
+// NginxLogging defines logging related settings for NGINX.
+type NginxLogging struct {
+	// ErrorLevel defines the error log level. Possible log levels listed in order of increasing severity are
+	// debug, info, notice, warn, error, crit, alert, and emerg. Setting a certain log level will cause all messages
+	// of the specified and more severe log levels to be logged. For example, the log level 'error' will cause error,
+	// crit, alert, and emerg messages to be logged. https://nginx.org/en/docs/ngx_core_module.html#error_log
+	//
+	// +optional
+	// +kubebuilder:default=info
+	ErrorLevel *NginxErrorLogLevel `json:"errorlevel,omitempty"`
+}
+
+// NginxErrorLogLevel type defines the log level of error logs for NGINX.
+//
+// +kubebuilder:validation:Enum=debug;info;notice;warn;error;crit;alert;emerg
+type NginxErrorLogLevel string
+
+const (
+	// NginxLogLevelDebug is the debug level for NGINX error logs.
+	NginxLogLevelDebug NginxErrorLogLevel = "debug"
+
+	// NginxLogLevelInfo is the info level for NGINX error logs.
+	NginxLogLevelInfo NginxErrorLogLevel = "info"
+
+	// NginxLogLevelNotice is the notice level for NGINX error logs.
+	NginxLogLevelNotice NginxErrorLogLevel = "notice"
+
+	// NginxLogLevelWarn is the warn level for NGINX error logs.
+	NginxLogLevelWarn NginxErrorLogLevel = "warn"
+
+	// NginxLogLevelError is the error level for NGINX error logs.
+	NginxLogLevelError NginxErrorLogLevel = "error"
+
+	// NginxLogLevelCrit is the crit level for NGINX error logs.
+	NginxLogLevelCrit NginxErrorLogLevel = "crit"
+
+	// NginxLogLevelAlert is the alert level for NGINX error logs.
+	NginxLogLevelAlert NginxErrorLogLevel = "alert"
+
+	// NginxLogLevelEmerg is the emerg level for NGINX error logs.
+	NginxLogLevelEmerg NginxErrorLogLevel = "emerg"
+)

Diff for: apis/v1alpha1/zz_generated.deepcopy.go

@@ -7,8 +7,10 @@ ARG BUILD_AGENT
 
 RUN apk add --no-cache libcap \
     && mkdir -p /var/lib/nginx /usr/lib/nginx/modules \
-    && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-    && setcap -v 'cap_net_bind_service=+ep' /usr/sbin/nginx \
+	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
+	&& setcap -v 'cap_net_bind_service=+ep' /usr/sbin/nginx \
+    && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+    && setcap -v 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
     && apk del libcap
 
 COPY ${NJS_DIR}/httpmatches.js /usr/lib/nginx/modules/njs/httpmatches.js
@@ -22,4 +24,4 @@ LABEL org.nginx.ngf.image.build.agent="${BUILD_AGENT}"
 
 USER 101:1001
 
-CMD ["sh", "-c", "rm -rf /var/run/nginx/*.sock && /docker-entrypoint.sh nginx -g 'daemon off;'"]
+CMD ["sh", "-c", "rm -rf /var/run/nginx/*.sock && nginx -g 'daemon off;'"]

Diff for: build/Dockerfile.nginx

@@ -20,8 +20,10 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
     && printf "%s\n" "https://pkgs.nginx.com/plus/${NGINX_PLUS_VERSION}/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
     && apk add --no-cache nginx-plus nginx-plus-module-njs nginx-plus-module-otel libcap \
     && mkdir -p /var/lib/nginx /usr/lib/nginx/modules \
-    && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-    && setcap -v 'cap_net_bind_service=+ep' /usr/sbin/nginx \
+	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
+	&& setcap -v 'cap_net_bind_service=+ep' /usr/sbin/nginx \
+    && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+    && setcap -v 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
     && apk del libcap \
     # forward request and error logs to docker log collector
     && ln -sf /dev/stdout /var/log/nginx/access.log \

Diff for: build/Dockerfile.nginxplus

@@ -261,6 +261,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 | `metrics.port` | Set the port where the Prometheus metrics are exposed. Format: [1024 - 65535] | int | `9113` |
 | `metrics.secure` | Enable serving metrics via https. By default metrics are served via http. Please note that this endpoint will be secured with a self-signed certificate. | bool | `false` |
 | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. | object | `{}` |
+| `nginx.debug` | Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource. | bool | `false` |
 | `nginx.extraVolumeMounts` | extraVolumeMounts are the additional volume mounts for the nginx container. | list | `[]` |
 | `nginx.image.pullPolicy` |  | string | `"Always"` |
 | `nginx.image.repository` | The NGINX image to use. | string | `"ghcr.io/nginxinc/nginx-gateway-fabric/nginx"` |

Diff for: charts/nginx-gateway-fabric/README.md

@@ -131,8 +131,8 @@ spec:
           mountPath: /etc/nginx/conf.d
         - name: nginx-stream-conf
           mountPath: /etc/nginx/stream-conf.d
-        - name: module-includes
-          mountPath: /etc/nginx/module-includes
+        - name: nginx-main-includes
+          mountPath: /etc/nginx/main-includes
         - name: nginx-secrets
           mountPath: /etc/nginx/secrets
         - name: nginx-run
@@ -170,8 +170,8 @@ spec:
           mountPath: /etc/nginx/conf.d
         - name: nginx-stream-conf
           mountPath: /etc/nginx/stream-conf.d
-        - name: module-includes
-          mountPath: /etc/nginx/module-includes
+        - name: nginx-main-includes
+          mountPath: /etc/nginx/main-includes
         - name: nginx-secrets
           mountPath: /etc/nginx/secrets
         - name: nginx-run
@@ -183,6 +183,13 @@ spec:
         {{- with .Values.nginx.extraVolumeMounts -}}
         {{ toYaml . | nindent 8 }}
         {{- end }}
+        {{- if .Values.nginx.debug }}
+        command:
+          - "/bin/sh"
+        args:
+          - "-c"
+          - "rm -rf /var/run/nginx/*.sock && nginx-debug -g 'daemon off;'"
+        {{- end }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
       {{- if .Values.affinity }}
       affinity:
@@ -206,7 +213,7 @@ spec:
         emptyDir: {}
       - name: nginx-stream-conf
         emptyDir: {}
-      - name: module-includes
+      - name: nginx-main-includes
         emptyDir: {}
       - name: nginx-secrets
         emptyDir: {}

Diff for: charts/nginx-gateway-fabric/templates/deployment.yaml

@@ -88,6 +88,9 @@ nginx:
   # -- Is NGINX Plus image being used
   plus: false
 
+  # -- Enable debugging for NGINX. Uses the nginx-debug binary. The NGINX error log level should be set to debug in the NginxProxy resource.
+  debug: false
+
   # -- The configuration for the data plane that is contained in the NginxProxy resource.
   config:
     {}
@@ -112,6 +115,8 @@ nginx:
     #     batchCount: 4
     #   serviceName: ""
     #   spanAttributes: []
+    # logging:
+    #   errorlevel: info
 
   # Configuration for NGINX Plus usage reporting.
   usage:

Diff for: charts/nginx-gateway-fabric/values.yaml

@@ -62,6 +62,27 @@ spec:
                 - ipv4
                 - ipv6
                 type: string
+              logging:
+                description: Logging defines logging related settings for NGINX.
+                properties:
+                  errorlevel:
+                    default: info
+                    description: |-
+                      ErrorLevel defines the error log level. Possible log levels listed in order of increasing severity are
+                      debug, info, notice, warn, error, crit, alert, and emerg. Setting a certain log level will cause all messages
+                      of the specified and more severe log levels to be logged. For example, the log level 'error' will cause error,
+                      crit, alert, and emerg messages to be logged. https://nginx.org/en/docs/ngx_core_module.html#error_log
+                    enum:
+                    - debug
+                    - info
+                    - notice
+                    - warn
+                    - error
+                    - crit
+                    - alert
+                    - emerg
+                    type: string
+                type: object
               rewriteClientIP:
                 description: RewriteClientIP defines configuration for rewriting the
                   client IP to the original client's IP.

Diff for: config/crd/bases/gateway.nginx.org_nginxproxies.yaml

@@ -74,8 +74,8 @@ spec:
           mountPath: /etc/nginx/conf.d
         - name: nginx-stream-conf
           mountPath: /etc/nginx/stream-conf.d
-        - name: module-includes
-          mountPath: /etc/nginx/module-includes
+        - name: nginx-main-includes
+          mountPath: /etc/nginx/main-includes
         - name: nginx-secrets
           mountPath: /etc/nginx/secrets
         - name: nginx-run
@@ -106,8 +106,8 @@ spec:
           mountPath: /etc/nginx/conf.d
         - name: nginx-stream-conf
           mountPath: /etc/nginx/stream-conf.d
-        - name: module-includes
-          mountPath: /etc/nginx/module-includes
+        - name: nginx-main-includes
+          mountPath: /etc/nginx/main-includes
         - name: nginx-secrets
           mountPath: /etc/nginx/secrets
         - name: nginx-run
@@ -127,7 +127,7 @@ spec:
         emptyDir: {}
       - name: nginx-stream-conf
         emptyDir: {}
-      - name: module-includes
+      - name: nginx-main-includes
         emptyDir: {}
       - name: nginx-secrets
         emptyDir: {}

Diff for: config/tests/static-deployment.yaml

@@ -248,8 +248,8 @@ spec:
           name: nginx-conf
         - mountPath: /etc/nginx/stream-conf.d
           name: nginx-stream-conf
-        - mountPath: /etc/nginx/module-includes
-          name: module-includes
+        - mountPath: /etc/nginx/main-includes
+          name: nginx-main-includes
         - mountPath: /etc/nginx/secrets
           name: nginx-secrets
         - mountPath: /var/run/nginx
@@ -280,8 +280,8 @@ spec:
           name: nginx-conf
         - mountPath: /etc/nginx/stream-conf.d
           name: nginx-stream-conf
-        - mountPath: /etc/nginx/module-includes
-          name: module-includes
+        - mountPath: /etc/nginx/main-includes
+          name: nginx-main-includes
         - mountPath: /etc/nginx/secrets
           name: nginx-secrets
         - mountPath: /var/run/nginx
@@ -302,7 +302,7 @@ spec:
       - emptyDir: {}
         name: nginx-stream-conf
       - emptyDir: {}
-        name: module-includes
+        name: nginx-main-includes
       - emptyDir: {}
         name: nginx-secrets
       - emptyDir: {}

Diff for: deploy/aws-nlb/deploy.yaml

@@ -245,8 +245,8 @@ spec:
           name: nginx-conf
         - mountPath: /etc/nginx/stream-conf.d
           name: nginx-stream-conf
-        - mountPath: /etc/nginx/module-includes
-          name: module-includes
+        - mountPath: /etc/nginx/main-includes
+          name: nginx-main-includes
         - mountPath: /etc/nginx/secrets
           name: nginx-secrets
         - mountPath: /var/run/nginx
@@ -277,8 +277,8 @@ spec:
           name: nginx-conf
         - mountPath: /etc/nginx/stream-conf.d
           name: nginx-stream-conf
-        - mountPath: /etc/nginx/module-includes
-          name: module-includes
+        - mountPath: /etc/nginx/main-includes
+          name: nginx-main-includes
         - mountPath: /etc/nginx/secrets
           name: nginx-secrets
         - mountPath: /var/run/nginx
@@ -301,7 +301,7 @@ spec:
       - emptyDir: {}
         name: nginx-stream-conf
       - emptyDir: {}
-        name: module-includes
+        name: nginx-main-includes
       - emptyDir: {}
         name: nginx-secrets
       - emptyDir: {}

Diff for: deploy/azure/deploy.yaml

@@ -647,6 +647,27 @@ spec:
                 - ipv4
                 - ipv6
                 type: string
+              logging:
+                description: Logging defines logging related settings for NGINX.
+                properties:
+                  errorlevel:
+                    default: info
+                    description: |-
+                      ErrorLevel defines the error log level. Possible log levels listed in order of increasing severity are
+                      debug, info, notice, warn, error, crit, alert, and emerg. Setting a certain log level will cause all messages
+                      of the specified and more severe log levels to be logged. For example, the log level 'error' will cause error,
+                      crit, alert, and emerg messages to be logged. https://nginx.org/en/docs/ngx_core_module.html#error_log
+                    enum:
+                    - debug
+                    - info
+                    - notice
+                    - warn
+                    - error
+                    - crit
+                    - alert
+                    - emerg
+                    type: string
+                type: object
               rewriteClientIP:
                 description: RewriteClientIP defines configuration for rewriting the
                   client IP to the original client's IP.

Diff for: deploy/crds.yaml

@@ -245,8 +245,8 @@ spec:
           name: nginx-conf
         - mountPath: /etc/nginx/stream-conf.d
           name: nginx-stream-conf
-        - mountPath: /etc/nginx/module-includes
-          name: module-includes
+        - mountPath: /etc/nginx/main-includes
+          name: nginx-main-includes
         - mountPath: /etc/nginx/secrets
           name: nginx-secrets
         - mountPath: /var/run/nginx
@@ -277,8 +277,8 @@ spec:
           name: nginx-conf
         - mountPath: /etc/nginx/stream-conf.d
           name: nginx-stream-conf
-        - mountPath: /etc/nginx/module-includes
-          name: module-includes
+        - mountPath: /etc/nginx/main-includes
+          name: nginx-main-includes
         - mountPath: /etc/nginx/secrets
           name: nginx-secrets
         - mountPath: /var/run/nginx
@@ -299,7 +299,7 @@ spec:
       - emptyDir: {}
         name: nginx-stream-conf
       - emptyDir: {}
-        name: module-includes
+        name: nginx-main-includes
       - emptyDir: {}
         name: nginx-secrets
       - emptyDir: {}