// Checklists for adding Ingress annotations, VirtualServer/VSR fields, or Helm chart values to NIC. Use when adding new configuration options, new NGINX directives, new annotations, new CRD fields, or new Helm values.
| name | nic-add-feature |
| description | Checklists for adding Ingress annotations, VirtualServer/VSR fields, or Helm chart values to NIC. Use when adding new configuration options, new NGINX directives, new annotations, new CRD fields, or new Helm values. |
Annotations apply ONLY to Ingress objects, never to VirtualServer or VirtualServerRoute.
internal/configs/annotations.go (e.g., MyAnnotation = "nginx.org/my-annotation")ConfigParams in internal/configs/config_params.goparseAnnotations() in internal/configs/annotations.gomasterDenylist / minionDenylist if it should not be on master/miniongenerateNginxCfg() in internal/configs/ingress.gointernal/configs/version1/nginx.ingress.tmpl and internal/configs/version1/nginx-plus.ingress.tmplinternal/k8s/validation.go annotation validation chainsannotations_test.go and ingress_test.gocontainsDangerousChars() for any user-provided string that ends up in NGINX configparseAnnotations() silently ignores unknown annotations -- add the constant firstpkg/apis/configuration/v1/types.go with kubebuilder markersmake update-codegen and make update-crdspkg/apis/configuration/validation/virtualserver.gointernal/configs/version2/http.gointernal/configs/virtualserver.go (GenerateVirtualServerConfig or helper)nginx.virtualserver.tmpl / nginx-plus.virtualserver.tmplmake test-update-snapsjson:"lb-method", json:"fail-timeout")json:"ingressClassName", json:"rewritePath")*int, *bool, *SomeStruct = optional/nullableint, bool = required or zero-value defaultfalse must be non-pointer| Marker | Purpose |
|---|---|
+kubebuilder:validation:Required | Field must be present |
+kubebuilder:validation:Optional | Field is optional |
+kubebuilder:validation:Pattern= `regex` | Regex validation |
+kubebuilder:validation:Minimum=N | Numeric minimum |
+kubebuilder:validation:MinItems=N / MaxItems=N | Array length |
+kubebuilder:validation:MaxLength=N | Max string length |
+kubebuilder:default=value | Default value |
+kubebuilder:validation:XValidation:rule="CEL" | Cross-field CEL validation |
// Prevent wildcard origin with credentials
// +kubebuilder:validation:XValidation:rule="!(self.allowOrigin.exists(origin, origin == '*') && has(self.allowCredentials) && self.allowCredentials == true)",message="..."
// Require time when allowedCodes is set
// +kubebuilder:validation:XValidation:rule="!has(self.allowedCodes) || (has(self.allowedCodes) && has(self.time))",message="..."
make update-codegen after changing types.gozz_generated.deepcopy.go manuallyServer block; Version 1 has multiple Server blockscharts/nginx-ingress/values.yaml with ## documentation above the fieldcharts/nginx-ingress/values.schema.jsonnginx-ingress.args in charts/nginx-ingress/templates/_helpers.tplcharts/nginx-ingress/templates/controller-configmap.yaml_helpers.tplcharts/tests/testdata/<feature>.yamlcharts/tests/helmunit_test.gomake test-update-snaps to capture the new snapshotvalues.schema.json alongside values.yamlcharts/tests/helmunit_test.goDebugging and troubleshooting patterns for NIC. Use when diagnosing failures, tracing issues, investigating NGINX reload errors, config generation bugs, or controller sync problems.
Task planning and approach strategy for NIC. Use when starting any non-trivial task, reading issues or specs, planning before implementing, or when asked to create a plan for a change.
CI/CD pipeline structure, GitHub Actions workflows, reusable workflow patterns, and matrix builds for NIC. Use when working on CI workflows, debugging build failures, adding new workflow steps, modifying build matrices, or understanding the release pipeline.
Docker image build system, Dockerfile structure, image variants, build scripts, and Makefile targets for NIC. Use when building container images, modifying the Dockerfile, adding new image variants, debugging image builds, or working with build scripts.
NIC architecture, resource processing pipeline, template systems, and key type definitions. Use when exploring the codebase, understanding data flow, debugging config generation, or working on controller logic.
Step-by-step checklist for adding a new Policy CRD type to NIC. Use when implementing a new policy like AccessControl, RateLimit, JWTAuth, ExternalAuth, BasicAuth, IngressMTLS, EgressMTLS, OIDC, WAF, APIKey, Cache, or CORS, or extending the policy system with a new policy type.