ExternalIPs field being reset

[sklirg]

Describe the bug
When patching the spec.externalIPs field of the service created for the gateway, nginx gateway fabric removes the externalIPs field.

This happens in a non-cloud-provider cluster where we have our own "implementation" of LoadBalancer services, so nginx gateway fabric and this controller fights over the externalIPs field, where we set the externalIP and nginx gateway controller unsets it constantly.

To Reproduce

Steps to reproduce the behavior:

kubectl patch svc test-gateway --type json --patch='[{"op": "add", "path": "/spec/externalIPs", "value": ["10.0.20.3"]}]'
service/test-gateway patched

kubectl get svc test-gateway
NAME                                      TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
test-gateway   LoadBalancer   10.0.10.8   <pending>     80:31409/TCP,443:31174/TCP   20h

Expected behavior

Nginx gateway fabric should not unset the .spec.externalIPs field.

Your environment

• Version of the NGINX Gateway Fabric: 2.0.1
• Version of Kubernetes: v1.31.9
• Kubernetes platform: Kubeadm self-hosted
• Details on how you expose the NGINX Gateway Fabric Pod: Service of type LoadBalancer
• Logs of NGINX container: kubectl -n <nginx-deployment-namespace> logs deployments/<nginx-deployment>

{"level":"debug","ts":"2025-06-26T09:12:00Z","logger":"provisioner.eventLoop.eventHandler","msg":"Handling events from the batch","batchID":3012022,"total":1}
{"level":"info","ts":"2025-06-26T09:12:00Z","logger":"provisioner","msg":"Creating/Updating nginx resources","namespace":"gwtest","name":"test-gateway"}
{"level":"debug","ts":"2025-06-26T09:12:00Z","msg":"Reconciling the resource","controller":"provisioner-Service","controllerGroup":"","controllerKind":"Service","Service":{"name":"test-gateway","namespace":"gwtest"},"namespace":"gwtest","name":"test-gateway","reconcileID":"4c6cd4a5-f791-433e-97a9-ec393559c102"}
{"level":"debug","ts":"2025-06-26T09:12:00Z","msg":"Upserted the resource","controller":"provisioner-Service","controllerGroup":"","controllerKind":"Service","Service":{"name":"test-","namespace":"gwtest"},"namespace":"gwtest","name":"test-gateway","reconcileID":"4c6cd4a5-f791-433e-97a9-ec393559c102"}
{"level":"debug","ts":"2025-06-26T09:12:00Z","logger":"provisioner.eventLoop","msg":"added an event to the next batch","type":"*events.UpsertEvent","total":1}
{"level":"debug","ts":"2025-06-26T09:12:00Z","logger":"provisioner","msg":"Updated nginx Service","namespace":"gwtest","name":"test-gateway"}
{"level":"debug","ts":"2025-06-26T09:12:00Z","logger":"provisioner.eventLoop.eventHandler","msg":"Finished handling the batch","batchID":3012022}

• NGINX Configuration:

kubectl -n <gateway namespace> exec -it deployments/nginx-gateway-fabric -- nginx -T
error: Internal error occurred: Internal error occurred: error executing command in container: failed to exec in container: failed to start exec "5264980d1236e7574707c5b28d67eff5e1ac62730acbf2b0260c73ecef75327d": OCI runtime exec failed: exec failed: unable to start container process: exec: "nginx": executable file not found in $PATH: unknown

Additional context
Nginx gateway fabric did not fight for spec.externalIPs on version 1.6.0.

[nginx-bot]

Hi @sklirg! Welcome to the project! 🎉

Thanks for opening this issue!
Be sure to check out our Contributing Guidelines and the Issue Lifecycle while you wait for someone on the team to take a look at this.

[ciarams87]

Hi @sklirg! Thanks for your interest in the project!

Yes, you are correct - we do not support manually configuring the Service fronting the nginx deployment directly as this is managed by NGF.

However, we do have a mechanism in place to allow you to configure the load balancer IP address in this service through the Service Spec in the NginxProxy resource.

Let me know if you run into any issues with this approach!