Fixed address in the Gateway API

Kubernetes version: v1.33.1
Cloud being used: OKE - Cloud Oracle

This post is about migrating from ingress to gateway-api.
My problem is that the documentation says that if I don’t reference an address, a random public IP is assigned to my gateway…
Source: Gateway API | Kubernetes
Even with that reference, my gateway was created with 2 public IPs.
Below is my manifest file and a screenshot confirming the 2 IPs.
```yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: loki-gateway
namespace: loki
spec:
addresses:

• type: IPAddress
  value: 136.123.123.245
  gatewayClassName: nginx
  listeners:
• name: loki-http
  protocol: HTTP
  port: 80
  hostname: foo.example.com.br
  allowedRoutes:
  namespaces:
  from: Same
• name: loki-https
  protocol: HTTPS
  port: 443
  hostname: foo.example.com.br
  tls:
  mode: Terminate
  certificateRefs:
• name: loki-tls
  kind: Secret
  group: “”
  allowedRoutes:
  namespaces:
  from: Same
  ```

Hi @Gilberto_de_Oliveira thanks for your post!

I don’t see the screenshot that you are referring to. Could you double check that you’ve attached it?

From how you’re describing it, it seems like the two addresses you are seeing show up in the status.addresses field. Is that correct?

Follow print,

gateway1458×550 66 KB

Thanks!

When I tested with your Gateway resource, it only added one IP address to my Service’s External IP list.

Lets run a test. If you delete loki-gateway from your cluster, will both External IPs be remove from the loki-gateway-nginx service? Or does the 162.x.104.14 address stay there?

Since it’s not possible to attach videos, I’m sending 1 screenshots that capture some of the assigned IPs immediately after the kubectl apply command.

print1854×806 149 KB

Currently, it is no longer assigning two IPs simultaneously, as shown in the first image.

However, I still cannot assign a reserved IP address by referencing it.

spec:

addresses:

• type: IPAddress

value

It hadn’t happened at that moment, but I just checked, and the gateway has two public IPs. Check the application’s restart time.

2-IPs1551×355 26.6 KB

@Gilberto_de_Oliveira Does the Service’s externalIPs field just have the single IP address that you specified in the Gateway? All that NGINX Gateway Fabric should be setting is that field.

If an additional IP address is being added, it tells me that the cloud provider is adding it. There may be a way to disable that, or you could try setting the following in the NginxProxy CRD

kubectl -n nginx-gateway edit nginxproxies.gateway.nginx.org ngf-proxy-config

spec:
   kubernetes:
     service:
       loadBalancerIP: x.x.x.x
      

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: loki-gateway
namespace: loki
spec:
addresses:

type: IPAddress
value: 136.123.123.245
gatewayClassName: nginx
listeners:

name: loki-http
protocol: HTTP
port: 80
hostname: my-dns.com.br
allowedRoutes:
namespaces:
from: Same

name: loki-https
protocol: HTTPS
port: 443
hostname: my-dns.com.br
tls:
mode: Terminate
certificateRefs:

name: loki-tls
kind: Secret
group: “”
allowedRoutes:
namespaces:
from: Same

The Gateway file, after being modified, now includes the IP Address.

• • ==============================================
    Command output
    kubectl get -n loki svc/loki-gateway-nginx -o yaml

    apiVersion: v1
    kind: Service
    metadata:
    creationTimestamp: “2025-12-03T12:21:58Z”
    finalizers:
    
    service.kubernetes.io/load-balancer-cleanup
    labels:
    app.kubernetes.io/instance: nginx-gateway
    app.kubernetes.io/managed-by: nginx-gateway-nginx
    app.kubernetes.io/name: loki-gateway-nginx
    gateway.networking.k8s.io/gateway-name: loki-gateway
    name: loki-gateway-nginx
    namespace: loki
    resourceVersion: “332967551”
    uid: 2950ac9f-3ad2-41f-748a7ea635d4
    spec:
    allocateLoadBalancerNodePorts: true
    clusterIP: 10.96.101.194
    clusterIPs:
    
    10.96.101.194
    externalIPs:
    
    136.123.123.245          ( Fixed IP address, defined in the YAML file. )
    externalTrafficPolicy: Local
    healthCheckNodePort: 31843
    internalTrafficPolicy: Cluster
    ipFamilies:
    
    IPv4
    ipFamilyPolicy: PreferDualStack
    ports:
    
    name: port-80
    nodePort: 32353
    port: 80
    protocol: TCP
    targetPort: 80
    
    name: port-443
    nodePort: 30349
    port: 443
    protocol: TCP
    targetPort: 443
    selector:
    app.kubernetes.io/instance: nginx-gateway
    app.kubernetes.io/managed-by: nginx-gateway-nginx
    app.kubernetes.io/name: loki-gateway-nginx
    gateway.networking.k8s.io/gateway-name: loki-gateway
    sessionAffinity: None
    type: LoadBalancer
    status:
    loadBalancer:
    ingress:
    
    ip: 136.456.456.235 ( IP assigned automatically )
    ipMode: VIP
    

@sjberman
Could you check what I sent?

Did you happen to edit the NginxProxy resource as I suggested? I don’t see that configuration in your reply (it’s a little hard to read due to the formatting).

@sjberman
I tried editing, but right after applying it, it seems it wasn’t accepted, and it reverted to the previous IP, removing the lines I added.
The changes I sent in the comment were made via the manifest file.
Here’s a pastebin with better indentation.

Was there an error or something when you tried editing the NginxProxy CRD? This is the only way actually edit the NGINX Service with the loadBalancerIP field. Also be sure to check the status of your Gateway resource to see if there is any error messaging there regarding an Invalid NginxProxy configuration.

Here’s a guide on handling that resource: Data plane configuration | NGINX Documentation

@sjberman
I believe that when you previously instructed me on how to edit the CRD, I did something wrong. I edited it correctly now, and it worked; the application only picked up one IP address, and it was the IP address I have reserved with my cloud provider.
Thank you very much for your support.

One question: is this NginxProxy resource created when the Gateway Fabric is created?

That’s correct, when you first install NGINX Gateway Fabric, this resource is also installed. You can also create your own and attach it directly to the Gateway (the default one is attached to the GatewayClass), but that’s really only useful if you plan on defining multiple Gateways with different settings.

Glad you got it working!

My problem has been explained and resolved. If anyone can close this topic, I would appreciate it.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.