From 2a0030bef60df4aed1c66767930f86c650d9ae92 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Fri, 25 Jul 2025 11:17:53 -0700
Subject: [PATCH 01/22] feat: Set up NGF integration to N1 Console

---
 .../ngf/installation/install-oci-registry.md  |  43 +++++
 .../nginx-one/data-plane-key-warning.md       |   8 +
 .../create-manage-data-plane-keys.md          |   7 +-
 content/nginx-one/k8s/add-ngf.md              | 147 ++++++++++++++++++
 content/nginx-one/k8s/add-nic.md              |   8 +-
 5 files changed, 210 insertions(+), 3 deletions(-)
 create mode 100644 content/includes/ngf/installation/install-oci-registry.md
 create mode 100644 content/includes/nginx-one/data-plane-key-warning.md
 create mode 100644 content/nginx-one/k8s/add-ngf.md

diff --git a/content/includes/ngf/installation/install-oci-registry.md b/content/includes/ngf/installation/install-oci-registry.md
new file mode 100644
index 000000000..2bf14c431
--- /dev/null
+++ b/content/includes/ngf/installation/install-oci-registry.md
@@ -0,0 +1,43 @@
+---
+nd-docs: "DOCS-0000"
+files:
+  - content/nginx-one/k8s/add-ngf.md
+  - content/ngf/install/helm.md
+---
+
+The following steps install NGINX Gateway Fabric directly from the OCI helm registry. If you prefer, you can [install from sources](#install-from-sources) instead.
+
+{{<tabs name="install-helm-oci">}}
+
+{{%tab name="NGINX"%}}
+
+To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway
+```
+
+{{% /tab %}}
+
+{{%tab name="NGINX Plus"%}}
+
+{{< note >}} If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. {{< /note >}}
+
+To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric  --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus --set nginx.plus=true --set nginx.imagePullSecret=nginx-plus-registry-secret -n nginx-gateway
+```
+
+{{% /tab %}}
+
+{{</tabs>}}
+
+`ngf` is the name of the release, and can be changed to any name you want. This name is added as a prefix to the Deployment name.
+
+If you want the latest version from the **main** branch, add `--version 0.0.0-edge` to your install command.
+
+To wait for the Deployment to be ready, you can either add the `--wait` flag to the `helm install` command, or run the following after installing:
+
+```shell
+kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric --for=condition=Available
diff --git a/content/includes/nginx-one/data-plane-key-warning.md b/content/includes/nginx-one/data-plane-key-warning.md
new file mode 100644
index 000000000..ac9c50b0c
--- /dev/null
+++ b/content/includes/nginx-one/data-plane-key-warning.md
@@ -0,0 +1,8 @@
+---
+files:
+  - content/nginx-one/k8s/add-ngf.md
+  - content/nginx-one/k8s/add-nic.md
+---
+{{<note>}}
+
+{{</note>}}
diff --git a/content/nginx-one/connect-instances/create-manage-data-plane-keys.md b/content/nginx-one/connect-instances/create-manage-data-plane-keys.md
index 0052e684c..f12585911 100644
--- a/content/nginx-one/connect-instances/create-manage-data-plane-keys.md
+++ b/content/nginx-one/connect-instances/create-manage-data-plane-keys.md
@@ -24,7 +24,12 @@ Data plane keys are displayed only once and cannot be retrieved later. Be sure t
 
 Data plane keys expire after one year. You can change this expiration date later by editing the key.
 
-Revoking a data plane key disconnects all instances that were registered with that key.
+You can disconnect all instances associated with a data plane key in the following ways:
+
+- Revoke the data plane key
+- Let the data plane key expire
+
+Either action disconnects all instances registered with that key.
 {{</call-out>}}
 
 ## Create a new data plane key
diff --git a/content/nginx-one/k8s/add-ngf.md b/content/nginx-one/k8s/add-ngf.md
new file mode 100644
index 000000000..14959e798
--- /dev/null
+++ b/content/nginx-one/k8s/add-ngf.md
@@ -0,0 +1,147 @@
+---
+title: Connect NGINX Gateway Fabric
+toc: true
+weight: 300
+nd-content-type: how-to
+nd-product: NGINX One
+---
+
+This document explains how to connect F5 NGINX Gateway Fabric to F5 NGINX One Console using NGINX Agent.
+Connecting NGINX Gateway Fabric to NGINX One Console enables centralized monitoring of all controller instances.
+
+Once connected, you'll see a **read-only** configuration of NGINX Gateway Fabric. For each instance, you can review:
+
+- Read-only configuration file
+- Unmanaged SSL/TLS certificates for Control Planes
+
+## Before you begin
+
+Log in to NGINX One Console. If you need more information, review our [Get started guide]({{< ref "/nginx-one/getting-started.md#before-you-begin" >}}).
+
+You also need:
+
+- Administrator access to a Kubernetes cluster.
+- [Helm](https://helm.sh) and [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) must be installed locally.
+
+
+### Create a data plane key
+
+Data plane keys are displayed only once, when you create that key, and cannot be retrieved later.
+
+If you've created and recorded one or more data plane keys, you can edit or revoke those keys. To do so, select **Manage > Data Plane Keys**. NGINX One Console does not store your actual data plane key.
+
+If you've forgotten your data plane key, you can create a new one. Select **Manage > Data Plane Keys > Add Data Plane Key**.
+
+For more options associated with data plane keys, see [Create and manage data plane keys]({{ ref "/nginx-one/connect-instances/create-manage-data-plane-keys" >}}).
+
+### Create a Kubernetes secret with the data plane key
+<!-- Maybe this is wrong. I'm assuming that we need to follow this step from the current version of https://docs.nginx.com/nginx-one/k8s/add-nic/#before-you-begin -->
+To create a Kubernetes secret with the data play key, use the following command:
+
+   ```shell
+   kubectl create secret generic dataplane-key \
+     --from-literal=dataplane.key=<Your Dataplane Key> \
+     -n <namespace>
+   ```
+
+### Install cert-manager
+
+Add the Helm repository:
+
+```shell
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+```
+
+Install cert-manager:
+
+```shell
+helm install \
+  cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --create-namespace \
+  --set config.apiVersion="controller.config.cert-manager.io/v1alpha1" \
+  --set config.kind="ControllerConfiguration" \
+  --set config.enableGatewayAPI=true \
+  --set crds.enabled=true
+```
+
+This also enables Gateway API features for cert-manager, which can be useful for [securing your workload traffic]({{< ref "/ngf/traffic-security/integrate-cert-manager.md" >}}).
+
+## Install the Gateway API resources
+<!-- Corresponds to step 2 in the UX -->
+{{< include "/ngf/installation/install-gateway-api-resources.md" >}}
+
+## Install from the OCI registry
+<!-- Corresponds to step 3 in the UX -->
+{{< include "/ngf/installation/install-oci-registry.md" >}}
+
+### Install from sources {#install-from-sources}
+<!-- Corresponds to step 4 in the UX -->
+If you prefer to install directly from sources, instead of through the OCI helm registry, use the following steps.
+
+{{< include "/ngf/installation/helm/pulling-the-chart.md" >}}
+
+{{<tabs name="install-helm-src">}}
+
+{{%tab name="NGINX"%}}
+
+To install the chart into the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf . --create-namespace -n nginx-gateway
+```
+
+{{% /tab %}}
+
+{{%tab name="NGINX Plus"%}}
+
+{{< note >}} If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. {{< /note >}}
+
+To install the chart into the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf . --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus --set nginx.plus=true --set nginx.imagePullSecret=nginx-plus-registry-secret -n nginx-gateway
+```
+
+{{% /tab %}}
+
+{{</tabs>}}
+
+`ngf` is the name of the release, and can be changed to any name you want. This name is added as a prefix to the Deployment name.
+
+To wait for the Deployment to be ready, you can either add the `--wait` flag to the `helm install` command, or run the following after installing:
+
+```shell
+kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric --for=condition=Available
+```
+
+## Verify a connection to NGINX One Console
+
+After deploying NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console.
+Log in to your F5 Distributed Cloud Console account. Select **NGINX One > Visit Service**. In the dashboard, go to **Manage > Instances**. You should see your instances listed by name. The instance name matches both the hostname and the pod name.
+
+## Troubleshooting
+
+If you encounter issues connecting your instances to NGINX One Console, try the following commands:
+
+Check the NGINX Agent version:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_ingress_pod_name> -- nginx-agent -v
+```
+  
+If nginx-agent version is v3, continue with the following steps.
+Otherwise, make sure you are using an image that does not include NGINX App Protect. 
+
+Check the NGINX Agent configuration:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_pod_name> -- cat /etc/nginx-agent/nginx-agent.conf
+```
+
+Check NGINX Agent logs:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_pod_name> -- nginx-agent
+```
diff --git a/content/nginx-one/k8s/add-nic.md b/content/nginx-one/k8s/add-nic.md
index 7c55d6eb8..efe6a5f53 100644
--- a/content/nginx-one/k8s/add-nic.md
+++ b/content/nginx-one/k8s/add-nic.md
@@ -1,12 +1,12 @@
 ---
-title: Connect to NGINX One Console
+title: Connect NGINX Ingress Controller
 toc: true
 weight: 200
 nd-content-type: how-to
 nd-product: NGINX One
 ---
 
-This document explains how to connect F5 NGINX Ingress Controller <!-- and F5 NGINX Gateway Fabric -->to F5 NGINX One Console using NGINX Agent.
+This document explains how to connect F5 NGINX Ingress Controller to F5 NGINX One Console using NGINX Agent.
 Connecting NGINX Ingress Controller to NGINX One Console enables centralized monitoring of all controller instances.
 
 Once connected, you'll see a **read-only** configuration of NGINX Ingress Controller. For each instance, you can review:
@@ -16,6 +16,10 @@ Once connected, you'll see a **read-only** configuration of NGINX Ingress Contro
 
 ## Before you begin
 
+If you do not already have a [data plane key]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}), you can create one. Pay attention to the expiration date of that key. Any instance that's connected to a data plane key that's expired or revoked will stop working.
+
+You can create a data plane key through the NGINX One Console. Once loggged in, select **Manage > Control Planes > Add Control Plane**, and follow the steps shown.
+
 Before connecting NGINX Ingress Controller to NGINX One Console, you need to create a Kubernetes Secret with the data plane key. Use the following command:
 
 ```shell

From 961a6800ff42197e3e50d70dd361b91a3734363b Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Tue, 29 Jul 2025 10:44:12 -0700
Subject: [PATCH 02/22] delete unneeded file

---
 content/includes/nginx-one/data-plane-key-warning.md | 8 --------
 1 file changed, 8 deletions(-)
 delete mode 100644 content/includes/nginx-one/data-plane-key-warning.md

diff --git a/content/includes/nginx-one/data-plane-key-warning.md b/content/includes/nginx-one/data-plane-key-warning.md
deleted file mode 100644
index ac9c50b0c..000000000
--- a/content/includes/nginx-one/data-plane-key-warning.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-files:
-  - content/nginx-one/k8s/add-ngf.md
-  - content/nginx-one/k8s/add-nic.md
----
-{{<note>}}
-
-{{</note>}}

From 7b2ac9de9116ebb3d6cc1904b13245ee523c8f2d Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Wed, 6 Aug 2025 07:09:14 -0700
Subject: [PATCH 03/22] Apply suggestions from code review

Co-authored-by: bjee19 <139261241+bjee19@users.noreply.github.com>
---
 content/nginx-one/k8s/add-ngf.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/content/nginx-one/k8s/add-ngf.md b/content/nginx-one/k8s/add-ngf.md
index 14959e798..cbf63ec95 100644
--- a/content/nginx-one/k8s/add-ngf.md
+++ b/content/nginx-one/k8s/add-ngf.md
@@ -128,11 +128,8 @@ If you encounter issues connecting your instances to NGINX One Console, try the
 Check the NGINX Agent version:
 
 ```shell
-kubectl exec -it -n <namespace> <nginx_ingress_pod_name> -- nginx-agent -v
+kubectl exec -it -n <namespace> <nginx_pod_name> -- nginx-agent -v
 ```
-  
-If nginx-agent version is v3, continue with the following steps.
-Otherwise, make sure you are using an image that does not include NGINX App Protect. 
 
 Check the NGINX Agent configuration:
 

From 01c0d9162405897ddda8970dffbc0674c65a98cd Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Wed, 13 Aug 2025 13:44:12 -0700
Subject: [PATCH 04/22] Apply suggestions from code review

Co-authored-by: Alan Dooley <a.dooley@f5.com>
---
 content/nginx-one/k8s/add-ngf.md | 43 ++++++++++++--------------------
 1 file changed, 16 insertions(+), 27 deletions(-)

diff --git a/content/nginx-one/k8s/add-ngf.md b/content/nginx-one/k8s/add-ngf.md
index cbf63ec95..71bf550ed 100644
--- a/content/nginx-one/k8s/add-ngf.md
+++ b/content/nginx-one/k8s/add-ngf.md
@@ -32,11 +32,19 @@ If you've created and recorded one or more data plane keys, you can edit or revo
 
 If you've forgotten your data plane key, you can create a new one. Select **Manage > Data Plane Keys > Add Data Plane Key**.
 
-For more options associated with data plane keys, see [Create and manage data plane keys]({{ ref "/nginx-one/connect-instances/create-manage-data-plane-keys" >}}).
+For more options associated with data plane keys, see [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}).
 
 ### Create a Kubernetes secret with the data plane key
-<!-- Maybe this is wrong. I'm assuming that we need to follow this step from the current version of https://docs.nginx.com/nginx-one/k8s/add-nic/#before-you-begin -->
-To create a Kubernetes secret with the data play key, use the following command:
+
+To create a Kubernetes secret, you'll need:
+
+- The Data Plane Key
+- To set up the secret in the same namespace as NGINX Gateway Fabric
+- Use the name `dataplane.key` as shown
+- A namespace. The default NGINX Gateway Fabric namespace is `nginx-gateway`
+
+Once you have that information, run the following command:
+
 
    ```shell
    kubectl create secret generic dataplane-key \
@@ -44,29 +52,6 @@ To create a Kubernetes secret with the data play key, use the following command:
      -n <namespace>
    ```
 
-### Install cert-manager
-
-Add the Helm repository:
-
-```shell
-helm repo add jetstack https://charts.jetstack.io
-helm repo update
-```
-
-Install cert-manager:
-
-```shell
-helm install \
-  cert-manager jetstack/cert-manager \
-  --namespace cert-manager \
-  --create-namespace \
-  --set config.apiVersion="controller.config.cert-manager.io/v1alpha1" \
-  --set config.kind="ControllerConfiguration" \
-  --set config.enableGatewayAPI=true \
-  --set crds.enabled=true
-```
-
-This also enables Gateway API features for cert-manager, which can be useful for [securing your workload traffic]({{< ref "/ngf/traffic-security/integrate-cert-manager.md" >}}).
 
 ## Install the Gateway API resources
 <!-- Corresponds to step 2 in the UX -->
@@ -119,7 +104,11 @@ kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric -
 ## Verify a connection to NGINX One Console
 
 After deploying NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console.
-Log in to your F5 Distributed Cloud Console account. Select **NGINX One > Visit Service**. In the dashboard, go to **Manage > Instances**. You should see your instances listed by name. The instance name matches both the hostname and the pod name.
+Log in to your F5 Distributed Cloud Console account. 
+
+- Select **NGINX One > Visit Service**. 
+- In the dashboard, select **Manage > Control Planes**.  You should see your Control Planes listed by name, product, and version. Each control plane is associated with one or more instances.
+- Select the name of the Control Plane. In the **Instances** section, select the instance of your choice. You can review instance details, including the name of the **Control Plane**.
 
 ## Troubleshooting
 

From b392c5e95b78096b00fe3bf0a32f78370671b51a Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Thu, 14 Aug 2025 09:51:33 -0700
Subject: [PATCH 05/22] Update helm install ngf with agent options

---
 .../ngf/installation/install-oci-registry.md  | 43 ---------------
 content/nginx-one/k8s/add-ngf.md              | 55 +++++++++++++++++--
 2 files changed, 51 insertions(+), 47 deletions(-)
 delete mode 100644 content/includes/ngf/installation/install-oci-registry.md

diff --git a/content/includes/ngf/installation/install-oci-registry.md b/content/includes/ngf/installation/install-oci-registry.md
deleted file mode 100644
index 2bf14c431..000000000
--- a/content/includes/ngf/installation/install-oci-registry.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-nd-docs: "DOCS-0000"
-files:
-  - content/nginx-one/k8s/add-ngf.md
-  - content/ngf/install/helm.md
----
-
-The following steps install NGINX Gateway Fabric directly from the OCI helm registry. If you prefer, you can [install from sources](#install-from-sources) instead.
-
-{{<tabs name="install-helm-oci">}}
-
-{{%tab name="NGINX"%}}
-
-To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command:
-
-```shell
-helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway
-```
-
-{{% /tab %}}
-
-{{%tab name="NGINX Plus"%}}
-
-{{< note >}} If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. {{< /note >}}
-
-To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command:
-
-```shell
-helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric  --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus --set nginx.plus=true --set nginx.imagePullSecret=nginx-plus-registry-secret -n nginx-gateway
-```
-
-{{% /tab %}}
-
-{{</tabs>}}
-
-`ngf` is the name of the release, and can be changed to any name you want. This name is added as a prefix to the Deployment name.
-
-If you want the latest version from the **main** branch, add `--version 0.0.0-edge` to your install command.
-
-To wait for the Deployment to be ready, you can either add the `--wait` flag to the `helm install` command, or run the following after installing:
-
-```shell
-kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric --for=condition=Available
diff --git a/content/nginx-one/k8s/add-ngf.md b/content/nginx-one/k8s/add-ngf.md
index 71bf550ed..f29b81475 100644
--- a/content/nginx-one/k8s/add-ngf.md
+++ b/content/nginx-one/k8s/add-ngf.md
@@ -21,7 +21,7 @@ Log in to NGINX One Console. If you need more information, review our [Get start
 You also need:
 
 - Administrator access to a Kubernetes cluster.
-- [Helm](https://helm.sh) and [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) must be installed locally.
+- If you use [Helm](https://helm.sh) and [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl), install them locally.
 
 
 ### Create a data plane key
@@ -34,6 +34,8 @@ If you've forgotten your data plane key, you can create a new one. Select **Mana
 
 For more options associated with data plane keys, see [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}).
 
+<!-- Helm tab -->
+
 ### Create a Kubernetes secret with the data plane key
 
 To create a Kubernetes secret, you'll need:
@@ -52,14 +54,59 @@ Once you have that information, run the following command:
      -n <namespace>
    ```
 
-
-## Install the Gateway API resources
+## Install Gateway API resources
 <!-- Corresponds to step 2 in the UX -->
 {{< include "/ngf/installation/install-gateway-api-resources.md" >}}
 
 ## Install from the OCI registry
 <!-- Corresponds to step 3 in the UX -->
-{{< include "/ngf/installation/install-oci-registry.md" >}}
+
+The following steps install NGINX Gateway Fabric directly from the OCI helm registry. If you prefer, you can [install from sources](#install-from-sources) instead.
+
+{{<tabs name="install-helm-oci">}}
+
+{{%tab name="NGINX"%}}
+
+To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
+  --create-namespace -n nginx-gateway \
+  --set nginxAgent.enable=true \
+  --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> \
+  --set nginxAgent.endpointHost=agent.connect.nginx.com
+```
+
+{{% /tab %}}
+
+{{%tab name="NGINX Plus"%}}
+
+{{< note >}} If applicable, replace the F5 Container registry `private-registry.nginx.com` with your internal registry for your NGINX Plus image, and replace `nginx-plus-registry-secret` with your Secret name containing the registry credentials. If your NGINX Plus JWT Secret has a different name than the default `nplus-license`, then define that name using the `nginx.usage.secretName` flag. {{< /note >}}
+
+To install the latest stable release of NGINX Gateway Fabric in the **nginx-gateway** namespace, run the following command:
+
+```shell
+helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
+  --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus \
+  --set nginx.plus=true \
+  --set nginx.imagePullSecret=nginx-plus-registry-secret -n nginx-gateway \
+  --set nginxAgent.enable=true \
+  --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> \
+  --set nginxAgent.endpointHost=agent.connect.nginx.com
+```
+
+{{% /tab %}}
+
+{{</tabs>}}
+
+`ngf` is the name of the release, and can be changed to any name you want. This name is added as a prefix to the Deployment name.
+
+If you want the latest version from the **main** branch, add `--version 0.0.0-edge` to your install command.
+
+To wait for the Deployment to be ready, you can either add the `--wait` flag to the `helm install` command, or run the following after installing:
+
+```shell
+kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric --for=condition=Available
 
 ### Install from sources {#install-from-sources}
 <!-- Corresponds to step 4 in the UX -->

From e21ebb9ffe11ba09ce086191c082304d54eeae5f Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Thu, 14 Aug 2025 12:34:21 -0700
Subject: [PATCH 06/22] Set up new page for ngf w/manifests. Add includes

---
 .../k8s/{add-ngf.md => add-ngf-helm.md}       | 14 ++----
 content/nginx-one/k8s/add-ngf-manifests.md    | 43 +++++++++++++++++++
 2 files changed, 46 insertions(+), 11 deletions(-)
 rename content/nginx-one/k8s/{add-ngf.md => add-ngf-helm.md} (90%)
 create mode 100644 content/nginx-one/k8s/add-ngf-manifests.md

diff --git a/content/nginx-one/k8s/add-ngf.md b/content/nginx-one/k8s/add-ngf-helm.md
similarity index 90%
rename from content/nginx-one/k8s/add-ngf.md
rename to content/nginx-one/k8s/add-ngf-helm.md
index f29b81475..14e64ec06 100644
--- a/content/nginx-one/k8s/add-ngf.md
+++ b/content/nginx-one/k8s/add-ngf-helm.md
@@ -1,12 +1,12 @@
 ---
-title: Connect NGINX Gateway Fabric
+title: Connect NGINX Gateway Fabric with Helm
 toc: true
 weight: 300
 nd-content-type: how-to
 nd-product: NGINX One
 ---
 
-This document explains how to connect F5 NGINX Gateway Fabric to F5 NGINX One Console using NGINX Agent.
+This document explains how to connect F5 NGINX Gateway Fabric to F5 NGINX One Console with Helm.
 Connecting NGINX Gateway Fabric to NGINX One Console enables centralized monitoring of all controller instances.
 
 Once connected, you'll see a **read-only** configuration of NGINX Gateway Fabric. For each instance, you can review:
@@ -26,15 +26,7 @@ You also need:
 
 ### Create a data plane key
 
-Data plane keys are displayed only once, when you create that key, and cannot be retrieved later.
-
-If you've created and recorded one or more data plane keys, you can edit or revoke those keys. To do so, select **Manage > Data Plane Keys**. NGINX One Console does not store your actual data plane key.
-
-If you've forgotten your data plane key, you can create a new one. Select **Manage > Data Plane Keys > Add Data Plane Key**.
-
-For more options associated with data plane keys, see [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}).
-
-<!-- Helm tab -->
+{{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}
 
 ### Create a Kubernetes secret with the data plane key
 
diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
new file mode 100644
index 000000000..c7813f19e
--- /dev/null
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -0,0 +1,43 @@
+---
+title: Connect NGINX Gateway Fabric with Manifests
+toc: true
+weight: 300
+nd-content-type: how-to
+nd-product: NGINX One
+---
+
+This document explains how to connect F5 NGINX Gateway Fabric to F5 NGINX One Console with Manifests.
+Connecting NGINX Gateway Fabric to NGINX One Console enables centralized monitoring of all controller instances.
+
+Once connected, you'll see a **read-only** configuration of NGINX Gateway Fabric. For each instance, you can review:
+
+- Read-only configuration file
+- Unmanaged SSL/TLS certificates for Control Planes
+
+## Before you begin
+
+Log in to NGINX One Console. If you need more information, review our [Get started guide]({{< ref "/nginx-one/getting-started.md#before-you-begin" >}}).
+
+{{< include "/ngf/installation/install-manifests-prereqs.md" >}}
+
+### Create a data plane key
+
+{{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}
+
+### Secure traffic
+
+For more information, review how you can [Secure traffic using Let's Encrypt and cert-manager]({{< ref "/ngf/traffic-security/integrate-cert-manager.md" >}})
+
+## Install Gateway API resources
+<!-- Corresponds to step 2 in the UX -->
+{{< include "/ngf/installation/install-gateway-api-resources.md" >}}
+
+## Deploy NGINX Gateway Fabric CRDs
+<!-- Corresponds to step 3 in the UX -->
+
+{{< include "/ngf/installation/deploy-ngf-crds.md" >}}
+
+## Deploy NGINX Gateway Fabric
+
+{{< include "/ngf/installation/deploy-ngf-manifests.md" >}}
+

From 0e72d5b719303d6c60e9486aa1a8b22e6e8b78c0 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Thu, 14 Aug 2025 12:46:16 -0700
Subject: [PATCH 07/22] fix

---
 .../ngf/installation/deploy-ngf-crds.md       |  18 +++
 .../ngf/installation/deploy-ngf-manifests.md  | 125 ++++++++++++++++++
 .../installation/install-manifests-prereqs.md |  18 +++
 .../how-to/generate-data-plane-key.md         |   5 +
 content/nginx-one/getting-started.md          |  14 +-
 5 files changed, 167 insertions(+), 13 deletions(-)
 create mode 100644 content/includes/ngf/installation/deploy-ngf-crds.md
 create mode 100644 content/includes/ngf/installation/deploy-ngf-manifests.md
 create mode 100644 content/includes/ngf/installation/install-manifests-prereqs.md

diff --git a/content/includes/ngf/installation/deploy-ngf-crds.md b/content/includes/ngf/installation/deploy-ngf-crds.md
new file mode 100644
index 000000000..14161e06c
--- /dev/null
+++ b/content/includes/ngf/installation/deploy-ngf-crds.md
@@ -0,0 +1,18 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/ngf/install/manifests.md
+- content/nginx-one/ngf/add-ngf-manifests.md
+---
+
+#### Stable release
+
+```shell
+kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml
+```
+
+#### Edge version
+
+```shell
+kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/main/deploy/crds.yaml
+```
diff --git a/content/includes/ngf/installation/deploy-ngf-manifests.md b/content/includes/ngf/installation/deploy-ngf-manifests.md
new file mode 100644
index 000000000..aa4cbc9be
--- /dev/null
+++ b/content/includes/ngf/installation/deploy-ngf-manifests.md
@@ -0,0 +1,125 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/ngf/install/manifests.md
+- content/nginx-one/ngf/add-ngf-manifests.md
+---
+
+{{< call-out "note" >}} By default, NGINX Gateway Fabric is installed in the **nginx-gateway** namespace. You can deploy in another namespace by modifying the manifest files. {{< /call-out >}}
+
+{{<tabs name="install-manifests">}}
+
+{{%tab name="Default"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/default/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{%tab name="AWS NLB"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/default/deploy.yaml
+```
+
+To set up an AWS Network Load Balancer service, add these annotations to your Gateway infrastructure field:
+
+```yaml
+spec:
+  infrastructure:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-type: "external"
+      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
+```
+
+{{% /tab %}}
+
+{{%tab name="Azure"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS and `nodeSelector` to deploy on Linux nodes.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/azure/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{%tab name="NGINX Plus"%}}
+
+Deploys NGINX Gateway Fabric with NGINX Plus. The image is pulled from the
+NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the Secret to use to pull the image.
+The NGINX Plus JWT Secret used to run NGINX Plus is also specified in a volume mount and the `--usage-report-secret` parameter. These Secrets are created as part of the [Before you begin](#before-you-begin) section.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/nginx-plus/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{%tab name="Experimental"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS and experimental features.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/experimental/deploy.yaml
+```
+
+{{< call-out "note" >}} Requires the Gateway APIs installed from the experimental channel. {{< /call-out >}}
+
+{{% /tab %}}
+
+{{%tab name="NGINX Plus Experimental"%}}
+
+Deploys NGINX Gateway Fabric with NGINX Plus and experimental features. The image is pulled from the
+NGINX Plus Docker registry, and the `imagePullSecretName` is the name of the Secret to use to pull the image.
+The NGINX Plus JWT Secret used to run NGINX Plus is also specified in a volume mount and the `--usage-report-secret` parameter. These Secrets are created as part of the [Before you begin](#before-you-begin) section.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/nginx-plus-experimental/deploy.yaml
+```
+
+{{< call-out "note" >}} Requires the Gateway APIs installed from the experimental channel. {{< /call-out >}}
+
+{{% /tab %}}
+
+{{%tab name="NodePort"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS using a Service type of `NodePort`.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/nodeport/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{%tab name="OpenShift"%}}
+
+Deploys NGINX Gateway Fabric with NGINX OSS on OpenShift.
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/openshift/deploy.yaml
+```
+
+{{% /tab %}}
+
+{{</tabs>}}
+
+### Verify the Deployment
+
+To confirm that NGINX Gateway Fabric is running, check the pods in the `nginx-gateway` namespace:
+
+```shell
+kubectl get pods -n nginx-gateway
+```
+
+The output should look similar to this (note that the pod name will include a unique string):
+
+```text
+NAME                             READY   STATUS    RESTARTS   AGE
+nginx-gateway-5d4f4c7db7-xk2kq   1/1     Running   0          112s
+```
diff --git a/content/includes/ngf/installation/install-manifests-prereqs.md b/content/includes/ngf/installation/install-manifests-prereqs.md
new file mode 100644
index 000000000..3238d5fc8
--- /dev/null
+++ b/content/includes/ngf/installation/install-manifests-prereqs.md
@@ -0,0 +1,18 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/ngf/install/manifests.md
+- content/nginx-one/ngf/add-ngf-manifests.md
+---
+
+To complete this guide, you'll need to install:
+
+- [kubectl](https://kubernetes.io/docs/tasks/tools/), a command-line interface for managing Kubernetes clusters.
+- [Add certificates for secure authentication]({{< ref "/ngf/install/secure-certificates.md" >}}) in a production environment.
+
+{{< call-out "important" >}} If you’d like to use NGINX Plus, some additional setup is also required: {{< /call-out >}}
+
+<details closed>
+<summary>NGINX Plus JWT setup</summary>
+
+{{< include "/ngf/installation/jwt-password-note.md" >}}
diff --git a/content/includes/nginx-one/how-to/generate-data-plane-key.md b/content/includes/nginx-one/how-to/generate-data-plane-key.md
index f9ec47016..ff227ee69 100644
--- a/content/includes/nginx-one/how-to/generate-data-plane-key.md
+++ b/content/includes/nginx-one/how-to/generate-data-plane-key.md
@@ -3,6 +3,9 @@ docs:
 files:
   - content/nginx-one/secure-your-fleet/set-up-security-alerts.md
   - content/nginx-one/getting-started.md
+  - content/nginx-one/ngf/add-nic.md
+  - content/nginx-one/ngf/add-ngf-helm.md
+  - content/nginx-one/ngf/add-ngf-manifests.md
 ---
 
 A data plane key is a security token that ensures only trusted NGINX instances can register and communicate with NGINX One.
@@ -17,3 +20,5 @@ Data plane keys are displayed only once and cannot be retrieved later. Be sure t
 
 Data plane keys expire after one year. You can change this expiration date later by [editing the key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#change-expiration-date" >}}). If you [revoke a data plane key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#revoke-data-plane-key" >}}) you disconnect all instances registered with that key.
 {{</call-out>}}
+
+For more options associated with data plane keys, see [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}).
diff --git a/content/nginx-one/getting-started.md b/content/nginx-one/getting-started.md
index 3f273ef24..c5f0cf60e 100644
--- a/content/nginx-one/getting-started.md
+++ b/content/nginx-one/getting-started.md
@@ -110,20 +110,9 @@ The following instructions include minimal information, sufficient to "get start
 
 ### Generate a data plane key {#generate-data-plane-key}
 
-A data plane key is a security token that ensures only trusted NGINX instances can register and communicate with NGINX One.
-
-To generate a data plane key:
-
-- **For a new key:** In the **Add Instance** pane, select **Generate Data Plane Key**.
-- **To reuse an existing key:** If you already have a data plane key and want to use it again, select **Use existing key**. Then, enter the key's value in the **Data Plane Key** box.
-
-{{<call-out "caution" "Data plane key guidelines" "fas fa-key" >}}
-Data plane keys are displayed only once and cannot be retrieved later. Be sure to copy and store this key securely.
-
-Data plane keys expire after one year. You can change this expiration date later by [editing the key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#change-expiration-date" >}}).
+{{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}
 
 [Revoking a data plane key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#revoke-data-plane-key" >}}) disconnects all instances that were registered with that key.
-{{</call-out>}}
 
 ### Add an instance
 
@@ -132,7 +121,6 @@ Depending on whether this is your first time using NGINX One Console or you've u
 - **For first-time users:** On the welcome screen, select **Add Instance**.
 - **For returning users:** If you've added instances previously and want to add more, select **Instances** on the left menu, then select **Add Instance**.
 
-
 ### Install NGINX Agent
 
 After entering your data plane key, you'll see a `curl` command similar to the one below. Copy and run this command on each NGINX instance to install NGINX Agent. Once installed, NGINX Agent typically registers with NGINX One within a few seconds.

From 154e935c76611d7e155200b54b1c9249c78ee8c2 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Thu, 14 Aug 2025 13:14:25 -0700
Subject: [PATCH 08/22] Update commands for nginx-gateway namespace

---
 content/nginx-one/k8s/add-ngf-helm.md | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/content/nginx-one/k8s/add-ngf-helm.md b/content/nginx-one/k8s/add-ngf-helm.md
index 14e64ec06..f9dcff593 100644
--- a/content/nginx-one/k8s/add-ngf-helm.md
+++ b/content/nginx-one/k8s/add-ngf-helm.md
@@ -63,10 +63,8 @@ To install the latest stable release of NGINX Gateway Fabric in the **nginx-gate
 
 ```shell
 helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
-  --create-namespace -n nginx-gateway \
-  --set nginxAgent.enable=true \
   --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> \
-  --set nginxAgent.endpointHost=agent.connect.nginx.com
+  -n nginx-gateway
 ```
 
 {{% /tab %}}
@@ -82,9 +80,7 @@ helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
   --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus \
   --set nginx.plus=true \
   --set nginx.imagePullSecret=nginx-plus-registry-secret -n nginx-gateway \
-  --set nginxAgent.enable=true \
-  --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> \
-  --set nginxAgent.endpointHost=agent.connect.nginx.com
+  --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> 
 ```
 
 {{% /tab %}}

From d077a801fe708c228912c0f4aa047d7253ef2fab Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Fri, 15 Aug 2025 07:52:28 -0700
Subject: [PATCH 09/22] Apply suggestions from code review

---
 .../includes/ngf/installation/install-manifests-prereqs.md   | 5 -----
 content/nginx-one/k8s/add-ngf-helm.md                        | 2 ++
 content/nginx-one/k8s/add-ngf-manifests.md                   | 5 +++++
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/content/includes/ngf/installation/install-manifests-prereqs.md b/content/includes/ngf/installation/install-manifests-prereqs.md
index 3238d5fc8..0385a4399 100644
--- a/content/includes/ngf/installation/install-manifests-prereqs.md
+++ b/content/includes/ngf/installation/install-manifests-prereqs.md
@@ -11,8 +11,3 @@ To complete this guide, you'll need to install:
 - [Add certificates for secure authentication]({{< ref "/ngf/install/secure-certificates.md" >}}) in a production environment.
 
 {{< call-out "important" >}} If you’d like to use NGINX Plus, some additional setup is also required: {{< /call-out >}}
-
-<details closed>
-<summary>NGINX Plus JWT setup</summary>
-
-{{< include "/ngf/installation/jwt-password-note.md" >}}
diff --git a/content/nginx-one/k8s/add-ngf-helm.md b/content/nginx-one/k8s/add-ngf-helm.md
index f9dcff593..43ffaa211 100644
--- a/content/nginx-one/k8s/add-ngf-helm.md
+++ b/content/nginx-one/k8s/add-ngf-helm.md
@@ -36,6 +36,7 @@ To create a Kubernetes secret, you'll need:
 - To set up the secret in the same namespace as NGINX Gateway Fabric
 - Use the name `dataplane.key` as shown
 - A namespace. The default NGINX Gateway Fabric namespace is `nginx-gateway`
+  - You can create it with the following command: `kubectl create namespace nginx-gateway`
 
 Once you have that information, run the following command:
 
@@ -95,6 +96,7 @@ To wait for the Deployment to be ready, you can either add the `--wait` flag to
 
 ```shell
 kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric --for=condition=Available
+```
 
 ### Install from sources {#install-from-sources}
 <!-- Corresponds to step 4 in the UX -->
diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
index c7813f19e..9ada27344 100644
--- a/content/nginx-one/k8s/add-ngf-manifests.md
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -20,6 +20,11 @@ Log in to NGINX One Console. If you need more information, review our [Get start
 
 {{< include "/ngf/installation/install-manifests-prereqs.md" >}}
 
+<details closed>
+<summary>NGINX Plus JWT setup</summary>
+
+{{< include "/ngf/installation/jwt-password-note.md" >}}
+
 ### Create a data plane key
 
 {{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}

From 0ad8ac4c6336444f5cf3d25a7fc4288ef7a87c00 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Fri, 15 Aug 2025 08:21:34 -0700
Subject: [PATCH 10/22] Update content/nginx-one/k8s/add-ngf-manifests.md

---
 content/nginx-one/k8s/add-ngf-manifests.md | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
index 9ada27344..c7813f19e 100644
--- a/content/nginx-one/k8s/add-ngf-manifests.md
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -20,11 +20,6 @@ Log in to NGINX One Console. If you need more information, review our [Get start
 
 {{< include "/ngf/installation/install-manifests-prereqs.md" >}}
 
-<details closed>
-<summary>NGINX Plus JWT setup</summary>
-
-{{< include "/ngf/installation/jwt-password-note.md" >}}
-
 ### Create a data plane key
 
 {{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}

From a408a90bd6273229299aa4bc820369393723c5a4 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Fri, 15 Aug 2025 09:33:41 -0700
Subject: [PATCH 11/22] Add ref links

---
 content/nginx-one/k8s/add-ngf-manifests.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
index c7813f19e..27460dbea 100644
--- a/content/nginx-one/k8s/add-ngf-manifests.md
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -41,3 +41,9 @@ For more information, review how you can [Secure traffic using Let's Encrypt and
 
 {{< include "/ngf/installation/deploy-ngf-manifests.md" >}}
 
+## References
+
+For more details, see:
+
+- [Install NGINX Gateway Fabric with Manifests]({{< ref "/ngf/install/manifests.md" >}})
+

From 8895ad8d6b335fb889ffbe7e826d7abfff68e78e Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 09:48:35 -0700
Subject: [PATCH 12/22] Add common k8s secret include

---
 .../nginx-one/how-to/k8s-secret-dp-key.md     | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 content/includes/nginx-one/how-to/k8s-secret-dp-key.md

diff --git a/content/includes/nginx-one/how-to/k8s-secret-dp-key.md b/content/includes/nginx-one/how-to/k8s-secret-dp-key.md
new file mode 100644
index 000000000..09b449c76
--- /dev/null
+++ b/content/includes/nginx-one/how-to/k8s-secret-dp-key.md
@@ -0,0 +1,23 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/nginx-one/k8s/add-ngf-manifests.md
+- content/nginx-one/k8s/add-ngf-helm.md
+---
+
+To create a Kubernetes secret, you'll need:
+
+- The Data Plane Key
+- To set up the secret in the same namespace as NGINX Gateway Fabric
+- Use the name `dataplane.key` as shown
+- A namespace. The default NGINX Gateway Fabric namespace is `nginx-gateway`
+  - You can create it with the following command: `kubectl create namespace nginx-gateway`
+
+Once you have that information, run the following command:
+
+
+   ```shell
+   kubectl create secret generic dataplane-key \
+     --from-literal=dataplane.key=<Your Dataplane Key> \
+     -n <namespace>
+   ```

From 75fff50e6fab19f79a930fa736febb3b814f5e9d Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 09:55:43 -0700
Subject: [PATCH 13/22] Update dp key update

---
 .../includes/nginx-one/how-to/k8s-secret-dp-key.md    | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/content/includes/nginx-one/how-to/k8s-secret-dp-key.md b/content/includes/nginx-one/how-to/k8s-secret-dp-key.md
index 09b449c76..bb9db5f75 100644
--- a/content/includes/nginx-one/how-to/k8s-secret-dp-key.md
+++ b/content/includes/nginx-one/how-to/k8s-secret-dp-key.md
@@ -8,16 +8,13 @@ files:
 To create a Kubernetes secret, you'll need:
 
 - The Data Plane Key
-- To set up the secret in the same namespace as NGINX Gateway Fabric
-- Use the name `dataplane.key` as shown
-- A namespace. The default NGINX Gateway Fabric namespace is `nginx-gateway`
-  - You can create it with the following command: `kubectl create namespace nginx-gateway`
-
-Once you have that information, run the following command:
+- The `nginx-gateway` namespace must exist. You can create it with the following command: `kubectl create namespace nginx-gateway`
 
+   - Then create the secret with the following command. The key must be named `dataplane.key`:
 
    ```shell
    kubectl create secret generic dataplane-key \
      --from-literal=dataplane.key=<Your Dataplane Key> \
-     -n <namespace>
+     -n nginx-gateway
    ```
+

From 1b6bcdb4b221df2d5ed0d1f5b25de1ab134a66ea Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 10:04:32 -0700
Subject: [PATCH 14/22] Apply suggestions from code review

Co-authored-by: Saylor Berman <s.berman@f5.com>
---
 content/nginx-one/k8s/add-ngf-helm.md      | 29 ++++++++++++++++++----
 content/nginx-one/k8s/add-ngf-manifests.md |  4 +++
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/content/nginx-one/k8s/add-ngf-helm.md b/content/nginx-one/k8s/add-ngf-helm.md
index 43ffaa211..2e6da780e 100644
--- a/content/nginx-one/k8s/add-ngf-helm.md
+++ b/content/nginx-one/k8s/add-ngf-helm.md
@@ -35,7 +35,19 @@ To create a Kubernetes secret, you'll need:
 - The Data Plane Key
 - To set up the secret in the same namespace as NGINX Gateway Fabric
 - Use the name `dataplane.key` as shown
-- A namespace. The default NGINX Gateway Fabric namespace is `nginx-gateway`
+
+To create a Kubernetes secret, you'll need:
+
+- The Data Plane Key
+- The `nginx-gateway` namespace must exist. You can create it with the following command: `kubectl create namespace nginx-gateway`
+
+   - Then create the secret with the following command. The key must be named `dataplane.key`:
+
+   ```shell
+   kubectl create secret generic dataplane-key \
+     --from-literal=dataplane.key=<Your Dataplane Key> \
+     -n nginx-gateway
+   ```
   - You can create it with the following command: `kubectl create namespace nginx-gateway`
 
 Once you have that information, run the following command:
@@ -64,7 +76,7 @@ To install the latest stable release of NGINX Gateway Fabric in the **nginx-gate
 
 ```shell
 helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
-  --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> \
+  --set nginx.nginxOneConsole.dataplaneKeySecretName=<data_plane_key_secret_name> \
   -n nginx-gateway
 ```
 
@@ -81,7 +93,7 @@ helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
   --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus \
   --set nginx.plus=true \
   --set nginx.imagePullSecret=nginx-plus-registry-secret -n nginx-gateway \
-  --set nginxAgent.dataplaneKeySecretName=<data_plane_key_secret_name> 
+  --set nginx.nginxOneConsole.dataplaneKeySecretName=<data_plane_key_secret_name> 
 ```
 
 {{% /tab %}}
@@ -111,7 +123,9 @@ If you prefer to install directly from sources, instead of through the OCI helm
 To install the chart into the **nginx-gateway** namespace, run the following command:
 
 ```shell
-helm install ngf . --create-namespace -n nginx-gateway
+helm install ngf .  \
+  --set nginx.nginxOneConsole.dataplaneKeySecretName=<data_plane_key_secret_name> \
+  -n nginx-gateway
 ```
 
 {{% /tab %}}
@@ -123,7 +137,12 @@ helm install ngf . --create-namespace -n nginx-gateway
 To install the chart into the **nginx-gateway** namespace, run the following command:
 
 ```shell
-helm install ngf . --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus --set nginx.plus=true --set nginx.imagePullSecret=nginx-plus-registry-secret -n nginx-gateway
+helm install ngf . \
+  --set nginx.image.repository=private-registry.nginx.com/nginx-gateway-fabric/nginx-plus \
+  --set nginx.nginxOneConsole.dataplaneKeySecretName=<data_plane_key_secret_name> \
+  --set nginx.plus=true \
+  --set nginx.imagePullSecret=nginx-plus-registry-secret \
+  -n nginx-gateway
 ```
 
 {{% /tab %}}
diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
index 27460dbea..409eaff19 100644
--- a/content/nginx-one/k8s/add-ngf-manifests.md
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -24,6 +24,10 @@ Log in to NGINX One Console. If you need more information, review our [Get start
 
 {{< include "/nginx-one/how-to/generate-data-plane-key.md" >}}
 
+### Create a Kubernetes secret with the data plane key
+
+{{< include "/nginx-one/how-to/k8s-secret-dp-key.md" >}}
+
 ### Secure traffic
 
 For more information, review how you can [Secure traffic using Let's Encrypt and cert-manager]({{< ref "/ngf/traffic-security/integrate-cert-manager.md" >}})

From fd55b91a773d04284795036c8563127f40fc530c Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 10:52:50 -0700
Subject: [PATCH 15/22] Apply suggestions from code review

---
 content/nginx-one/k8s/add-ngf-manifests.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
index 409eaff19..3874633a8 100644
--- a/content/nginx-one/k8s/add-ngf-manifests.md
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -28,9 +28,6 @@ Log in to NGINX One Console. If you need more information, review our [Get start
 
 {{< include "/nginx-one/how-to/k8s-secret-dp-key.md" >}}
 
-### Secure traffic
-
-For more information, review how you can [Secure traffic using Let's Encrypt and cert-manager]({{< ref "/ngf/traffic-security/integrate-cert-manager.md" >}})
 
 ## Install Gateway API resources
 <!-- Corresponds to step 2 in the UX -->
@@ -43,6 +40,8 @@ For more information, review how you can [Secure traffic using Let's Encrypt and
 
 ## Deploy NGINX Gateway Fabric
 
+Specify the Secret name in the `--nginx-one-dataplane-key-secret` command-line argument of the nginx-gateway container.
+
 {{< include "/ngf/installation/deploy-ngf-manifests.md" >}}
 
 ## References

From d6ce67d4c360690e22012f42d6aa72f13002a257 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 11:06:13 -0700
Subject: [PATCH 16/22] Use another include

---
 content/nginx-one/k8s/add-ngf-helm.md      | 29 +---------------------
 content/nginx-one/k8s/add-ngf-manifests.md |  1 -
 2 files changed, 1 insertion(+), 29 deletions(-)

diff --git a/content/nginx-one/k8s/add-ngf-helm.md b/content/nginx-one/k8s/add-ngf-helm.md
index 2e6da780e..0a5e0b6a4 100644
--- a/content/nginx-one/k8s/add-ngf-helm.md
+++ b/content/nginx-one/k8s/add-ngf-helm.md
@@ -30,34 +30,7 @@ You also need:
 
 ### Create a Kubernetes secret with the data plane key
 
-To create a Kubernetes secret, you'll need:
-
-- The Data Plane Key
-- To set up the secret in the same namespace as NGINX Gateway Fabric
-- Use the name `dataplane.key` as shown
-
-To create a Kubernetes secret, you'll need:
-
-- The Data Plane Key
-- The `nginx-gateway` namespace must exist. You can create it with the following command: `kubectl create namespace nginx-gateway`
-
-   - Then create the secret with the following command. The key must be named `dataplane.key`:
-
-   ```shell
-   kubectl create secret generic dataplane-key \
-     --from-literal=dataplane.key=<Your Dataplane Key> \
-     -n nginx-gateway
-   ```
-  - You can create it with the following command: `kubectl create namespace nginx-gateway`
-
-Once you have that information, run the following command:
-
-
-   ```shell
-   kubectl create secret generic dataplane-key \
-     --from-literal=dataplane.key=<Your Dataplane Key> \
-     -n <namespace>
-   ```
+{{< include "/nginx-one/how-to/k8s-secret-dp-key.md" >}}
 
 ## Install Gateway API resources
 <!-- Corresponds to step 2 in the UX -->
diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
index 3874633a8..0941f543f 100644
--- a/content/nginx-one/k8s/add-ngf-manifests.md
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -28,7 +28,6 @@ Log in to NGINX One Console. If you need more information, review our [Get start
 
 {{< include "/nginx-one/how-to/k8s-secret-dp-key.md" >}}
 
-
 ## Install Gateway API resources
 <!-- Corresponds to step 2 in the UX -->
 {{< include "/ngf/installation/install-gateway-api-resources.md" >}}

From e35e6c4cd02699b610c24e505500eb596d9c5755 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 11:08:40 -0700
Subject: [PATCH 17/22] Update content/nginx-one/k8s/add-ngf-manifests.md

Co-authored-by: Saylor Berman <s.berman@f5.com>
---
 content/nginx-one/k8s/add-ngf-manifests.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
index 0941f543f..305bb74ea 100644
--- a/content/nginx-one/k8s/add-ngf-manifests.md
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -39,7 +39,7 @@ Log in to NGINX One Console. If you need more information, review our [Get start
 
 ## Deploy NGINX Gateway Fabric
 
-Specify the Secret name in the `--nginx-one-dataplane-key-secret` command-line argument of the nginx-gateway container.
+Specify the data plane key Secret name in the `--nginx-one-dataplane-key-secret` command-line argument of the nginx-gateway container.
 
 {{< include "/ngf/installation/deploy-ngf-manifests.md" >}}
 

From bc4ff15ed668363c72ae76f64cf7d0637640c161 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 11:36:37 -0700
Subject: [PATCH 18/22] troubleshooting include

---
 .../nginx-one/how-to/ngf-troubleshooting.md   | 26 +++++++++++++++++++
 content/nginx-one/k8s/add-ngf-helm.md         | 20 +-------------
 content/nginx-one/k8s/add-ngf-manifests.md    |  4 +++
 3 files changed, 31 insertions(+), 19 deletions(-)
 create mode 100644 content/includes/nginx-one/how-to/ngf-troubleshooting.md

diff --git a/content/includes/nginx-one/how-to/ngf-troubleshooting.md b/content/includes/nginx-one/how-to/ngf-troubleshooting.md
new file mode 100644
index 000000000..52a9db7a0
--- /dev/null
+++ b/content/includes/nginx-one/how-to/ngf-troubleshooting.md
@@ -0,0 +1,26 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/nginx-one/k8s/add-ngf-manifests.md
+- content/nginx-one/k8s/add-ngf-helm.md
+---
+
+If you encounter issues connecting your instances to NGINX One Console, try the following commands:
+
+Check the NGINX Agent version:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_pod_name> -- nginx-agent -v
+```
+
+Check the NGINX Agent configuration:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_pod_name> -- cat /etc/nginx-agent/nginx-agent.conf
+```
+
+Check NGINX Agent logs:
+
+```shell
+kubectl exec -it -n <namespace> <nginx_pod_name> -- nginx-agent
+```
diff --git a/content/nginx-one/k8s/add-ngf-helm.md b/content/nginx-one/k8s/add-ngf-helm.md
index 0a5e0b6a4..11e7f633e 100644
--- a/content/nginx-one/k8s/add-ngf-helm.md
+++ b/content/nginx-one/k8s/add-ngf-helm.md
@@ -141,22 +141,4 @@ Log in to your F5 Distributed Cloud Console account.
 
 ## Troubleshooting
 
-If you encounter issues connecting your instances to NGINX One Console, try the following commands:
-
-Check the NGINX Agent version:
-
-```shell
-kubectl exec -it -n <namespace> <nginx_pod_name> -- nginx-agent -v
-```
-
-Check the NGINX Agent configuration:
-
-```shell
-kubectl exec -it -n <namespace> <nginx_pod_name> -- cat /etc/nginx-agent/nginx-agent.conf
-```
-
-Check NGINX Agent logs:
-
-```shell
-kubectl exec -it -n <namespace> <nginx_pod_name> -- nginx-agent
-```
+{{< include "/nginx-one/how-to/ngf-troubleshooting.md" >}}
diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
index 305bb74ea..bd66646b8 100644
--- a/content/nginx-one/k8s/add-ngf-manifests.md
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -43,6 +43,10 @@ Specify the data plane key Secret name in the `--nginx-one-dataplane-key-secret`
 
 {{< include "/ngf/installation/deploy-ngf-manifests.md" >}}
 
+## Troubleshooting
+
+{{< include "/nginx-one/how-to/ngf-troubleshooting.md" >}}
+
 ## References
 
 For more details, see:

From 1ef87e411efea3df7c8af120278908b5e834a293 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 11:44:31 -0700
Subject: [PATCH 19/22] More feedback

---
 content/includes/ngf/installation/deploy-ngf-manifests.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/content/includes/ngf/installation/deploy-ngf-manifests.md b/content/includes/ngf/installation/deploy-ngf-manifests.md
index aa4cbc9be..74597c237 100644
--- a/content/includes/ngf/installation/deploy-ngf-manifests.md
+++ b/content/includes/ngf/installation/deploy-ngf-manifests.md
@@ -109,6 +109,10 @@ kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{
 
 {{</tabs>}}
 
+### Provision an NGINX data plane
+
+If you have not already done so, review [Deploy a Gateway for data plane instances]({{< ref "/ngf/install/deploy-data-plane.md" >}}).
+
 ### Verify the Deployment
 
 To confirm that NGINX Gateway Fabric is running, check the pods in the `nginx-gateway` namespace:

From 4cff9eebed183ff2441fc77db182e83ae1aa86a6 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 12:32:35 -0700
Subject: [PATCH 20/22] Apply suggestions from code review

---
 .../ngf/installation/deploy-ngf-manifests.md     | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/content/includes/ngf/installation/deploy-ngf-manifests.md b/content/includes/ngf/installation/deploy-ngf-manifests.md
index 74597c237..17183bbad 100644
--- a/content/includes/ngf/installation/deploy-ngf-manifests.md
+++ b/content/includes/ngf/installation/deploy-ngf-manifests.md
@@ -111,19 +111,5 @@ kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{
 
 ### Provision an NGINX data plane
 
-If you have not already done so, review [Deploy a Gateway for data plane instances]({{< ref "/ngf/install/deploy-data-plane.md" >}}).
+To deploy the NGINX data plane to connect to the NGINX One Console, follow this guide: [Deploy a Gateway for data plane instances]({{< ref "/ngf/install/deploy-data-plane.md" >}}).
 
-### Verify the Deployment
-
-To confirm that NGINX Gateway Fabric is running, check the pods in the `nginx-gateway` namespace:
-
-```shell
-kubectl get pods -n nginx-gateway
-```
-
-The output should look similar to this (note that the pod name will include a unique string):
-
-```text
-NAME                             READY   STATUS    RESTARTS   AGE
-nginx-gateway-5d4f4c7db7-xk2kq   1/1     Running   0          112s
-```

From d5a66d7ddd51017de0bcf3dbc9efb3915721c87c Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 13:19:30 -0700
Subject: [PATCH 21/22] Include to verify connection

---
 content/includes/nginx-one/verify-connection.md | 14 ++++++++++++++
 content/nginx-one/k8s/add-ngf-helm.md           |  7 +------
 content/nginx-one/k8s/add-ngf-manifests.md      |  4 ++++
 3 files changed, 19 insertions(+), 6 deletions(-)
 create mode 100644 content/includes/nginx-one/verify-connection.md

diff --git a/content/includes/nginx-one/verify-connection.md b/content/includes/nginx-one/verify-connection.md
new file mode 100644
index 000000000..189176a6d
--- /dev/null
+++ b/content/includes/nginx-one/verify-connection.md
@@ -0,0 +1,14 @@
+---
+nd-docs: "DOCS-000"
+files:
+- content/nginx-one/k8s/add-ngf-manifests.md
+- content/nginx-one/k8s/add-ngf-helm.md
+---
+
+After deploying NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console.
+Log in to your F5 Distributed Cloud Console account. 
+
+- Select **NGINX One > Visit Service**. 
+- In the dashboard, select **Manage > Control Planes**.  You should see your Control Planes listed by name, product, and version. Each control plane is associated with one or more instances.
+- Select the name of the Control Plane. In the **Instances** section, select the instance of your choice. You can review instance details, including the name of the **Control Plane**.
+
diff --git a/content/nginx-one/k8s/add-ngf-helm.md b/content/nginx-one/k8s/add-ngf-helm.md
index 11e7f633e..4309ff988 100644
--- a/content/nginx-one/k8s/add-ngf-helm.md
+++ b/content/nginx-one/k8s/add-ngf-helm.md
@@ -132,12 +132,7 @@ kubectl wait --timeout=5m -n nginx-gateway deployment/ngf-nginx-gateway-fabric -
 
 ## Verify a connection to NGINX One Console
 
-After deploying NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console.
-Log in to your F5 Distributed Cloud Console account. 
-
-- Select **NGINX One > Visit Service**. 
-- In the dashboard, select **Manage > Control Planes**.  You should see your Control Planes listed by name, product, and version. Each control plane is associated with one or more instances.
-- Select the name of the Control Plane. In the **Instances** section, select the instance of your choice. You can review instance details, including the name of the **Control Plane**.
+{{< include "/nginx-one/how-to/verify-connection.md" >}}
 
 ## Troubleshooting
 
diff --git a/content/nginx-one/k8s/add-ngf-manifests.md b/content/nginx-one/k8s/add-ngf-manifests.md
index bd66646b8..b7d675331 100644
--- a/content/nginx-one/k8s/add-ngf-manifests.md
+++ b/content/nginx-one/k8s/add-ngf-manifests.md
@@ -43,6 +43,10 @@ Specify the data plane key Secret name in the `--nginx-one-dataplane-key-secret`
 
 {{< include "/ngf/installation/deploy-ngf-manifests.md" >}}
 
+## Verify a connection to NGINX One Console
+
+{{< include "/nginx-one/how-to/verify-connection.md" >}}
+
 ## Troubleshooting
 
 {{< include "/nginx-one/how-to/ngf-troubleshooting.md" >}}

From cd4fdeaa244f5d9acd4f1830f5449948d35f5a56 Mon Sep 17 00:00:00 2001
From: Mike Jang <3287976+mjang@users.noreply.github.com>
Date: Mon, 18 Aug 2025 13:24:17 -0700
Subject: [PATCH 22/22] Move file

---
 content/includes/nginx-one/{ => how-to}/verify-connection.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename content/includes/nginx-one/{ => how-to}/verify-connection.md (100%)

diff --git a/content/includes/nginx-one/verify-connection.md b/content/includes/nginx-one/how-to/verify-connection.md
similarity index 100%
rename from content/includes/nginx-one/verify-connection.md
rename to content/includes/nginx-one/how-to/verify-connection.md