nginx · sjberman · Dec 17, 2025 · Dec 17, 2025
@@ -56,7 +56,7 @@ func (fs *fileService) GetFile(
 	ctx context.Context,
 	req *pb.GetFileRequest,
 ) (*pb.GetFileResponse, error) {
-	gi, ok := grpcContext.FromContext(ctx)
+	grpcInfo, ok := grpcContext.FromContext(ctx)
 	if !ok {
 		return nil, agentgrpc.ErrStatusInvalidConnection
 	}
@@ -65,7 +65,7 @@ func (fs *fileService) GetFile(
 		return nil, status.Error(codes.InvalidArgument, "invalid request")
 	}
 
-	contents, err := fs.getFileContents(req, gi.UUID)
+	contents, err := fs.getFileContents(req, grpcInfo.UUID)
 	if err != nil {
 		return nil, err
 	}
@@ -84,7 +84,7 @@ func (fs *fileService) GetFileStream(
 	req *pb.GetFileRequest,
 	server grpc.ServerStreamingServer[pb.FileDataChunk],
 ) error {
-	gi, ok := grpcContext.FromContext(server.Context())
+	grpcInfo, ok := grpcContext.FromContext(server.Context())
 	if !ok {
 		return agentgrpc.ErrStatusInvalidConnection
 	}
@@ -93,7 +93,7 @@ func (fs *fileService) GetFileStream(
 		return status.Error(codes.InvalidArgument, "invalid request")
 	}
 
-	contents, err := fs.getFileContents(req, gi.UUID)
+	contents, err := fs.getFileContents(req, grpcInfo.UUID)
 	if err != nil {
 		return err
 	}
@@ -133,11 +133,11 @@ func (fs *fileService) GetFileStream(
 
 func (fs *fileService) getFileContents(req *pb.GetFileRequest, connKey string) ([]byte, error) {
 	conn := fs.connTracker.GetConnection(connKey)
-	if conn.PodName == "" {
+	if conn.InstanceID == "" {
 		return nil, status.Errorf(codes.NotFound, "connection not found")
 	}
 
-	deployment := fs.nginxDeployments.Get(conn.Parent)
+	deployment := fs.nginxDeployments.Get(conn.ParentName)
 	if deployment == nil {
 		return nil, status.Errorf(codes.NotFound, "deployment not found in store")
 	}
@@ -187,17 +187,17 @@ func (fs *fileService) UpdateOverview(
 	ctx context.Context,
 	req *pb.UpdateOverviewRequest,
 ) (*pb.UpdateOverviewResponse, error) {
-	gi, ok := grpcContext.FromContext(ctx)
+	grpcInfo, ok := grpcContext.FromContext(ctx)
 	if !ok {
 		return &pb.UpdateOverviewResponse{}, agentgrpc.ErrStatusInvalidConnection
 	}
 
-	conn := fs.connTracker.GetConnection(gi.UUID)
-	if conn.PodName == "" {
+	conn := fs.connTracker.GetConnection(grpcInfo.UUID)
+	if conn.InstanceID == "" {
 		return &pb.UpdateOverviewResponse{}, status.Errorf(codes.NotFound, "connection not found")
 	}
 
-	deployment := fs.nginxDeployments.Get(conn.Parent)
+	deployment := fs.nginxDeployments.Get(conn.ParentName)
 	if deployment == nil {
 		return &pb.UpdateOverviewResponse{}, status.Errorf(codes.NotFound, "deployment not found in store")
 	}

@@ -43,9 +43,8 @@ func TestGetFile(t *testing.T) {
 
 	connTracker := &agentgrpcfakes.FakeConnectionsTracker{}
 	conn := agentgrpc.Connection{
-		PodName:    "nginx-pod",
 		InstanceID: "12345",
-		Parent:     deploymentName,
+		ParentName: deploymentName,
 	}
 	connTracker.GetConnectionReturns(conn)
 
@@ -109,9 +108,8 @@ func TestGetFile_InvalidRequest(t *testing.T) {
 	deploymentName := types.NamespacedName{Name: "nginx-deployment", Namespace: "default"}
 	connTracker := &agentgrpcfakes.FakeConnectionsTracker{}
 	conn := agentgrpc.Connection{
-		PodName:    "nginx-pod",
 		InstanceID: "12345",
-		Parent:     deploymentName,
+		ParentName: deploymentName,
 	}
 	connTracker.GetConnectionReturns(conn)
 
@@ -165,9 +163,8 @@ func TestGetFile_DeploymentNotFound(t *testing.T) {
 
 	connTracker := &agentgrpcfakes.FakeConnectionsTracker{}
 	conn := agentgrpc.Connection{
-		PodName:    "nginx-pod",
 		InstanceID: "12345",
-		Parent:     deploymentName,
+		ParentName: deploymentName,
 	}
 	connTracker.GetConnectionReturns(conn)
 
@@ -198,9 +195,8 @@ func TestGetFile_FileNotFound(t *testing.T) {
 
 	connTracker := &agentgrpcfakes.FakeConnectionsTracker{}
 	conn := agentgrpc.Connection{
-		PodName:    "nginx-pod",
 		InstanceID: "12345",
-		Parent:     deploymentName,
+		ParentName: deploymentName,
 	}
 	connTracker.GetConnectionReturns(conn)
 
@@ -234,9 +230,8 @@ func TestGetFileStream(t *testing.T) {
 
 	connTracker := &agentgrpcfakes.FakeConnectionsTracker{}
 	conn := agentgrpc.Connection{
-		PodName:    "nginx-pod",
 		InstanceID: "12345",
-		Parent:     deploymentName,
+		ParentName: deploymentName,
 	}
 	connTracker.GetConnectionReturns(conn)
 
@@ -312,9 +307,8 @@ func TestGetFileStream_InvalidRequest(t *testing.T) {
 	deploymentName := types.NamespacedName{Name: "nginx-deployment", Namespace: "default"}
 	connTracker := &agentgrpcfakes.FakeConnectionsTracker{}
 	conn := agentgrpc.Connection{
-		PodName:    "nginx-pod",
 		InstanceID: "12345",
-		Parent:     deploymentName,
+		ParentName: deploymentName,
 	}
 	connTracker.GetConnectionReturns(conn)
 
@@ -369,9 +363,8 @@ func TestUpdateOverview(t *testing.T) {
 
 	connTracker := &agentgrpcfakes.FakeConnectionsTracker{}
 	conn := agentgrpc.Connection{
-		PodName:    "nginx-pod",
 		InstanceID: "12345",
-		Parent:     deploymentName,
+		ParentName: deploymentName,
 	}
 	connTracker.GetConnectionReturns(conn)
 
@@ -504,9 +497,8 @@ func TestUpdateOverview_DeploymentNotFound(t *testing.T) {
 
 	connTracker := &agentgrpcfakes.FakeConnectionsTracker{}
 	conn := agentgrpc.Connection{
-		PodName:    "nginx-pod",
 		InstanceID: "12345",
-		Parent:     deploymentName,
+		ParentName: deploymentName,
 	}
 	connTracker.GetConnectionReturns(conn)
 

@@ -21,9 +21,9 @@ type ConnectionsTracker interface {
 
 // Connection contains the data about a single nginx agent connection.
 type Connection struct {
-	PodName    string
 	InstanceID string
-	Parent     types.NamespacedName
+	ParentType string
+	ParentName types.NamespacedName
 }
 
 // Ready returns if the connection is ready to be used. In other words, agent

@@ -16,9 +16,8 @@ func TestGetConnection(t *testing.T) {
 	tracker := agentgrpc.NewConnectionsTracker()
 
 	conn := agentgrpc.Connection{
-		PodName:    "pod1",
 		InstanceID: "instance1",
-		Parent:     types.NamespacedName{Namespace: "default", Name: "parent1"},
+		ParentName: types.NamespacedName{Namespace: "default", Name: "parent1"},
 	}
 	tracker.Track("key1", conn)
 
@@ -34,9 +33,8 @@ func TestConnectionIsReady(t *testing.T) {
 	g := NewWithT(t)
 
 	conn := agentgrpc.Connection{
-		PodName:    "pod1",
 		InstanceID: "instance1",
-		Parent:     types.NamespacedName{Namespace: "default", Name: "parent1"},
+		ParentName: types.NamespacedName{Namespace: "default", Name: "parent1"},
 	}
 
 	g.Expect(conn.Ready()).To(BeTrue())
@@ -47,8 +45,7 @@ func TestConnectionIsNotReady(t *testing.T) {
 	g := NewWithT(t)
 
 	conn := agentgrpc.Connection{
-		PodName: "pod1",
-		Parent:  types.NamespacedName{Namespace: "default", Name: "parent1"},
+		ParentName: types.NamespacedName{Namespace: "default", Name: "parent1"},
 	}
 
 	g.Expect(conn.Ready()).To(BeFalse())
@@ -60,8 +57,7 @@ func TestSetInstanceID(t *testing.T) {
 
 	tracker := agentgrpc.NewConnectionsTracker()
 	conn := agentgrpc.Connection{
-		PodName: "pod1",
-		Parent:  types.NamespacedName{Namespace: "default", Name: "parent1"},
+		ParentName: types.NamespacedName{Namespace: "default", Name: "parent1"},
 	}
 	tracker.Track("key1", conn)
 
@@ -81,9 +77,8 @@ func TestRemoveConnection(t *testing.T) {
 
 	tracker := agentgrpc.NewConnectionsTracker()
 	conn := agentgrpc.Connection{
-		PodName:    "pod1",
 		InstanceID: "instance1",
-		Parent:     types.NamespacedName{Namespace: "default", Name: "parent1"},
+		ParentName: types.NamespacedName{Namespace: "default", Name: "parent1"},
 	}
 	tracker.Track("key1", conn)
 

@@ -84,12 +84,12 @@ func (c ContextSetter) Unary(logger logr.Logger) grpc.UnaryServerInterceptor {
 // validateConnection checks that the connection is valid and returns a new
 // context containing information used by the gRPC command/file services.
 func (c ContextSetter) validateConnection(ctx context.Context) (context.Context, error) {
-	gi, err := getGrpcInfo(ctx)
+	grpcInfo, err := getGrpcInfo(ctx)
 	if err != nil {
 		return nil, err
 	}
 
-	return c.validateToken(ctx, gi)
+	return c.validateToken(ctx, grpcInfo)
 }
 
 func getGrpcInfo(ctx context.Context) (*grpcContext.GrpcInfo, error) {
@@ -114,11 +114,11 @@ func getGrpcInfo(ctx context.Context) (*grpcContext.GrpcInfo, error) {
 	}, nil
 }
 
-func (c ContextSetter) validateToken(ctx context.Context, gi *grpcContext.GrpcInfo) (context.Context, error) {
+func (c ContextSetter) validateToken(ctx context.Context, grpcInfo *grpcContext.GrpcInfo) (context.Context, error) {
 	tokenReview := &authv1.TokenReview{
 		Spec: authv1.TokenReviewSpec{
 			Audiences: []string{c.audience},
-			Token:     gi.Token,
+			Token:     grpcInfo.Token,
 		},
 	}
 
@@ -169,5 +169,5 @@ func (c ContextSetter) validateToken(ctx context.Context, gi *grpcContext.GrpcIn
 		return nil, status.Error(codes.Unauthenticated, msg)
 	}
 
-	return grpcContext.NewGrpcContext(ctx, *gi), nil
+	return grpcContext.NewGrpcContext(ctx, *grpcInfo), nil
 }
@@ -253,7 +253,7 @@ func TestValidateToken_PodListOptions(t *testing.T) {
 
 	testCases := []struct {
 		pod       *corev1.Pod
-		gi        *grpcContext.GrpcInfo
+		grpcInfo  *grpcContext.GrpcInfo
 		name      string
 		shouldErr bool
 	}{
@@ -269,7 +269,7 @@ func TestValidateToken_PodListOptions(t *testing.T) {
 				},
 				Status: corev1.PodStatus{Phase: corev1.PodRunning},
 			},
-			gi:        &grpcContext.GrpcInfo{Token: "dummy-token"},
+			grpcInfo:  &grpcContext.GrpcInfo{Token: "dummy-token"},
 			shouldErr: false,
 		},
 		{
@@ -284,7 +284,7 @@ func TestValidateToken_PodListOptions(t *testing.T) {
 				},
 				Status: corev1.PodStatus{Phase: corev1.PodRunning},
 			},
-			gi:        &grpcContext.GrpcInfo{Token: "dummy-token"},
+			grpcInfo:  &grpcContext.GrpcInfo{Token: "dummy-token"},
 			shouldErr: true,
 		},
 		{
@@ -299,7 +299,7 @@ func TestValidateToken_PodListOptions(t *testing.T) {
 				},
 				Status: corev1.PodStatus{Phase: corev1.PodRunning},
 			},
-			gi:        &grpcContext.GrpcInfo{Token: "dummy-token"},
+			grpcInfo:  &grpcContext.GrpcInfo{Token: "dummy-token"},
 			shouldErr: true,
 		},
 		{
@@ -312,7 +312,7 @@ func TestValidateToken_PodListOptions(t *testing.T) {
 				},
 				Status: corev1.PodStatus{Phase: corev1.PodRunning},
 			},
-			gi:        &grpcContext.GrpcInfo{Token: "dummy-token"},
+			grpcInfo:  &grpcContext.GrpcInfo{Token: "dummy-token"},
 			shouldErr: true,
 		},
 		{
@@ -327,7 +327,7 @@ func TestValidateToken_PodListOptions(t *testing.T) {
 				},
 				Status: corev1.PodStatus{Phase: corev1.PodPending},
 			},
-			gi:        &grpcContext.GrpcInfo{Token: "dummy-token"},
+			grpcInfo:  &grpcContext.GrpcInfo{Token: "dummy-token"},
 			shouldErr: true,
 		},
 	}
@@ -352,7 +352,7 @@ func TestValidateToken_PodListOptions(t *testing.T) {
 			patchedClient := &patchClient{fakeClient}
 			csPatched := NewContextSetter(patchedClient, "ngf-audience")
 
-			resultCtx, err := csPatched.validateToken(t.Context(), tc.gi)
+			resultCtx, err := csPatched.validateToken(t.Context(), tc.grpcInfo)
 			if tc.shouldErr {
 				g.Expect(err).To(HaveOccurred())
 				g.Expect(err.Error()).To(ContainSubstring("no running pods"))

@@ -4,3 +4,14 @@ const (
 	// Nginx503Server is used as a backend for services that cannot be resolved (have no IP address).
 	Nginx503Server = "unix:/var/run/nginx/nginx-503-server.sock"
 )
+
+const (
+	// AgentOwnerNameLabel is the label key used to store the owner name of the nginx agent.
+	AgentOwnerNameLabel = "owner-name"
+	// AgentOwnerTypeLabel is the label key used to store the owner type of the nginx agent.
+	AgentOwnerTypeLabel = "owner-type"
+	// DaemonSetType is the value used to represent a DaemonSet owner type.
+	DaemonSetType = "DaemonSet"
+	// DeploymentType is the value used to represent a Deployment owner type.
+	DeploymentType = "Deployment"
+)
@@ -24,6 +24,7 @@ import (
 
 	ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2"
 	"github.com/nginx/nginx-gateway-fabric/v2/internal/controller/config"
+	nginxTypes "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/nginx/types"
 	"github.com/nginx/nginx-gateway-fabric/v2/internal/controller/state/dataplane"
 	"github.com/nginx/nginx-gateway-fabric/v2/internal/controller/state/graph"
 	"github.com/nginx/nginx-gateway-fabric/v2/internal/framework/controller"
@@ -451,6 +452,14 @@ func (p *NginxProvisioner) buildNginxConfigMaps(
 		metricsPort = *port
 	}
 
+	depType := nginxTypes.DeploymentType
+	if nProxyCfg != nil && nProxyCfg.Kubernetes != nil && nProxyCfg.Kubernetes.DaemonSet != nil {
+		depType = nginxTypes.DaemonSetType
+	}
+
+	p.cfg.AgentLabels[nginxTypes.AgentOwnerNameLabel] = fmt.Sprintf("%s_%s", objectMeta.Namespace, objectMeta.Name)
+	p.cfg.AgentLabels[nginxTypes.AgentOwnerTypeLabel] = depType
+
 	agentFields := map[string]interface{}{
 		"Plus":          p.cfg.Plus,
 		"ServiceName":   p.cfg.GatewayPodConfig.ServiceName,
@@ -865,10 +874,8 @@ func (p *NginxProvisioner) buildNginxPodTemplateSpec(
 	tokenAudience := fmt.Sprintf("%s.%s.svc", p.cfg.GatewayPodConfig.ServiceName, p.cfg.GatewayPodConfig.Namespace)
 
 	clusterID := "unknown"
-	if p.cfg.AgentLabels != nil {
-		if val, ok := p.cfg.AgentLabels["cluster-id"]; ok {
-			clusterID = val
-		}
+	if val, ok := p.cfg.AgentLabels["cluster-id"]; ok {
+		clusterID = val
 	}
 
 	spec := corev1.PodTemplateSpec{