Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add WAF policy compile instructions #5886

Merged
merged 41 commits into from
Aug 2, 2024
Merged

Add WAF policy compile instructions #5886

merged 41 commits into from
Aug 2, 2024

Conversation

ADubhlaoich
Copy link
Contributor

@ADubhlaoich ADubhlaoich commented Jun 28, 2024
edited
Loading

Proposed changes

This PR is for a document describing how to use NGINX Instance Manager to compile policies for NGINX App Protect WAF for use with NGINX Ingress Controller.

Jason Williams is the author: I am editing and converting it for documentation. The first commit is largely the rough draft initially provided

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@ADubhlaoich ADubhlaoich self-assigned this Jun 28, 2024
@ADubhlaoich ADubhlaoich requested review from a team as code owners June 28, 2024 11:25
@ADubhlaoich ADubhlaoich marked this pull request as draft June 28, 2024 11:26
@github-actions github-actions bot added the documentation Pull requests/issues for documentation label Jun 28, 2024
@ADubhlaoich
Copy link
Contributor Author

@jasonwilliams14 Unless there's a technical requirement for it, I don't think uploading the bundle to the cluster makes sense as the last step. Since it's referenced in the policy created, I think that step should go immediately after the necessary volume and volumeMounts are created.

Right now the steps assert that you reference a binary file that doesn't exist within the cluster on the premise of adding it later: since the user will have created and downloaded the bundle already, I think it's better they upload it immediately.

@brianehlert
Copy link
Collaborator

@jasonwilliams14 Unless there's a technical requirement for it, I don't think uploading the bundle to the cluster makes sense as the last step. Since it's referenced in the policy created, I think that step should go immediately after the necessary volume and volumeMounts are created.

Right now the steps assert that you reference a binary file that doesn't exist within the cluster on the premise of adding it later: since the user will have created and downloaded the bundle already, I think it's better they upload it immediately.

The maintenance of the Policy Bundle itself involves the App Protect Policy (that YAML object) and the sequenced workflow of ensuring that is on the shared volume of the NIC deployment prior to any change with the YAML object.
This is a workflow that is already documented. And this should align with that.

ADubhlaoich and others added 14 commits July 3, 2024 11:55
@ADubhlaoich ADubhlaoich marked this pull request as ready for review July 16, 2024 11:24
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 1, 2024

Deploy Preview will be available once build job completes!

Name Link
😎 Deploy Preview https://frontdoor-test-docs.nginx.com/previews/nginx-ingress-controller/5886/

@ADubhlaoich ADubhlaoich enabled auto-merge (squash) August 1, 2024 11:00
@ADubhlaoich ADubhlaoich merged commit 6fe1c23 into main Aug 2, 2024
49 checks passed
@ADubhlaoich ADubhlaoich deleted the waf-nim-compile branch August 2, 2024 09:11
ADubhlaoich added a commit that referenced this pull request Aug 23, 2024
@ADubhlaoich @vepatel
@shaun-nx @mjang
Add WAF policy compile instructions (#5886)
9474c5f 
This commit adds a new document to the WAF v4 subsection explaining
how to use NGINX Instance Manager to compile WAF policies for security
bundles and add them to NGINX Ingress Controller.

---------

Signed-off-by: Alan Dooley <a.dooley@f5.com>
Co-authored-by: Jason Williams <ja.williams@f5.com>
Co-authored-by: Venktesh Shivam Patel <ve.patel@f5.com>
Co-authored-by: Shaun <s.odonovan@f5.com>
Co-authored-by: Mike Jang <mi.jang@f5.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pdabelf5 pdabelf5 pdabelf5 approved these changes

@danielnginx danielnginx danielnginx approved these changes

@mjang mjang Awaiting requested review from mjang

@vepatel vepatel Awaiting requested review from vepatel

@shaun-nx shaun-nx Awaiting requested review from shaun-nx

Assignees

@ADubhlaoich ADubhlaoich

Labels
documentation Pull requests/issues for documentation
Projects
NGINX Ingress Controller
Status: Done 🚀
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ADubhlaoich @brianehlert @mjang @vepatel @shaun-nx @danielnginx @pdabelf5