Skip to content

POC - Ingress annotation for precompiled policies #6783

New issue
New issue
Open
Task
Open
POC - Ingress annotation for precompiled policies#6783
Task
Labels
pocTasks that require investigationproposalAn issue that proposes a feature requestrefinedIssues that are ready to be prioritized
Milestone
 
v5.1.0
@shaun-nx

Description

@shaun-nx
shaun-nx
opened on Nov 11, 2024

Questions to answer, and things to consider, during this POC:

  • Can we support different bundle paths? e.g. "/etc/app_protect/bundles/cafe/policy-cafe.tgz"?
  • Can we reject an Ingress resource where the namespace of that Ingress resource is not found in the bundle path?
  • Can we add logic to add one nested directory in /etc/app_protect/bundles/?
  • Should the full path be in the annotation?

Additional resources:
https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/deploy-on-kubernetes/#using-compiled-policy-and-logging-profile-bundles-in-nginx

https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/deploy-on-docker/#using-policy-and-logging-profile-bundles

#6641 (comment)

Metadata

Metadata

Assignees

No one assigned

    Labels

    pocTasks that require investigationproposalAn issue that proposes a feature requestrefinedIssues that are ready to be prioritized

    Type

    Projects

    NGINX Ingress Controller

    Status

    No status

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions