feat: Restructure Kubernetes documentation IA, update references

Author: ADubhlaoich

content/nap-waf/v4/releases/about-4.14.md

@@ -16,18 +16,23 @@ March 18th, 2025
 - NGINX App Protect WAF Enforcer now supports multiple signature versions
 - Changed the maximum memory of the XML processing engine to 8GB
 - Upgraded the Go compiler to 1.23.7
+
 ---
 
+## Important notes
+
+- Alpine 3.17 is no longer supported
+
 ## Known issues
 
-- "Violation Encoding" is not enabled by default
-- "Violation Bad Unescape" is not enabled by default
+- (12296) "Violation Bad Unescape" is not enabled by default
+- (12297) "Violation Encoding" is not enabled by default
 
 ---
 
-## Important notes
+## Resolved issues
 
-- Alpine 3.17 is no longer supported
+- (12254) A modified YAML file referenced by a JSON policy file causes a reload error when running `nginx -t`
 
 ---
 

content/nap-waf/v5/admin-guide/deploy-on-docker.md

@@ -1,5 +1,5 @@
 ---
-title: Deploying NGINX App Protect WAF on Docker
+title: Deploy NGINX App Protect WAF with Docker
 weight: 400
 toc: true
 type: how-to

content/nap-waf/v5/admin-guide/deploy-on-kubernetes/_index.md

@@ -1,14 +1,16 @@
 ---
-title: Deploying NGINX App Protect WAF with Helm
-weight: 300
+title: Deploy NGINX App Protect WAF with Helm
+weight: 200
 toc: true
 type: how-to
 product: NAP-WAF
 ---
 
 ## Overview
 
-This document explains how to install NGINX App Protect using Helm.
+This document explains how to install F5 NGINX App Protect WAF with Helm.
+
+---
 
 ## Prerequisites
 
@@ -120,23 +122,32 @@ You are ready to [Build the image](#build-image).
 
 Next, push it to your private image repository, ensuring it's accessible to your Kubernetes cluster.
 
+--- 
+
 ## Pull the Chart
-1. Login to the registry
-    ```
-    helm registry login private-registry.nginx.com
-    ```
 
-1. Pull the chart
-    ```
-    helm pull oci://private-registry.nginx.com/nap/nginx-app-protect --version <release-version> --untar
-    ```
+Login to the registry:
 
-1. Change your working directory to nginx-app-protect
-    ```
-    cd nginx-app-protect
-    ```
+```shell
+helm registry login private-registry.nginx.com
+```
+
+Pull the chart:
+
+```shell
+helm pull oci://private-registry.nginx.com/nap/nginx-app-protect --version <release-version> --untar
+```
+
+Change your working directory to nginx-app-protect:
+
+```shell
+cd nginx-app-protect
+```
+
+---
 
 ## Deployment
+
 1.  Set NGINX Docker Image and Tag
 
     Update the appprotect.nginx.image.repository and appprotect.nginx.image.tag in values.yaml with your built NGINX image.
@@ -174,7 +185,7 @@ Next, push it to your private image repository, ensuring it's accessible to your
     ```
     Replace `<release-name>` with your desired release name.
 
-3.  Verify the Deployment
+1.  Verify the Deployment
 
     Use the following commands to verify the deployment:
     ```
@@ -183,71 +194,78 @@ Next, push it to your private image repository, ensuring it's accessible to your
     ```
     Replace <namespace> with the namespace specified in the values.yaml.
 
-## Upgrade the Chart
+## Upgrade the chart
 
 To upgrade the release `<release-name>`:
 ```
 helm upgrade <release-name> .
 ```
 
-## Uninstall the Chart
+## Uninstall the chart
 
 To uninstall/delete the release `<release-name>`:
 
-```
+```shell
 helm uninstall <release-name>
 ```
 
+---
+
 ## Configuration
-The following tables lists the configurable parameters of the NGINX App Protect chart and their default values.
 
+This table lists the configurable parameters of the NGINX App Protect chart and their default values.
+
+It should help you quickly understand the referenced configuration settings in the `values.yaml` file.
+
+{{< bootstrap-table "table table-striped table-bordered" >}}
 | **Section** | **Key** | **Description** | **Default Value** |
 |-------------|---------|-----------------|-------------------|
-| **Namespace** | `namespace` | The target Kubernetes namespace where the Helm chart will be deployed. | N/A |
-| **App Protect Configuration** | `appprotect.replicas` | The number of replicas of the Nginx App Protect deployment. | 1 |
-| | `appprotect.readOnlyRootFilesystem` | Specifies if the root filesystem is read-only. | false |
-| | `appprotect.annotations` | Custom annotations for the deployment. | {} |
-| **NGINX Configuration** | `appprotect.nginx.image.repository` | Docker image repository for NGINX. | \<your-private-registry>/nginx-app-protect-5 |
-| | `appprotect.nginx.image.tag` | Docker image tag for NGINX. | latest |
-| | `appprotect.nginx.imagePullPolicy` | Image pull policy. | IfNotPresent |
-| | `appprotect.nginx.resources` | The resources of the NGINX container. | requests: cpu=10m,memory=16Mi |
-| **WAF Config Manager** | `appprotect.wafConfigMgr.image.repository` | Docker image repository for the WAF Configuration Manager. | private-registry.nginx.com/nap/waf-config-mgr |
-| | `appprotect.wafConfigMgr.image.tag` | Docker image tag for the WAF Configuration Manager. | 5.6.0 |
-| | `appprotect.wafConfigMgr.imagePullPolicy` | Image pull policy. | IfNotPresent |
-| | `appprotect.wafConfigMgr.resources` | The resources of the WAF Config Manager container. | requests: cpu=10m,memory=16Mi |
-| **WAF Enforcer** | `appprotect.wafEnforcer.image.repository` | Docker image repository for the WAF Enforcer. | private-registry.nginx.com/nap/waf-enforcer |
-| | `appprotect.wafEnforcer.image.tag` | Docker image tag for the WAF Enforcer. | 5.6.0 |
-| | `appprotect.wafEnforcer.imagePullPolicy` | Image pull policy. | IfNotPresent |
-| | `appprotect.wafEnforcer.env.enforcerPort` | Port for the WAF Enforcer. | 50000 |
-| | `appprotect.wafEnforcer.resources` | The resources of the WAF Enforcer container. | requests: cpu=20m,memory=256Mi |
-| **Config** | `appprotect.config.name` | The name of the ConfigMap used by the NGINX container. | nginx-config |
-| | `appprotect.config.annotations` | The annotations of the ConfigMap. | {} |
-| | `appprotect.config.nginxJWT` | JWT license for NGINX. | "" |
-| | `appprotect.config.nginxConf` | NGINX configuration file content. | See `values.yaml` |
-| | `appprotect.config.nginxDefault` | Default server block configuration for NGINX. | {} |
-| | `appprotect.config.entries` | Extra entries of the ConfigMap for customizing NGINX configuration. | {} |
-| **mTLS Configuration** | `appprotect.mTLS.serverCert` | The base64-encoded TLS certificate for the App Protect Enforcer (server). | "" |
-| | `appprotect.mTLS.serverKey` | The base64-encoded TLS key for the App Protect Enforcer (server). | "" |
-| | `appprotect.mTLS.serverCACert` | The base64-encoded TLS CA certificate for the App Protect Enforcer (server). | "" |
-| | `appprotect.mTLS.clientCert` | The base64-encoded TLS certificate for the NGINX (client). | "" |
-| | `appprotect.mTLS.clientKey` | The base64-encoded TLS key for the NGINX (client). | "" |
-| | `appprotect.mTLS.clientCACert` | The base64-encoded TLS CA certificate for the NGINX (client). | "" |
-| **Extra Volumes** | `appprotect.volumes` | The extra volumes of the NGINX container. | [] |
-| **Extra Volume Mounts** | `appprotect.volumeMounts` | The extra volume mounts of the NGINX container. | [] |
-| **Service** | `appprotect.service.nginx.ports.port` | Service port. | 80 |
-| | `appprotect.service.nginx.ports.protocol` | Protocol used. | TCP |
-| | `appprotect.service.nginx.ports.targetPort` | Target port inside the container. | 80 |
-| | `appprotect.service.nginx.type` | Service type. | NodePort |
-| **Storage Configuration** | `appprotect.storage.bundlesPath.name` | Bundles volume name used by WAF Config Manager container for storing policy bundles  | app-protect-bundles |
-| | `appprotect.storage.bundlesPath.mountPath` | Bundles mount path used by WAF Config Manager container, which is the path to the app_protect_policy_file in nginx.conf. | /etc/app_protect/bundles |
-| | `appprotect.storage.pv.hostPath` | Host path for persistent volume. | /mnt/nap5_bundles_pv_data |
-| | `appprotect.storage.pvc.bundlesPvc.storageClass` | Storage class for PVC. | manual |
-| | `appprotect.storage.pvc.bundlesPvc.storageRequest` | Storage request size. | 2Gi |
-| **Docker Configuration** | `dockerConfigJson` | A base64-encoded string representing the Docker registry credentials in JSON format. | N/A |
-
-This table should help you quickly understand and reference the configuration settings in the `values.yaml` file.
-
-## Using Compiled Policy and Logging Profile Bundles in NGINX
+| **Namespace** | _namespace_ | The target Kubernetes namespace where the Helm chart will be deployed. | N/A |
+| **App Protect Configuration** | _appprotect.replicas_ | The number of replicas of the Nginx App Protect deployment. | 1 |
+| | _appprotect.readOnlyRootFilesystem_ | Specifies if the root filesystem is read-only. | false |
+| | _appprotect.annotations_ | Custom annotations for the deployment. | {} |
+| **NGINX Configuration** | _appprotect.nginx.image.repository_ | Docker image repository for NGINX. | \<your-private-registry>/nginx-app-protect-5 |
+| | _appprotect.nginx.image.tag_ | Docker image tag for NGINX. | latest |
+| | _appprotect.nginx.imagePullPolicy_ | Image pull policy. | IfNotPresent |
+| | _appprotect.nginx.resources_ | The resources of the NGINX container. | requests: cpu=10m,memory=16Mi |
+| **WAF Config Manager** | _appprotect.wafConfigMgr.image.repository_ | Docker image repository for the WAF Configuration Manager. | private-registry.nginx.com/nap/waf-config-mgr |
+| | _appprotect.wafConfigMgr.image.tag_ | Docker image tag for the WAF Configuration Manager. | 5.6.0 |
+| | _appprotect.wafConfigMgr.imagePullPolicy_ | Image pull policy. | IfNotPresent |
+| | _appprotect.wafConfigMgr.resources_ | The resources of the WAF Config Manager container. | requests: cpu=10m,memory=16Mi |
+| **WAF Enforcer** | _appprotect.wafEnforcer.image.repository_ | Docker image repository for the WAF Enforcer. | private-registry.nginx.com/nap/waf-enforcer |
+| | _appprotect.wafEnforcer.image.tag_ | Docker image tag for the WAF Enforcer. | 5.6.0 |
+| | _appprotect.wafEnforcer.imagePullPolicy_ | Image pull policy. | IfNotPresent |
+| | _appprotect.wafEnforcer.env.enforcerPort_ | Port for the WAF Enforcer. | 50000 |
+| | _appprotect.wafEnforcer.resources_ | The resources of the WAF Enforcer container. | requests: cpu=20m,memory=256Mi |
+| **Config** | _appprotect.config.name_ | The name of the ConfigMap used by the NGINX container. | nginx-config |
+| | _appprotect.config.annotations_ | The annotations of the ConfigMap. | {} |
+| | _appprotect.config.nginxJWT_ | JWT license for NGINX. | "" |
+| | _appprotect.config.nginxConf_ | NGINX configuration file content. | See _values.yaml_ |
+| | _appprotect.config.nginxDefault_ | Default server block configuration for NGINX. | {} |
+| | _appprotect.config.entries_ | Extra entries of the ConfigMap for customizing NGINX configuration. | {} |
+| **mTLS Configuration** | _appprotect.mTLS.serverCert_ | The base64-encoded TLS certificate for the App Protect Enforcer (server). | "" |
+| | _appprotect.mTLS.serverKey_ | The base64-encoded TLS key for the App Protect Enforcer (server). | "" |
+| | _appprotect.mTLS.serverCACert_ | The base64-encoded TLS CA certificate for the App Protect Enforcer (server). | "" |
+| | _appprotect.mTLS.clientCert_ | The base64-encoded TLS certificate for the NGINX (client). | "" |
+| | _appprotect.mTLS.clientKey_ | The base64-encoded TLS key for the NGINX (client). | "" |
+| | _appprotect.mTLS.clientCACert_ | The base64-encoded TLS CA certificate for the NGINX (client). | "" |
+| **Extra Volumes** | _appprotect.volumes_ | The extra volumes of the NGINX container. | [] |
+| **Extra Volume Mounts** | _appprotect.volumeMounts_ | The extra volume mounts of the NGINX container. | [] |
+| **Service** | _appprotect.service.nginx.ports.port_ | Service port. | 80 |
+| | _appprotect.service.nginx.ports.protocol_ | Protocol used. | TCP |
+| | _appprotect.service.nginx.ports.targetPort_ | Target port inside the container. | 80 |
+| | _appprotect.service.nginx.type_ | Service type. | NodePort |
+| **Storage Configuration** | _appprotect.storage.bundlesPath.name_ | Bundles volume name used by WAF Config Manager container for storing policy bundles  | app-protect-bundles |
+| | _appprotect.storage.bundlesPath.mountPath_ | Bundles mount path used by WAF Config Manager container, which is the path to the app_protect_policy_file in nginx.conf. | /etc/app_protect/bundles |
+| | _appprotect.storage.pv.hostPath_ | Host path for persistent volume. | /mnt/nap5_bundles_pv_data |
+| | _appprotect.storage.pvc.bundlesPvc.storageClass_ | Storage class for PVC. | manual |
+| | _appprotect.storage.pvc.bundlesPvc.storageRequest_ | Storage request size. | 2Gi |
+| **Docker Configuration** | _dockerConfigJson_ | A base64-encoded string representing the Docker registry credentials in JSON format. | N/A |
+{{< /bootstrap-table >}}
+
+---
+
+## Use compiled Policy and Logging Profile bundles in NGINX
 
 In this setup, copy your compiled policy and logging profile bundles to `/mnt/nap5_bundles_pv_data` on a cluster node. Make sure that input files are accessible to UID 101. Then, in your NGINX configuration, refer to these files from `/etc/app_protect/bundles`.
 

…deploy-on-kubernetes/deploy-with-helm.md …p-waf/v5/admin-guide/deploy-with-helm.mdcontent/nap-waf/v5/admin-guide/deploy-on-kubernetes/deploy-with-helm.md renamed to content/nap-waf/v5/admin-guide/deploy-with-helm.md content/nap-waf/v5/admin-guide/deploy-on-kubernetes/deploy-with-helm.md renamed to content/nap-waf/v5/admin-guide/deploy-with-helm.md

@@ -1,5 +1,5 @@
 ---
-title: Deploying NGINX App Protect WAF with Manifests
+title: Deploy NGINX App Protect WAF with Manifests
 weight: 300
 toc: true
 type: how-to

…y-on-kubernetes/deploy-with-manifests.md …/v5/admin-guide/deploy-with-manifests.mdcontent/nap-waf/v5/admin-guide/deploy-on-kubernetes/deploy-with-manifests.md renamed to content/nap-waf/v5/admin-guide/deploy-with-manifests.md content/nap-waf/v5/admin-guide/deploy-on-kubernetes/deploy-with-manifests.md renamed to content/nap-waf/v5/admin-guide/deploy-with-manifests.md

@@ -1,6 +1,6 @@
 ---
 title: Installing NGINX App Protect WAF
-weight: 200
+weight: 400
 toc: true
 type: how-to
 product: NAP-WAF

content/nap-waf/v5/admin-guide/install.md

@@ -50,7 +50,7 @@ NGINX App Protect WAF v5 supports a range of deployment scenarios to meet variou
    - Deploys both NGINX and WAF components within containers.
    - Suitable for environments across development, testing, and production stages.
 
-2. [Kubernetes Deployment]({{< relref "/nap-waf/v5/admin-guide/deploy-on-kubernetes.md" >}})
+2. [Kubernetes Deployment]({{< ref "/nap-waf/v5/admin-guide/deploy-with-helm.md" >}})
    - Integrates both NGINX and WAF components in a single pod.
    - Ideal for scalable, cloud-native environments.
 
@@ -81,7 +81,7 @@ We recommend that you deploy the NGINX App Protect WAF v5 in a staging environme
 1. Install NGINX App Protect WAF 5 (using either nginx OSS or nginx-plus based on the need of customer's application).
    - [Installing NGINX App Protect WAF]({{<relref "/nap-waf/v5/admin-guide/install.md">}})
    - [Deploying NGINX App Protect WAF on Docker]({{<relref "/nap-waf/v5/admin-guide/deploy-on-docker.md">}})
-   - [Deploying NGINX App Protect WAF on Kubernetes]({{<relref "/nap-waf/v5/admin-guide/deploy-on-kubernetes.md">}})
+   - [Deploying NGINX App Protect WAF on Kubernetes]({{<relref "/nap-waf/v5/admin-guide/deploy-with-helm.md">}})
 
 1. Compile your `.json` policies and logging profiles to `.tgz` bundles using [compiler-image]({{<relref "/nap-waf/v5/admin-guide/compiler.md">}}) because NGINX App Protect WAF v5 supports policies and logging profiles in a compiled bundle format only.
 

content/nap-waf/v5/admin-guide/overview.md

@@ -787,7 +787,7 @@ To enable mTLS in NGINX, you need to perform the following steps:
     - ENFORCER_SERVER_KEY
     - ENFORCER_CA_FILE
 
-    Refer to the example for mTLS deployment in the admin guide, whether you're using [Docker]({{< relref "/nap-waf/v5/admin-guide/deploy-on-docker.md#docker-compose-file-with-mtls" >}}) or [Kubernetes]({{< relref "/nap-waf/v5/admin-guide/deploy-on-kubernetes.md#mtls-deployment" >}}).
+    Refer to the example for mTLS deployment in the admin guide, whether you're using [Docker]({{< relref "/nap-waf/v5/admin-guide/deploy-on-docker.md#docker-compose-file-with-mtls" >}}) or [Kubernetes]({{< relref "/nap-waf/v5/admin-guide/deploy-with-manifests.md#mtls-deployment" >}}).
 
 ## Brute Force Attack Preventions
 

content/nap-waf/v5/configuration-guide/configuration.md

@@ -16,7 +16,7 @@ November 19th, 2024
 ## New features
 
 - Added support for Amazon Linux 2023
-- Added support for [readOnlyFileSystem in Kubernetes deployments]({{< relref "/nap-waf/v5/admin-guide/deploy-on-kubernetes.md#configure-read-only-file-systems" >}})
+- Added support for [readOnlyFileSystem in Kubernetes deployments]({{< ref "/nap-waf/v5/admin-guide/deploy-with-manifests.md#configure-read-only-file-systems" >}})
 - Added a [a policy converter to the compiler]({{< relref "/nap-waf/v5/configuration-guide/configuration.md#policy-converter">}})
 - NGINX App Protect WAF now supports NGINX Plus R33
 

content/nap-waf/v5/releases/about-5.4.md

@@ -13,27 +13,30 @@ March 18th, 2025
 
 ## New features
 
-- You can now install NGINX App Protect WAF 5+ using a Helm chart
+- You can now [deploy NGINX App Protect WAF 5+ using a Helm chart]({{< ref "/nap-waf/v5/admin-guide/deploy-with-helm.md">}})
 - NGINX App Protect WAF Enforcer now supports multiple signature versions
 - Changed the maximum memory of the XML processing engine to 8GB
 - Upgraded the Go compiler to 1.23.7
 
 ---
 
+## Important notes
+
+- Alpine 3.17 is no longer supported
+
 ## Known issues
 
-- "Violation Encoding" is not enabled by default
-- "Violation Bad Unescape" is not enabled by default
+- (12296) "Violation Bad Unescape" is not enabled by default
+- (12297) "Violation Encoding" is not enabled by default
 
 ---
 
-## Important notes
+## Resolved issues
 
-- Alpine 3.17 is no longer supported
+- (12254) A modified YAML file referenced by a JSON policy file causes a reload error when running `nginx -t`
 
 ---
 
-
 ## Supported packages
 
 ### NGINX Open Source