Skip to content

PLM APSignatures CRD #1080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Sep 10, 2025
Merged

PLM APSignatures CRD #1080

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
531c2f3
ApSignatures
ViktorFefilovF5 Sep 7, 2025
b6afd79
Merge branch 'nap-release-plm' into plm-apsignatures
ViktorFefilovF5 Sep 9, 2025
f8ff6e5
fix: new line
ViktorFefilovF5 Sep 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 39 additions & 1 deletion content/nap-waf/v5/admin-guide/policy-lifecycle-management.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,42 @@ appprotect:

## Using Policy Lifecycle Management

### Setting up desired security update versions

Once PLM is deployed, you can create APSignatures resource using Kubernetes manifests and specify desired security update versions. Apply the following Custom Resource example or create your own based on the template:

**Sample APSignatures Resource:**

Create a file named `signatures.yaml` with the following content:

```yaml
apiVersion: appprotect.f5.com/v1
kind: APSignatures
metadata:
name: signatures
spec:
attack-signatures:
revision: "2025.06.19" # attack signatures revision to be used
bot-signatures:
revision: "latest" # bot signatures revision to be used
threat-campaigns:
revision: "2025.06.24" # threat campaigns revision to be used
```

{{< call-out "note" >}}
The APSignatures must have name `signatures`. Only one APSignatures instance can exist
{{< /call-out >}}

Apply the manifest:

```bash
kubectl apply -f config/policy-manager/samples/appprotect_v1_apsignatures.yaml
```

{{< call-out "note" >}}
Downloading security updates may take several minutes. The version of security updates available at the time of compilation is always used to compile policies. If APSignatures is not created or the specified versions are not downloaded, the versions contained in the compiler docker image will be used.
{{< /call-out >}}

### Creating Policy Resources

Once PLM is deployed, you can create policy resources using Kubernetes manifests. Apply the following Custom Resource examples or create your own based on these templates:
Expand Down Expand Up @@ -262,6 +298,7 @@ spec:
```

Apply the policy:

```bash
kubectl apply -f dataguard-blocking-policy.yaml -n <namespace>
```
Expand Down Expand Up @@ -292,6 +329,7 @@ spec:
```

Apply the user signature:

```bash
kubectl apply -f apple-usersig.yaml -n <namespace>
```
Expand Down Expand Up @@ -397,7 +435,7 @@ To verify that the policy bundles are being deployed and enforced correctly:
```bash
curl "http://[CLUSTER-IP]:80/?a=<script>"
```

The request should be blocked, confirming that PLM has successfully compiled and deployed the policy.

## Troubleshooting
Expand Down
Loading