generated from nginx/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 121
feat: Migrate NGINX Ingress Controller documentation into repository #688
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
7562e94
feat: Add NIC content
ADubhlaoich c9e2adb
feat: Move NIC files into appropriate folders
ADubhlaoich 69536e2
feat: Fix remaining references and configuration
ADubhlaoich 1a415a2
Merge branch 'main' into nic/migrate-documentation
ADubhlaoich ddb8b2a
feat: Add NIC to CODEOWNERS
ADubhlaoich e4fafda
Update .github/CODEOWNERS
ADubhlaoich 68080eb
Update .github/CODEOWNERS
ADubhlaoich 688aa02
feat: Codeowners formatting change
ADubhlaoich c7c2a3d
Update content/nic/installation/integrations/app-protect-waf-v5/compi…
mjang ecff0f0
Merge branch 'main' into nic/migrate-documentation
ADubhlaoich 906d551
Merge branch 'main' into nic/migrate-documentation
ADubhlaoich 55839c8
Merge branch 'main' into nic/migrate-documentation
JTorreG File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| The following table shows compatibility between NGINX Ingress Controller (NIC) and NGINX App Protect WAF (NAP-WAF) versions: | ||
|
|
||
| {{< bootstrap-table "table table-striped table-responsive" >}} | ||
| | NIC Version | NAP-WAF Version | Config Manager | Enforcer | | ||
| | ------------------- | --------------- | -------------- | -------- | | ||
| | {{< nic-version >}} | 34+5.332 | 5.6.0 | 5.6.0 | | ||
| | 4.0.1 | 33+5.264 | 5.5.0 | 5.5.0 | | ||
| | 3.7.2 | 32+5.1 | 5.3.0 | 5.3.0 | | ||
| | 3.6.2 | 32+5.48 | 5.2.0 | 5.2.0 | | ||
| {{% /bootstrap-table %}} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| --- | ||
| title: Configuration | ||
| description: | ||
| weight: 1400 | ||
| menu: | ||
| docs: | ||
| parent: NGINX Ingress Controller | ||
| --- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,120 @@ | ||
| --- | ||
| title: Deploy a Policy for access control | ||
| weight: 900 | ||
| toc: true | ||
| docs: DOCS-000 | ||
| --- | ||
|
|
||
| This topic describes how to use F5 NGINX Ingress Controller to apply and update a Policy for access control. It demonstrates it using an example application and a [VirtualServer custom resource]({{< ref "/configuration/virtualserver-and-virtualserverroute-resources.md" >}}). | ||
|
|
||
| --- | ||
|
|
||
| ## Before you begin | ||
|
|
||
| You should have a [working NGINX Ingress Controller]({{< ref "/installation/installing-nic/installation-with-helm.md" >}}) instance. | ||
|
|
||
| For ease of use in shell commands, set two shell variables: | ||
|
|
||
| 1. The public IP address for your NGINX Ingress Controller instance. | ||
|
|
||
| ```shell | ||
| IC_IP=<ip-address> | ||
| ``` | ||
|
|
||
| 2. The HTTP port of the same instance. | ||
|
|
||
| ```shell | ||
| IC_HTTP_PORT=<port number> | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| ## Deploy the example application | ||
|
|
||
| Create the file _webapp.yaml_ with the following contents: | ||
|
|
||
| {{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/webapp.yaml" >}} | ||
|
|
||
| Apply it using `kubectl`: | ||
|
|
||
| ```shell | ||
| kubectl apply -f webapp.yaml | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| ## Deploy a Policy to create a deny rule | ||
|
|
||
| Create a file named _access-control-policy-deny.yaml_. The highlighted _deny_ field will be used by the example application, and should be changed to the subnet of your machine. | ||
|
|
||
| {{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/access-control-policy-deny.yaml" "hl_lines=7-8" >}} | ||
|
|
||
| Apply the policy: | ||
|
|
||
| ```shell | ||
| kubectl apply -f access-control-policy-deny.yaml | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| ## Configure load balancing | ||
|
|
||
| Create a file named _virtual-server.yaml_ for the VirtualServer resource. The _policies_ field references the access control Policy created in the previous section. | ||
|
|
||
| {{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/virtual-server.yaml" "hl_lines=7-8" >}} | ||
|
|
||
| Apply the policy: | ||
|
|
||
| ```shell | ||
| kubectl apply -f virtual-server.yaml | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| ## Test the example application | ||
|
|
||
| Use `curl` to attempt to access the application: | ||
|
|
||
| ```shell | ||
| curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT | ||
| ``` | ||
| ```text | ||
| <html> | ||
| <head><title>403 Forbidden</title></head> | ||
| <body> | ||
| <center><h1>403 Forbidden</h1></center> | ||
| </body> | ||
| </html> | ||
| ``` | ||
|
|
||
| The *403* response is expected, successfully blocking your machine. | ||
|
|
||
| --- | ||
|
|
||
| ## Update the Policy to create an allow rule | ||
|
|
||
| Update the Policy with the file _access-control-policy-allow.yaml_, setting the _allow_ field to the subnet of your machine. | ||
|
|
||
| {{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/access-control-policy-allow.yaml" "hl_lines=7-8" >}} | ||
|
|
||
| Apply the Policy: | ||
|
|
||
| ```shell | ||
| kubectl apply -f access-control-policy-allow.yaml | ||
| ``` | ||
|
|
||
| ---- | ||
|
|
||
| ## Verify the Policy update | ||
|
|
||
| Attempt to access the application again: | ||
|
|
||
| ```shell | ||
| curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT | ||
| ``` | ||
| ```text | ||
| Server address: 10.64.0.13:8080 | ||
| Server name: webapp-5cbbc7bd78-wf85w | ||
| ``` | ||
|
|
||
| The successful response demonstrates that the policy has been updated. | ||
13 changes: 13 additions & 0 deletions
13
content/includes/nic/configuration/configuration-examples.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| --- | ||
| docs: DOCS-584 | ||
| doctypes: | ||
| - '' | ||
| title: Configuration examples | ||
| toc: true | ||
| weight: 400 | ||
| --- | ||
|
|
||
| Our [GitHub repo](https://github.com/nginx/kubernetes-ingress) includes a number of configuration examples: | ||
|
|
||
| - [*Examples of Custom Resources*](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources) show how to advanced NGINX features by using VirtualServer, VirtualServerRoute, TransportServer and Policy Custom Resources. | ||
| - [*Examples of Ingress Resources*](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources) show how to use advanced NGINX features in Ingress resources with annotations. |
8 changes: 8 additions & 0 deletions
8
content/includes/nic/configuration/global-configuration/_index.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| --- | ||
| title: Global configuration | ||
| description: | ||
| weight: 100 | ||
| menu: | ||
| docs: | ||
| parent: NGINX Ingress Controller | ||
| --- |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.