Skip to content

Commit 0e9e57b

Browse files
jjngxjjngx
committed
Update Helm and Manifest sections
1 parent e5c65ab commit 0e9e57b

File tree

1 file changed

+53
-10
lines changed

1 file changed

+53
-10
lines changed

site/content/installation/integrations/app-protect-waf-v5/installation.md

Lines changed: 53 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -218,16 +218,6 @@ controller:
218218
```
219219
{{< /note >}}
220220

221-
{{%/tab%}}
222-
223-
{{%tab name="With Manifest"%}}
224-
225-
You have two options for deploying NGINX Ingress Controller:
226-
227-
- **Deployment**. Choose this method for the flexibility to dynamically change the number of NGINX Ingress Controller replicas.
228-
- **DaemonSet**. Choose this method if you want NGINX Ingress Controller to run on all nodes or a subset of nodes.
229-
230-
231221
### Configuring `readOnlyRootFilesystem`
232222

233223
Set `controller.securityContext.readOnlyRootFilesystem` to `true`.
@@ -272,6 +262,15 @@ controller:
272262
...
273263
```
274264

265+
{{%/tab%}}
266+
267+
{{%tab name="With Manifest"%}}
268+
269+
You have two options for deploying NGINX Ingress Controller:
270+
271+
- **Deployment**. Choose this method for the flexibility to dynamically change the number of NGINX Ingress Controller replicas.
272+
- **DaemonSet**. Choose this method if you want NGINX Ingress Controller to run on all nodes or a subset of nodes.
273+
275274
---
276275

277276
### Set up role-based access control (RBAC) {#set-up-rbac}
@@ -374,6 +373,50 @@ Add `volumeMounts` as below:
374373
...
375374
```
376375
376+
### Configure `readOnlyRootFilesystem`
377+
378+
Add `readOnlyRootFilesystem` to the NIC container as below:
379+
380+
```yaml
381+
...
382+
- image: <my_docker_registery>:<version_tag>
383+
imagePullPolicy: IfNotPresent
384+
name: nginx-plus-ingress
385+
...
386+
securityContext:
387+
readOnlyRootFilesystem: true
388+
...
389+
...
390+
```
391+
392+
Add `readOnlyRootFilesystem: true` to the `waf-config-mgr` container:
393+
394+
```yaml
395+
...
396+
- name: waf-config-mgr
397+
image: private-registry.nginx.com/nap/waf-config-mgr:<version-tag>
398+
imagePullPolicy: IfNotPresent
399+
...
400+
securityContext:
401+
readOnlyRootFilesystem: true
402+
...
403+
...
404+
```
405+
406+
Add `readOnlyRootFilesystem: true` to the `waf-enforcer` container:
407+
408+
```yaml
409+
...
410+
- name: waf-enforcer
411+
image: private-registry.nginx.com/nap/waf-enforcer:<version-tag>
412+
imagePullPolicy: IfNotPresent
413+
...
414+
securityContext:
415+
readOnlyRootFilesystem: true
416+
...
417+
...
418+
```
419+
377420
### Using a Deployment
378421
379422
{{< include "installation/manifests/deployment.md" >}}

0 commit comments

Comments
 (0)