Skip to content

Commit d1bf23c

Browse files
jjngxjjngx
committed
Update containers' names
1 parent 713c270 commit d1bf23c

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

site/content/configuration/security.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,11 @@ By default, the ServiceAccount has access to all Secret resources in the cluster
3737
This feature is compatible with [NGINX App Protect WAFv5](https://docs.nginx.com/nginx-app-protect-waf-v5/). It is not compatible with [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect-waf/) or [NGINX App Protect DoS](https://docs.nginx.com/nginx-app-protect-dos/).
3838
{{< /caution >}}
3939

40-
NGINX Ingress Controller is designed to be resilient against attacks in various ways, such as running the service as non-root to avoid changes to files. We recommend setting filesystems on all three containers: `nginx_ingress_controller`, `waf_enforcer` and `waf_config_mgr` to read-only, so that the attack surface is further reduced by limiting changes to binaries and libraries.
40+
NGINX Ingress Controller is designed to be resilient against attacks in various ways, such as running the service as non-root to avoid changes to files. We recommend setting filesystems on all three containers: `nginx-ingress-controller`, `waf-enforcer` and `waf-config-mgr` to read-only, so that the attack surface is further reduced by limiting changes to binaries and libraries.
4141

4242
This is not enabled by default, but can be enabled with **Helm** using the [**controller.readOnlyRootFilesystem**]({{< relref "installation/installing-nic/installation-with-helm.md#configuration" >}}) argument, and in security contexts in both: `waf_enforcer` [**controller.appprotect.enforcer.securityContext{}**]({{ < relref "installation/installing-nic/installation-with-helm.md#configuration" >}}) and `waf_config_mgr` [**controller.appprotect.configManager.securityContext{}**]({{ < relref "installation/installing-nic/installation-with-helm.md#configuration" >}}).
4343

44-
For **Manifests**, uncomment the following sections of the deployment and add sections for `waf_enforcer` and `waf_config_mgr` containers:
44+
For **Manifests**, uncomment the following sections of the deployment and add sections for `waf-enforcer` and `waf-config-mgr` containers:
4545

4646
- `readOnlyRootFilesystem: true`
4747
- The entire **volumeMounts** section

0 commit comments

Comments
 (0)