@@ -28,12 +28,13 @@ The native ingress controller itself is lightweight process and pushes all the r
2828 + [ Pod Readiness Gate] ( #pod-readiness-gate )
2929 - [ Configuration] ( #configuration )
3030 - [ Checking the pod readiness condition] ( #checking-the-pod-readiness-condition )
31- + [ HTTPS/TLS Support] ( #https-tls -support )
32- - [ Sample configuration : Using Secret] ( #sample-configuration--- using-secret )
33- - [ Sample configuration : Using Certificate] ( #sample-configuration--- using-certificate )
31+ + [ HTTPS/TLS Support] ( #httpstls -support )
32+ - [ Sample configuration : Using Secret] ( #sample-configuration--using-secret )
33+ - [ Sample configuration : Using Certificate] ( #sample-configuration--using-certificate )
3434 + [ Custom Health Checker] ( #custom-health-checker )
35+ + [ Web Firewall Integration] ( #web-firewall-integration )
3536 * [ Dependency management] ( #dependency-management )
36- + [ How to introduce new modules or upgrade existing ones?] ( #how-to-introduce-new-modules-or-upgrade-existing-ones- )
37+ + [ How to introduce new modules or upgrade existing ones?] ( #how-to-introduce-new-modules-or-upgrade-existing-ones )
3738 * [ Known Issues] ( #known-issues )
3839 * [ FAQ] ( #faq )
3940
@@ -114,6 +115,9 @@ Allow <subject> to manage certificate-associations in compartment <compartment-i
114115Allow <subject> to read certificate-authorities in compartment <compartment-id>
115116Allow <subject> to manage certificate-authority-associations in compartment <compartment-id>
116117Allow <subject> to read certificate-authority-bundles in compartment <compartment-id>
118+ ALLOW <subject> native-ingress-controller to read public-ips in tenancy
119+ ALLOW <subject> native-ingress-controller to manage floating-ips in tenancy
120+ Allow <subject> to manage waf-family in compartment <compartment-id>
117121
118122Policy scope can be broadened to Tenancy or restricted to a particular location as shown below:
119123allow <subject> to manage load-balancers in tenancy
@@ -506,6 +510,19 @@ References:
506510- [ Policy] ( https://docs.oracle.com/en-us/iaas/Content/Balance/Reference/lbpolicies.htm )
507511- [ Health-checker] ( https://docs.oracle.com/en-us/iaas/api/#/en/loadbalancer/20170115/HealthChecker/ )
508512
513+ #### Web Firewall Integration
514+ We can create a Web Application Firewalls (WAF) policy either through Console or API to protect the applications from threats and filter out bad traffic.
515+ Once the WAF policy is created we can associate the OCI Load Balancer. We can add any desired conditions and rules to the web policies.
516+
517+ In order to enable WAF, copy the OCI WAF policy OCID from the OCI WAF console and add the OCI WAF web Policy annotation to the IngressClass.
518+ ```
519+ apiVersion: extensions/v1beta1
520+ kind: IngressClass
521+ metadata:
522+ annotations:
523+ oci-native-ingress.oraclecloud.com/waf-policy-ocid: ocid1.webappfirewallpolicy.oc1.phx.amaaaaaah4gjgpya3sigtz347pqyr4n3b7udo2zw4jskownbq
524+ ```
525+
509526### Dependency management
510527Module [ vendoring] ( https://go.dev/ref/mod#vendoring ) is used to manage 3d-party modules in the project.
511528` vendor/ ` folder contains all 3d-party modules.
0 commit comments