Update documentation and descriptions in crd

deployments/common/crds/k8s.nginx.org_policies.yaml

@@ -43,7 +43,7 @@ spec:
               type: object
               properties:
                 accessControl:
-                  description: 'AccessControl defines an access policy based on the source IP of a request. policy status: production-ready'
+                  description: AccessControl defines an access policy based on the source IP of a request.
                   type: object
                   properties:
                     allow:
@@ -55,7 +55,7 @@ spec:
                       items:
                         type: string
                 egressMTLS:
-                  description: 'EgressMTLS defines an Egress MTLS policy. policy status: preview'
+                  description: EgressMTLS defines an Egress MTLS policy.
                   type: object
                   properties:
                     ciphers:
@@ -79,7 +79,7 @@ spec:
                 ingressClassName:
                   type: string
                 ingressMTLS:
-                  description: 'IngressMTLS defines an Ingress MTLS policy. policy status: preview'
+                  description: IngressMTLS defines an Ingress MTLS policy.
                   type: object
                   properties:
                     clientCertSecret:
@@ -89,7 +89,7 @@ spec:
                     verifyDepth:
                       type: integer
                 jwt:
-                  description: 'JWTAuth holds JWT authentication configuration. policy status: preview'
+                  description: JWTAuth holds JWT authentication configuration.
                   type: object
                   properties:
                     realm:
@@ -117,7 +117,7 @@ spec:
                     tokenEndpoint:
                       type: string
                 rateLimit:
-                  description: 'RateLimit defines a rate limit policy. policy status: preview'
+                  description: RateLimit defines a rate limit policy.
                   type: object
                   properties:
                     burst:
@@ -139,7 +139,7 @@ spec:
                     zoneSize:
                       type: string
                 waf:
-                  description: 'WAF defines an WAF policy. policy status: preview'
+                  description: WAF defines an WAF policy.
                   type: object
                   properties:
                     apPolicy:

deployments/helm-chart/crds/k8s.nginx.org_policies.yaml

@@ -43,7 +43,7 @@ spec:
               type: object
               properties:
                 accessControl:
-                  description: 'AccessControl defines an access policy based on the source IP of a request. policy status: production-ready'
+                  description: AccessControl defines an access policy based on the source IP of a request.
                   type: object
                   properties:
                     allow:
@@ -55,7 +55,7 @@ spec:
                       items:
                         type: string
                 egressMTLS:
-                  description: 'EgressMTLS defines an Egress MTLS policy. policy status: preview'
+                  description: EgressMTLS defines an Egress MTLS policy.
                   type: object
                   properties:
                     ciphers:
@@ -79,7 +79,7 @@ spec:
                 ingressClassName:
                   type: string
                 ingressMTLS:
-                  description: 'IngressMTLS defines an Ingress MTLS policy. policy status: preview'
+                  description: IngressMTLS defines an Ingress MTLS policy.
                   type: object
                   properties:
                     clientCertSecret:
@@ -89,7 +89,7 @@ spec:
                     verifyDepth:
                       type: integer
                 jwt:
-                  description: 'JWTAuth holds JWT authentication configuration. policy status: preview'
+                  description: JWTAuth holds JWT authentication configuration.
                   type: object
                   properties:
                     realm:
@@ -117,7 +117,7 @@ spec:
                     tokenEndpoint:
                       type: string
                 rateLimit:
-                  description: 'RateLimit defines a rate limit policy. policy status: preview'
+                  description: RateLimit defines a rate limit policy.
                   type: object
                   properties:
                     burst:
@@ -139,7 +139,7 @@ spec:
                     zoneSize:
                       type: string
                 waf:
-                  description: 'WAF defines an WAF policy. policy status: preview'
+                  description: WAF defines an WAF policy.
                   type: object
                   properties:
                     apPolicy:

docs/content/configuration/policy-resource.md

@@ -94,7 +94,7 @@ policies:
 
 ### RateLimit
 
-> **Feature Status**: Rate-Limiting is available as a preview feature[^1]: We might introduce some backward-incompatible changes to the resource definition. The feature is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller.
+> **Feature Status**: Rate-Limiting is in preview status until release 2.1.2.[^1]
 
 The rate limit policy configures NGINX to limit the processing rate of requests.
 
@@ -136,7 +136,7 @@ When you reference more than one rate limit policy, the Ingress Controller will
 
 ### JWT
 
-> **Feature Status**: JWT is available as a preview feature[^1]: We might introduce some backward-incompatible changes to the resource definition. The feature is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller.
+> **Feature Status**: JWT is in preview status until release 2.1.2.[^1]
 
 > Note: This feature is only available in NGINX Plus.
 
@@ -189,7 +189,7 @@ In this example the Ingress Controller will use the configuration from the first
 
 ### IngressMTLS
 
-> **Feature Status**: IngressMTLS is available as a preview feature[^1]: We might introduce some backward-incompatible changes to the resource definition. The feature is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller.
+> **Feature Status**: IngressMTLS is in preview status until release 2.1.2.[^1]
 
 The IngressMTLS policy configures client certificate verification.
 
@@ -243,7 +243,7 @@ In this example the Ingress Controller will use the configuration from the first
 
 ### EgressMTLS
 
-> **Feature Status**: EgressMTLS is available as a preview feature[^1]: We might introduce some backward-incompatible changes to the resource definition. The feature is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller.
+> **Feature Status**: EgressMTLS is in preview status until release 2.1.2.[^1]
 
 The EgressMTLS policy configures upstreams authentication and certificate verification.
 
@@ -284,7 +284,7 @@ In this example the Ingress Controller will use the configuration from the first
 
 ### OIDC
 
-> **Feature Status**: OIDC is available as a preview feature[^1]: We might introduce some backward-incompatible changes to the resource definition. The feature is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller.
+> **Feature Status**: OIDC is in preview status until release 2.1.2.[^1]
 
 The OIDC policy configures NGINX Plus as a relying party for OpenID Connect authentication.
 
@@ -543,4 +543,5 @@ Status:
 
 ## Footnotes
 
-[^1]: Capabilities labeled in preview status are fully supported.
+[^1]: Capabilities labeled in preview status are fully supported. The preview status is used in releases up to 2.1.2 and is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller. From release 2.2.0, the capabilities are no longer in preview status and do not require the command-line argument.
+

docs/content/installation/installation-with-manifests.md

@@ -90,7 +90,7 @@ If you would like to use the TCP and UDP load balancing features of the Ingress
     $ kubectl apply -f common/crds/k8s.nginx.org_globalconfigurations.yaml
     ```
 
-> **Feature Status**: The TransportServer, GlobalConfiguration and Policy resources are available as a preview feature[^1]: We might introduce some backward-incompatible changes to the resource definition. The feature is disabled by default.
+> **Feature Status**: The Policy resources are in preview status until release 2.1.2.[^1]
 
 ### Resources for NGINX App Protect
 
@@ -260,4 +260,4 @@ $ kubectl get pods --namespace=nginx-ingress
 
 ## Footnotes
 
-[^1]: Capabilities labeled in preview status are fully supported.
+[^1]: Capabilities labeled in preview status are fully supported. The preview status is used in releases up to 2.1.2 and is disabled by default. To enable it, set the [enable-preview-policies](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-preview-policies) command-line argument of the Ingress Controller. From release 2.2.0, the capabilities are no longer in preview status and do not require the command-line argument.

pkg/apis/configuration/v1/types.go

@@ -374,7 +374,6 @@ type PolicyList struct {
 }
 
 // AccessControl defines an access policy based on the source IP of a request.
-// policy status: production-ready
 type AccessControl struct {
 	Allow []string `json:"allow"`
 	Deny  []string `json:"deny"`
@@ -432,7 +431,6 @@ type OIDC struct {
 }
 
 // WAF defines an WAF policy.
-// policy status: preview
 type WAF struct {
 	Enable      bool         `json:"enable"`
 	ApPolicy    string       `json:"apPolicy"`

tests/suite/test_app_protect_waf_policies_grpc.py

@@ -223,7 +223,6 @@ def grpc_waf_allow(kube_apis, test_namespace, public_ip, vs_host, port_ssl):
                 f"-enable-custom-resources",
                 f"-enable-leader-election=false",
                 f"-enable-app-protect",
-                f"-enable-preview-policies",
             ],
         },
     ],
@@ -287,7 +286,6 @@ def test_responses_grpc_allow(
                 f"-enable-custom-resources",
                 f"-enable-leader-election=false",
                 f"-enable-app-protect",
-                f"-enable-preview-policies",
             ],
         },
     ],