From fc8dd15d023f0459ea8999647566bcd7d51285c7 Mon Sep 17 00:00:00 2001
From: Luca Comellini <luca.com@gmail.com>
Date: Wed, 7 Sep 2022 19:46:06 -0700
Subject: [PATCH] Add docs for NAP DoS images

---
 docs/content/app-protect-dos/installation.md  |  3 ++
 docs/content/app-protect-waf/installation.md  | 38 ++++++-------------
 .../pulling-ingress-controller-image.md       | 25 ++++++++++--
 .../using-the-jwt-token-docker-secret.md      | 10 ++++-
 docs/content/technical-specifications.md      |  8 ++--
 5 files changed, 50 insertions(+), 34 deletions(-)

diff --git a/docs/content/app-protect-dos/installation.md b/docs/content/app-protect-dos/installation.md
index 643e97264d..dc778bc5a6 100644
--- a/docs/content/app-protect-dos/installation.md
+++ b/docs/content/app-protect-dos/installation.md
@@ -48,6 +48,9 @@ Take the steps below to create the Docker image that you'll use to deploy NGINX
     ```bash
     make debian-image-dos-plus PREFIX=<your Docker registry domain>/nginx-plus-ingress
     ```
+    Alternatively, if you want to run on an [OpenShift](https://www.openshift.com/) cluster, use the `ubi-image-dos-plus` target.
+
+    If you want to include the App Protect WAF module in the image, you can use the `debian-image-nap-dos-plus` target or the `ubi-image-nap-dos-plus` target for OpenShift.
 
 - [Push the image to your local Docker registry](/nginx-ingress-controller/installation/building-ingress-controller-image/#building-the-image-and-pushing-it-to-the-private-registry).
 
diff --git a/docs/content/app-protect-waf/installation.md b/docs/content/app-protect-waf/installation.md
index bea88cc437..6961b274a8 100644
--- a/docs/content/app-protect-waf/installation.md
+++ b/docs/content/app-protect-waf/installation.md
@@ -14,33 +14,17 @@ This document provides an overview of the steps required to use NGINX App Protec
 
 You can also [install the Ingress Controller with App Protect WAF by using Helm](/nginx-ingress-controller/installation/installation-with-helm/). Use the `controller.appprotect.*` parameters of the chart.
 
-## Using the Docker Images from the F5 Container registry
+## Prerequisites
 
-Take the steps below to either configure a Docker Registry secret in your Kubernetes cluster, or to pull the Docker image that you'll use to deploy NGINX Ingress Controller with App Protect in Kubernetes.
-
-- Follow the steps to [use the JWT token to create a docker registry secret](/nginx-ingress-controller/installation/using-the-jwt-token-docker-secret).
-
-- Alternatively, follow the steps to [Pull the NGINX Ingress Controller image](/nginx-ingress-controller/installation/pulling-ingress-controller-image).
-
-    For NGINX Plus Ingress Controller with App Protect, pull from `private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress`:
-   ```
-   $ docker pull private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress:2.3.0
-   ```
-    `2.3.0` will pull down the Debian based image. The other available image tag is `2.3.0-ubi` for the UBI based image.
-
-- Use the docker registry API to list the available image tags for the repository.
-
-   To list the available image tags for the repository, you can use the Docker registry API, e.g.:
-   ```
-   $ curl https://private-registry.nginx.com/v2/nginx-ic-nap/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert> | jq
-   {
-    "name": "nginx-ic-nap/nginx-plus-ingress",
-    "tags": [
-        "2.3.0-ubi",
-        "2.3.0"
-    ]
-    }
-   ```
+1. Make sure you have access to the Ingress Controller image:
+    * For NGINX Plus Ingress Controller, see [here](/nginx-ingress-controller/installation/pulling-ingress-controller-image) for details on how to pull the image from the F5 Docker registry.
+    * To pull from the F5 Container registry in your Kubernetes cluster, configure a docker registry secret using your JWT token from the MyF5 portal by following the instructions from [here](/nginx-ingress-controller/installation/using-the-jwt-token-docker-secret).
+    * It is also possible to build your own image and push it to your private Docker registry by following the instructions from [here](/nginx-ingress-controller/installation/building-ingress-controller-image).
+2. Clone the Ingress Controller repo:
+    ```
+    $ git clone https://github.com/nginxinc/kubernetes-ingress.git --branch v2.3.0
+    $ cd kubernetes-ingress
+    ```
 
 ## Build the Docker Image
 
@@ -55,6 +39,8 @@ Take the steps below to create the Docker image that you'll use to deploy NGINX
     ```
     Alternatively, if you want to run on an [OpenShift](https://www.openshift.com/) cluster, you can use the `ubi-image-nap-plus` target.
 
+    If you want to include the App Protect DoS module in the image, you can use the `debian-image-nap-dos-plus` target or the `ubi-image-nap-dos-plus` target for OpenShift.
+
     If you intend to use [external references](https://docs.nginx.com/nginx-app-protect/configuration/#external-references) in NGINX App Protect WAF policies, you may want to provide a custom CA certificate to authenticate with the hosting server.
     In order to do so, place the `*.crt` file in the build folder and uncomment the lines that follow this comment:
     `#Uncomment the lines below if you want to install a custom CA certificate`
diff --git a/docs/content/installation/pulling-ingress-controller-image.md b/docs/content/installation/pulling-ingress-controller-image.md
index cca7698fe8..0bff800d34 100644
--- a/docs/content/installation/pulling-ingress-controller-image.md
+++ b/docs/content/installation/pulling-ingress-controller-image.md
@@ -38,11 +38,16 @@ Before you can pull the image, make sure that the following software is installe
    $ docker pull private-registry.nginx.com/nginx-ic/nginx-plus-ingress:2.3.0
    ```
 
-   For NGINX Plus Ingress Controller with App Protect, pull from `private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress`. For example:
+   For NGINX Plus Ingress Controller with App Protect WAF, pull from `private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress`. For example:
    ```
    $ docker pull private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress:2.3.0
    ```
 
+   For NGINX Plus Ingress Controller with App Protect DoS, pull from `private-registry.nginx.com/nginx-ic-dos/nginx-plus-ingress`. For example:
+   ```
+   $ docker pull private-registry.nginx.com/nginx-ic-dos/nginx-plus-ingress:2.3.0
+   ```
+
    To list the available image tags for the repositories, you can also use the Docker registry API. For example:
    ```
    $ curl https://private-registry.nginx.com/v2/nginx-ic/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert> | jq
@@ -50,7 +55,6 @@ Before you can pull the image, make sure that the following software is installe
     "name": "nginx-ic/nginx-plus-ingress",
     "tags": [
         "2.3.0-alpine",
-        "2.3.0-ot",
         "2.3.0-ubi",
         "2.3.0"
     ]
@@ -64,6 +68,15 @@ Before you can pull the image, make sure that the following software is installe
         "2.3.0"
     ]
     }
+
+   $ curl https://private-registry.nginx.com/v2/nginx-ic-dos/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert> | jq
+   {
+    "name": "nginx-ic-dos/nginx-plus-ingress",
+    "tags": [
+        "2.3.0-ubi",
+        "2.3.0"
+    ]
+    }
    ```
 
 3. Tag and push the image to your private registry.
@@ -76,8 +89,14 @@ Before you can pull the image, make sure that the following software is installe
    $ docker push <my-docker-registry>/nginx-ic/nginx-plus-ingress:2.3.0
    ```
 
-   or for NGINX App Protect enabled image
+   or for NGINX App Protect WAF enabled image
    ```
    $ docker tag private-registry.nginx.com/nginx-ic-nap/nginx-plus-ingress:2.3.0 <my-docker-registry>/nginx-ic-nap/nginx-plus-ingress:2.3.0
    $ docker push <my-docker-registry>/nginx-ic-nap/nginx-plus-ingress:2.3.0
    ```
+
+   or for NGINX App Protect DoS enabled image
+   ```
+   $ docker tag private-registry.nginx.com/nginx-ic-dos/nginx-plus-ingress:2.3.0 <my-docker-registry>/nginx-ic-dos/nginx-plus-ingress:2.3.0
+   $ docker push <my-docker-registry>/nginx-ic-dos/nginx-plus-ingress:2.3.0
+   ```
diff --git a/docs/content/installation/using-the-jwt-token-docker-secret.md b/docs/content/installation/using-the-jwt-token-docker-secret.md
index 237baa6677..54cdde7495 100644
--- a/docs/content/installation/using-the-jwt-token-docker-secret.md
+++ b/docs/content/installation/using-the-jwt-token-docker-secret.md
@@ -43,7 +43,6 @@ This document explains how to use the NGINX Plus Ingress Controller image from t
     "name": "nginx-ic/nginx-plus-ingress",
     "tags": [
         "2.3.0-alpine",
-        "2.3.0-ot",
         "2.3.0-ubi",
         "2.3.0"
     ]
@@ -57,4 +56,13 @@ This document explains how to use the NGINX Plus Ingress Controller image from t
         "2.3.0"
     ]
     }
+
+   $ curl https://private-registry.nginx.com/v2/nginx-ic-dos/nginx-plus-ingress/tags/list --key <path-to-client.key> --cert <path-to-client.cert> | jq
+   {
+    "name": "nginx-ic-dos/nginx-plus-ingress",
+    "tags": [
+        "2.3.0-ubi",
+        "2.3.0"
+    ]
+    }
    ```
diff --git a/docs/content/technical-specifications.md b/docs/content/technical-specifications.md
index fbf4df5d8b..3ab72b1855 100644
--- a/docs/content/technical-specifications.md
+++ b/docs/content/technical-specifications.md
@@ -62,12 +62,12 @@ NGINX Plus images are available through the F5 Container registry `private-regis
 |Alpine-based image | ``alpine:3.16`` | NGINX Plus JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:2.3.0-alpine` | arm64, amd64 |
 |Debian-based image | ``debian:bullseye-slim`` | NGINX Plus JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:2.3.0` | arm64, amd64 |
 |Debian-based image with App Protect WAF | ``debian:buster-slim`` | NGINX Plus App Protect WAF, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-nap/nginx-plus-ingress:2.3.0` | amd64 |
-|Debian-based image with App Protect DoS | ``debian:bullseye-slim`` | NGINX Plus App Protect DoS, JavaScript module and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | | amd64 |
-|Debian-based image with App Protect WAF and DoS | ``debian:buster-slim`` | NGINX Plus App Protect WAF, DoS, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | | amd64 |
+|Debian-based image with App Protect DoS | ``debian:bullseye-slim`` | NGINX Plus App Protect DoS, JavaScript module and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-dos/nginx-plus-ingress:2.3.0` | amd64 |
+|Debian-based image with App Protect WAF and DoS | ``debian:buster-slim`` | NGINX Plus App Protect WAF, DoS, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-nap-dos/nginx-plus-ingress:2.3.0` | amd64 |
 |Ubi-based image | ``redhat/ubi8`` | NGINX Plus JavaScript module | `nginx-ic/nginx-plus-ingress:2.3.0-ubi` | arm64, amd64, s390x |
 |Ubi-based image with App Protect WAF | ``redhat/ubi8`` | NGINX Plus App Protect WAF and JavaScript modules | `nginx-ic-nap/nginx-plus-ingress:2.3.0-ubi` | amd64 |
-|Ubi-based image with App Protect DoS | ``redhat/ubi8`` | NGINX Plus App Protect DoS and JavaScript modules | | amd64 |
-|Ubi-based image with App Protect WAF and DoS | ``redhat/ubi8`` | NGINX Plus App Protect WAF, DoS and JavaScript modules | | amd64 |
+|Ubi-based image with App Protect DoS | ``redhat/ubi8`` | NGINX Plus App Protect DoS and JavaScript modules | `nginx-ic-dos/nginx-plus-ingress:2.3.0-ubi` | amd64 |
+|Ubi-based image with App Protect WAF and DoS | ``redhat/ubi8`` | NGINX Plus App Protect WAF, DoS and JavaScript modules | `nginx-ic-nap-dos/nginx-plus-ingress:2.3.0-ubi` | amd64 |
 {{% /table %}}
 
 We also provide NGINX Plus images through the AWS Marketplace. Please see [Using the AWS Marketplace Ingress Controller Image](/nginx-ingress-controller/installation/using-aws-marketplace-image/) for details on how to set up the required IAM resources in your EKS cluster.