Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

readOnlyRootFileSystem compatibility with AppProtect WAF #5291

Closed
2 tasks done
brianehlert opened this issue Mar 21, 2024 Discussed in #5156 · 1 comment
Closed
2 tasks done

readOnlyRootFileSystem compatibility with AppProtect WAF #5291

brianehlert opened this issue Mar 21, 2024 Discussed in #5156 · 1 comment
Labels
refined Issues that are ready to be prioritized
Milestone
v4.0.0

Comments

@brianehlert
Copy link
Collaborator

brianehlert commented Mar 21, 2024
edited by shaun-nx
Loading

Discussed in #5156

Originally posted by brianehlert February 22, 2024
Customers use the readOnlyRootFileSystem capability to align with security policy and customers would like to also use this when NAP WAF is included with NIC.

The current implementation of readOnlyRootFileSystem does not support the NAP WAF module and thus the capability needs to be extended to support NAP WAF module behavior and paths necessary.

Notes:

  • this can take the v5 work into consideration
  • when originally written the focus was v4
  • unknown how this impacts v5 considering new enforcer container is introduced

Tasks
Beta Give feedback
  1. POC - Test if NAP WAF v5 starting up with readOnlyRootFileSystem enabled in NIC container & waf_enforcer & waf_config_mgr #6562
    backlog
    j1m-ryan jjngx

WAF v5 considerations
Beta Give feedback
@brianehlert brianehlert added the epic Issues that need to be broken into smaller issues label Mar 21, 2024
@brianehlert brianehlert added this to the v3.6.0 milestone Mar 21, 2024
@brianehlert brianehlert moved this from Todo ☑ to Prioritized Backlog in NGINX Ingress Controller Mar 21, 2024
@danielnginx danielnginx added the refined Issues that are ready to be prioritized label Apr 18, 2024
@shaun-nx shaun-nx changed the title Epic - Extend readOnlyRootFileSystem to include NAP WAF when present Extend readOnlyRootFileSystem to include NAP WAF when present Jun 28, 2024
@brianehlert
Copy link
Collaborator Author

Given the new support for WAF v5 with NIC 3.6, is this still relative?

@brianehlert brianehlert modified the milestones: v3.6.0, v3.7.0 Jul 5, 2024
@shaun-nx shaun-nx modified the milestones: v3.7.0, Candidates Jul 24, 2024
@shaun-nx shaun-nx removed this from the Candidates milestone Sep 9, 2024
@shaun-nx shaun-nx added this to the v4.1.0 milestone Sep 25, 2024
@shaun-nx shaun-nx added ready for refinement An issue that was triaged and it is ready to be refined and removed refined Issues that are ready to be prioritized labels Sep 25, 2024
@shaun-nx shaun-nx changed the title Extend readOnlyRootFileSystem to include NAP WAF when present readOnlyRootFileSystem compatibility with AppProtect WAF Oct 1, 2024
@shaun-nx shaun-nx modified the milestones: v4.1.0, v4.0.0 Oct 1, 2024
@shaun-nx shaun-nx added refined Issues that are ready to be prioritized and removed ready for refinement An issue that was triaged and it is ready to be refined labels Oct 9, 2024
@shaun-nx shaun-nx moved this from Prioritized backlog to In Progress 🛠 in NGINX Ingress Controller Oct 14, 2024
@shaun-nx shaun-nx removed the epic Issues that need to be broken into smaller issues label Oct 14, 2024
@github-project-automation github-project-automation bot moved this from In Progress 🛠 to Done 🚀 in NGINX Ingress Controller Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
refined Issues that are ready to be prioritized
Projects
NGINX Ingress Controller
Archived in project
Milestone
v4.0.0
Development

No branches or pull requests
3 participants
@brianehlert @shaun-nx @danielnginx