Write the build version of NGINX App Protect on startup #4478
Description
NGINX Ingress Controller added the ability to apply NGINX App Protect WAF Policy bundles following a CI/CD methodology with release 3.1
#3560
The designed workflow is: an App Protect WAF Policy, signature, and campaign is defined -> an App Protect WAF Policy "bundle" is generated (tgz artifact) -> the "bundle" is presented to an NGINX Ingress Controller deployment using a shared volume -> the corresponding Policy resource is updated triggering ingress controller to process the Policy.
One of the key details of this experience is that the humans are aware of the "build version" of NAF WAF that is installed within the NIC image. To facilitate making this easy for the humans, NIC should:
AC
- discover the 'build version' of NAP WAF from
/opt/appprotect/<>/VERSION.common - write that back to the NIC deployment in some way so that it is easy for the humans to discover with a simple
kubectl describe - this is only necessary when the
-enable-app-protectcommand line option is set - revive and update documentation regarding how to apply AppProtect WAF Policy bundle using NIC Policy