Skip to content

readOnlyRootFileSystem compatibility with AppProtect WAF #5291

New issue
New issue
Closed
Epic
3 of 3 issues completed
Closed
readOnlyRootFileSystem compatibility with AppProtect WAF#5291
Epic
3 of 3 issues completed
Labels
refinedIssues that are ready to be prioritized
Milestone
v4.0.0
@brianehlert

Description

@brianehlert
brianehlert
opened on Mar 21, 2024

Discussed in #5156

Originally posted by brianehlert February 22, 2024
Customers use the readOnlyRootFileSystem capability to align with security policy and customers would like to also use this when NAP WAF is included with NIC.

The current implementation of readOnlyRootFileSystem does not support the NAP WAF module and thus the capability needs to be extended to support NAP WAF module behavior and paths necessary.

Notes:

  • this can take the v5 work into consideration
  • when originally written the focus was v4
  • unknown how this impacts v5 considering new enforcer container is introduced
### Tasks
- [ ] https://github.com/nginxinc/kubernetes-ingress/issues/6562

### WAF v5 considerations
- [x] Investigate impact of `readOnlyRootFileSystem=true` now that `waf-enforcer` and `waf-config-mgr` are separated from deployments

Sub-issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    refinedIssues that are ready to be prioritized

    Type

    Epic

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions