nginx
diff --git a/‎.codecov.yml
Lines changed: 1 addition & 0 deletions b/‎.codecov.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎Makefile
Lines changed: 7 additions & 0 deletions b/‎Makefile
Lines changed: 7 additions & 0 deletions
diff --git a/‎docs/crd/appprotect.f5.com_aplogconfs.md
Lines changed: 30 additions & 0 deletions b/‎docs/crd/appprotect.f5.com_aplogconfs.md
Lines changed: 30 additions & 0 deletions
diff --git a/‎docs/crd/appprotect.f5.com_appolicies.md
Lines changed: 565 additions & 0 deletions b/‎docs/crd/appprotect.f5.com_appolicies.md
Lines changed: 565 additions & 0 deletions
diff --git a/‎docs/crd/appprotect.f5.com_apusersigs.md
Lines changed: 34 additions & 0 deletions b/‎docs/crd/appprotect.f5.com_apusersigs.md
Lines changed: 34 additions & 0 deletions
diff --git a/‎docs/crd/appprotectdos.f5.com_apdoslogconfs.md
Lines changed: 25 additions & 0 deletions b/‎docs/crd/appprotectdos.f5.com_apdoslogconfs.md
Lines changed: 25 additions & 0 deletions
diff --git a/‎docs/crd/appprotectdos.f5.com_apdospolicy.md
Lines changed: 22 additions & 0 deletions b/‎docs/crd/appprotectdos.f5.com_apdospolicy.md
Lines changed: 22 additions & 0 deletions
diff --git a/‎docs/crd/appprotectdos.f5.com_dosprotectedresources.md
Lines changed: 31 additions & 0 deletions b/‎docs/crd/appprotectdos.f5.com_dosprotectedresources.md
Lines changed: 31 additions & 0 deletions
diff --git a/‎docs/crd/externaldns.nginx.org_dnsendpoints.md
Lines changed: 26 additions & 0 deletions b/‎docs/crd/externaldns.nginx.org_dnsendpoints.md
Lines changed: 26 additions & 0 deletions
diff --git a/‎docs/crd/k8s.nginx.org_globalconfigurations.md
Lines changed: 24 additions & 0 deletions b/‎docs/crd/k8s.nginx.org_globalconfigurations.md
Lines changed: 24 additions & 0 deletions
@@ -14,3 +14,4 @@ coverage:
 ignore:
   - "pkg/client"
   - "**/*generated*.go"
+  - "hack"
@@ -99,6 +99,7 @@ update-crds: ## Update CRDs
 	kustomize build config/crd >deploy/crds.yaml
 	kustomize build config/crd/app-protect-dos --load-restrictor='LoadRestrictionsNone' >deploy/crds-nap-dos.yaml
 	kustomize build config/crd/app-protect-waf --load-restrictor='LoadRestrictionsNone' >deploy/crds-nap-waf.yaml
+	$(MAKE) update-crd-docs
 
 .PHONY: telemetry-schema
 telemetry-schema: ## Generate the telemetry Schema
@@ -240,3 +241,9 @@ clean-cache: ## Clean go cache
 rebuild-test-img:
 	cd tests && \
 	make build
+
+.PHONY: update-crd-docs
+update-crd-docs: ## Update CRD markdown documentation from YAML definitions
+	@echo "Generating CRD documentation..."
+	@go run hack/generate-crd-docs.go -crd-dir config/crd/bases -output-dir docs/crd
+	@echo "CRD documentation updated successfully!"
@@ -0,0 +1,30 @@
+# APLogConf
+
+**Group:** `appprotect.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `APLogConf`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `APLogConf` resource defines the logging configuration for NGINX App Protect. It allows you to specify the format and content of security logs, as well as filters to control which requests are logged.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `content` | `object` | Configuration object. |
+| `content.escaping_characters` | `array` | List of configuration values. |
+| `content.escaping_characters[].from` | `string` | String configuration value. |
+| `content.escaping_characters[].to` | `string` | String configuration value. |
+| `content.format` | `string` | Allowed values: `"splunk"`, `"arcsight"`, `"default"`, `"user-defined"`, `"grpc"`. |
+| `content.format_string` | `string` | String configuration value. |
+| `content.list_delimiter` | `string` | String configuration value. |
+| `content.list_prefix` | `string` | String configuration value. |
+| `content.list_suffix` | `string` | String configuration value. |
+| `content.max_message_size` | `string` | String configuration value. |
+| `content.max_request_size` | `string` | String configuration value. |
+| `filter` | `object` | Configuration object. |
+| `filter.request_type` | `string` | Allowed values: `"all"`, `"illegal"`, `"blocked"`. |
@@ -0,0 +1,34 @@
+# APUserSig
+
+**Group:** `appprotect.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `APUserSig`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `APUserSig` resource defines a custom user-defined signature for NGINX App Protect. It allows you to create your own signatures to detect specific attack patterns or vulnerabilities.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `properties` | `string` | String configuration value. |
+| `signatures` | `array` | List of configuration values. |
+| `signatures[].accuracy` | `string` | Allowed values: `"high"`, `"medium"`, `"low"`. |
+| `signatures[].attackType` | `object` | Configuration object. |
+| `signatures[].attackType.name` | `string` | String configuration value. |
+| `signatures[].description` | `string` | String configuration value. |
+| `signatures[].name` | `string` | String configuration value. |
+| `signatures[].references` | `object` | Configuration object. |
+| `signatures[].references.type` | `string` | Allowed values: `"bugtraq"`, `"cve"`, `"nessus"`, `"url"`. |
+| `signatures[].references.value` | `string` | String configuration value. |
+| `signatures[].risk` | `string` | Allowed values: `"high"`, `"medium"`, `"low"`. |
+| `signatures[].rule` | `string` | String configuration value. |
+| `signatures[].signatureType` | `string` | Allowed values: `"request"`, `"response"`. |
+| `signatures[].systems` | `array` | List of configuration values. |
+| `signatures[].systems[].name` | `string` | String configuration value. |
+| `softwareVersion` | `string` | String configuration value. |
+| `tag` | `string` | String configuration value. |
@@ -0,0 +1,25 @@
+# APDosLogConf
+
+**Group:** `appprotectdos.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `APDosLogConf`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `APDosLogConf` resource defines the logging configuration for the NGINX App Protect DoS module. It allows you to specify the format and content of security logs, as well as filters to control which events are logged.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `content` | `object` | Configuration object. |
+| `content.format` | `string` | Allowed values: `"splunk"`, `"arcsight"`, `"user-defined"`. |
+| `content.format_string` | `string` | String configuration value. |
+| `content.max_message_size` | `string` | String configuration value. |
+| `filter` | `object` | Configuration object. |
+| `filter.attack-signatures` | `string` | String configuration value. |
+| `filter.bad-actors` | `string` | String configuration value. |
+| `filter.traffic-mitigation-stats` | `string` | Allowed values: `"none"`, `"all"`. |
@@ -0,0 +1,22 @@
+# APDosPolicy
+
+**Group:** `appprotectdos.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `APDosPolicy`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `APDosPolicy` resource defines a security policy for the NGINX App Protect Denial of Service (DoS) module. It allows you to configure various mitigation strategies to protect your applications from DoS attacks.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `automation_tools_detection` | `string` | Allowed values: `"on"`, `"off"`. |
+| `bad_actors` | `string` | Allowed values: `"on"`, `"off"`. |
+| `mitigation_mode` | `string` | Allowed values: `"standard"`, `"conservative"`, `"none"`. |
+| `signatures` | `string` | Allowed values: `"on"`, `"off"`. |
+| `tls_fingerprint` | `string` | Allowed values: `"on"`, `"off"`. |
@@ -0,0 +1,31 @@
+# DosProtectedResource
+
+**Group:** `appprotectdos.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `DosProtectedResource`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `DosProtectedResource` resource defines a resource that is protected by the NGINX App Protect DoS module. It allows you to enable and configure DoS protection for a specific service or application.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `allowList` | `array` | AllowList is a list of allowed IPs and subnet masks |
+| `allowList[].ipWithMask` | `string` | String configuration value. |
+| `apDosMonitor` | `object` | ApDosMonitor is how NGINX App Protect DoS monitors the stress level of the protected object. The monitor requests are sent from localhost (127.0.0.1). Default value: URI - None, protocol - http1, timeout - NGINX App Protect DoS default. |
+| `apDosMonitor.protocol` | `string` | Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1. Allowed values: `"http1"`, `"http2"`, `"grpc"`, `"websocket"`. |
+| `apDosMonitor.timeout` | `integer` | Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc. |
+| `apDosMonitor.uri` | `string` | URI is the destination to the desired protected object in the nginx.conf: |
+| `apDosPolicy` | `string` | ApDosPolicy is the namespace/name of a ApDosPolicy resource |
+| `dosAccessLogDest` | `string` | DosAccessLogDest is the network address for the access logs |
+| `dosSecurityLog` | `object` | DosSecurityLog defines the security log of the DosProtectedResource. |
+| `dosSecurityLog.apDosLogConf` | `string` | ApDosLogConf is the namespace/name of a APDosLogConf resource |
+| `dosSecurityLog.dosLogDest` | `string` | DosLogDest is the network address of a logging service, can be either IP or DNS name. |
+| `dosSecurityLog.enable` | `boolean` | Enable enables the security logging feature if set to true |
+| `enable` | `boolean` | Enable enables the DOS feature if set to true |
+| `name` | `string` | Name is the name of protected object, max of 63 characters. |
@@ -0,0 +1,26 @@
+# DNSEndpoint
+
+**Group:** `externaldns.nginx.org`  
+**Version:** `v1`  
+**Kind:** `DNSEndpoint`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `DNSEndpoint` resource is used to manage DNS records for services exposed through NGINX Ingress Controller. It is typically used in conjunction with ExternalDNS to automatically create and update DNS records.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `endpoints` | `array` | List of configuration values. |
+| `endpoints[].dnsName` | `string` | The hostname for the DNS record |
+| `endpoints[].labels` | `object` | Labels stores labels defined for the Endpoint |
+| `endpoints[].providerSpecific` | `array` | ProviderSpecific stores provider specific config |
+| `endpoints[].providerSpecific[].name` | `string` | Name of the property |
+| `endpoints[].providerSpecific[].value` | `string` | Value of the property |
+| `endpoints[].recordTTL` | `integer` | TTL for the record |
+| `endpoints[].recordType` | `string` | RecordType type of record, e.g. CNAME, A, SRV, TXT, MX |
+| `endpoints[].targets` | `array[string]` | The targets the DNS service points to |
@@ -0,0 +1,24 @@
+# GlobalConfiguration
+
+**Group:** `k8s.nginx.org`  
+**Version:** `v1`  
+**Kind:** `GlobalConfiguration`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `GlobalConfiguration` resource defines global settings for the NGINX Ingress Controller. It allows you to configure listeners for different protocols and ports.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `listeners` | `array` | List of configuration values. |
+| `listeners[].ipv4` | `string` | String configuration value. |
+| `listeners[].ipv6` | `string` | String configuration value. |
+| `listeners[].name` | `string` | String configuration value. |
+| `listeners[].port` | `integer` | Numeric configuration value. |
+| `listeners[].protocol` | `string` | String configuration value. |
+| `listeners[].ssl` | `boolean` | Enable or disable this feature. |