Skip to content

Add external WAF bundle sources (NGINX Instance Manager, NGINX One Console, HTTPS)#10131

Open
AlexFenlon wants to merge 27 commits into
mainfrom
feat/n1c-waf-policy
Open

Add external WAF bundle sources (NGINX Instance Manager, NGINX One Console, HTTPS)#10131
AlexFenlon wants to merge 27 commits into
mainfrom
feat/n1c-waf-policy

Conversation

@AlexFenlon

@AlexFenlon AlexFenlon commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Proposed changes

Add support for fetching pre-compiled WAF policy bundles from remote sources, enabling separation between policy authoring (SecOps) and policy application (platform teams).

Previously, WAF v5 policies required manually compiling .tgz bundles and copying them into the pod filesystem via apBundle. This PR introduces apBundleSource and apLogBundleSource fields that let NIC fetch bundles from three source types:

  • NGINX One Console (N1C) — via the N1C API using an API token
  • NGINX Instance Manager (NIM) — via the NIM bundles API using bearer token or basic auth
  • HTTPS — from any HTTPS endpoint, with optional mTLS and custom CA support

If the management plane is unavailable, existing active policies remain in place. Net-new policies stay inactive until a bundle is successfully fetched, with warnings surfaced on the Policy resource.

Polling is opt-in via the enablePolling boolean. When enabled, NIC re-fetches at the configured pollInterval (minimum 1m, default 5m). When disabled or not provided, bundles are fetched once on policy creation/update. NIM and N1C use metadata-only checks to avoid downloading unchanged bundles on each poll cycle.

Added WAFBundleSourceTypes and WAFLogBundleSourceTypes to telemetry to report which policy and log profile bundle source types are in use

New files:

  • internal/configs/wafbundle/ — fetching, polling, and caching for all three source types
  • examples/custom-resources/waf-management-plane/ — VirtualServer examples for NIM and N1C
  • examples/custom-resources/waf-https-bundles/ — VirtualServer examples for HTTPS
  • examples/ingress-resources/waf-management-plane/ — Ingress examples for NIM and N1C
  • examples/ingress-resources/waf-https-bundles/ — Ingress examples for HTTPS
  • examples/shared-examples/waf-bundle-server/ — self-contained HTTPS bundle server with mTLS

Docs WIP PR - nginx/documentation#2074

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@github-actions github-actions Bot added enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code labels Jun 8, 2026
@AlexFenlon AlexFenlon marked this pull request as ready for review June 8, 2026 15:18
Copilot AI review requested due to automatic review settings June 8, 2026 15:18
@AlexFenlon AlexFenlon requested a review from a team as a code owner June 8, 2026 15:18
Copilot AI reviewed Jun 8, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for sourcing NGINX App Protect WAF v5 policy/log bundles from remote backends (NGINX One Console, NGINX Instance Manager, or generic HTTPS) via new apBundleSource / apLogBundleSource fields on the Policy WAF spec, with controller-side fetching, caching, and background polling to keep bundles up to date.

Changes:

  • Introduces BundleSource API type and wiring (apBundleSource, apLogBundleSource) with Go validation + generated clients/deepcopy + updated CRDs/docs.
  • Adds internal/configs/wafbundle package implementing HTTPS/N1C/NIM fetching plus a per-Policy poller manager to refresh bundles and trigger re-syncs.
  • Updates controller/policy config generation and examples to consume fetched bundles and surface status/events on fetch failures.

Reviewed changes

Copilot reviewed 44 out of 45 changed files in this pull request and generated 20 comments.

Show a summary per file
File Description
pkg/client/applyconfiguration/utils.go Registers applyconfig constructor for the new BundleSource kind.
pkg/client/applyconfiguration/configuration/v1/waf.go Adds ApBundleSource to WAF apply configuration and chaining helper.
pkg/client/applyconfiguration/configuration/v1/securitylog.go Adds ApLogBundleSource to SecurityLog apply configuration and chaining helper.
pkg/client/applyconfiguration/configuration/v1/bundlesource.go New generated apply configuration type for BundleSource.
pkg/apis/configuration/validation/policy.go Adds validation for BundleSource and updates WAF/log mutual exclusivity rules.
pkg/apis/configuration/validation/policy_test.go Adds unit tests covering BundleSource/WAF/log validation behavior.
pkg/apis/configuration/v1/zz_generated.deepcopy.go Adds deepcopy support for BundleSource and new pointer fields.
pkg/apis/configuration/v1/types.go Adds BundleSource/BundleSourceType and new WAF/SecurityLog fields.
internal/logger/events.go Adds event reasons for invalid config and bundle fetch failures.
internal/k8s/secrets/validation.go Adds new secret type nginx.com/waf-bundle and validation rules.
internal/k8s/policy.go Adds sync-time fetching + poller reconciliation + cleanup for bundle sources.
internal/k8s/controller.go Wires poller manager creation and secret->policy resync mapping for bundle sources.
internal/configs/wafbundle/bundle.go New core types/constants/helpers (checksum, filenames, defaults).
internal/configs/wafbundle/fetch.go New HTTP fetcher supporting HTTPS/N1C/NIM sources (with retries/caching headers).
internal/configs/wafbundle/fetch_test.go Unit tests for fetcher behavior across backends and error cases.
internal/configs/wafbundle/poller.go New poller manager that periodically refreshes bundles and triggers policy re-sync.
internal/configs/wafbundle/poller_test.go Unit tests for polling/reconcile/stop semantics and atomic writes.
internal/configs/policy.go Uses fetched bundle filenames to activate WAF/log profiles once available.
hack/secrets.json Adds secret generation metadata for the bundle-server example certificates.
examples/shared-examples/waf-bundle-server/README.md Documents a local HTTPS bundle server for testing/air-gapped setups.
examples/shared-examples/waf-bundle-server/deployment.yaml Deploys the example HTTPS bundle server and compiler init containers.
examples/ingress-resources/security-monitoring-v5/README.md Documents filesystem vs remote bundle sourcing and adds NIM/N1C flow.
examples/ingress-resources/security-monitoring-v5/waf-nim.yaml Adds security-monitoring Policy example using NIM bundle sources.
examples/ingress-resources/security-monitoring-v5/waf-n1c.yaml Adds security-monitoring Policy example using N1C bundle sources.
examples/ingress-resources/app-protect-waf-v5-bundle-source/README.md New end-to-end Ingress example for remote bundle sources.
examples/ingress-resources/app-protect-waf-v5-bundle-source/waf-https.yaml Ingress Policy example using HTTPS bundle server.
examples/ingress-resources/app-protect-waf-v5-bundle-source/waf-nim.yaml Ingress Policy example using NIM bundle sources.
examples/ingress-resources/app-protect-waf-v5-bundle-source/waf-n1c.yaml Ingress Policy example using N1C bundle sources.
examples/ingress-resources/app-protect-waf-v5-bundle-source/cafe.yaml Workload/service manifests for the Ingress remote-bundle example.
examples/ingress-resources/app-protect-waf-v5-bundle-source/cafe-ingress.yaml Ingress manifest referencing the remote-bundle WAF policy.
examples/custom-resources/security-monitoring-v5/README.md Same documentation update as ingress variant (filesystem vs remote).
examples/custom-resources/security-monitoring-v5/waf-nim.yaml Custom-resources security-monitoring Policy example using NIM.
examples/custom-resources/security-monitoring-v5/waf-n1c.yaml Custom-resources security-monitoring Policy example using N1C.
examples/custom-resources/app-protect-waf-v5-bundle-source/README.md New end-to-end VirtualServer example for remote bundle sources.
examples/custom-resources/app-protect-waf-v5-bundle-source/waf-https.yaml VirtualServer Policy example using HTTPS bundle server.
examples/custom-resources/app-protect-waf-v5-bundle-source/waf-nim.yaml VirtualServer Policy example using NIM bundle sources.
examples/custom-resources/app-protect-waf-v5-bundle-source/waf-n1c.yaml VirtualServer Policy example using N1C bundle sources.
examples/custom-resources/app-protect-waf-v5-bundle-source/webapp.yaml Workload/service manifests for the VirtualServer remote-bundle example.
examples/custom-resources/app-protect-waf-v5-bundle-source/virtual-server.yaml VirtualServer manifest referencing the remote-bundle WAF policy.
docs/crd/k8s.nginx.org_policies.md Updates CRD reference docs with new bundle source fields.
config/crd/bases/k8s.nginx.org_policies.yaml Updates CRD base schema with BundleSource fields.
deploy/crds.yaml Updates deploy-time CRDs with BundleSource fields.
cmd/nginx-ingress/main.go Passes App Protect bundle path into controller input for poller wiring.
.gitignore Ignores generated example secret YAMLs for the bundle-server example.

Comment thread pkg/apis/configuration/validation/policy.go
Comment thread internal/configs/wafbundle/fetch.go
Comment thread internal/configs/wafbundle/fetch.go
Comment thread internal/configs/wafbundle/fetch.go
Comment thread internal/configs/wafbundle/poller.go
Comment thread config/crd/bases/k8s.nginx.org_policies.yaml
Comment thread deploy/crds.yaml
Comment thread deploy/crds.yaml
Comment thread docs/crd/k8s.nginx.org_policies.md Outdated
Comment thread docs/crd/k8s.nginx.org_policies.md Outdated
@AlexFenlon AlexFenlon marked this pull request as draft June 8, 2026 15:30
@codecov

codecov Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 51.74954% with 524 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.14%. Comparing base (a4e23f4) to head (d240bb7).

Files with missing lines Patch % Lines
internal/k8s/policy.go 0.00% 258 Missing and 1 partial ⚠️
internal/configs/wafbundle/fetch.go 69.84% 84 Missing and 52 partials ⚠️
internal/configs/wafbundle/poller.go 71.31% 22 Missing and 13 partials ⚠️
internal/k8s/controller.go 6.06% 29 Missing and 2 partials ⚠️
internal/configs/policy.go 4.16% 21 Missing and 2 partials ⚠️
pkg/apis/configuration/validation/policy.go 84.82% 11 Missing and 6 partials ⚠️
internal/telemetry/cluster.go 64.10% 12 Missing and 2 partials ⚠️
internal/configs/wafbundle/bundle.go 75.00% 5 Missing and 1 partial ⚠️
internal/k8s/secrets/validation.go 86.66% 2 Missing ⚠️
cmd/nginx-ingress/main.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #10131      +/-   ##
==========================================
- Coverage   57.45%   57.14%   -0.31%     
==========================================
  Files          99      102       +3     
  Lines       21282    22345    +1063     
==========================================
+ Hits        12227    12770     +543     
- Misses       8348     8790     +442     
- Partials      707      785      +78

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

github-actions Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Package Report

Details gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx, 1.31.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-module-njs, 1.31.2+1.0.0-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-module-otel, 1.31.2+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-agent, 3.11.2~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx, 1.31.2-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-module-njs, 1.31.2+1.0.0-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-module-otel, 1.31.2+0.1.2-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-agent, 3.11.2~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus, 37.0.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-njs, 37.0+0.9.9-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-otel, 37.0+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-fips-check, 37.0+0.1-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-agent, 3.11.2~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus, 37.0.2-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-njs, 37.0+0.9.9-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-otel, 37.0+0.1.2-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-fips-check, 37.0+0.1-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-agent, 3.11.2~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus, 37.0.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-njs, 37.0+0.9.9-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-otel, 37.0+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-fips-check, 37.0+0.1-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-appprotect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-attack-signatures, 2026.06.17-2~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-threat-campaigns, 2026.06.22-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-ip-intelligence, 1.55.0-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-agent, 2.46.5~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus, 37.0.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-njs, 37.0+0.9.9-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-otel, 37.0+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-fips-check, 37.0+0.1-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-appprotect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-module-plus, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-plugin, 6.29.0-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-agent, 2.46.5~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus, 37.0.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-njs, 37.0+0.9.9-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-otel, 37.0+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-fips-check, 37.0+0.1-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-appprotectdos, 37+4.9.6-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-dos, 37+4.9.6-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-agent, 2.46.5~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus, 37.0.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-njs, 37.0+0.9.9-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-otel, 37.0+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-fips-check, 37.0+0.1-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-appprotect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-ip-intelligence, 1.55.0-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-attack-signatures, 2026.06.17-2~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-threat-campaigns, 2026.06.22-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-plus-module-appprotectdos, 37+4.9.6-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, app-protect-dos, 37+4.9.6-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b, nginx-agent, 2.46.5~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx, 1.31.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-module-njs, 1.31.2.1.0.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-module-otel, 1.31.2.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-agent, 3.11.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx, 1.31.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-module-njs, 1.31.2.1.0.0-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-module-otel, 1.31.2.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-agent, 3.11.2, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-plus, 37.0.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-plus-module-njs, 37.0.0.9.9-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-plus-module-otel, 37.0.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-plus-module-fips-check, 37.0.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-agent, 3.11.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-plus, 37.0.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-plus-module-njs, 37.0.0.9.9-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-plus-module-otel, 37.0.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-plus-module-fips-check, 37.0.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine, nginx-agent, 3.11.2, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus, 37.0.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-njs, 37.0.0.9.9-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-otel, 37.0.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-fips-check, 37.0.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-agent, 3.11.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus, 37.0.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-njs, 37.0.0.9.9-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-otel, 37.0.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-fips-check, 37.0.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-agent, 3.11.2, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus, 37.0.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-njs, 37.0.0.9.9-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-otel, 37.0.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-fips-check, 37.0.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-agent, 2.46.5, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, app-protect-ip-intelligence, 1.55.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-appprotect, 37.0.5.635.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, app-protect, 37.0.5.635.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, app-protect-attack-signatures, 2026.06.17-r2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, app-protect-threat-campaigns, 2026.06.22-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus, 37.0.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-njs, 37.0.0.9.9-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-otel, 37.0.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-fips-check, 37.0.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-agent, 2.46.5, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, nginx-plus-module-appprotect, 37.0.5.635.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, app-protect-module-plus, 37.0.5.635.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips, app-protect-plugin, 6.29.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx, 1.31.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-module-njs, 1.31.2+1.0.0-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-module-otel, 1.31.2+0.1.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-agent, 3.11.2-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx, 1.31.2-1.el10.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-module-njs, 1.31.2+1.0.0-1.el10.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-module-otel, 1.31.2+0.1.2-1.el10.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-agent, 3.11.2-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus, 37.0.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-njs, 37.0+0.9.9-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-otel, 37.0+0.1.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-fips-check, 37.0+0.1-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-agent, 3.11.2-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus, 37.0.2-1.el10.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-njs, 37.0+0.9.9-1.el10.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-otel, 37.0+0.1.2-1.el10.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-fips-check, 37.0+0.1-1.el10.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-agent, 3.11.2-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus, 37.0.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-njs, 37.0+0.9.9-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-otel, 37.0+0.1.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-fips-check, 37.0+0.1-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-agent, 2.46.5-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-appprotect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-ip-intelligence, 1.55.0-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-attack-signatures, 2026.06.17-2.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-threat-campaigns, 2026.06.22-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus, 37.0.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-njs, 37.0+0.9.9-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-otel, 37.0+0.1.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-fips-check, 37.0+0.1-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-agent, 2.46.5-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-appprotect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-module-plus, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-plugin, 6.29.0-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus, 37.0.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-njs, 37.0+0.9.9-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-otel, 37.0+0.1.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-fips-check, 37.0+0.1-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-appprotectdos, 37+4.9.6-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-dos, 37+4.9.6-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-agent, 2.46.5-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus, 37.0.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-njs, 37.0+0.9.9-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-otel, 37.0+0.1.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-fips-check, 37.0+0.1-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-appprotect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-plus-module-appprotectdos, 37+4.9.6-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, nginx-agent, 2.46.5-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-ip-intelligence, 1.55.0-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-attack-signatures, 2026.06.17-2.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-threat-campaigns, 2026.06.22-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi, app-protect-dos, 37+4.9.6-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus, 37.0.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-njs, 37.0+0.9.9-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-otel, 37.0+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-fips-check, 37.0+0.1-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-appprotect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect-attack-signatures, 2026.06.17-2~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect-threat-campaigns, 2026.06.22-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect-ip-intelligence, 1.55.0-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-agent, 3.11.2~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus, 37.0.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-njs, 37.0+0.9.9-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-otel, 37.0+0.1.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-fips-check, 37.0+0.1-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-appprotect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect-attack-signatures, 2026.06.17-2.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect-threat-campaigns, 2026.06.22-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect-ip-intelligence, 1.55.0-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-agent, 3.11.2-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus, 37.0.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus-module-njs, 37.0.0.9.9-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus-module-otel, 37.0.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus-module-fips-check, 37.0.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus-module-appprotect, 37.0.5.635.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, app-protect, 37.0.5.635.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, app-protect-attack-signatures, 2026.06.17-r2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, app-protect-threat-campaigns, 2026.06.22-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, app-protect-ip-intelligence, 1.55.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-agent, 3.11.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus, 37.0.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-njs, 37.0+0.9.9-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-otel, 37.0+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-fips-check, 37.0+0.1-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-appprotect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect-module-plus, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect-plugin, 6.29.0-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-agent, 3.11.2~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus, 37.0.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-njs, 37.0+0.9.9-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-otel, 37.0+0.1.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-fips-check, 37.0+0.1-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-appprotect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect-module-plus, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect-plugin, 6.29.0-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-agent, 3.11.2-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus, 37.0.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus-module-njs, 37.0.0.9.9-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus-module-otel, 37.0.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus-module-fips-check, 37.0.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-plus-module-appprotect, 37.0.5.635.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, app-protect-module-plus, 37.0.5.635.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, app-protect-plugin, 6.29.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-alpine-fips-agent, nginx-agent, 3.11.2, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus, 37.0.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-njs, 37.0+0.9.9-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-otel, 37.0+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-fips-check, 37.0+0.1-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-appprotect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-plus-module-appprotectdos, 37+4.9.6-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, nginx-agent, 3.11.2~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect, 37.0+5.635.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect-ip-intelligence, 1.55.0-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect-attack-signatures, 2026.06.17-2~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect-threat-campaigns, 2026.06.22-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-agent, app-protect-dos, 37+4.9.6-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus, 37.0.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-njs, 37.0+0.9.9-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-otel, 37.0+0.1.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-fips-check, 37.0+0.1-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-appprotect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-plus-module-appprotectdos, 37+4.9.6-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, nginx-agent, 3.11.2-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect, 37.0+5.635.2-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect-ip-intelligence, 1.55.0-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect-attack-signatures, 2026.06.17-2.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect-threat-campaigns, 2026.06.22-1.el10.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-fc0951c83f0a9fe200a9f40e45e2bc6b-ubi-agent, app-protect-dos, 37+4.9.6-1.el10.ngx, x86_64

@AlexFenlon
feat: add external WAF bundle sources (NGINX Instance Manager, NGINX …
339b49f 
…One Console, HTTPS)

Adds support for fetching pre-compiled WAF policy bundles from remote sources,
enabling separation between policy authoring (SecOps) and policy application
(platform teams).

New apBundleSource and apLogBundleSource fields on the WAF Policy spec allow
NIC to fetch bundles from three source types:

- NGINX One Console (N1C) via the N1C API using an API token
- NGINX Instance Manager (NIM) via the NIM bundles API using bearer token or basic auth
- HTTPS from any endpoint, with optional mTLS and custom CA support

Key behaviors:
- enablePolling is a required boolean controlling background polling
- Poll interval minimum 1m, default 5m
- NIM uses metadata-only checks to avoid downloading unchanged bundles
- Existing active policies remain in place when a fetch fails
- Net-new policies stay inactive (return 500) until a bundle is fetched
- Poller failures emit Warning events and update Policy status

Includes WAFBundleSourceTypes telemetry, comprehensive validation, and examples
for all three source types (VirtualServer and Ingress).
@AlexFenlon AlexFenlon force-pushed the feat/n1c-waf-policy branch from 969ad01 to 339b49f Compare June 16, 2026 12:27
@github-actions github-actions Bot added the python Pull requests that update Python code label Jun 17, 2026
@AlexFenlon AlexFenlon requested a review from Copilot June 26, 2026 15:14
@AlexFenlon AlexFenlon marked this pull request as ready for review June 26, 2026 15:14
Copilot AI reviewed Jun 26, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 66 out of 68 changed files in this pull request and generated 4 comments.

Comment thread internal/telemetry/cluster.go
Comment thread internal/k8s/policy.go
Comment thread internal/k8s/policy.go
Comment thread internal/k8s/policy.go
@AlexFenlon AlexFenlon changed the title [DRAFT] Add external WAF bundle sources (NGINX Instance Manager, NGINX One Console, HTTPS) Add external WAF bundle sources (NGINX Instance Manager, NGINX One Console, HTTPS) Jun 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code python Pull requests that update Python code

Projects

NGINX Ingress Controller
Status: Todo ☑

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AlexFenlon