add crd docs in dev docs

.codecov.yml

@@ -14,3 +14,4 @@ coverage:
 ignore:
   - "pkg/client"
   - "**/*generated*.go"
+  - "hack"

Makefile

@@ -99,6 +99,7 @@ update-crds: ## Update CRDs
 	kustomize build config/crd >deploy/crds.yaml
 	kustomize build config/crd/app-protect-dos --load-restrictor='LoadRestrictionsNone' >deploy/crds-nap-dos.yaml
 	kustomize build config/crd/app-protect-waf --load-restrictor='LoadRestrictionsNone' >deploy/crds-nap-waf.yaml
+	make update-crd-docs
 
 .PHONY: telemetry-schema
 telemetry-schema: ## Generate the telemetry Schema
@@ -240,3 +241,9 @@ clean-cache: ## Clean go cache
 rebuild-test-img:
 	cd tests && \
 	make build
+
+.PHONY: update-crd-docs
+update-crd-docs: ## Update CRD markdown documentation from YAML definitions
+	@echo "Generating CRD documentation..."
+	@go run hack/generate-crd-docs.go -crd-dir config/crd/bases -output-dir docs/crd
+	@echo "CRD documentation updated successfully!"

docs/crd/appprotect.f5.com_aplogconfs.md

@@ -0,0 +1,30 @@
+# APLogConf
+
+**Group:** `appprotect.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `APLogConf`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `APLogConf` resource defines the logging configuration for NGINX App Protect. It allows you to specify the format and content of security logs, as well as filters to control which requests are logged.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `content` | `object` | Configuration object. |
+| `content.escaping_characters` | `array` | List of configuration values. |
+| `content.escaping_characters[].from` | `string` | String configuration value. |
+| `content.escaping_characters[].to` | `string` | String configuration value. |
+| `content.format` | `string` | Allowed values: `"splunk"`, `"arcsight"`, `"default"`, `"user-defined"`, `"grpc"`. |
+| `content.format_string` | `string` | String configuration value. |
+| `content.list_delimiter` | `string` | String configuration value. |
+| `content.list_prefix` | `string` | String configuration value. |
+| `content.list_suffix` | `string` | String configuration value. |
+| `content.max_message_size` | `string` | String configuration value. |
+| `content.max_request_size` | `string` | String configuration value. |
+| `filter` | `object` | Configuration object. |
+| `filter.request_type` | `string` | Allowed values: `"all"`, `"illegal"`, `"blocked"`. |

docs/crd/appprotect.f5.com_apusersigs.md

@@ -0,0 +1,34 @@
+# APUserSig
+
+**Group:** `appprotect.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `APUserSig`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `APUserSig` resource defines a custom user-defined signature for NGINX App Protect. It allows you to create your own signatures to detect specific attack patterns or vulnerabilities.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `properties` | `string` | String configuration value. |
+| `signatures` | `array` | List of configuration values. |
+| `signatures[].accuracy` | `string` | Allowed values: `"high"`, `"medium"`, `"low"`. |
+| `signatures[].attackType` | `object` | Configuration object. |
+| `signatures[].attackType.name` | `string` | String configuration value. |
+| `signatures[].description` | `string` | String configuration value. |
+| `signatures[].name` | `string` | String configuration value. |
+| `signatures[].references` | `object` | Configuration object. |
+| `signatures[].references.type` | `string` | Allowed values: `"bugtraq"`, `"cve"`, `"nessus"`, `"url"`. |
+| `signatures[].references.value` | `string` | String configuration value. |
+| `signatures[].risk` | `string` | Allowed values: `"high"`, `"medium"`, `"low"`. |
+| `signatures[].rule` | `string` | String configuration value. |
+| `signatures[].signatureType` | `string` | Allowed values: `"request"`, `"response"`. |
+| `signatures[].systems` | `array` | List of configuration values. |
+| `signatures[].systems[].name` | `string` | String configuration value. |
+| `softwareVersion` | `string` | String configuration value. |
+| `tag` | `string` | String configuration value. |

docs/crd/appprotectdos.f5.com_apdoslogconfs.md

@@ -0,0 +1,25 @@
+# APDosLogConf
+
+**Group:** `appprotectdos.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `APDosLogConf`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `APDosLogConf` resource defines the logging configuration for the NGINX App Protect DoS module. It allows you to specify the format and content of security logs, as well as filters to control which events are logged.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `content` | `object` | Configuration object. |
+| `content.format` | `string` | Allowed values: `"splunk"`, `"arcsight"`, `"user-defined"`. |
+| `content.format_string` | `string` | String configuration value. |
+| `content.max_message_size` | `string` | String configuration value. |
+| `filter` | `object` | Configuration object. |
+| `filter.attack-signatures` | `string` | String configuration value. |
+| `filter.bad-actors` | `string` | String configuration value. |
+| `filter.traffic-mitigation-stats` | `string` | Allowed values: `"none"`, `"all"`. |

docs/crd/appprotectdos.f5.com_apdospolicy.md

@@ -0,0 +1,22 @@
+# APDosPolicy
+
+**Group:** `appprotectdos.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `APDosPolicy`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `APDosPolicy` resource defines a security policy for the NGINX App Protect Denial of Service (DoS) module. It allows you to configure various mitigation strategies to protect your applications from DoS attacks.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `automation_tools_detection` | `string` | Allowed values: `"on"`, `"off"`. |
+| `bad_actors` | `string` | Allowed values: `"on"`, `"off"`. |
+| `mitigation_mode` | `string` | Allowed values: `"standard"`, `"conservative"`, `"none"`. |
+| `signatures` | `string` | Allowed values: `"on"`, `"off"`. |
+| `tls_fingerprint` | `string` | Allowed values: `"on"`, `"off"`. |

docs/crd/appprotectdos.f5.com_dosprotectedresources.md

@@ -0,0 +1,31 @@
+# DosProtectedResource
+
+**Group:** `appprotectdos.f5.com`  
+**Version:** `v1beta1`  
+**Kind:** `DosProtectedResource`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `DosProtectedResource` resource defines a resource that is protected by the NGINX App Protect DoS module. It allows you to enable and configure DoS protection for a specific service or application.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `allowList` | `array` | AllowList is a list of allowed IPs and subnet masks |
+| `allowList[].ipWithMask` | `string` | String configuration value. |
+| `apDosMonitor` | `object` | ApDosMonitor is how NGINX App Protect DoS monitors the stress level of the protected object. The monitor requests are sent from localhost (127.0.0.1). Default value: URI - None, protocol - http1, timeout - NGINX App Protect DoS default. |
+| `apDosMonitor.protocol` | `string` | Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1. Allowed values: `"http1"`, `"http2"`, `"grpc"`, `"websocket"`. |
+| `apDosMonitor.timeout` | `integer` | Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc. |
+| `apDosMonitor.uri` | `string` | URI is the destination to the desired protected object in the nginx.conf: |
+| `apDosPolicy` | `string` | ApDosPolicy is the namespace/name of a ApDosPolicy resource |
+| `dosAccessLogDest` | `string` | DosAccessLogDest is the network address for the access logs |
+| `dosSecurityLog` | `object` | DosSecurityLog defines the security log of the DosProtectedResource. |
+| `dosSecurityLog.apDosLogConf` | `string` | ApDosLogConf is the namespace/name of a APDosLogConf resource |
+| `dosSecurityLog.dosLogDest` | `string` | DosLogDest is the network address of a logging service, can be either IP or DNS name. |
+| `dosSecurityLog.enable` | `boolean` | Enable enables the security logging feature if set to true |
+| `enable` | `boolean` | Enable enables the DOS feature if set to true |
+| `name` | `string` | Name is the name of protected object, max of 63 characters. |

docs/crd/externaldns.nginx.org_dnsendpoints.md

@@ -0,0 +1,26 @@
+# DNSEndpoint
+
+**Group:** `externaldns.nginx.org`  
+**Version:** `v1`  
+**Kind:** `DNSEndpoint`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `DNSEndpoint` resource is used to manage DNS records for services exposed through NGINX Ingress Controller. It is typically used in conjunction with ExternalDNS to automatically create and update DNS records.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `endpoints` | `array` | List of configuration values. |
+| `endpoints[].dnsName` | `string` | The hostname for the DNS record |
+| `endpoints[].labels` | `object` | Labels stores labels defined for the Endpoint |
+| `endpoints[].providerSpecific` | `array` | ProviderSpecific stores provider specific config |
+| `endpoints[].providerSpecific[].name` | `string` | Name of the property |
+| `endpoints[].providerSpecific[].value` | `string` | Value of the property |
+| `endpoints[].recordTTL` | `integer` | TTL for the record |
+| `endpoints[].recordType` | `string` | RecordType type of record, e.g. CNAME, A, SRV, TXT, MX |
+| `endpoints[].targets` | `array[string]` | The targets the DNS service points to |

docs/crd/k8s.nginx.org_globalconfigurations.md

@@ -0,0 +1,24 @@
+# GlobalConfiguration
+
+**Group:** `k8s.nginx.org`  
+**Version:** `v1`  
+**Kind:** `GlobalConfiguration`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `GlobalConfiguration` resource defines global settings for the NGINX Ingress Controller. It allows you to configure listeners for different protocols and ports.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `listeners` | `array` | List of configuration values. |
+| `listeners[].ipv4` | `string` | String configuration value. |
+| `listeners[].ipv6` | `string` | String configuration value. |
+| `listeners[].name` | `string` | String configuration value. |
+| `listeners[].port` | `integer` | Numeric configuration value. |
+| `listeners[].protocol` | `string` | String configuration value. |
+| `listeners[].ssl` | `boolean` | Enable or disable this feature. |

docs/crd/k8s.nginx.org_policies.md

@@ -0,0 +1,97 @@
+# Policy
+
+**Group:** `k8s.nginx.org`  
+**Version:** `v1`  
+**Kind:** `Policy`  
+**Scope:** `Namespaced`
+
+## Description
+
+The `Policy` resource defines a security policy for `VirtualServer` and `VirtualServerRoute` resources. It allows you to apply various policies such as access control, authentication, rate limiting, and WAF protection.
+
+## Spec Fields
+
+The `.spec` object supports the following fields:
+
+| Field | Type | Description |
+|---|---|---|
+| `accessControl` | `object` | AccessControl defines an access policy based on the source IP of a request. |
+| `accessControl.allow` | `array[string]` | Configuration field. |
+| `accessControl.deny` | `array[string]` | Configuration field. |
+| `apiKey` | `object` | APIKey defines an API Key policy. |
+| `apiKey.clientSecret` | `string` | String configuration value. |
+| `apiKey.suppliedIn` | `object` | SuppliedIn defines the locations API Key should be supplied in. |
+| `apiKey.suppliedIn.header` | `array[string]` | Configuration field. |
+| `apiKey.suppliedIn.query` | `array[string]` | Configuration field. |
+| `basicAuth` | `object` | BasicAuth holds HTTP Basic authentication configuration |
+| `basicAuth.realm` | `string` | String configuration value. |
+| `basicAuth.secret` | `string` | String configuration value. |
+| `egressMTLS` | `object` | EgressMTLS defines an Egress MTLS policy. |
+| `egressMTLS.ciphers` | `string` | String configuration value. |
+| `egressMTLS.protocols` | `string` | String configuration value. |
+| `egressMTLS.serverName` | `boolean` | Enable or disable this feature. |
+| `egressMTLS.sessionReuse` | `boolean` | Enable or disable this feature. |
+| `egressMTLS.sslName` | `string` | String configuration value. |
+| `egressMTLS.tlsSecret` | `string` | String configuration value. |
+| `egressMTLS.trustedCertSecret` | `string` | String configuration value. |
+| `egressMTLS.verifyDepth` | `integer` | Numeric configuration value. |
+| `egressMTLS.verifyServer` | `boolean` | Enable or disable this feature. |
+| `ingressClassName` | `string` | String configuration value. |
+| `ingressMTLS` | `object` | IngressMTLS defines an Ingress MTLS policy. |
+| `ingressMTLS.clientCertSecret` | `string` | String configuration value. |
+| `ingressMTLS.crlFileName` | `string` | String configuration value. |
+| `ingressMTLS.verifyClient` | `string` | String configuration value. |
+| `ingressMTLS.verifyDepth` | `integer` | Numeric configuration value. |
+| `jwt` | `object` | JWTAuth holds JWT authentication configuration. |
+| `jwt.jwksURI` | `string` | String configuration value. |
+| `jwt.keyCache` | `string` | String configuration value. |
+| `jwt.realm` | `string` | String configuration value. |
+| `jwt.secret` | `string` | String configuration value. |
+| `jwt.token` | `string` | String configuration value. |
+| `oidc` | `object` | OIDC defines an Open ID Connect policy. |
+| `oidc.accessTokenEnable` | `boolean` | Enable or disable this feature. |
+| `oidc.authEndpoint` | `string` | String configuration value. |
+| `oidc.authExtraArgs` | `array[string]` | Configuration field. |
+| `oidc.clientID` | `string` | String configuration value. |
+| `oidc.clientSecret` | `string` | String configuration value. |
+| `oidc.endSessionEndpoint` | `string` | String configuration value. |
+| `oidc.jwksURI` | `string` | String configuration value. |
+| `oidc.pkceEnable` | `boolean` | Enable or disable this feature. |
+| `oidc.postLogoutRedirectURI` | `string` | String configuration value. |
+| `oidc.redirectURI` | `string` | String configuration value. |
+| `oidc.scope` | `string` | String configuration value. |
+| `oidc.tokenEndpoint` | `string` | String configuration value. |
+| `oidc.zoneSyncLeeway` | `integer` | Numeric configuration value. |
+| `rateLimit` | `object` | RateLimit defines a rate limit policy. |
+| `rateLimit.burst` | `integer` | Numeric configuration value. |
+| `rateLimit.condition` | `object` | RateLimitCondition defines a condition for a rate limit policy. |
+| `rateLimit.condition.default` | `boolean` | Sets the rate limit in this policy to be the default if no conditions are met. In a group of policies with the same condition, only one policy can be the default. |
+| `rateLimit.condition.jwt` | `object` | Defines a JWT condition to rate limit against. |
+| `rateLimit.condition.jwt.claim` | `string` | The JWT claim to be rate limit by. Nested claims should be separated by "." |
+| `rateLimit.condition.jwt.match` | `string` | The value of the claim to match against. |
+| `rateLimit.condition.variables` | `array` | Defines a Variables condition to rate limit against. |
+| `rateLimit.condition.variables[].match` | `string` | The value of the variable to match against. |
+| `rateLimit.condition.variables[].name` | `string` | The name of the variable to match against. |
+| `rateLimit.delay` | `integer` | Numeric configuration value. |
+| `rateLimit.dryRun` | `boolean` | Enable or disable this feature. |
+| `rateLimit.key` | `string` | String configuration value. |
+| `rateLimit.logLevel` | `string` | String configuration value. |
+| `rateLimit.noDelay` | `boolean` | Enable or disable this feature. |
+| `rateLimit.rate` | `string` | String configuration value. |
+| `rateLimit.rejectCode` | `integer` | Numeric configuration value. |
+| `rateLimit.scale` | `boolean` | Enable or disable this feature. |
+| `rateLimit.zoneSize` | `string` | String configuration value. |
+| `waf` | `object` | WAF defines an WAF policy. |
+| `waf.apBundle` | `string` | String configuration value. |
+| `waf.apPolicy` | `string` | String configuration value. |
+| `waf.enable` | `boolean` | Enable or disable this feature. |
+| `waf.securityLog` | `object` | SecurityLog defines the security log of a WAF policy. |
+| `waf.securityLog.apLogBundle` | `string` | String configuration value. |
+| `waf.securityLog.apLogConf` | `string` | String configuration value. |
+| `waf.securityLog.enable` | `boolean` | Enable or disable this feature. |
+| `waf.securityLog.logDest` | `string` | String configuration value. |
+| `waf.securityLogs` | `array` | List of configuration values. |
+| `waf.securityLogs[].apLogBundle` | `string` | String configuration value. |
+| `waf.securityLogs[].apLogConf` | `string` | String configuration value. |
+| `waf.securityLogs[].enable` | `boolean` | Enable or disable this feature. |
+| `waf.securityLogs[].logDest` | `string` | String configuration value. |