feat: Migrate NGINX Ingress Controller documentation into repository (#688)

* feat: Add NIC content

* feat: Move NIC files into appropriate folders

* feat: Fix remaining references and configuration

* feat: Add NIC to CODEOWNERS

* Update .github/CODEOWNERS

* Update .github/CODEOWNERS

* feat: Codeowners formatting change

* Update content/nic/installation/integrations/app-protect-waf-v5/compile-waf-policies.md

---------

Co-authored-by: Mike Jang <[email protected]>
Co-authored-by: Jon Torre <[email protected]>

Author: 3 people

.github/CODEOWNERS

@@ -37,6 +37,10 @@ content/includes/nginxaas-azure/* @nginx/n4a-docs-approvers
 content/ngf/*               @nginx/nginx-gateway-fabric
 content/includes/ngf/*      @nginx/nginx-gateway-fabric
 
+# NGINX Ingress Controller
+content/nic/*                   @nginx/kic
+content/includes/nic/*          @nginx/kic
+
 # NGINX Instance Manager
 content/nms/nim/*           @nginx/nim-docs-approvers
 content/nim/*               @nginx/nim-docs-approvers

config/_default/config.toml

@@ -7,18 +7,19 @@ pygmentsUseClasses = true
 enableGitInfo = true
 
 [permalinks]
+  agent = '/nginx-agent/:sections[1:]/:filename'
   amplify = '/nginx-amplify/:sections[1:]/:filename'
   controller = '/nginx-controller/:sections[1:]/:filename'
   mesh = '/nginx-service-mesh/:sections[1:]/:filename'
   modsec-waf = '/nginx-waf/:sections[1:]/:filename'
   nap-dos = '/nginx-app-protect-dos/:sections[1:]/:filename'
   nap-waf = '/nginx-app-protect-waf/:sections[1:]/:filename'
+  nginxaas = '/nginxaas/azure/:sections[1:]/:filename'
   ngf = '/nginx-gateway-fabric/:sections[1:]/:filename'
+  nic = '/nginx-ingress-controller/:sections[1:]/:filename'
   nim = '/nginx-instance-manager/:sections[1:]/:filename'
   nms = '/nginx-management-suite/:sections[1:]/:filename'
   unit = '/nginx-unit/:sections[1:]/:filename'
-  agent = '/nginx-agent/:sections[1:]/:filename'
-  nginxaas = '/nginxaas/azure/:sections[1:]/:filename'
 
 [caches]
   [caches.modules]

content/includes/nic/compatibility-tables/nic-nap.md

@@ -0,0 +1,10 @@
+The following table shows compatibility between NGINX Ingress Controller (NIC) and NGINX App Protect WAF (NAP-WAF) versions:
+
+{{< bootstrap-table "table table-striped table-responsive" >}}
+| NIC Version         | NAP-WAF Version | Config Manager | Enforcer |
+| ------------------- | --------------- | -------------- | -------- |
+| {{< nic-version >}} | 34+5.332        | 5.6.0          | 5.6.0    |
+| 4.0.1               | 33+5.264        | 5.5.0          | 5.5.0    |
+| 3.7.2               | 32+5.1          | 5.3.0          | 5.3.0    |
+| 3.6.2               | 32+5.48         | 5.2.0          | 5.2.0    |
+{{% /bootstrap-table %}}

content/includes/nic/configuration/_index.md

@@ -0,0 +1,8 @@
+---
+title: Configuration
+description:
+weight: 1400
+menu:
+  docs:
+    parent: NGINX Ingress Controller
+---

content/includes/nic/configuration/access-control.md

@@ -0,0 +1,120 @@
+---
+title: Deploy a Policy for access control
+weight: 900
+toc: true
+docs: DOCS-000
+---
+
+This topic describes how to use F5 NGINX Ingress Controller to apply and update a Policy for access control. It demonstrates it using an example application and a [VirtualServer custom resource]({{< ref "/configuration/virtualserver-and-virtualserverroute-resources.md" >}}).
+
+---
+
+## Before you begin
+
+You should have a [working NGINX Ingress Controller]({{< ref "/installation/installing-nic/installation-with-helm.md" >}}) instance.
+
+For ease of use in shell commands, set two shell variables:
+
+1. The public IP address for your NGINX Ingress Controller instance.
+
+```shell
+IC_IP=<ip-address>
+```
+
+2. The HTTP port of the same instance.
+
+```shell
+IC_HTTP_PORT=<port number>
+```
+
+---
+
+## Deploy the example application
+
+Create the file _webapp.yaml_ with the following contents:
+
+{{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/webapp.yaml" >}}
+
+Apply it using `kubectl`:
+
+```shell
+kubectl apply -f webapp.yaml
+```
+
+---
+
+## Deploy a Policy to create a deny rule
+
+Create a file named _access-control-policy-deny.yaml_. The highlighted _deny_ field will be used by the example application, and should be changed to the subnet of your machine.
+
+{{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/access-control-policy-deny.yaml" "hl_lines=7-8" >}}
+
+Apply the policy:
+
+```shell
+kubectl apply -f access-control-policy-deny.yaml
+```
+
+---
+
+## Configure load balancing
+
+Create a file named _virtual-server.yaml_ for the VirtualServer resource. The _policies_ field references the access control Policy created in the previous section.
+
+{{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/virtual-server.yaml" "hl_lines=7-8" >}}
+
+Apply the policy:
+
+```shell
+kubectl apply -f virtual-server.yaml
+```
+
+---
+
+## Test the example application
+
+Use `curl` to attempt to access the application:
+
+```shell
+curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT
+```
+```text
+<html>
+<head><title>403 Forbidden</title></head>
+<body>
+<center><h1>403 Forbidden</h1></center>
+</body>
+</html>
+```
+
+The *403* response is expected, successfully blocking your machine.
+
+---
+
+## Update the Policy to create an allow rule
+
+Update the Policy with the file _access-control-policy-allow.yaml_, setting the _allow_ field to the subnet of your machine.
+
+{{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/access-control-policy-allow.yaml" "hl_lines=7-8" >}}
+
+Apply the Policy:
+
+```shell
+kubectl apply -f access-control-policy-allow.yaml
+```
+
+----
+
+## Verify the Policy update
+
+Attempt to access the application again:
+
+```shell
+curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT
+```
+```text
+Server address: 10.64.0.13:8080
+Server name: webapp-5cbbc7bd78-wf85w
+```
+
+The successful response demonstrates that the policy has been updated.

content/includes/nic/configuration/configuration-examples.md

@@ -0,0 +1,13 @@
+---
+docs: DOCS-584
+doctypes:
+- ''
+title: Configuration examples
+toc: true
+weight: 400
+---
+
+Our [GitHub repo](https://github.com/nginx/kubernetes-ingress) includes a number of configuration examples:
+
+- [*Examples of Custom Resources*](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources) show how to advanced NGINX features by using VirtualServer, VirtualServerRoute, TransportServer and Policy Custom Resources.
+- [*Examples of Ingress Resources*](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources) show how to use advanced NGINX features in Ingress resources with annotations.

content/includes/nic/configuration/global-configuration/_index.md

@@ -0,0 +1,8 @@
+---
+title: Global configuration
+description:
+weight: 100
+menu:
+  docs:
+    parent: NGINX Ingress Controller
+---