Skip to content

Add External Auth Policy to VS/VSR#9519

Merged
pdabelf5 merged 7 commits intomainfrom
feat/external-auth-vs
Apr 22, 2026
Merged

Add External Auth Policy to VS/VSR#9519
pdabelf5 merged 7 commits intomainfrom
feat/external-auth-vs

Conversation

@pdabelf5
Copy link
Copy Markdown
Collaborator

@pdabelf5 pdabelf5 commented Apr 2, 2026
edited by AlexFenlon
Loading

This pull request introduces support for configuring external authentication (ExternalAuth) in NGINX via the Policy custom resource.

Examples:

  • Added a new example in examples/custom-resources/external-auth-oauth2/README.md that demonstrates how to set up and use the ExternalAuth policy with both HTTP Basic Auth and OAuth2 Proxy (GitHub) for different routes in a VirtualServer.
  • Included a sample basic-auth-policy.yaml showing how to configure an ExternalAuth policy for HTTP Basic authentication, using TLS and certificate verification.

These changes make it easier to secure NGINX routes with external authentication providers, supporting both basic and advanced authentication flows.

docs: nginx/documentation#1838

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@pdabelf5 pdabelf5 requested a review from a team as a code owner April 2, 2026 13:58
Copilot AI review requested due to automatic review settings April 2, 2026 13:58
@pdabelf5 pdabelf5 marked this pull request as draft April 2, 2026 13:58
@github-actions github-actions Bot added enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code python Pull requests that update Python code labels Apr 2, 2026
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-advanced-security github-advanced-security AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 2, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 77.89474% with 63 lines in your changes missing coverage. Please review.
✅ Project coverage is 56.09%. Comparing base (4b2e970) to head (a7e7d48).

Files with missing lines Patch % Lines
internal/configs/configurator.go 0.00% 34 Missing ⚠️
internal/k8s/controller.go 35.71% 16 Missing and 2 partials ⚠️
internal/configs/virtualserver.go 95.92% 5 Missing and 4 partials ⚠️
internal/k8s/endpoint_slice.go 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #9519      +/-   ##
==========================================
+ Coverage   55.81%   56.09%   +0.28%     
==========================================
  Files          99       99              
  Lines       20224    25233    +5009     
==========================================
+ Hits        11288    14155    +2867     
- Misses       8303    10440    +2137     
- Partials      633      638       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for configuring External Authentication (ExternalAuth) via the Policy CRD and applying it to VirtualServer/VirtualServerRoute, including NGINX config generation (auth_request + optional signin redirects), validation, controller plumbing for service/endpoint tracking, and accompanying tests/examples/docs.

Changes:

  • Extend the Policy API (types, deepcopy, applyconfig) and CRD/docs to include spec.externalAuth.
  • Generate NGINX config for ExternalAuth (internal auth subrequest locations/upstreams, optional OAuth2 redirect base path, and 401 error_page handling) and propagate endpoint-related warnings to resource status.
  • Add/expand unit and suite test utilities + test data, plus new examples demonstrating basic-auth and oauth2-proxy flows.

Reviewed changes

Copilot reviewed 99 out of 100 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
tests/suite/utils/resources_utils.py Adds an event-printing helper for debugging test runs.
tests/suite/utils/policy_resources_utils.py Adds generic setup/teardown helpers for policy backends (secrets + backend + policies).
tests/suite/utils/external_auth_utils.py New shared helpers/constants for ExternalAuth policy test suites.
tests/suite/utils/custom_assertions.py Updates assert_event_count_increased to return the updated event count.
tests/data/external-auth/spec/virtual-server-policy-tls.yaml VS manifest fixture for TLS ExternalAuth policy attachment.
tests/data/external-auth/spec/virtual-server-policy-tls-multi-2.yaml VS fixture for multiple TLS ExternalAuth policies ordering case.
tests/data/external-auth/spec/virtual-server-policy-tls-multi-1.yaml VS fixture for multiple TLS ExternalAuth policies ordering case.
tests/data/external-auth/spec/virtual-server-policy-single.yaml VS fixture for a single ExternalAuth policy attachment.
tests/data/external-auth/spec/virtual-server-policy-single-invalid-svc.yaml VS fixture referencing a policy pointing at a nonexistent auth service.
tests/data/external-auth/spec/virtual-server-policy-single-invalid-pol.yaml VS fixture referencing an invalid ExternalAuth policy.
tests/data/external-auth/spec/virtual-server-policy-signin.yaml VS fixture exercising authSigninURI.
tests/data/external-auth/spec/virtual-server-policy-multi-2.yaml VS fixture for multiple ExternalAuth policies ordering case.
tests/data/external-auth/spec/virtual-server-policy-multi-1.yaml VS fixture for multiple ExternalAuth policies ordering case.
tests/data/external-auth/spec/virtual-server-policy-custom-port.yaml VS fixture for ExternalAuth custom service port selection.
tests/data/external-auth/spec/virtual-server-policy-cross-ns.yaml VS fixture for cross-namespace policy reference scenarios.
tests/data/external-auth/route-subroute/virtual-server-vsr-tls-spec-override.yaml VS fixture for VSR scenarios with spec-level TLS ExternalAuth policy.
tests/data/external-auth/route-subroute/virtual-server-vsr-tls-route-override.yaml VS fixture for VSR scenarios with route-level TLS ExternalAuth policy.
tests/data/external-auth/route-subroute/virtual-server-vsr-spec-override.yaml VS fixture for VSR scenarios with spec-level ExternalAuth policy.
tests/data/external-auth/route-subroute/virtual-server-vsr-route-override.yaml VS fixture for VSR scenarios with route-level ExternalAuth policy.
tests/data/external-auth/route-subroute/virtual-server-route-valid-subroute.yaml VSR fixture for subroute-level valid ExternalAuth policy.
tests/data/external-auth/route-subroute/virtual-server-route-valid-subroute-multi.yaml VSR fixture for subroute-level multi-policy ExternalAuth coverage.
tests/data/external-auth/route-subroute/virtual-server-route-tls-subroute.yaml VSR fixture for TLS ExternalAuth at subroute level.
tests/data/external-auth/route-subroute/virtual-server-route-tls-multi-subroute.yaml VSR fixture for multiple TLS ExternalAuth policies at subroute level.
tests/data/external-auth/route-subroute/virtual-server-route-override-subroute.yaml VSR fixture testing subroute overrides with multiple policies.
tests/data/external-auth/route-subroute/virtual-server-route-invalid-svc-subroute.yaml VSR fixture for invalid auth service reference at subroute level.
tests/data/external-auth/route-subroute/virtual-server-route-invalid-subroute.yaml VSR fixture for invalid ExternalAuth policy at subroute level.
tests/data/external-auth/policies/external-auth-policy-valid.yaml Valid ExternalAuth policy fixture.
tests/data/external-auth/policies/external-auth-policy-valid-multi.yaml Second valid ExternalAuth policy fixture for multi-policy tests.
tests/data/external-auth/policies/external-auth-policy-tls-wrong-ca-type.yaml TLS ExternalAuth policy fixture with wrong CA secret type.
tests/data/external-auth/policies/external-auth-policy-tls-verify-no-ssl.yaml TLS ExternalAuth policy fixture with verify enabled but SSL disabled.
tests/data/external-auth/policies/external-auth-policy-tls-signin.yaml TLS ExternalAuth policy fixture with signin redirect.
tests/data/external-auth/policies/external-auth-policy-tls-nonexistent-ca.yaml TLS ExternalAuth policy fixture referencing nonexistent CA secret.
tests/data/external-auth/policies/external-auth-policy-tls-no-trusted-cert.yaml TLS ExternalAuth policy fixture omitting trusted cert with verification.
tests/data/external-auth/policies/external-auth-policy-tls-full.yaml TLS ExternalAuth policy fixture with full verification settings.
tests/data/external-auth/policies/external-auth-policy-tls-full-multi.yaml TLS ExternalAuth policy fixture for multi-policy tests.
tests/data/external-auth/policies/external-auth-policy-tls-disabled.yaml TLS ExternalAuth policy fixture with SSL disabled.
tests/data/external-auth/policies/external-auth-policy-tls-default-sni.yaml TLS ExternalAuth policy fixture relying on derived/default SNI behavior.
tests/data/external-auth/policies/external-auth-policy-tls-custom-port.yaml TLS ExternalAuth policy fixture specifying custom auth service port.
tests/data/external-auth/policies/external-auth-policy-tls-cross-ns-ca.yaml TLS ExternalAuth policy fixture using cross-namespace CA secret reference.
tests/data/external-auth/policies/external-auth-policy-tls-basic.yaml TLS ExternalAuth policy fixture enabling SSL without full verification.
tests/data/external-auth/policies/external-auth-policy-tls-bad-sni.yaml TLS ExternalAuth policy fixture with intentionally wrong SNI.
tests/data/external-auth/policies/external-auth-policy-signin.yaml ExternalAuth policy fixture with signin redirect (HTTP).
tests/data/external-auth/policies/external-auth-policy-invalid.yaml Invalid ExternalAuth policy fixture (invalid authURI).
tests/data/external-auth/policies/external-auth-policy-invalid-svc.yaml ExternalAuth policy fixture referencing nonexistent auth service.
tests/data/external-auth/policies/external-auth-policy-custom-port.yaml ExternalAuth policy fixture specifying custom auth service port.
tests/data/external-auth/policies/external-auth-policy-cross-ns.yaml ExternalAuth policy fixture using cross-namespace auth service reference.
tests/data/external-auth/invalid-credentials.txt Fixture for invalid basic-auth credentials.
tests/data/external-auth/credentials.txt Fixture for valid basic-auth credentials.
tests/data/external-auth/backend/wrong-type-ca-secret.yaml Fixture secret with wrong type used by TLS validation tests.
tests/data/external-auth/backend/external-auth-backend.yaml HTTP auth backend deployment/service fixture for suite tests.
tests/data/external-auth/backend/external-auth-backend-tls.yaml TLS auth backend deployment/service fixture for suite tests.
pyproject.toml Adds pytest markers for ExternalAuth policy test categorization.
pkg/client/applyconfiguration/utils.go Wires ExternalAuth kind into applyconfiguration factory.
pkg/client/applyconfiguration/configuration/v1/policyspec.go Adds ExternalAuth field + WithExternalAuth builder to PolicySpec applyconfig.
pkg/client/applyconfiguration/configuration/v1/externalauth.go New generated applyconfiguration type/builders for ExternalAuth.
pkg/apis/configuration/validation/policy.go Adds ExternalAuth validation + enforces policy “exactly one of” includes externalAuth.
pkg/apis/configuration/validation/common.go Refactors secret name validation helper (adds validateK8SName wrapper).
pkg/apis/configuration/v1/zz_generated.deepcopy.go Adds deepcopy support for ExternalAuth and PolicySpec.ExternalAuth.
pkg/apis/configuration/v1/types.go Adds ExternalAuth type and PolicySpec.ExternalAuth API surface.
internal/k8s/service.go Ensures merged extended-resource warnings are reflected in status/events updates.
internal/k8s/reference_checkers.go Extends service reference checking to include ExternalAuth services referenced via policies.
internal/k8s/reference_checkers_test.go Updates constructor signature usage and adds ExternalAuth reference checker coverage.
internal/k8s/policy.go Tracks ExternalAuth auth service refs per policy and marks ExternalAuth supported on Ingress.
internal/k8s/endpoint_slice.go Propagates configurator warnings on EndpointSlice updates for VS/VSR resources.
internal/k8s/controller.go Generates ExternalAuth endpoints for VS/VSR, tracks trusted cert secrets, and passes snippet enablement into validation config.
internal/k8s/controller_test.go Adds unit tests for ExternalAuth endpoint generation and updates policy validation error strings.
internal/k8s/configuration.go Initializes and exposes policy auth-service reference tracking in Configuration.
internal/configs/virtualserver.go Adds endpoint-warning behavior and generates ExternalAuth locations/upstreams + template wiring.
internal/configs/version2/nginx.virtualserver.tmpl Adds auth_request + error_page emission and TLS proxy directives for ExternalAuth; minor formatting adjustments.
internal/configs/version2/nginx-plus.virtualserver.tmpl Same as OSS template changes for NGINX Plus template variant.
internal/configs/version2/http.go Extends Server/Location model to carry ExternalAuth and related config bits into templates.
internal/configs/version2/snapshots/templates_test.snap Updates template snapshots reflecting formatting and new directives.
internal/configs/policy.go Adds ExternalAuth policy parsing/generation into policiesCfg, including TLS verification handling.
internal/configs/policy_test.go Adds/updates tests for ExternalAuth policy generation and modernizes comparisons using cmp.
internal/configs/configurator.go Returns warnings from VS endpoint updates so status can recover from Warning → Valid.
hack/secrets.json Adds secret generation definitions and symlinks for ExternalAuth example/test assets.
examples/custom-resources/external-auth/README.md New end-to-end example for basic-auth-backed ExternalAuth policy on VirtualServer.
examples/custom-resources/external-auth/cafe.yaml Example cafe app manifests for the ExternalAuth basic-auth example.
examples/custom-resources/external-auth/cafe-virtual-server.yaml Example VS applying ExternalAuth policy at spec level.
examples/custom-resources/external-auth/basic-auth.yaml Example basic-auth backend (NGINX) manifests.
examples/custom-resources/external-auth/basic-auth-policy.yaml Example ExternalAuth Policy for the basic-auth backend.
examples/custom-resources/external-auth-oauth2/README.md New advanced example combining basic-auth and oauth2-proxy with per-route policies.
examples/custom-resources/external-auth-oauth2/oauth2-proxy.yaml Example oauth2-proxy deployment/service/config.
examples/custom-resources/external-auth-oauth2/oauth2-proxy-client-secret.yaml Example secret manifest template for oauth2-proxy GitHub client secret.
examples/custom-resources/external-auth-oauth2/oauth2-policy.yaml Example ExternalAuth Policy for oauth2-proxy (TLS verify).
examples/custom-resources/external-auth-oauth2/cafe.yaml Example cafe app manifests for the oauth2 example.
examples/custom-resources/external-auth-oauth2/cafe-virtual-server.yaml Example VS with per-route ExternalAuth policies.
examples/custom-resources/external-auth-oauth2/basic-auth.yaml Example basic-auth backend manifests (oauth2 example).
examples/custom-resources/external-auth-oauth2/basic-auth-policy.yaml Example ExternalAuth Policy for basic-auth backend (TLS verify).
docs/crd/k8s.nginx.org_policies.md Documents the new spec.externalAuth fields.
deploy/crds.yaml Adds ExternalAuth schema to the deployed CRD bundle.
config/crd/bases/k8s.nginx.org_policies.yaml Adds ExternalAuth schema to the kustomize CRD base.
charts/tests/snapshots/helmunit_test.snap Updates Helm unit snapshots (indirect changes from chart outputs).
.gitignore Ignores generated ExternalAuth-related secrets/symlinks.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pkg/apis/configuration/validation/policy.go Outdated
Comment thread internal/k8s/controller.go
Comment thread internal/k8s/controller.go
Comment thread internal/k8s/reference_checkers.go
Comment thread internal/configs/virtualserver.go Outdated
Comment thread pkg/apis/configuration/validation/common.go
Comment thread internal/k8s/controller.go Outdated
@AlexFenlon AlexFenlon linked an issue Apr 2, 2026 that may be closed by this pull request
Add support for external authentication #9155
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 2, 2026
edited
Loading

Package Report

Details gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx, 1.29.8-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-module-njs, 1.29.8+0.9.6-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-module-otel, 1.29.8+0.1.2-1~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-agent, 3.9.0~trixie, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx, 1.29.8-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-module-njs, 1.29.8+0.9.6-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-module-otel, 1.29.8+0.1.2-1~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-agent, 3.9.0~trixie, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-agent, 3.9.0~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus, 36-4~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-njs, 36+0.9.6-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-otel, 36+0.1.2-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-fips-check, 36+0.1-1~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-agent, 3.9.0~bookworm, arm64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-appprotect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect-attack-signatures, 2026.04.15-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect-threat-campaigns, 2026.04.14-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-agent, 2.46.1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-appprotect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect-module-plus, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect-plugin, 6.28.0-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-agent, 2.46.1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-appprotectdos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect-dos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus, 36-4~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-njs, 36+0.9.6-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-otel, 36+0.1.2-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-fips-check, 36+0.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-appprotect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect, 36+5.607.1-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect-attack-signatures, 2026.04.15-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect-threat-campaigns, 2026.04.14-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-plus-module-appprotectdos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, app-protect-dos, 36+4.8.3-1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de, nginx-agent, 2.46.1~bookworm, amd64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx, 1.29.8-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-module-njs, 1.29.8.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-module-otel, 1.29.8.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-agent, 3.9.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx, 1.29.8-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-module-njs, 1.29.8.0.9.6-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-module-otel, 1.29.8.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-agent, 3.9.0, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-plus, 36-r4, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-plus-module-njs, 36.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-agent, 3.9.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-plus, 36-r4, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-plus-module-njs, 36.0.9.6-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-plus-module-otel, 36.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-plus-module-fips-check, 36.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine, nginx-agent, 3.9.0, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus, 36-r4, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-njs, 36.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-agent, 3.9.0, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus, 36-r4, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-njs, 36.0.9.6-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-agent, 3.9.0, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus, 36-r4, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-njs, 36.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-agent, 2.46.1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-appprotect, 36.5.607.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, app-protect, 36.5.607.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, app-protect-attack-signatures, 2026.04.15-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, app-protect-threat-campaigns, 2026.04.14-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus, 36-r4, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-njs, 36.0.9.6-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-otel, 36.0.1.2-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-fips-check, 36.0.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-agent, 2.46.1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, nginx-plus-module-appprotect, 36.5.607.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, app-protect-module-plus, 36.5.607.1-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-alpine-fips, app-protect-plugin, 6.28.0-r1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx, 1.29.8-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-module-njs, 1.29.8+0.9.7-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-module-otel, 1.29.8+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-agent, 3.9.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx, 1.29.8-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-module-njs, 1.29.8+0.9.7-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-module-otel, 1.29.8+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-agent, 3.9.0-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-agent, 3.9.0-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus, 36-4.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-agent, 3.9.0-1, aarch64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-appprotect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect-attack-signatures, 2026.04.15-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect-threat-campaigns, 2026.04.14-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-appprotect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect-module-plus, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect-plugin, 6.28.0-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus, 36-4.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus-module-njs, 36+0.9.6-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus-module-otel, 36+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus-module-fips-check, 36+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus-module-appprotect, 36+5.607.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, app-protect, 36+5.607.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, app-protect-attack-signatures, 2026.04.15-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, app-protect-threat-campaigns, 2026.04.14-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus, 36-4.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus-module-njs, 36+0.9.6-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus-module-otel, 36+0.1.2-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus-module-fips-check, 36+0.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, nginx-plus-module-appprotect, 36+5.607.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, app-protect-module-plus, 36+5.607.1-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi8, app-protect-plugin, 6.28.0-1.el8.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-appprotectdos, 36+4.8.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect-dos, 36+4.8.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus, 36-4.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-njs, 36+0.9.6-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-otel, 36+0.1.2-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-fips-check, 36+0.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-appprotect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-plus-module-appprotectdos, 36+4.8.3-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, nginx-agent, 2.46.1-1, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect, 36+5.607.1-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect-attack-signatures, 2026.04.15-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect-threat-campaigns, 2026.04.14-1.el9.ngx, x86_64
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress:t-e8d5074898e8d8188fb4bb5ac91dc8de-ubi, app-protect-dos, 36+4.8.3-1.el9.ngx, x86_64

@AlexFenlon AlexFenlon marked this pull request as ready for review April 7, 2026 14:44
haywoodsh
haywoodsh reviewed Apr 8, 2026
View reviewed changes
Comment thread tests/suite/test_external_auth_policies_vs.py
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 9, 2026
View reviewed changes
Comment thread tests/suite/utils/policy_resources_utils.py Fixed
Comment thread tests/suite/utils/policy_resources_utils.py Fixed
vepatel
vepatel previously approved these changes Apr 15, 2026
View reviewed changes
haywoodsh
haywoodsh reviewed Apr 16, 2026
View reviewed changes
Comment thread internal/configs/virtualserver.go Outdated
Comment thread pkg/apis/configuration/validation/policy.go Outdated
Comment thread pkg/apis/configuration/v1/types.go
Comment thread pkg/apis/configuration/validation/policy.go Outdated
@AlexFenlon AlexFenlon mentioned this pull request Apr 16, 2026
Open
AlexFenlon added a commit that referenced this pull request Apr 17, 2026
@AlexFenlon
bring updated functionality from PR #9519
620633f
vepatel
vepatel previously approved these changes Apr 17, 2026
View reviewed changes
vepatel
vepatel previously approved these changes Apr 20, 2026
View reviewed changes
haywoodsh
haywoodsh previously approved these changes Apr 20, 2026
View reviewed changes
pull Bot pushed a commit to Stars1233/kubernetes-ingress that referenced this pull request Apr 21, 2026
@AlexFenlon @pdabelf5 @github-advanced-security
Add External Auth Policy to Ingress (nginx#9521)
a500f2d 
* Add External Auth Policy to VS & Ingress

* Fixup missing policy warning

* Update External Auth Examples

* Add external auth TLS to e2e tests for VS/VSR, refactor some tests to make it work for future Ingress tests too.

* Add e2e ingress external auth tests

* Refactor proxy_set_header handling in NGINX templates and validation

- Updated NGINX ingress templates to wrap header values in quotes for consistency.
- Removed the generateProxySetHeaders function and replaced its usage with direct header setting in templates.
- Simplified header validation logic in validation.go to improve readability and maintainability.
- Added comprehensive tests for proxy set header validation to ensure proper error handling for various cases.
- Enhanced existing tests to reflect changes in header formatting and validation.

* Clean up endpointslice logic

* Missing Policies on Ingress will return 500

* Clean up secrets and duplicated PoliciesErrorReturn

* use ownerdetails.parentType for location prefix

* Prevent squashing oauth2 headers on minions

* revert SyncPolicy changes

* Add unit tests for generateExternalAuthLocation, generateExternalAuthOAuth2Location, getServerErrorPages

* Refactor external auth handling and improve warning propagation for missing endpoints

* Fix tests

* revert back vsr e2e test

* Made flaky less flaky

* Add logging to events

* Refactor TestVirtualServerRouteSelector for consistency

* update TestVirtualServerRouteSelector to use get_events_for_object

* fix import

* match main for annotations.py

* Add External Auth to Ingress

* Add return to assert_event_count_increased

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: AlexFenlon <a.fenlon@f5.com>

* Enhance External Auth SSL Configuration and Validation

* Address all copilot comments

* fix codegen

* Remove all VS references in Ext Auth and Updated README.md to match other examples better

* update readme

* fix flaky test

* revert back isMasterInternalLocation

* Fix extra events happening when external auth is not used.

* Improve resilience of external auth tests by implementing polling for backend response

* Split Ext Auth policies in pipeline

* fix plus external auth

* fix auth snippets for ingress

* Split E2E tests into 2, clean up fixtures based off feedback.

* fix assertion when policy is already deleted.

* Address Comments
- Simplified test cases in  by removing redundant code and utilizing the new header building function.
- Updated the  fixture to be more flexible with parameters, allowing for easier configuration of test scenarios.

* bring updated functionality from PR nginx#9519

* fix lint

Signed-off-by: AlexFenlon <a.fenlon@f5.com>

* fix lint

Signed-off-by: AlexFenlon <a.fenlon@f5.com>

* fix lint

---------

Signed-off-by: AlexFenlon <a.fenlon@f5.com>
Co-authored-by: Paul Abel <p.abel@f5.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@pdabelf5 pdabelf5 force-pushed the feat/external-auth-vs branch from 36e27cd to 2c477b6 Compare April 22, 2026 11:10
@pdabelf5 pdabelf5 requested review from haywoodsh and vepatel April 22, 2026 11:15
vepatel
vepatel previously approved these changes Apr 22, 2026
View reviewed changes
@pdabelf5 pdabelf5 enabled auto-merge April 22, 2026 15:26
@pdabelf5 pdabelf5 disabled auto-merge April 22, 2026 15:26
@pdabelf5 pdabelf5 added this pull request to the merge queue Apr 22, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Apr 22, 2026
@pdabelf5 pdabelf5 added this pull request to the merge queue Apr 22, 2026
Merged via the queue into main with commit 23ef691 Apr 22, 2026
184 of 186 checks passed
@pdabelf5 pdabelf5 deleted the feat/external-auth-vs branch April 22, 2026 22:59
@github-project-automation github-project-automation Bot moved this from Todo ☑ to Done 🚀 in NGINX Ingress Controller Apr 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlexFenlon AlexFenlon AlexFenlon left review comments

Copilot code review Copilot Copilot left review comments

@haywoodsh haywoodsh haywoodsh approved these changes

@vepatel vepatel vepatel approved these changes

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement Pull requests for new features/feature enhancements go Pull requests that update Go code python Pull requests that update Python code

Projects

NGINX Ingress Controller
Status: Done 🚀

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for external authentication

6 participants

@pdabelf5 @haywoodsh @github-advanced-security @vepatel @AlexFenlon