Closed Wonderingkaho closed 2 years ago
Hi @Wonderingkaho thanks for reporting!
Be sure to check out the docs while you wait for a human to take a look at this :slightly_smiling_face:
Cheers!
Hi @Wonderingkaho
did you enable App Protect in the command arguments? https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#-enable-app-protect
Hi @lucacome Yeah, I had install Ingress nginx-plus with Helm Chart and already enable App Protect with this values.yaml:
controller:
## The name of the Ingress controller daemonset or deployment.
## Autogenerated if not set or set to "".
name: nginx-plus-ingress
## The kind of the Ingress controller installation - deployment or daemonset.
kind: daemonset
## Deploys the Ingress controller for NGINX Plus.
nginxplus: true
# Timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start.
nginxReloadTimeout: 60000
## Support for App Protect
appprotect:
## Enable the App Protect module in the Ingress Controller.
enable: true
## Enables the Ingress controller pods to use the host's network namespace.
hostNetwork: true
## Enables debugging for NGINX. Uses the nginx-debug binary. Requires error-log-level: debug in the ConfigMap via `controller.config.entries`.
nginxDebug: false
## The log level of the Ingress Controller.
logLevel: 3
## A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports.
customPorts: []
image:
## The image repository of the Ingress controller.
repository: kaho801/xxx-nginx-plus
## The tag of the Ingress controller image.
tag: "2.0.2-SNAPSHOT-bb8ec62"
## The pull policy for the Ingress controller image.
pullPolicy: IfNotPresent
config:
## The name of the ConfigMap used by the Ingress controller.
## Autogenerated if not set or set to "".
# name: nginx-config
## The annotations of the Ingress Controller configmap.
annotations: {}
## The entries of the ConfigMap for customizing NGINX configuration.
entries: {}
.........................
## Enable the custom resources.
enableCustomResources: true
Without App Protect, Ingress nginx-plus pods can run normally with access nginx-plus dashboard:
Based on this line in your log:
Failed to start AppProtect Agent: fork/exec /opt/app_protect/bin/bd_agent: no such file or directory
Did you pull a pre-built image that has NAP WAF already installed? Or did you build the image yourself using a Dockerfile we provided?
bd_agent
is one of the components of the AppProtect module and does no appear to be present.
Hi @Wonderingkaho
Sorry, I missed that you were using helm in your first message.
The error you're seeing usually means that you have App Protect enabled with an image that doesn't have it installed, can you double-check that you built/pulled the right Docker image?
You can do something like this with your current image to get the info
docker inspect --format '{{ json .Config.Labels }}' <docker image> | jq
THX @brianehlert @lucacome
I know where the problem is....
I used following commands to build the image:
make debian-image-plus PREFIX=myregistry.example.com/nginx-plus-ingress TARGET=container
instead of:
make debian-image-nap-plus PREFIX=myregistry.example.com/nginx-plus-ingress TARGET=container
thx a lot :D
Describe the bug I'm having an issue trying to enable appprotect.
To Reproduce
Expected behavior
Your environment
Additional context
F1018 04:18:01.669166 1 manager.go:469] Failed to start AppProtect Agent: fork/exec /opt/app_protect/bin/bd_agent: no such file or directory