fix: Run exec commands only on container that is nginx-ingress #216
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR fixes an issue where exec commands were being run against all containers in NGINX Ingress Controller pods, causing errors when executed in non-nginx-ingress containers like waf-enforcer and waf-config-mgr. The fix adds a container name check to ensure commands only run against the nginx-ingress container.
- Added container name filtering to restrict exec commands to the
nginx-ingresscontainer only - Fixed missing closing braces in the control flow structure
- Applied the fix consistently across all four job definitions in the NIC job list
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
There was a problem hiding this comment.
All good. I am getting a permission denied for the job that outputs the content of /etc/nginx-agent/nginx-agent.cat, but there is little we can do. In scenarios where the instance is connected, we will be able to capture the configuration from the corresponding ConfigMap containing the agent config.
Proposed changes
This PR addresses GitHub Issue 213.
When a customer deploys an NGINX Ingress Controller (NIC) pod with NGINX App-Protect (NAP) the exec commands such as
nginx -Tand./nginx-ingressversion throw an error when run in containers that are notnginx-ingresssuch aswaf-enforcerandwaf-config-mgr.This PR fixes it by running the exec commands against the target container instead of all containers in the pod.
This fix only addresses the scenario for NGINX Ingress Controller (NIC), other products to follow in later PRs with further testing.
Checklist
Before creating a PR, run through this checklist and mark each as complete.