Merge pull request #1936 from nginxinc/DOCOPS-122b

fix: DOCOPS-122 fix broken links in KIC and KIC-407 remove old TOCs
nginxinc · Sep 7, 2021 · acb616c · acb616c
2 parents 1c8e5f1 + 856cded
commit acb616c
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 121 deletions.
diff --git a/docs/content/app-protect/configuration.md b/docs/content/app-protect/configuration.md
@@ -36,7 +36,7 @@ To add any [App Protect policy](/nginx-app-protect/policy/#policy) to an Ingress
 
    > **Note**: The relationship between the Policy JSON and the resource spec is 1:1. If you're defining your resources in YAML, as we do in our examples, you'll need to represent the policy as YAML. The fields must match those in the source JSON exactly in name and level.
 
-  For example, say you want to use the [DataGuard policy](/nginx-app-protect/policy/#data-guard) shown below:
+  For example, say you want to use the [DataGuard policy](/nginx-app-protect/policy/#policy/data-guard) shown below:
 
   ```json
   {

diff --git a/docs/content/app-protect/installation.md b/docs/content/app-protect/installation.md
@@ -62,12 +62,12 @@ Take the steps below to create the Docker image that you'll use to deploy NGINX
 
 Take the steps below to set up and deploy the NGINX Ingress Controller and App Protect module in your Kubernetes cluster.
 
-1. [Configure role-based access control (RBAC)](/nginx-ingress-controller/installation/installation-with-manifests/#configure-rbac).
+1. [Configure role-based access control (RBAC)](/nginx-ingress-controller/installation/installation-with-manifests/#1-configure-rbac).
 
     > **Important**: You must have an admin role to configure RBAC in your Kubernetes cluster.
 
-2. [Create the common Kubernetes resources](/nginx-ingress-controller/installation/installation-with-manifests/#create-common-resources).
+2. [Create the common Kubernetes resources](/nginx-ingress-controller/installation/installation-with-manifests/#2-create-common-resources).
 3. Enable the App Protect module by adding the `enable-app-protect` [cli argument](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/#cmdoption-enable-app-protect) to your Deployment or DaemonSet file.
-4. [Deploy the Ingress Controller](/nginx-ingress-controller/installation/installation-with-manifests/#deploy-the-ingress-controller).
+4. [Deploy the Ingress Controller](/nginx-ingress-controller/installation/installation-with-manifests/#3-deploy-the-ingress-controller).
 
 For more information, see the [Configuration guide](/nginx-ingress-controller/app-protect/configuration) and the [NGINX Ingress Controller with App Protect examples on GitHub](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect).
diff --git a/...tent/configuration/ingress-resources/advanced-configuration-with-annotations.md b/...tent/configuration/ingress-resources/advanced-configuration-with-annotations.md
@@ -195,7 +195,7 @@ The table below summarizes the available annotations.
 | ---| ---| ---| ---| --- | 
 |``appprotect.f5.com/app-protect-policy`` | N/A | The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable`` is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
 |``appprotect.f5.com/app-protect-enable`` | N/A | Enable App Protect for the Ingress Resource. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
-|``appprotect.f5.com/app-protect-security-log-enable`` | N/A | Enable the [security log](/nginx-app-protect/troubleshooting/#app-protect-security-log) for App Protect. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
+|``appprotect.f5.com/app-protect-security-log-enable`` | N/A | Enable the [security log](/nginx-app-protect/troubleshooting/#app-protect-logging-overview) for App Protect. | ``False`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
 |``appprotect.f5.com/app-protect-security-log`` | N/A | The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the  default is used which is:  filter: ``illegal``, format: ``default``. Multiple configurations can be specified in a comma seperated list. Both log configurations and destinations list (see below) must be of equal length. Configs and destinations are paired by the list indices. | N/A | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
-|``appprotect.f5.com/app-protect-security-log-destination`` | N/A | The destination of the security log. For more information check the [DESTINATION argument](/nginx-app-protect/troubleshooting/#app-protect-security-log). Multiple destinations can be specified in a coma seperated list.  Both log configurations and destinations list (see above) must be of equal length. Configs and destinations are paired by the list indices. | ``syslog:server=localhost:514`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
+|``appprotect.f5.com/app-protect-security-log-destination`` | N/A | The destination of the security log. For more information check the [DESTINATION argument](/nginx-app-protect/troubleshooting/#app-protect-logging-overview). Multiple destinations can be specified in a coma separated list.  Both log configurations and destinations list (see above) must be of equal length. Configs and destinations are paired by the list indices. | ``syslog:server=localhost:514`` | [Example for App Protect](https://github.com/nginxinc/kubernetes-ingress/tree/v1.12.0/examples/appprotect). | 
 {{% /table %}} 
diff --git a/docs/content/configuration/ingress-resources/basic-configuration.md b/docs/content/configuration/ingress-resources/basic-configuration.md
@@ -87,13 +87,13 @@ Starting from Kubernetes 1.18, you can use the following new features:
       - host: cafe.example.com
     . . .
   ```
-  When using this filed you need to create the `IngressClass` resource with the corresponding `name`. See Step 3 *Create an IngressClass resource* of the [Create Common Resources](/nginx-ingress-controller/installation/installation-with-manifests/#create-common-resources) section.
+  When using this filed you need to create the `IngressClass` resource with the corresponding `name`. See Step 3 *Create an IngressClass resource* of the [Create Common Resources](/nginx-ingress-controller/installation/installation-with-manifests/#2-create-common-resources) section.
 
 ## Restrictions
 
 The NGINX Ingress Controller imposes the following restrictions on Ingress resources:
 * When defining an Ingress resource, the `host` field is required.
-* The `host` value needs to be unique among all Ingress and VirtualServer resources unless the Ingress resource is a [mergeable minion](/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration/). See also [Handling Host Collisions](/nginx-ingress-controller/configuration/handling-host-collisions).
+* The `host` value needs to be unique among all Ingress and VirtualServer resources unless the Ingress resource is a [mergeable minion](/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration/). See also [Handling Host and Listener Collisions](/nginx-ingress-controller/configuration/handling-host-and-listener-collisions).
 
 ## Advanced Configuration
 

diff --git a/docs/content/configuration/policy-resource.md b/docs/content/configuration/policy-resource.md
@@ -14,35 +14,6 @@ The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/co
 
 This document is the reference documentation for the Policy resource. An example of a Policy for access control is available in our [GitHub repo](https://github.com/nginxinc/kubernetes-ingress/blob/v1.12.0/examples-of-custom-resources/access-control).
 
-## Contents
-
-- [Policy Resource](#policy-resource)
-  - [Contents](#contents)
-  - [Prerequisites](#prerequisites)
-  - [Policy Specification](#policy-specification)
-    - [AccessControl](#accesscontrol)
-      - [AccessControl Merging Behavior](#accesscontrol-merging-behavior)
-    - [RateLimit](#ratelimit)
-      - [RateLimit Merging Behavior](#ratelimit-merging-behavior)
-    - [JWT](#jwt)
-      - [JWT Merging Behavior](#jwt-merging-behavior)
-    - [IngressMTLS](#ingressmtls)
-      - [IngressMTLS Merging Behavior](#ingressmtls-merging-behavior)
-    - [EgressMTLS](#egressmtls)
-      - [EgressMTLS Merging Behavior](#egressmtls-merging-behavior)
-    - [OIDC](#oidc)
-      - [Prerequisites](#prerequisites-1)
-      - [Limitations](#limitations)
-      - [OIDC Merging Behavior](#oidc-merging-behavior)
-  - [Using Policy](#using-policy)
-    - [WAF](#waf)
-      - [WAF Merging Behavior](#waf-merging-behavior)
-    - [Applying Policies](#applying-policies)
-    - [Invalid Policies](#invalid-policies)
-    - [Validation](#validation)
-      - [Structural Validation](#structural-validation)
-      - [Comprehensive Validation](#comprehensive-validation)
-
 ## Prerequisites
 
 Policies work together with [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/), which you need to create separately.
@@ -189,7 +160,7 @@ action:
       - name: alg
         value: ${jwt_header_alg}
 ```
-We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#action-proxy) to set the values of two headers that NGINX will pass to the upstream servers.
+We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#actionproxy) to set the values of two headers that NGINX will pass to the upstream servers.
 
 The value of the `${jwt_claim_user}` variable is the `user` claim of a JWT. For other claims, use `${jwt_claim_name}`, where `name` is the name of the claim. Note that nested claims and claims that include a period (`.`) are not supported. Similarly, use `${jwt_header_name}` where `name` is the name of a header. In our example, we use the `alg` header.
 
@@ -229,8 +200,8 @@ ingressMTLS:
 ```
 
 A VirtualServer that references an IngressMTLS policy must:
-* Enable [TLS termination](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserver-tls).
-* Reference the policy in the VirtualServer [`spec`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserver-specification). It is not allowed to reference an IngressMTLS policy in a [`route `](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserver-route) or in a VirtualServerRoute [`subroute`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroute-subroute).
+* Enable [TLS termination](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualservertls).
+* Reference the policy in the VirtualServer [`spec`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserver-specification). It is not allowed to reference an IngressMTLS policy in a [`route `](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroute) or in a VirtualServerRoute [`subroute`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroutesubroute).
 
 If the conditions above are not met, NGINX will send the `500` status code to clients.
 
@@ -246,7 +217,7 @@ action:
       - name: client-cert
         value: ${ssl_client_escaped_cert} # client certificate in the PEM format (urlencoded)
 ```
-We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#action-proxy) to set the values of the two headers that NGINX will pass to the upstream servers. See the [list of embedded variables](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables) that are supported by the `ngx_http_ssl_module`, which you can use to pass the client certificate details.
+We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#actionproxy) to set the values of the two headers that NGINX will pass to the upstream servers. See the [list of embedded variables](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables) that are supported by the `ngx_http_ssl_module`, which you can use to pass the client certificate details.
 
 > Note: The feature is implemented using the NGINX [ngx_http_ssl_module](https://nginx.org/en/docs/http/ngx_http_ssl_module.html).
 
@@ -408,7 +379,7 @@ waf:
 |Field | Description | Type | Required | 
 | ---| ---| ---| --- | 
 |``enable`` | Enables NGINX App Protect. | ``bool`` | Yes | 
-|``apPolicy`` | The [App Protect policy](/nginx-ingress-controller/app-protect/configuration/#app-protect-policies/) of the WAF. Accepts an optional namespace. | ``string`` | No | 
+|``apPolicy`` | The [App Protect policy](/nginx-ingress-controller/app-protect/configuration/#app-protect-policies) of the WAF. Accepts an optional namespace. | ``string`` | No | 
 |``securityLog.enable`` | Enables security log. | ``bool`` | No | 
 |``securityLog.apLogConf`` | The [App Protect log conf](/nginx-ingress-controller/app-protect/configuration/#app-protect-logs) resource. Accepts an optional namespace. | ``string`` | No | 
 |``securityLog.logDest`` | The log destination for the security log. Accepted variables are ``syslog:server=<ip-address &#124; localhost>:<port>``, ``stderr``, ``<absolute path to file>``. Default is ``"syslog:server=127.0.0.1:514"``. | ``string`` | No | 

diff --git a/docs/content/configuration/transportserver-resource.md b/docs/content/configuration/transportserver-resource.md
@@ -13,27 +13,6 @@ This document is the reference documentation for the TransportServer resource. T
 
 > **Feature Status**: The TransportServer resource is available as a preview feature: it is suitable for experimenting and testing; however, it must be used with caution in production environments. Additionally, while the feature is in preview, we might introduce some backward-incompatible changes to the resource specification in the next releases.
 
-## Contents
-
-- [TransportServer Resource](#transportserver-resource)
-  - [Contents](#contents)
-  - [Prerequisites](#prerequisites)
-  - [TransportServer Specification](#transportserver-specification)
-    - [Listener](#listener)
-    - [Upstream](#upstream)
-      - [Upstream.Healthcheck](#upstream-healthcheck)
-      - [Upstream.Healthcheck.Match](#upstream-healthcheck-match)
-    - [UpstreamParameters](#upstreamparameters)
-    - [SessionParameters](#sessionparameters)
-    - [Action](#action)
-  - [Using TransportServer](#using-transportserver)
-    - [Usings Snippets](#using-snippets)
-    - [Validation](#validation)
-      - [Structural Validation](#structural-validation)
-      - [Comprehensive Validation](#comprehensive-validation)
-  - [Customization via ConfigMap](#customization-via-configmap)
-  - [Limitations](#limitations)
-
 ## Prerequisites
 
 * For TCP and UDP, the TransportServer resource must be used in conjunction with the [GlobalConfiguration resource](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource), which must be created separately.
@@ -154,7 +133,7 @@ loadBalancingMethod: least_conn
 |``maxFails`` | Sets the [number](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_fails) of unsuccessful attempts to communicate with the server that should happen in the duration set by the failTimeout parameter to consider the server unavailable. The default ``1``. | ``int`` | No | 
 |``maxConns`` | Sets the [number](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_conns) of maximum connections to the proxied server. Default value is zero, meaning there is no limit. The default is ``0``. | ``int`` | No | 
 |``failTimeout`` | Sets the [time](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#fail_timeout) during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable and the period of time the server will be considered unavailable. The default is ``10s``. | ``string`` | No | 
-|``healthCheck`` | The health check configuration for the Upstream. See the [health_check](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check) directive. Note: this feature is supported only in NGINX Plus. | [healthcheck](#upstream-healthcheck) | No | 
+|``healthCheck`` | The health check configuration for the Upstream. See the [health_check](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check) directive. Note: this feature is supported only in NGINX Plus. | [healthcheck](#upstreamhealthcheck) | No | 
 |``loadBalancingMethod`` | The method used to load balance the upstream servers. By default, connections are distributed between the servers using a weighted round-robin balancing method. See the [upstream](http://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#upstream) section for available methods and their details. | ``string`` | No | 
 {{% /table %}} 
 
@@ -189,7 +168,7 @@ Note: This feature is supported only in NGINX Plus.
 |``fails`` | The number of consecutive failed health checks of a particular upstream server after which this server will be considered unhealthy. The default is ``1``. | ``integer`` | No | 
 |``passes`` | The number of consecutive passed health checks of a particular upstream server after which the server will be considered healthy. The default is ``1``. | ``integer`` | No | 
 |``port`` | The port used for health check requests. By default, the port of the upstream is used. Note: in contrast with the port of the upstream, this port is not a service port, but a port of a pod. | ``integer`` | No | 
-|``match`` | Controls the data to send and the response to expect for the healthcheck. | [match](#upstream-healthcheck-match) | No | 
+|``match`` | Controls the data to send and the response to expect for the healthcheck. | [match](#upstreamhealthcheckmatch) | No | 
 {{% /table %}} 
 
 ### Upstream.Healthcheck.Match