Version

edge

What Kubernetes platforms are you running on?

Kind

Steps to reproduce

Regarding the securityLog.logDest:

The log destination for the security log. Accepted variables are syslog:server=<ip-address | localhost; fqdn>:, stderr, . Default is "syslog:server=127.0.0.1:514".
The "Default is "syslog:server=127.0.0.1:514"." is misleading.
The following declaration doesn't pass the validation even though the logDest is expected to be the default value.

apiVersion: k8s.nginx.org/v1
kind: Policy
metadata:
name: waf-policy
namespace: nginx-ingress
spec:
waf:
enable: true
apPolicy: "default/dataguard-alarm"
securityLogs:
- enable: true
apLogConf: "default/logconf"

I20250104 01:46:20.412216 1 event.go:377] Event(v1.ObjectReference{Kind:"Policy", Namespace:"nginx-ingress", Name:"waf-policy", UID:"a4ee692c-9ee3-4896-9101-df4a988a99e3", APIVersion:"k8s.nginx.org/v1", ResourceVersion:"15656991", FieldPath:""}): type: 'Warning' reason: 'Rejected' Policy nginx-ingress/waf-policy is invalid and was rejected: spec.waf.securityLogs[0].logDest: Invalid value: "": error parsing App Protect Log config: Destination must follow format: syslog:server=<ip-address | localhost>:<port> or fqdn or stderr or absolute path to file Log Destination did not follow format

It is validated by the following code.
https://github.com/nginxinc/kubernetes-ingress/blob/v4.0.0/pkg/apis/configuration/validation/policy.go#L412

Before the default value is added by the server code.
https://github.com/nginxinc/kubernetes-ingress/blob/main/internal/configs/virtualserver.go#L1497

The default value should be removed, Instead, an example should be there instead of a default value.

This bug was reported via the NGINX documentation feedback form.
Contact: Rik Liu (F5 employee)