nginx
diff --git a/‎build/appprotect/DockerfileWithAppProtectForPlus
+16-15 b/‎build/appprotect/DockerfileWithAppProtectForPlus
+16-15
diff --git a/‎build/appprotect/DockerfileWithAppProtectForPlusForOpenShift
+16-14 b/‎build/appprotect/DockerfileWithAppProtectForPlusForOpenShift
+16-14
diff --git a/‎deployments/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml
+101 b/‎deployments/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml
+101
diff --git a/‎deployments/common/crds/appprotect.f5.com_apusersigs.yaml
+100 b/‎deployments/common/crds/appprotect.f5.com_apusersigs.yaml
+100
diff --git a/‎deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml
+101 b/‎deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml
+101
diff --git a/‎deployments/helm-chart/templates/rbac.yaml
+1 b/‎deployments/helm-chart/templates/rbac.yaml
+1
@@ -75,21 +75,23 @@ RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \
 	&& ln -sf /proc/1/fd/2 /var/log/nginx/error.log
 
 RUN  mkdir -p /var/lib/nginx \
-		/etc/nginx/stream-conf.d \
-		/etc/nginx/secrets \
-		/etc/nginx/waf \
-		/etc/nginx/waf/nac-policies \
-		/etc/nginx/waf/nac-logconfs \
-		/var/log/app_protect \
-		/opt/app_protect \
+				/etc/nginx/stream-conf.d \
+				/etc/nginx/secrets \
+				/etc/nginx/waf \
+				/etc/nginx/waf/nac-policies \
+				/etc/nginx/waf/nac-logconfs \
+				/etc/nginx/waf/nac-usersigs \
+				/var/log/app_protect \
+				/opt/app_protect \
+	&& touch /etc/nginx/waf/nac-usersigs/index.conf \
 	&& chown -R nginx:0 /etc/app_protect \
-			    /usr/share/ts \
-			    /etc/nginx \
-			    /var/cache/nginx \
-			    /var/lib/nginx/ \
-			    /var/log/app_protect/ \
-			    /opt/app_protect/ \
-			    /var/log/nginx/ \
+						/usr/share/ts \
+						/etc/nginx \
+						/var/cache/nginx \
+						/var/lib/nginx/ \
+						/var/log/app_protect/ \
+						/opt/app_protect/ \
+						/var/log/nginx/ \
 	&& apt-get remove --purge -y libcap2-bin \
 	&& rm /etc/nginx/conf.d/*
 
@@ -128,7 +130,6 @@ ENTRYPOINT ["/nginx-ingress"]
 FROM base AS local
 COPY nginx-ingress /
 
-
 FROM $GOLANG_CONTAINER AS builder
 ARG VERSION
 ARG GIT_COMMIT
 
@@ -75,21 +75,23 @@ RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \
 	&& ln -sf /proc/1/fd/2 /var/log/nginx/error.log
 
 RUN  mkdir -p /var/lib/nginx \
-		/etc/nginx/stream-conf.d \
-		/etc/nginx/secrets \
-		/etc/nginx/waf \
-		/etc/nginx/waf/nac-policies \
-		/etc/nginx/waf/nac-logconfs \
-		/var/log/app_protect \
-		/opt/app_protect \
+				/etc/nginx/stream-conf.d \
+				/etc/nginx/secrets \
+				/etc/nginx/waf \
+				/etc/nginx/waf/nac-policies \
+				/etc/nginx/waf/nac-logconfs \
+				/etc/nginx/waf/nac-usersigs \
+				/var/log/app_protect \
+				/opt/app_protect \
+	&& touch /etc/nginx/waf/nac-usersigs/index.conf \
 	&& chown -R nginx:0 /etc/app_protect \
-			    /usr/share/ts \
-			    /etc/nginx \
-			    /var/cache/nginx \
-			    /var/lib/nginx/ \
-			    /var/log/app_protect/ \
-			    /opt/app_protect/ \
-			    /var/log/nginx/ \
+						/usr/share/ts \
+						/etc/nginx \
+						/var/cache/nginx \
+						/var/lib/nginx/ \
+						/var/log/app_protect/ \
+						/opt/app_protect/ \
+						/var/log/nginx/ \
 	&& rm /etc/nginx/conf.d/*
 
 RUN printf "MODULE = ALL;\nLOG_LEVEL = TS_CRIT;\nFILE = 2;\n" > /etc/app_protect/bd/logger.cfg \
 
@@ -0,0 +1,101 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: apusersigs.appprotect.f5.com
+spec:
+  group: appprotect.f5.com
+  names:
+    kind: APUserSig
+    listKind: APUserSigList
+    plural: apusersigs
+    singular: apusersig
+  preserveUnknownFields: false
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      description: APUserSig is the Schema for the apusersigs API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: APUserSigSpec defines the desired state of APUserSig
+          properties:
+            properties:
+              type: string
+            revisionDatetime:
+              format: date-time
+              type: string
+            signatures:
+              items:
+                properties:
+                  accuracy:
+                    enum:
+                    - high
+                    - medium
+                    - low
+                    type: string
+                  attackType:
+                    properties:
+                      name:
+                        type: string
+                    type: object
+                  description:
+                    type: string
+                  name:
+                    type: string
+                  references:
+                    properties:
+                      type:
+                        enum:
+                        - bugtraq
+                        - cve
+                        - nessus
+                        - url
+                        type: string
+                      value:
+                        type: string
+                    type: object
+                  risk:
+                    enum:
+                    - high
+                    - medium
+                    - low
+                    type: string
+                  rule:
+                    type: string
+                  signatureType:
+                    enum:
+                    - request
+                    - response
+                    type: string
+                  systems:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              type: array
+            tag:
+              type: string
+          type: object
+      type: object
+  version: v1beta1
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
@@ -0,0 +1,100 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: apusersigs.appprotect.f5.com
+spec:
+  group: appprotect.f5.com
+  names:
+    kind: APUserSig
+    listKind: APUserSigList
+    plural: apusersigs
+    singular: apusersig
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: APUserSig is the Schema for the apusersigs API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: APUserSigSpec defines the desired state of APUserSig
+            properties:
+              properties:
+                type: string
+              revisionDatetime:
+                format: date-time
+                type: string
+              signatures:
+                items:
+                  properties:
+                    accuracy:
+                      enum:
+                      - high
+                      - medium
+                      - low
+                      type: string
+                    attackType:
+                      properties:
+                        name:
+                          type: string
+                      type: object
+                    description:
+                      type: string
+                    name:
+                      type: string
+                    references:
+                      properties:
+                        type:
+                          enum:
+                          - bugtraq
+                          - cve
+                          - nessus
+                          - url
+                          type: string
+                        value:
+                          type: string
+                      type: object
+                    risk:
+                      enum:
+                      - high
+                      - medium
+                      - low
+                      type: string
+                    rule:
+                      type: string
+                    signatureType:
+                      enum:
+                      - request
+                      - response
+                      type: string
+                    systems:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                        type: object
+                      type: array
+                  type: object
+                type: array
+              tag:
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
@@ -0,0 +1,101 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: apusersigs.appprotect.f5.com
+spec:
+  group: appprotect.f5.com
+  names:
+    kind: APUserSig
+    listKind: APUserSigList
+    plural: apusersigs
+    singular: apusersig
+  preserveUnknownFields: false
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      description: APUserSig is the Schema for the apusersigs API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: APUserSigSpec defines the desired state of APUserSig
+          properties:
+            properties:
+              type: string
+            revisionDatetime:
+              format: date-time
+              type: string
+            signatures:
+              items:
+                properties:
+                  accuracy:
+                    enum:
+                    - high
+                    - medium
+                    - low
+                    type: string
+                  attackType:
+                    properties:
+                      name:
+                        type: string
+                    type: object
+                  description:
+                    type: string
+                  name:
+                    type: string
+                  references:
+                    properties:
+                      type:
+                        enum:
+                        - bugtraq
+                        - cve
+                        - nessus
+                        - url
+                        type: string
+                      value:
+                        type: string
+                    type: object
+                  risk:
+                    enum:
+                    - high
+                    - medium
+                    - low
+                    type: string
+                  rule:
+                    type: string
+                  signatureType:
+                    enum:
+                    - request
+                    - response
+                    type: string
+                  systems:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              type: array
+            tag:
+              type: string
+          type: object
+      type: object
+  version: v1beta1
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
@@ -12,6 +12,7 @@ rules:
   resources: 
   - appolicies
   - aplogconfs
+  - apusersigs
   verbs: 
   - get 
   - watch