From c16a9b35433da3b76383a2cd0cd4e871e5c5eca3 Mon Sep 17 00:00:00 2001
From: Paul Abel <128620221+pdabelf5@users.noreply.github.com>
Date: Tue, 20 Aug 2024 16:31:02 +0100
Subject: [PATCH] refactor App Protect DoS controller (#6212)

move App Protect DOS controller code to it's own file
---
 internal/k8s/appprotect_dos.go | 297 +++++++++++++++++++++++++++++++++
 internal/k8s/controller.go     | 202 ----------------------
 internal/k8s/handlers.go       |  78 ---------
 3 files changed, 297 insertions(+), 280 deletions(-)
 create mode 100644 internal/k8s/appprotect_dos.go

diff --git a/internal/k8s/appprotect_dos.go b/internal/k8s/appprotect_dos.go
new file mode 100644
index 0000000000..2827a654d1
--- /dev/null
+++ b/internal/k8s/appprotect_dos.go
@@ -0,0 +1,297 @@
+/**
+ * Copyright (c) F5, Inc.
+ *
+ * This source code is licensed under the Apache License, Version 2.0 license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+package k8s
+
+import (
+	"fmt"
+	"reflect"
+
+	"github.com/golang/glog"
+	"github.com/nginxinc/kubernetes-ingress/internal/k8s/appprotectdos"
+	"github.com/nginxinc/kubernetes-ingress/pkg/apis/dos/v1beta1"
+	api_v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/client-go/tools/cache"
+)
+
+func createAppProtectDosPolicyHandlers(lbc *LoadBalancerController) cache.ResourceEventHandlerFuncs {
+	handlers := cache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			pol := obj.(*unstructured.Unstructured)
+			glog.V(3).Infof("Adding AppProtectDosPolicy: %v", pol.GetName())
+			lbc.AddSyncQueue(pol)
+		},
+		UpdateFunc: func(oldObj, obj interface{}) {
+			oldPol := oldObj.(*unstructured.Unstructured)
+			newPol := obj.(*unstructured.Unstructured)
+			different, err := areResourcesDifferent(oldPol, newPol)
+			if err != nil {
+				glog.V(3).Infof("Error when comparing policy %v", err)
+				lbc.AddSyncQueue(newPol)
+			}
+			if different {
+				glog.V(3).Infof("ApDosPolicy %v changed, syncing", oldPol.GetName())
+				lbc.AddSyncQueue(newPol)
+			}
+		},
+		DeleteFunc: func(obj interface{}) {
+			lbc.AddSyncQueue(obj)
+		},
+	}
+	return handlers
+}
+
+func createAppProtectDosLogConfHandlers(lbc *LoadBalancerController) cache.ResourceEventHandlerFuncs {
+	handlers := cache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			conf := obj.(*unstructured.Unstructured)
+			glog.V(3).Infof("Adding AppProtectDosLogConf: %v", conf.GetName())
+			lbc.AddSyncQueue(conf)
+		},
+		UpdateFunc: func(oldObj, obj interface{}) {
+			oldConf := oldObj.(*unstructured.Unstructured)
+			newConf := obj.(*unstructured.Unstructured)
+			different, err := areResourcesDifferent(oldConf, newConf)
+			if err != nil {
+				glog.V(3).Infof("Error when comparing DosLogConfs %v", err)
+				lbc.AddSyncQueue(newConf)
+			}
+			if different {
+				glog.V(3).Infof("ApDosLogConf %v changed, syncing", oldConf.GetName())
+				lbc.AddSyncQueue(newConf)
+			}
+		},
+		DeleteFunc: func(obj interface{}) {
+			lbc.AddSyncQueue(obj)
+		},
+	}
+	return handlers
+}
+
+func createAppProtectDosProtectedResourceHandlers(lbc *LoadBalancerController) cache.ResourceEventHandlerFuncs {
+	handlers := cache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			conf := obj.(*v1beta1.DosProtectedResource)
+			glog.V(3).Infof("Adding DosProtectedResource: %v", conf.GetName())
+			lbc.AddSyncQueue(conf)
+		},
+		UpdateFunc: func(oldObj, obj interface{}) {
+			oldConf := oldObj.(*v1beta1.DosProtectedResource)
+			newConf := obj.(*v1beta1.DosProtectedResource)
+
+			if !reflect.DeepEqual(oldConf.Spec, newConf.Spec) {
+				glog.V(3).Infof("DosProtectedResource %v changed, syncing", oldConf.GetName())
+				lbc.AddSyncQueue(newConf)
+			}
+		},
+		DeleteFunc: func(obj interface{}) {
+			lbc.AddSyncQueue(obj)
+		},
+	}
+	return handlers
+}
+
+// addAppProtectDosPolicyHandler creates dynamic informers for custom appprotectdos policy resource
+func (nsi *namespacedInformer) addAppProtectDosPolicyHandler(handlers cache.ResourceEventHandlerFuncs) {
+	informer := nsi.dynInformerFactory.ForResource(appprotectdos.DosPolicyGVR).Informer()
+	informer.AddEventHandler(handlers) //nolint:errcheck,gosec
+	nsi.appProtectDosPolicyLister = informer.GetStore()
+
+	nsi.cacheSyncs = append(nsi.cacheSyncs, informer.HasSynced)
+}
+
+// addAppProtectDosLogConfHandler creates dynamic informer for custom appprotectdos logging config resource
+func (nsi *namespacedInformer) addAppProtectDosLogConfHandler(handlers cache.ResourceEventHandlerFuncs) {
+	informer := nsi.dynInformerFactory.ForResource(appprotectdos.DosLogConfGVR).Informer()
+	informer.AddEventHandler(handlers) //nolint:errcheck,gosec
+	nsi.appProtectDosLogConfLister = informer.GetStore()
+
+	nsi.cacheSyncs = append(nsi.cacheSyncs, informer.HasSynced)
+}
+
+// addAppProtectDosLogConfHandler creates dynamic informers for custom appprotectdos logging config resource
+func (nsi *namespacedInformer) addAppProtectDosProtectedResourceHandler(handlers cache.ResourceEventHandlerFuncs) {
+	informer := nsi.confSharedInformerFactory.Appprotectdos().V1beta1().DosProtectedResources().Informer()
+	informer.AddEventHandler(handlers) //nolint:errcheck,gosec
+	nsi.appProtectDosProtectedLister = informer.GetStore()
+
+	nsi.cacheSyncs = append(nsi.cacheSyncs, informer.HasSynced)
+}
+
+func (lbc *LoadBalancerController) syncAppProtectDosPolicy(task task) {
+	key := task.Key
+	glog.V(3).Infof("Syncing AppProtectDosPolicy %v", key)
+	var obj interface{}
+	var polExists bool
+	var err error
+
+	ns, _, _ := cache.SplitMetaNamespaceKey(key)
+	obj, polExists, err = lbc.getNamespacedInformer(ns).appProtectDosPolicyLister.GetByKey(key)
+	if err != nil {
+		lbc.syncQueue.Requeue(task, err)
+		return
+	}
+
+	var changes []appprotectdos.Change
+	var problems []appprotectdos.Problem
+
+	if !polExists {
+		glog.V(2).Infof("Deleting APDosPolicy: %v\n", key)
+		changes, problems = lbc.dosConfiguration.DeletePolicy(key)
+	} else {
+		glog.V(2).Infof("Adding or Updating APDosPolicy: %v\n", key)
+		changes, problems = lbc.dosConfiguration.AddOrUpdatePolicy(obj.(*unstructured.Unstructured))
+	}
+
+	lbc.processAppProtectDosChanges(changes)
+	lbc.processAppProtectDosProblems(problems)
+}
+
+func (lbc *LoadBalancerController) syncAppProtectDosLogConf(task task) {
+	key := task.Key
+	glog.V(3).Infof("Syncing APDosLogConf %v", key)
+	var obj interface{}
+	var confExists bool
+	var err error
+
+	ns, _, _ := cache.SplitMetaNamespaceKey(key)
+	obj, confExists, err = lbc.getNamespacedInformer(ns).appProtectDosLogConfLister.GetByKey(key)
+	if err != nil {
+		lbc.syncQueue.Requeue(task, err)
+		return
+	}
+
+	var changes []appprotectdos.Change
+	var problems []appprotectdos.Problem
+
+	if !confExists {
+		glog.V(2).Infof("Deleting APDosLogConf: %v\n", key)
+		changes, problems = lbc.dosConfiguration.DeleteLogConf(key)
+	} else {
+		glog.V(2).Infof("Adding or Updating APDosLogConf: %v\n", key)
+		changes, problems = lbc.dosConfiguration.AddOrUpdateLogConf(obj.(*unstructured.Unstructured))
+	}
+
+	lbc.processAppProtectDosChanges(changes)
+	lbc.processAppProtectDosProblems(problems)
+}
+
+func (lbc *LoadBalancerController) syncDosProtectedResource(task task) {
+	key := task.Key
+	glog.V(3).Infof("Syncing DosProtectedResource %v", key)
+	var obj interface{}
+	var confExists bool
+	var err error
+
+	ns, _, _ := cache.SplitMetaNamespaceKey(key)
+	obj, confExists, err = lbc.getNamespacedInformer(ns).appProtectDosProtectedLister.GetByKey(key)
+	if err != nil {
+		lbc.syncQueue.Requeue(task, err)
+		return
+	}
+
+	var changes []appprotectdos.Change
+	var problems []appprotectdos.Problem
+
+	if confExists {
+		glog.V(2).Infof("Adding or Updating DosProtectedResource: %v\n", key)
+		changes, problems = lbc.dosConfiguration.AddOrUpdateDosProtectedResource(obj.(*v1beta1.DosProtectedResource))
+	} else {
+		glog.V(2).Infof("Deleting DosProtectedResource: %v\n", key)
+		changes, problems = lbc.dosConfiguration.DeleteProtectedResource(key)
+	}
+
+	lbc.processAppProtectDosChanges(changes)
+	lbc.processAppProtectDosProblems(problems)
+}
+
+func (lbc *LoadBalancerController) processAppProtectDosChanges(changes []appprotectdos.Change) {
+	glog.V(3).Infof("Processing %v App Protect Dos changes", len(changes))
+
+	for _, c := range changes {
+		if c.Op == appprotectdos.AddOrUpdate {
+			switch impl := c.Resource.(type) {
+			case *appprotectdos.DosProtectedResourceEx:
+				glog.V(3).Infof("handling change UPDATE OR ADD for DOS protected %s/%s", impl.Obj.Namespace, impl.Obj.Name)
+				resources := lbc.configuration.FindResourcesForAppProtectDosProtected(impl.Obj.Namespace, impl.Obj.Name)
+				resourceExes := lbc.createExtendedResources(resources)
+				warnings, err := lbc.configurator.AddOrUpdateResourcesThatUseDosProtected(resourceExes.IngressExes, resourceExes.MergeableIngresses, resourceExes.VirtualServerExes)
+				lbc.updateResourcesStatusAndEvents(resources, warnings, err)
+				msg := fmt.Sprintf("Configuration for %s/%s was added or updated", impl.Obj.Namespace, impl.Obj.Name)
+				lbc.recorder.Event(impl.Obj, api_v1.EventTypeNormal, "AddedOrUpdated", msg)
+			case *appprotectdos.DosPolicyEx:
+				msg := "Configuration was added or updated"
+				lbc.recorder.Event(impl.Obj, api_v1.EventTypeNormal, "AddedOrUpdated", msg)
+			case *appprotectdos.DosLogConfEx:
+				eventType := api_v1.EventTypeNormal
+				eventTitle := "AddedOrUpdated"
+				msg := "Configuration was added or updated"
+				if impl.ErrorMsg != "" {
+					msg += fmt.Sprintf(" ; with warning(s): %s", impl.ErrorMsg)
+					eventTitle = "AddedOrUpdatedWithWarning"
+					eventType = api_v1.EventTypeWarning
+				}
+				lbc.recorder.Event(impl.Obj, eventType, eventTitle, msg)
+			}
+		} else if c.Op == appprotectdos.Delete {
+			switch impl := c.Resource.(type) {
+			case *appprotectdos.DosPolicyEx:
+				lbc.configurator.DeleteAppProtectDosPolicy(impl.Obj)
+
+			case *appprotectdos.DosLogConfEx:
+				lbc.configurator.DeleteAppProtectDosLogConf(impl.Obj)
+
+			case *appprotectdos.DosProtectedResourceEx:
+				glog.V(3).Infof("handling change DELETE for DOS protected %s/%s", impl.Obj.Namespace, impl.Obj.Name)
+				resources := lbc.configuration.FindResourcesForAppProtectDosProtected(impl.Obj.Namespace, impl.Obj.Name)
+				resourceExes := lbc.createExtendedResources(resources)
+				warnings, err := lbc.configurator.AddOrUpdateResourcesThatUseDosProtected(resourceExes.IngressExes, resourceExes.MergeableIngresses, resourceExes.VirtualServerExes)
+				lbc.updateResourcesStatusAndEvents(resources, warnings, err)
+			}
+		}
+	}
+}
+
+func (lbc *LoadBalancerController) processAppProtectDosProblems(problems []appprotectdos.Problem) {
+	glog.V(3).Infof("Processing %v App Protect Dos problems", len(problems))
+
+	for _, p := range problems {
+		eventType := api_v1.EventTypeWarning
+		lbc.recorder.Event(p.Object, eventType, p.Reason, p.Message)
+	}
+}
+
+func (lbc *LoadBalancerController) cleanupUnwatchedAppDosResources(nsi *namespacedInformer) {
+	for _, obj := range nsi.appProtectDosPolicyLister.List() {
+		dosPol := obj.((*unstructured.Unstructured))
+		namespace := dosPol.GetNamespace()
+		name := dosPol.GetName()
+
+		changes, problems := lbc.dosConfiguration.DeletePolicy(namespace + "/" + name)
+		lbc.processAppProtectDosChanges(changes)
+		lbc.processAppProtectDosProblems(problems)
+	}
+	for _, obj := range nsi.appProtectDosProtectedLister.List() {
+		dosPol := obj.((*unstructured.Unstructured))
+		namespace := dosPol.GetNamespace()
+		name := dosPol.GetName()
+
+		changes, problems := lbc.dosConfiguration.DeleteProtectedResource(namespace + "/" + name)
+		lbc.processAppProtectDosChanges(changes)
+		lbc.processAppProtectDosProblems(problems)
+	}
+	for _, obj := range nsi.appProtectDosLogConfLister.List() {
+		dosPol := obj.((*unstructured.Unstructured))
+		namespace := dosPol.GetNamespace()
+		name := dosPol.GetName()
+
+		changes, problems := lbc.dosConfiguration.DeleteLogConf(namespace + "/" + name)
+		lbc.processAppProtectDosChanges(changes)
+		lbc.processAppProtectDosProblems(problems)
+	}
+}
diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go
index b88cf6b687..e8f74eab6b 100644
--- a/internal/k8s/controller.go
+++ b/internal/k8s/controller.go
@@ -27,7 +27,6 @@ import (
 	"time"
 
 	"github.com/nginxinc/kubernetes-ingress/internal/telemetry"
-	"github.com/nginxinc/kubernetes-ingress/pkg/apis/dos/v1beta1"
 	"golang.org/x/exp/maps"
 
 	"github.com/nginxinc/kubernetes-ingress/internal/k8s/appprotect"
@@ -536,33 +535,6 @@ func (nsi *namespacedInformer) addAppProtectUserSigHandler(handlers cache.Resour
 	nsi.cacheSyncs = append(nsi.cacheSyncs, informer.HasSynced)
 }
 
-// addAppProtectDosPolicyHandler creates dynamic informers for custom appprotectdos policy resource
-func (nsi *namespacedInformer) addAppProtectDosPolicyHandler(handlers cache.ResourceEventHandlerFuncs) {
-	informer := nsi.dynInformerFactory.ForResource(appprotectdos.DosPolicyGVR).Informer()
-	informer.AddEventHandler(handlers)
-	nsi.appProtectDosPolicyLister = informer.GetStore()
-
-	nsi.cacheSyncs = append(nsi.cacheSyncs, informer.HasSynced)
-}
-
-// addAppProtectDosLogConfHandler creates dynamic informer for custom appprotectdos logging config resource
-func (nsi *namespacedInformer) addAppProtectDosLogConfHandler(handlers cache.ResourceEventHandlerFuncs) {
-	informer := nsi.dynInformerFactory.ForResource(appprotectdos.DosLogConfGVR).Informer()
-	informer.AddEventHandler(handlers)
-	nsi.appProtectDosLogConfLister = informer.GetStore()
-
-	nsi.cacheSyncs = append(nsi.cacheSyncs, informer.HasSynced)
-}
-
-// addAppProtectDosLogConfHandler creates dynamic informers for custom appprotectdos logging config resource
-func (nsi *namespacedInformer) addAppProtectDosProtectedResourceHandler(handlers cache.ResourceEventHandlerFuncs) {
-	informer := nsi.confSharedInformerFactory.Appprotectdos().V1beta1().DosProtectedResources().Informer()
-	informer.AddEventHandler(handlers)
-	nsi.appProtectDosProtectedLister = informer.GetStore()
-
-	nsi.cacheSyncs = append(nsi.cacheSyncs, informer.HasSynced)
-}
-
 // addSecretHandler adds the handler for secrets to the controller
 func (nsi *namespacedInformer) addSecretHandler(handlers cache.ResourceEventHandlerFuncs) {
 	informer := nsi.secretInformerFactory.Core().V1().Secrets().Informer()
@@ -1450,36 +1422,6 @@ func (lbc *LoadBalancerController) cleanupUnwatchedAppWafResources(nsi *namespac
 	}
 }
 
-func (lbc *LoadBalancerController) cleanupUnwatchedAppDosResources(nsi *namespacedInformer) {
-	for _, obj := range nsi.appProtectDosPolicyLister.List() {
-		dosPol := obj.((*unstructured.Unstructured))
-		namespace := dosPol.GetNamespace()
-		name := dosPol.GetName()
-
-		changes, problems := lbc.dosConfiguration.DeletePolicy(namespace + "/" + name)
-		lbc.processAppProtectDosChanges(changes)
-		lbc.processAppProtectDosProblems(problems)
-	}
-	for _, obj := range nsi.appProtectDosProtectedLister.List() {
-		dosPol := obj.((*unstructured.Unstructured))
-		namespace := dosPol.GetNamespace()
-		name := dosPol.GetName()
-
-		changes, problems := lbc.dosConfiguration.DeleteProtectedResource(namespace + "/" + name)
-		lbc.processAppProtectDosChanges(changes)
-		lbc.processAppProtectDosProblems(problems)
-	}
-	for _, obj := range nsi.appProtectDosLogConfLister.List() {
-		dosPol := obj.((*unstructured.Unstructured))
-		namespace := dosPol.GetNamespace()
-		name := dosPol.GetName()
-
-		changes, problems := lbc.dosConfiguration.DeleteLogConf(namespace + "/" + name)
-		lbc.processAppProtectDosChanges(changes)
-		lbc.processAppProtectDosProblems(problems)
-	}
-}
-
 func (lbc *LoadBalancerController) syncIngressLink(task task) {
 	key := task.Key
 	glog.V(2).Infof("Adding, Updating or Deleting IngressLink: %v", key)
@@ -2027,63 +1969,6 @@ func (lbc *LoadBalancerController) processAppProtectProblems(problems []appprote
 	}
 }
 
-func (lbc *LoadBalancerController) processAppProtectDosChanges(changes []appprotectdos.Change) {
-	glog.V(3).Infof("Processing %v App Protect Dos changes", len(changes))
-
-	for _, c := range changes {
-		if c.Op == appprotectdos.AddOrUpdate {
-			switch impl := c.Resource.(type) {
-			case *appprotectdos.DosProtectedResourceEx:
-				glog.V(3).Infof("handling change UPDATE OR ADD for DOS protected %s/%s", impl.Obj.Namespace, impl.Obj.Name)
-				resources := lbc.configuration.FindResourcesForAppProtectDosProtected(impl.Obj.Namespace, impl.Obj.Name)
-				resourceExes := lbc.createExtendedResources(resources)
-				warnings, err := lbc.configurator.AddOrUpdateResourcesThatUseDosProtected(resourceExes.IngressExes, resourceExes.MergeableIngresses, resourceExes.VirtualServerExes)
-				lbc.updateResourcesStatusAndEvents(resources, warnings, err)
-				msg := fmt.Sprintf("Configuration for %s/%s was added or updated", impl.Obj.Namespace, impl.Obj.Name)
-				lbc.recorder.Event(impl.Obj, api_v1.EventTypeNormal, "AddedOrUpdated", msg)
-			case *appprotectdos.DosPolicyEx:
-				msg := "Configuration was added or updated"
-				lbc.recorder.Event(impl.Obj, api_v1.EventTypeNormal, "AddedOrUpdated", msg)
-			case *appprotectdos.DosLogConfEx:
-				eventType := api_v1.EventTypeNormal
-				eventTitle := "AddedOrUpdated"
-				msg := "Configuration was added or updated"
-				if impl.ErrorMsg != "" {
-					msg += fmt.Sprintf(" ; with warning(s): %s", impl.ErrorMsg)
-					eventTitle = "AddedOrUpdatedWithWarning"
-					eventType = api_v1.EventTypeWarning
-				}
-				lbc.recorder.Event(impl.Obj, eventType, eventTitle, msg)
-			}
-		} else if c.Op == appprotectdos.Delete {
-			switch impl := c.Resource.(type) {
-			case *appprotectdos.DosPolicyEx:
-				lbc.configurator.DeleteAppProtectDosPolicy(impl.Obj)
-
-			case *appprotectdos.DosLogConfEx:
-				lbc.configurator.DeleteAppProtectDosLogConf(impl.Obj)
-
-			case *appprotectdos.DosProtectedResourceEx:
-				glog.V(3).Infof("handling change DELETE for DOS protected %s/%s", impl.Obj.Namespace, impl.Obj.Name)
-				lbc.configurator.DeleteAppProtectDosAllowList(impl.Obj)
-				resources := lbc.configuration.FindResourcesForAppProtectDosProtected(impl.Obj.Namespace, impl.Obj.Name)
-				resourceExes := lbc.createExtendedResources(resources)
-				warnings, err := lbc.configurator.AddOrUpdateResourcesThatUseDosProtected(resourceExes.IngressExes, resourceExes.MergeableIngresses, resourceExes.VirtualServerExes)
-				lbc.updateResourcesStatusAndEvents(resources, warnings, err)
-			}
-		}
-	}
-}
-
-func (lbc *LoadBalancerController) processAppProtectDosProblems(problems []appprotectdos.Problem) {
-	glog.V(3).Infof("Processing %v App Protect Dos problems", len(problems))
-
-	for _, p := range problems {
-		eventType := api_v1.EventTypeWarning
-		lbc.recorder.Event(p.Object, eventType, p.Reason, p.Message)
-	}
-}
-
 func (lbc *LoadBalancerController) updateTransportServerStatusAndEventsOnDelete(tsConfig *TransportServerConfiguration, changeError string, deleteErr error) {
 	eventType := api_v1.EventTypeWarning
 	eventTitle := "Rejected"
@@ -4408,93 +4293,6 @@ func (lbc *LoadBalancerController) syncAppProtectUserSig(task task) {
 	lbc.processAppProtectProblems(problems)
 }
 
-func (lbc *LoadBalancerController) syncAppProtectDosPolicy(task task) {
-	key := task.Key
-	glog.V(3).Infof("Syncing AppProtectDosPolicy %v", key)
-	var obj interface{}
-	var polExists bool
-	var err error
-
-	ns, _, _ := cache.SplitMetaNamespaceKey(key)
-	obj, polExists, err = lbc.getNamespacedInformer(ns).appProtectDosPolicyLister.GetByKey(key)
-	if err != nil {
-		lbc.syncQueue.Requeue(task, err)
-		return
-	}
-
-	var changes []appprotectdos.Change
-	var problems []appprotectdos.Problem
-
-	if !polExists {
-		glog.V(2).Infof("Deleting APDosPolicy: %v\n", key)
-		changes, problems = lbc.dosConfiguration.DeletePolicy(key)
-	} else {
-		glog.V(2).Infof("Adding or Updating APDosPolicy: %v\n", key)
-		changes, problems = lbc.dosConfiguration.AddOrUpdatePolicy(obj.(*unstructured.Unstructured))
-	}
-
-	lbc.processAppProtectDosChanges(changes)
-	lbc.processAppProtectDosProblems(problems)
-}
-
-func (lbc *LoadBalancerController) syncAppProtectDosLogConf(task task) {
-	key := task.Key
-	glog.V(3).Infof("Syncing APDosLogConf %v", key)
-	var obj interface{}
-	var confExists bool
-	var err error
-
-	ns, _, _ := cache.SplitMetaNamespaceKey(key)
-	obj, confExists, err = lbc.getNamespacedInformer(ns).appProtectDosLogConfLister.GetByKey(key)
-	if err != nil {
-		lbc.syncQueue.Requeue(task, err)
-		return
-	}
-
-	var changes []appprotectdos.Change
-	var problems []appprotectdos.Problem
-
-	if !confExists {
-		glog.V(2).Infof("Deleting APDosLogConf: %v\n", key)
-		changes, problems = lbc.dosConfiguration.DeleteLogConf(key)
-	} else {
-		glog.V(2).Infof("Adding or Updating APDosLogConf: %v\n", key)
-		changes, problems = lbc.dosConfiguration.AddOrUpdateLogConf(obj.(*unstructured.Unstructured))
-	}
-
-	lbc.processAppProtectDosChanges(changes)
-	lbc.processAppProtectDosProblems(problems)
-}
-
-func (lbc *LoadBalancerController) syncDosProtectedResource(task task) {
-	key := task.Key
-	glog.V(3).Infof("Syncing DosProtectedResource %v", key)
-	var obj interface{}
-	var confExists bool
-	var err error
-
-	ns, _, _ := cache.SplitMetaNamespaceKey(key)
-	obj, confExists, err = lbc.getNamespacedInformer(ns).appProtectDosProtectedLister.GetByKey(key)
-	if err != nil {
-		lbc.syncQueue.Requeue(task, err)
-		return
-	}
-
-	var changes []appprotectdos.Change
-	var problems []appprotectdos.Problem
-
-	if confExists {
-		glog.V(2).Infof("Adding or Updating DosProtectedResource: %v\n", key)
-		changes, problems = lbc.dosConfiguration.AddOrUpdateDosProtectedResource(obj.(*v1beta1.DosProtectedResource))
-	} else {
-		glog.V(2).Infof("Deleting DosProtectedResource: %v\n", key)
-		changes, problems = lbc.dosConfiguration.DeleteProtectedResource(key)
-	}
-
-	lbc.processAppProtectDosChanges(changes)
-	lbc.processAppProtectDosProblems(problems)
-}
-
 // IsNginxReady returns ready status of NGINX
 func (lbc *LoadBalancerController) IsNginxReady() bool {
 	return lbc.isNginxReady
diff --git a/internal/k8s/handlers.go b/internal/k8s/handlers.go
index bb4c35bf03..59ead14bc4 100644
--- a/internal/k8s/handlers.go
+++ b/internal/k8s/handlers.go
@@ -8,7 +8,6 @@ import (
 	discovery_v1 "k8s.io/api/discovery/v1"
 
 	"github.com/jinzhu/copier"
-	"github.com/nginxinc/kubernetes-ingress/pkg/apis/dos/v1beta1"
 
 	"github.com/golang/glog"
 	"github.com/nginxinc/kubernetes-ingress/internal/k8s/secrets"
@@ -652,83 +651,6 @@ func createAppProtectUserSigHandlers(lbc *LoadBalancerController) cache.Resource
 	return handlers
 }
 
-func createAppProtectDosPolicyHandlers(lbc *LoadBalancerController) cache.ResourceEventHandlerFuncs {
-	handlers := cache.ResourceEventHandlerFuncs{
-		AddFunc: func(obj interface{}) {
-			pol := obj.(*unstructured.Unstructured)
-			glog.V(3).Infof("Adding AppProtectDosPolicy: %v", pol.GetName())
-			lbc.AddSyncQueue(pol)
-		},
-		UpdateFunc: func(oldObj, obj interface{}) {
-			oldPol := oldObj.(*unstructured.Unstructured)
-			newPol := obj.(*unstructured.Unstructured)
-			different, err := areResourcesDifferent(oldPol, newPol)
-			if err != nil {
-				glog.V(3).Infof("Error when comparing policy %v", err)
-				lbc.AddSyncQueue(newPol)
-			}
-			if different {
-				glog.V(3).Infof("ApDosPolicy %v changed, syncing", oldPol.GetName())
-				lbc.AddSyncQueue(newPol)
-			}
-		},
-		DeleteFunc: func(obj interface{}) {
-			lbc.AddSyncQueue(obj)
-		},
-	}
-	return handlers
-}
-
-func createAppProtectDosLogConfHandlers(lbc *LoadBalancerController) cache.ResourceEventHandlerFuncs {
-	handlers := cache.ResourceEventHandlerFuncs{
-		AddFunc: func(obj interface{}) {
-			conf := obj.(*unstructured.Unstructured)
-			glog.V(3).Infof("Adding AppProtectDosLogConf: %v", conf.GetName())
-			lbc.AddSyncQueue(conf)
-		},
-		UpdateFunc: func(oldObj, obj interface{}) {
-			oldConf := oldObj.(*unstructured.Unstructured)
-			newConf := obj.(*unstructured.Unstructured)
-			different, err := areResourcesDifferent(oldConf, newConf)
-			if err != nil {
-				glog.V(3).Infof("Error when comparing DosLogConfs %v", err)
-				lbc.AddSyncQueue(newConf)
-			}
-			if different {
-				glog.V(3).Infof("ApDosLogConf %v changed, syncing", oldConf.GetName())
-				lbc.AddSyncQueue(newConf)
-			}
-		},
-		DeleteFunc: func(obj interface{}) {
-			lbc.AddSyncQueue(obj)
-		},
-	}
-	return handlers
-}
-
-func createAppProtectDosProtectedResourceHandlers(lbc *LoadBalancerController) cache.ResourceEventHandlerFuncs {
-	handlers := cache.ResourceEventHandlerFuncs{
-		AddFunc: func(obj interface{}) {
-			conf := obj.(*v1beta1.DosProtectedResource)
-			glog.V(3).Infof("Adding DosProtectedResource: %v", conf.GetName())
-			lbc.AddSyncQueue(conf)
-		},
-		UpdateFunc: func(oldObj, obj interface{}) {
-			oldConf := oldObj.(*v1beta1.DosProtectedResource)
-			newConf := obj.(*v1beta1.DosProtectedResource)
-
-			if !reflect.DeepEqual(oldConf.Spec, newConf.Spec) {
-				glog.V(3).Infof("DosProtectedResource %v changed, syncing", oldConf.GetName())
-				lbc.AddSyncQueue(newConf)
-			}
-		},
-		DeleteFunc: func(obj interface{}) {
-			lbc.AddSyncQueue(obj)
-		},
-	}
-	return handlers
-}
-
 // createNamespaceHandlers builds the handler funcs for namespaces
 func createNamespaceHandlers(lbc *LoadBalancerController) cache.ResourceEventHandlerFuncs {
 	return cache.ResourceEventHandlerFuncs{