Konvoy DocumentationWallarm
Wallarm is a DevOps-friendly Web Application Firewall (WAF) uniquely suited to protect your cloud applications and APIs. Wallarm installs natively in a Kubernetes environment.
Quick Start
Prerequisites
-
Sign up for a Wallarm account.
-
Add the Wallarm helm chart repository.
helm repo add wallarm https://repo.wallarm.com/charts/stable helm repo update
Install the Wallarm Ingress Controller (nginx + Wallarm WAF)
-
In the Wallarm cloud console create a new node of type
cloud. -
Copy the nodes token, since you will need that in the next step.
-
Install the ingress controller.
helm install wallarm/wallarm-ingress -n ingress-controller --set controller.wallarm.token=<CLOUD NODE TOKEN> --set controller.wallarm.enabled=true
Wallarm can be configured through helm values; you can find the options here.
Create an Ingress Route
-
Create an ingress rule that exposes the
http-echo-service.cat <<EOF | kubectl apply -f - apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-ingress annotations: kubernetes.io/ingress.class: nginx spec: rules: - http: paths: - path: / backend: serviceName: http-echo-service servicePort: 80 --- apiVersion: v1 kind: Service metadata: name: http-echo-service spec: ports: - port: 80 targetPort: 5678 name: web selector: app: http-echo --- apiVersion: v1 kind: Pod metadata: name: http-echo labels: app: http-echo spec: containers: - name: http-echo image: hashicorp/http-echo args: ['-text="hello world"'] ports: - containerPort: 5678 name: web EOF -
Enable traffic analysis for the ingress.
kubectl annotate ingress nginx-ingress nginx.ingress.kubernetes.io/wallarm-mode=monitoring kubectl annotate ingress nginx-ingress nginx.ingress.kubernetes.io/wallarm-instance=1
Delete the Ingress Controller
Delete the ingress controller.
helm delete --purge ingress-controller