Wallarm

Wallarm Advaced Cloud-Native Web Applicaton Firewall

Wallarm is a DevOps-friendly Web Application Firewall (WAF) uniquely suited to protect your cloud applications and APIs. Wallarm installs natively in Kubernetes environment.

quick start

prerequisites

First things first you need to signup for a Wallarm account.

Next add the Wallarm helm chart repository.

helm repo add wallarm https://repo.wallarm.com/charts/stable
helm repo update

install the Wallarm ingress controller (nginx + Wallarm WAF)

In the Wallarm cloud console create a new node of type cloud, copy the nodes token since you will need that in the next step.

Install the ingress controller.

helm install wallarm/wallarm-ingress -n ingress-controller --set controller.wallarm.token=<CLOUD NODE TOKEN> --set controller.wallarm.enabled=true

Wallarm can be configured through helm values, here are the options.

create an ingress route

Create an Ingress rule that exposes the http-echo-service.

cat <<EOF | kubectl apply -f -
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    kubernetes.io/ingress.class: nginx  
spec:
  rules:
    - http:
        paths:
          - path: /
            backend:
              serviceName: http-echo-service
              servicePort: 80

---
apiVersion: v1
kind: Service
metadata:
  name: http-echo-service
spec:
  ports:
    - port: 80
      targetPort: 5678
      name: web
  selector:
    app: http-echo

---
apiVersion: v1
kind: Pod
metadata:
  name: http-echo
  labels:
    app: http-echo
spec:
  containers:
    - name: http-echo
      image: hashicorp/http-echo
      args: ['-text="hello world"']
      ports:
        - containerPort: 5678
          name: web
EOF

Next enable traffic analysis for the ingress.

kubectl annotate ingress nginx-ingress nginx.ingress.kubernetes.io/wallarm-mode=monitoring
kubectl annotate ingress nginx-ingress nginx.ingress.kubernetes.io/wallarm-instance=1

delete the ingress controller

Delete the ingress controller.

helm delete --purge ingress-controller

information

documentation

release notes

license

maintenance & support