Skip to content

Installation in the Kubernetes Cluster

System Requirements

  • Kubernetes platform version 1.20 and lower

  • Helm package manager

  • Compatibility of your services with the official NGINX Ingress Controller version 0.26.2

Known Restrictions

  • Operation without the postanalytics service is not supported.

  • Scaling down postanalytics service may result in a partial loss of attack data.

Installation

  1. Install the Wallarm Ingress controller.

  2. Enable traffic analysis for your Ingress.

  3. Check the Wallarm Ingress controller operation.

Step 1: Installing the Wallarm Ingress Controller

  1. Go to the Wallarm Console → the Nodes tab via the link below:

  2. Create a filtering node with the Cloud type and copy the token.

    Creation of a cloud node

  3. Clone the repository of Wallarm Helm chart:

    git clone https://github.com/wallarm/ingress-chart --branch 3.4.0 --single-branch
    

  4. Install the Wallarm Ingress controller:

    helm install --set controller.wallarm.enabled=true,controller.wallarm.token=<YOUR_CLOUD_NODE_TOKEN> <INGRESS_CONTROLLER_NAME> ingress-chart/wallarm-ingress -n <KUBERNETES_NAMESPACE>
    
    helm install --set controller.wallarm.enabled=true,controller.wallarm.token=<YOUR_CLOUD_NODE_TOKEN>,controller.wallarm.apiHost=us1.api.wallarm.com <INGRESS_CONTROLLER_NAME> ingress-chart/wallarm-ingress -n <KUBERNETES_NAMESPACE>
    
    • <YOUR_CLOUD_NODE_TOKEN> is the cloud node token
    • <INGRESS_CONTROLLER_NAME> is the name of the Wallarm Ingress controller
    • <KUBERNETES_NAMESPACE> is the namespace of your Ingress

Step 2: Enabling Traffic Analysis for Your Ingress

kubectl annotate ingress <YOUR_INGRESS_NAME> nginx.ingress.kubernetes.io/wallarm-mode=monitoring
kubectl annotate ingress <YOUR_INGRESS_NAME> nginx.ingress.kubernetes.io/wallarm-instance=<INSTANCE>
  • <YOUR_INGRESS_NAME> is the name of your Ingress

  • <INSTANCE> is a positive number that is unique to each of your applications or application groups. This will allow you to obtain separate statistics and to distinguish between attacks aimed at the corresponding applications

Step 3: Checking the Wallarm Ingress Controller Operation

  1. Get the list of pods specifying the name of the Wallarm Ingress controller in <INGRESS_CONTROLLER_NAME>:

    kubectl get pods -l release=<INGRESS_CONTROLLER_NAME>
    

    Each pod should display the following: "STATUS: Running" and "READY: N/N". For example:

    NAME                                                              READY     STATUS    RESTARTS   AGE
    ingress-controller-nginx-ingress-controller-675c68d46d-cfck8      3/3       Running   0          5m
    ingress-controller-nginx-ingress-controller-wallarm-tarantljj8g   8/8       Running   0          5m
    ingress-controller-nginx-ingress-default-backend-584ffc6c7xj5xx   1/1       Running   0          5m
    
  2. Send the request with test SQLI and XSS attacks to the Wallarm Ingress controller address:

    curl http://<INGRESS_CONTROLLER_IP>/?id='or+1=1--a-<script>prompt(1)</script>'
    

    If the filtering node is working in the block mode, the code 403 Forbidden will be returned in the response to the request and attacks will be displayed in Wallarm Console → Nodes.

Configuration

After the Wallarm Ingress controller is successfully installed and checked, you can make advanced configurations to the solution such as:

To find parameters used for advanced configuration and appropriate instructions, please follow the link.