Skip to content

Installation in the Kubernetes Cluster

System Requirements

Installation

  1. Install the Wallarm Ingress controller.

  2. Enable traffic analysis for your Ingress.

  3. Check the Wallarm Ingress controller operation.

Step 1: Installing the Wallarm Ingress Controller

Select the method of the controller installation:

  • creation of a new controller,

  • replacement of an existing controller.

Creating a New Controller

  1. Go to your Wallarm account > the Nodes tab via the link below:

  2. Create a filter node with the Cloud type and copy the token.

    Creation of a cloud node

  3. Clone the repository of Wallarm NGINX Ingress:

    git clone https://github.com/wallarm/ingress-chart
    

  4. Install the Wallarm Ingress controller:

    helm install --set controller.wallarm.enabled=true,controller.wallarm.token=<YOUR_CLOUD_NODE_TOKEN>,controller.wallarm.apiHost=<WALLARM_API_HOST> <INGRESS_CONTROLLER_NAME> ingress-chart/wallarm-ingress -n <KUBERNETES_NAMESPACE>
    

    • <YOUR_CLOUD_NODE_TOKEN> is the token value you've received earlier
    • <WALLARM_API_HOST> is api.wallarm.com for the EU cloud or us1.api.wallarm.com for the US cloud
    • <INGRESS_CONTROLLER_NAME> is the name of the Wallarm Ingress controller
    • <KUBERNETES_NAMESPACE> is the namespace of your Ingress

Replacing an Existing Controller

  1. Go to your Wallarm account > the Nodes tab via the link below:

  2. Create a filter node with the Cloud type and copy the token.

    Creation of a cloud node

  3. Clone the repository of Wallarm NGINX Ingress:

    git clone https://github.com/wallarm/ingress-chart
    
  4. Replace an existing controller:

    helm upgrade --set controller.wallarm.enabled=true,controller.wallarm.token=<YOUR_CLOUD_NODE_TOKEN>,controller.wallarm.apiHost=<WALLARM_API_HOST> <INGRESS_CONTROLLER_NAME> ingress-chart/wallarm-ingress -n <KUBERNETES_NAMESPACE> --reuse-values
    
    • <YOUR_CLOUD_NODE_TOKEN> is the token value you've received earlier
    • <WALLARM_API_HOST> is api.wallarm.com for the EU cloud or us1.api.wallarm.com for the US cloud
    • <INGRESS_CONTROLLER_NAME> is the name of the Ingress controller to replace
    • <KUBERNETES_NAMESPACE> is the namespace of your Ingress

Step 2: Enabling Traffic Analysis for Your Ingress

kubectl annotate ingress YOUR_INGRESS_NAME nginx.ingress.kubernetes.io/wallarm-mode=monitoring
kubectl annotate ingress YOUR_INGRESS_NAME nginx.ingress.kubernetes.io/wallarm-instance=INSTANCE
  • YOUR_INGRESS_NAME is the name of your Ingress,

  • INSTANCE is a positive number that is unique to each of your applications or application groups. This will allow you to obtain separate statistics and to distinguish between attacks aimed at the corresponding applications.

Step 3: Checking the Wallarm Ingress Controller Operation

  1. Get the list of pods specifying the name of the Wallarm Ingress controller in INGRESS_CONTROLLER_NAME:

    kubectl get po -l release=INGRESS_CONTROLLER_NAME
    

    Each pod should display the following: "STATUS: Running" and "READY: N/N". For example:

    NAME                                                              READY     STATUS    RESTARTS   AGE
    ingress-controller-nginx-ingress-controller-675c68d46d-cfck8      3/3       Running   0          5m
    ingress-controller-nginx-ingress-controller-wallarm-tarantljj8g   8/8       Running   0          5m
    ingress-controller-nginx-ingress-default-backend-584ffc6c7xj5xx   1/1       Running   0          5m
    
  2. Send a test attack to your Ingress resource as described in this documentation.

  3. Go to your Wallarm account > the Events tab via the link below and check that an attack is displayed in the list:

Configuration

After the Wallarm Ingress controller is successfully installed and checked, you can make advanced configurations to the solution such as:

To find parameters used for advanced configuration and appropriate instructions, please follow the link.

Known Restrictions

  • IP blocking is not supported in Wallarm Node version 2.12 or lower.

  • Operation without the postanalytics service is not supported.

  • Scaling down postanalytics service may result in a partial loss of attack data.