Installation in the Kubernetes cluster

Prerequisites

In the Kubernetes cluster:

Installation on Kubernetes

  1. Create a Cloud Node in Wallarm console and copy token
  2. Add a Helm repository
    helm repo add wallarm https://repo.wallarm.com/charts/stable
    helm repo update
    
  3. Install Wallarm Ingress Controller
    helm install wallarm/wallarm-ingress -n ingress-controller --set controller.wallarm.token=<CLOUD NODE TOKEN> --set controller.wallarm.enabled=true
    

Switch from the NGINX Ingress Controller already in use

  1. Create a Cloud Node in Wallarm console and copy token
  2. Add a Helm repository
    helm repo add wallarm https://repo.wallarm.com/charts/stable
    helm repo update
    
  3. Replace Nginx Ingress Controller for Wallarm Ingress Controller

Instead <INGRESS CONTROLLER NAME> fill in the name of the Ingress Controller you are using. Usually, it is ingress-controller.

helm upgrade <INGRESS CONTROLLER NAME> wallarm/wallarm-ingress --reuse-values --set controller.wallarm.token=<CLOUD NODE TOKEN> --set controller.wallarm.enabled=true

Enable traffic analysis for Ingress

Instead of <YOUR INGRESS NAME>, use the name of the Ingress instance for which traffic analysis should be enabled.

Instead of <INSTANCE>, fill in a positive number which is unique to each of your applications or application groups. This will allow you to obtain separate statistics and distinguish between the attacks aimed at corresponding applications.

kubectl annotate ingress <YOUR INGRESS NAME> nginx.ingress.kubernetes.io/wallarm-mode=monitoring
kubectl annotate ingress <YOUR INGRESS NAME> nginx.ingress.kubernetes.io/wallarm-instance=<INSTANCE>

Wait for all the components to start

kubectl get po -l release=ingress-controller

Each pod should display the following: "STATUS: Running" and "READY: N/N". For example:

NAME                                                              READY     STATUS    RESTARTS   AGE
ingress-controller-nginx-ingress-controller-675c68d46d-cfck8      3/3       Running   0          5m
ingress-controller-nginx-ingress-controller-wallarm-tarantljj8g   8/8       Running   0          5m
ingress-controller-nginx-ingress-default-backend-584ffc6c7xj5xx   1/1       Running   0          5m

Known restrictions

  • IP blocking is not supported.
  • operation without the postanalytics service is not supported.
  • scaling down postanalytics service may result in a partial loss of attack data.

results matching ""

    No results matching ""