Installation in the Kubernetes Cluster

Prerequisites

In the Kubernetes cluster:

Installation on Kubernetes

  1. Create a Cloud Node in Wallarm console and copy token
  2. Add a Helm repository
    $ helm repo add wallarm https://repo.wallarm.com/charts/stable
     $ helm repo update
    
  3. Install Wallarm Ingress Controller

    Run the command depending on the Cloud you are using.

    EU Cloud
    US Cloud
    $ helm install wallarm/wallarm-ingress -n ingress-controller --set controller.wallarm.token= --set controller.wallarm.enabled=true
    
    $ helm install wallarm/wallarm-ingress -n ingress-controller --set controller.wallarm.apiHost=us1.api.wallarm.com --set controller.wallarm.token= --set controller.wallarm.enabled=true
    

Switch from the NGINX Ingress Controller Already in Use

  1. Create a Cloud Node in Wallarm console and copy token
  2. Add a Helm repository
     $ helm repo add wallarm https://repo.wallarm.com/charts/stable
     $ helm repo update
    
  3. Replace Nginx Ingress Controller for Wallarm Ingress Controller

    Run the command depending on the Cloud you are using.

    Instead <INGRESS CONTROLLER NAME> fill in the name of the Ingress Controller you are using. Usually, it is ingress-controller.

    EU Cloud
    US Cloud
    $ helm upgrade  wallarm/wallarm-ingress --reuse-values --set controller.wallarm.token= --set controller.wallarm.enabled=true
    
    $ helm upgrade  wallarm/wallarm-ingress --reuse-values --set controller.wallarm.apiHost=us1.api.wallarm.com --set controller.wallarm.token= --set controller.wallarm.enabled=true
    

Enable Traffic Analysis for Ingress

Instead of <YOUR INGRESS NAME>, use the name of the Ingress instance for which traffic analysis should be enabled.

Instead of <INSTANCE>, fill in a positive number which is unique to each of your applications or application groups. This will allow you to obtain separate statistics and distinguish between the attacks aimed at corresponding applications.

$ kubectl annotate ingress  nginx.ingress.kubernetes.io/wallarm-mode=monitoring
$ kubectl annotate ingress  nginx.ingress.kubernetes.io/wallarm-instance=

Wait for the Components to Start

$ kubectl get po -l release=ingress-controller

Each pod should display the following: "STATUS: Running" and "READY: N/N". For example:

NAME                                                              READY     STATUS    RESTARTS   AGE
ingress-controller-nginx-ingress-controller-675c68d46d-cfck8      3/3       Running   0          5m
ingress-controller-nginx-ingress-controller-wallarm-tarantljj8g   8/8       Running   0          5m
ingress-controller-nginx-ingress-default-backend-584ffc6c7xj5xx   1/1       Running   0          5m

Known Restrictions

  • IP blocking is not supported.
  • operation without the postanalytics service is not supported.
  • scaling down postanalytics service may result in a partial loss of attack data.

results matching ""

    No results matching ""