Skip to content

Upgrading Wallarm Native Node with Helm Chart

These instructions describe the steps to upgrade the Native Node deployed using Helm chart.

View Helm chart releases

Requirements

The Kubernetes cluster for deploying the Native Node with the Helm chart must meet the following criteria:

  • Helm v3 package manager installed.

  • Inbound access from your API gateway or CDN where your APIs are running.

  • Outbound access to:

    • https://charts.wallarm.com to download the Wallarm Helm chart
    • https://hub.docker.com/r/wallarm to download the Docker images required for the deployment
    • https://us1.api.wallarm.com or https://api.wallarm.com for US/EU Wallarm Cloud
    • IP addresses below for downloading updates to attack detection rules and API specifications, as well as retrieving precise IPs for your allowlisted, denylisted, or graylisted countries, regions, or data centers

      34.96.64.17
      34.110.183.149
      35.235.66.155
      34.102.90.100
      34.94.156.115
      35.235.115.105
      
      34.160.38.183
      34.144.227.90
      34.90.110.226
      
  • In addition to the above, you should have the Administrator role assigned in Wallarm Console.

1. Update the Wallarm Helm chart repository

helm repo update wallarm

2. Upgrade the Wallarm Kubernetes service

Upgrade the deployed Kubernetes service or Load Balancer:

helm upgrade <RELEASE_NAME> -n <NAMESPACE> wallarm/wallarm-node-native --version 0.12.0 -f <PATH_TO_VALUES>
  • <RELEASE_NAME>: the name of the existing Helm release

  • <NAMESPACE>: the namespace with the Helm release

  • <PATH_TO_VALUES>: the path to the values.yaml file defining the deployed solution configuration

    When upgrading to version 0.10.1 or higher, remove the config.connector.log_level parameter if specified. It has been replaced by the config.connector.log section for more granular logging. Specify the log.* parameters if customization is needed.

3. Verify the upgrade

  1. Verify that the Wallarm pods are up and running:

    kubectl -n <NAMESPACE> get pods
    

    Each pod status should be STATUS: Running or READY: N/N. For example:

    NAME                                READY   STATUS    RESTARTS   AGE
    native-aggregation-5fb5d5444b-6c8n8   3/3     Running   0          51m
    native-processing-7c487bbdc6-4j6mz    3/3     Running   0          51m
    
  2. Send the request with the test Path Traversal attack to your API gateway:

    curl https://<GATEWAY_IP>/etc/passwd
    
  3. Verify that the upgraded node operates as expected compared to the previous version.