Web Application Firewall setup admission controller

This admission controller acts as a MutatingAdmissionWebhook and adds modsecurity waf to ingresses.

Installation

1. install the dependencies
2. download and verify setup.yaml
3. deploy admission controller kubectl apply -f setup.yaml

Dependencies

• Cert Manager is used to set up certificates to validate the webhook against the kubernetes control plane.

Usage

The Admission controller adds WAF enabling annotations to all ingresses by default.

Disable for a Ingress

Create an ingress and add the annotation ingress-waf/enabled: "false".

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress-waf/enabled: "false"
  name: some-ingress
spec:
  rules:
    - host: "domain.tld"

Ingresses with this annotation will skip the WAF setup.

local development

1. install tilt, helm, helmfile, helm diff, and kind
2. setup kind with local registry
3. deploy dependencies helmfile sync
4. start environment tilt up