Web Application Firewall setup admission controller

This admission controller acts as a MutatingAdmissionWebhook and adds modsecurity waf to ingresses.

Installation

install the dependencies
download and verify setup.yaml
deploy admission controller kubectl apply -f setup.yaml

Dependencies

Cert Manager is used to set up certificates to validate the webhook against the kubernetes control plane.

Usage

The Admission controller adds WAF enabling annotations to all ingresses by default.

Disable for a Ingress

Create an ingress and add the annotation ingress-waf/enabled: "false".

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress-waf/enabled: "false"
  name: some-ingress
spec:
  rules:
    - host: "domain.tld"

Ingresses with this annotation will skip the WAF setup.

local development

install tilt, helm, helmfile, helm diff, and kind
setup kind with local registry
deploy dependencies helmfile sync
start environment tilt up

Name		Name	Last commit message	Last commit date
Latest commit History 253 Commits
.github/workflows		.github/workflows
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
Tiltfile		Tiltfile
entrypoint.sh		entrypoint.sh
go.mod		go.mod
go.sum		go.sum
helmfile.yaml		helmfile.yaml
main.go		main.go
mutatingwebhook.go		mutatingwebhook.go
renovate.json		renovate.json
setup.yaml		setup.yaml
verify.yaml		verify.yaml

License

turbine-kreuzberg/ingress-waf-admission-controller

Folders and files

Latest commit

History

Repository files navigation

Web Application Firewall setup admission controller

Installation

Dependencies

Usage

Disable for a Ingress

local development

About

Resources

License

Stars

Watchers

Forks

Languages