Skip to main content

QuantWAF on CloudFlow

Learn how to deploy a QuantWAF instance at the edge for low latency, high availability and to secure your web applications. QuantWAF has been packaged as a helm chart so make sure to configure kubectl.

note

Before starting, create a new CloudFlow Project, you can then optionally delete the default Deployment.

Prerequisites

  • You will need a QuantWAF License, please contact QuantCDN directly to get a license key.

Create the values.yml file

The QuantWAF helm chart provides a list of configuration options to aid in the deployment of the WAF instance. At minimum; nextHop.selector and quant keys must be defined in your values.yaml file. Please view QuantWAF documentation for a full list of supported values.

values.yaml
nextHop:
selector:
app: console-project
quant:
license: <your quantwaf license key>
endpoint: <your quant endpoint>
key: <your quant key>
organization: <your quant organization>
project: <your quant project>

NextHop.selector is an object that matches selector values that have been applied to your applications deployment. The default section application deployment will use app: console-project as the selector, however this will need to be updated to match selection criteria that you have defined for your application.

note

The configuration values for the quant configuration object will be provided to you during onboarding.

Deploy It

Create a CloudFlow deployment for the QuantWAF instance with helm and the values.yaml file, ensuring that you have updated the values file accordingly. This will create all the required resources and configure the QuantWAF appropriately for your account.

helm install quant-waf quant-waf -f values.yaml
tip

You can review the resources that will be created with helm install --dry-run before you apply directly to your cluster

Expose It

Expose it on the internet, mapping the container's port 80.

ingress-upstream.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-upstream
name: ingress-upstream
spec:
ports:
- name: 80-80
port: 80
protocol: TCP
targetPort: 80
selector:
app.kubernetes.io/name: quant-waf
sessionAffinity: None
type: ClusterIP

Apply this service resource to your Project with either the Kubernetes dashboard or kubectl apply -f ingress-upstream.yaml.

See the pods running on CloudFlow's network with either the Kubernetes dashboard or kubectl get pods -o wide. The -o wide switch shows where your app is running according to the default AEE location optimization strategy. Your app will be optimally deployed according to traffic. In lieu of significant traffic, your deployment will be made to default locations.

Finally, follow the instructions that configure DNS and TLS.

See What You've Built

See the QuantWAF instance you've deployed by visiting the https://quantwaf.example.com?q=/etc/hosts, substituting quantwaf.example.com according to your DNS and HTTPS configuration.