QuantWAF on CloudFlow
Learn how to deploy a QuantWAF instance at the edge for low latency, high availability and to secure your web applications. QuantWAF has been packaged as a helm chart so make sure to configure kubectl
.
note
Before starting, create a new CloudFlow Project, you can then optionally delete the default Deployment.
Prerequisites
- You will need a QuantWAF License, please contact QuantCDN directly to get a license key.
Create the values.yml
file
The QuantWAF helm chart provides a list of configuration options to aid in the deployment of the WAF instance. At minimum; nextHop.selector
and quant
keys must be defined in your values.yaml file. Please view QuantWAF documentation for a full list of supported values.
nextHop:
selector:
app: console-project
quant:
license: <your quantwaf license key>
endpoint: <your quant endpoint>
key: <your quant key>
organization: <your quant organization>
project: <your quant project>
NextHop.selector
is an object that matches selector values that have been applied to your applications deployment. The default section application deployment will use app: console-project
as the selector, however this will need to be updated to match selection criteria that you have defined for your application.
note
The configuration values for the quant
configuration object will be provided to you during onboarding.
Deploy It
Create a CloudFlow deployment for the QuantWAF instance with helm
and the values.yaml
file, ensuring that you have updated the values file accordingly. This will create all the required resources and configure the QuantWAF appropriately for your account.
helm install quant-waf quant-waf -f values.yaml
tip
You can review the resources that will be created with helm install --dry-run
before you apply directly to your cluster
Expose It
Expose it on the internet, mapping the container's port 80
.
apiVersion: v1
kind: Service
metadata:
labels:
app: ingress-upstream
name: ingress-upstream
spec:
ports:
- name: 80-80
port: 80
protocol: TCP
targetPort: 80
selector:
app.kubernetes.io/name: quant-waf
sessionAffinity: None
type: ClusterIP
Apply this service resource to your Project with either the Kubernetes dashboard or kubectl apply -f ingress-upstream.yaml
.
See the pods running on CloudFlow's network with either the Kubernetes dashboard or kubectl get pods -o wide
. The -o wide
switch shows where your app is running according to the default AEE location optimization strategy. Your app will be optimally deployed according to traffic. In lieu of significant traffic, your deployment will be made to default locations.
Finally, follow the instructions that configure DNS and TLS.
See What You've Built
See the QuantWAF instance you've deployed by visiting the https://quantwaf.example.com?q=/etc/hosts
, substituting quantwaf.example.com
according to your DNS and HTTPS configuration.