Enable ModSecurity Web Application Firewall on cluster ingress controller
Problem to solve
We want to introduce a Web Application Firewall (WAF) to protect applications that are deployed to Kubernetes using our GitLab integration.
The nginx ingress controller supports ModSecurity and allows to enable it via annotations:
We should enable ModSecurity when we install the ingress, and allow users to leverage it.
Enable ModSecurity when installing the cluster ingress, in detection-only mode. We should allow also to enable/upgrade it for existing clusters.
Once the WAF is enabled, enable also the default OWASP rules to provide some initial coverage.
Logs will be created to track malicious requests for deployed applications. We should define if we want to enable rules for all the sites during the installation, or to allow applications to enable tracking (Auto DevOps will enable by default).
What does success look like, and how can we measure that?
Ingress controllers with ModSecurity enabled.