Deploy firewall engines that attach to your Kubernetes Gateways, and manage rules through native Kubernetes resources.
Built on Coraza with full ModSecurity SecLang compatibility.
Engine API
Declaratively manage WAF instances attached to Kubernetes Gateways. Deploy and configure firewall engines through simple custom resources.
RuleSet API
Aggregate RuleSource and optional RuleData objects into a RuleSet. Rules are compiled, validated, and cached before being served to engines.
Live Rule Updates
Rules are polled by engines at configurable intervals, enabling updates without restarts or redeployments.
Automatic Validation
Rules are compiled and validated before being served. Invalid rules are caught early, with clear status conditions.
Multi-Platform
Runs on Kubernetes v1.32+ and OpenShift v4.20+. Integrates with Istio via WebAssembly (WASM) plugins.
Where to Start
| If you are… | Start here |
|---|---|
| New to the operator? | Getting Started on Kubernetes |
| Running OpenShift? | Getting Started on OpenShift |
| Looking for a specific task? | How-to Guides |
| Need API details? | Reference |
| Want to understand the design? | Explanation |