Install on Kubernetes with Helm

Install the Coraza Kubernetes Operator on a Kubernetes cluster using Helm.

This guide covers installing the Coraza Kubernetes Operator using Helm on a standard Kubernetes cluster.

Prerequisites

Install from the Helm Repository

Add the Helm repository hosted on GitHub Pages and install:

helm repo add coraza-kubernetes-operator \
  https://networking-incubator.github.io/coraza-kubernetes-operator/
helm repo update

helm upgrade --install coraza-kubernetes-operator \
  coraza-kubernetes-operator/coraza-kubernetes-operator \
  --namespace coraza-system \
  --create-namespace

Pin a Specific Version

helm upgrade --install coraza-kubernetes-operator \
  coraza-kubernetes-operator/coraza-kubernetes-operator \
  --namespace coraza-system \
  --create-namespace \
  --version <chart-version>

Replace <chart-version> with the desired version (e.g. 0.1.0). Available versions are listed on the releases page.

Customize the Installation

Override default values by passing individual settings:

helm upgrade --install coraza-kubernetes-operator \
  coraza-kubernetes-operator/coraza-kubernetes-operator \
  --namespace coraza-system \
  --create-namespace \
  --set logging.level=debug \
  --set metrics.serviceMonitor.enabled=true

Alternatively, create a custom values file:

# custom-values.yaml
logging:
  level: debug
  encoder: console

metrics:
  serviceMonitor:
    enabled: true

resources:
  requests:
    cpu: 50m
    memory: 256Mi
  limits:
    cpu: "1"
    memory: 512Mi

helm upgrade --install coraza-kubernetes-operator \
  coraza-kubernetes-operator/coraza-kubernetes-operator \
  --namespace coraza-system \
  --create-namespace \
  -f custom-values.yaml

For the complete list of configurable values, see the Helm Chart Values reference.

Verify the Installation

Check that the operator pod is running:

kubectl get pods -n coraza-system

Check the operator logs:

kubectl logs -n coraza-system deploy/coraza-kubernetes-operator

Uninstall

helm uninstall coraza-kubernetes-operator -n coraza-system

To also remove the CRDs:

kubectl delete crd engines.waf.k8s.coraza.io rulesets.waf.k8s.coraza.io