Goals & Objectives
The lab consist of two modules describe as below.
In this module, lab users will be utilizing visual studio code to modify the OpenAPI spec and push the code to the GitLab CE server, this action will trigger an automated pipeline that deploys and configures the Kubernetes workload via Terraform and provisions the virtual servers and AWAF policies on the F5 BIG-IP. After the pipeline is deployed user can access the application, review the learning suggestion generated by the policy.
In this module, lab users will be modifying the AWAF policy by incorporating the learning suggestions generated by pipeline and commit the code to GitLab. This action will trigger an automated pipeline to redeploy on the BIG-IP services. The policies will also be tested using the F5 WAF tester tool, which tests the policies against OWASP top 10 attacks and well-known vulnerabilities.
Hardware & Software
- 1 x Windows Jump host (Win10) with vscode installed
- 1 x CICD and Docker(NGINX API gw, Dev Portal) (Ubuntu 18.04)
- 3 x Kubernetes cluster Nodes (Ubuntu 18.04) VM's
- 1 x Active Directory Server (Win Server 2012 R2)
- 1 x NGINX Controller 3.6.0 (Ubuntu 18.04)
- 1 x BIG-IP v 16.1.0
- 1 x GitLab CE server (Ubuntu 18.04)
- 1 x Vyos Router (Ubuntu 18.04)