Deploy Higress in 5 Minutes: Quick Cloud‑Native Gateway Setup and WAF Demo
This step‑by‑step guide shows how to configure an Alibaba Cloud ACK cluster, install the Higress cloud‑native gateway with Helm, enable Prometheus monitoring via ARMS, and activate the built‑in WAF plugin to block a simulated SQL‑injection request, complete with screenshots and commands.
Introduction
Higress is a cloud‑native API gateway that implements the Kubernetes Ingress API and has been stress‑tested during Alibaba’s Double‑11 peak. It can replace Ingress‑Nginx as a production‑grade ingress controller.
Step 0 – Prepare ACK cluster and sample application
If the ACK cluster has no existing Ingress provider, install Higress directly. If other providers (e.g., Nginx Ingress) are present, set the Helm parameter --set global.ingressClass="" so Higress watches all Ingress resources, enabling a smooth migration.
Deploy a WordPress workload from the ACK marketplace and expose it with a Service of type ClusterIP (virtual IP).
Step 1 – Install Higress
Run the following Helm commands (requires kubectl access):
# Add Higress official Helm repository
helm repo add higress.io https://higress.io/helm-charts
# Install Higress core components
helm install higress higress.io/higress -n higress-system --create-namespace
# Install Higress Console UI
helm install higress-console higress.io/higress-console -n higress-systemVerify the console Ingress resource: kubectl get ing -n higress-system The ADDRESS column shows a public IP. Add an entry mapping console.higress.io to this IP in /etc/hosts, then open http://console.higress.io in a browser.
Note: The console version 0.0.2 lacks authentication and is not recommended for production use.
Step 2 – Configure monitoring with ARMS (Prometheus)
In the ARMS Prometheus instance, enable the kubernetes-pods service‑discovery switch so that pod annotations expose metric endpoints.
Import the Higress Grafana dashboard JSON from the following URL:
https://higress.io/grafana/dashboard.jsonStep 3 – Enable the WAF plugin
Higress provides several Wasm plugins. To enable the open‑source corazawaf WAF with the full OWASP CRS rule set, apply the sample manifest:
kubectl apply -f https://higress.io/samples/waf.yamlSubmit a request containing a simulated SQL‑injection payload to the WordPress site; Higress returns HTTP 403, records the event in metrics, and logs the exact denial reason.
Community
The open‑source repository and plugin collection are hosted at:
https://github.com/alibaba/higress/tree/main/pluginsSigned-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Alibaba Cloud Native
We publish cloud-native tech news, curate in-depth content, host regular events and live streams, and share Alibaba product and user case studies. Join us to explore and share the cloud-native insights you need.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.