Imperva Cyber Community

Expand all | Collapse all

CI/CD for Distil Connector configs?

  • 1.  CI/CD for Distil Connector configs?

    Posted 14 days ago
    I am looking to see how other people manage multiple different config files for Distil Connector. We intergrate connector with Cloudflare and getting to the point I have been manually maintaining a couple of configs but this is not scalable longterm. So wanted to know if people are hand rolling the configs or using a pipeline approach?

    Thanks
    #AdvancedBotProtection

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------


  • 2.  RE: CI/CD for Distil Connector configs?

    Community Manager
    Posted 14 days ago
    Hi @Simon Gunton,

    Thank you for posting. Once person that might be able to help is @Muhammad Shoaib. He took the path of using the F5 connector​​, take a look at that post,  so I'm not sure if this helps at all. I did reach out to one of our experts, to see if they had some insights. More to come.

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------



  • 3.  RE: CI/CD for Distil Connector configs?

    Posted 13 days ago
    Hello @Christopher Detzel & @Simon Gunton,

    I haven't setup a pipeline to deploy F5 Connector to my load balancers. I am still in the POC phase.

    I have few hundred sites to be configured with F5 Connector and my plan is to use one Imperva bundle for all the sites. I haven't reached to a point where I can find any issues in this approach though.

    ​​​​

    ------------------------------
    Muhammad Shoaib
    Sr. Manager NRE
    Paciolan Inc.
    Irvine CA
    ------------------------------



  • 4.  RE: CI/CD for Distil Connector configs?

    Posted 12 days ago
    Thanks Muhammad,

    We sadly have a number of sites / portals etc that need handling slightly differently so won't get away with a single bundle coupled with then non production enviroments (for testing new bundles rather than actual protection) and so yes during our initial implementation single config and hand rolling was fine but now we are scaling it is being challenging and I haven't got as far as thinking about our whitelabel/affiliate domains :s

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------



  • 5.  RE: CI/CD for Distil Connector configs?

    Imperva Employee
    Posted 14 days ago
    Hi Simon! What does your current Cloudflare connector build pipeline look like? That might help us provide you some custom guidance.

    ------------------------------
    John Cosgrove
    ------------------------------



  • 6.  RE: CI/CD for Distil Connector configs?

    Posted 14 days ago
    Hi John,

    Pipeline is about 6 foot 4, pink slightly squidgy under lockdown and converts caffeine into sarcasm.

    We are at ground zero the end to end is hand rolled for the most part, and now getting to the point where we are going to have multiple domains with a prod and non prod variant etc and so doing this by hand is no longer making sense. Our tool of choice will be GoCD but beyond that was looking for hints/tips/gotchas from people who have reached this point before :)

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------



  • 7.  RE: CI/CD for Distil Connector configs?

    Imperva Employee
    Posted 14 days ago
    Hah! :) 

    I haven't personally seen anyone's build pipeline for CF workers. I was able to find this resource online though from edX, which documents a setup using Terraform and GoCD. Looks like they have CF workers as a piece of their whole stack, so maybe there are things here to borrow?

    ------------------------------
    John Cosgrove
    ------------------------------



  • 8.  RE: CI/CD for Distil Connector configs?

    Posted 13 days ago
    So I know the Cloudflare end won't be too hard to solve, it was more how people were taking the Imperva bundle, making there own customisation changes to it and then creating the build and getting the artifact out the other end, and handling the requirement for multiple different variations on this. So could be multiple pipelines that handle the main domain problem I have, with then just different build steps within it for prod & non prod configs.

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------