Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  CI/CD for Distil Connector configs?

    Posted 10-13-2020 11:55
    I am looking to see how other people manage multiple different config files for Distil Connector. We intergrate connector with Cloudflare and getting to the point I have been manually maintaining a couple of configs but this is not scalable longterm. So wanted to know if people are hand rolling the configs or using a pipeline approach?

    Thanks
    #AdvancedBotProtection

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------


  • 2.  RE: CI/CD for Distil Connector configs?

    Posted 10-13-2020 12:34
    Hi @Simon Gunton,

    Thank you for posting. Once person that might be able to help is @Muhammad Shoaib. He took the path of using the F5 connector​​, take a look at that post,  so I'm not sure if this helps at all. I did reach out to one of our experts, to see if they had some insights. More to come.

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------

    Original Message


  • 3.  RE: CI/CD for Distil Connector configs?

    Posted 10-14-2020 14:57
    Hello @Christopher Detzel & @Simon Gunton,

    I haven't setup a pipeline to deploy F5 Connector to my load balancers. I am still in the POC phase.

    I have few hundred sites to be configured with F5 Connector and my plan is to use one Imperva bundle for all the sites. I haven't reached to a point where I can find any issues in this approach though.

    ​​​​

    ------------------------------
    Muhammad Shoaib
    Sr. Manager NRE
    Paciolan Inc.
    Irvine CA
    ------------------------------

    Original Message


  • 4.  RE: CI/CD for Distil Connector configs?

    Posted 10-15-2020 04:10
    Thanks Muhammad,

    We sadly have a number of sites / portals etc that need handling slightly differently so won't get away with a single bundle coupled with then non production enviroments (for testing new bundles rather than actual protection) and so yes during our initial implementation single config and hand rolling was fine but now we are scaling it is being challenging and I haven't got as far as thinking about our whitelabel/affiliate domains :s

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------

    Original Message


  • 5.  RE: CI/CD for Distil Connector configs?

    Posted 10-13-2020 13:20
    Hi Simon! What does your current Cloudflare connector build pipeline look like? That might help us provide you some custom guidance.

    ------------------------------
    John Cosgrove
    ------------------------------

    Original Message


  • 6.  RE: CI/CD for Distil Connector configs?

    Posted 10-13-2020 13:37
    Hi John,

    Pipeline is about 6 foot 4, pink slightly squidgy under lockdown and converts caffeine into sarcasm.

    We are at ground zero the end to end is hand rolled for the most part, and now getting to the point where we are going to have multiple domains with a prod and non prod variant etc and so doing this by hand is no longer making sense. Our tool of choice will be GoCD but beyond that was looking for hints/tips/gotchas from people who have reached this point before :)

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------

    Original Message


  • 7.  RE: CI/CD for Distil Connector configs?

    Posted 10-13-2020 17:01
    Hah! :) 

    I haven't personally seen anyone's build pipeline for CF workers. I was able to find this resource online though from edX, which documents a setup using Terraform and GoCD. Looks like they have CF workers as a piece of their whole stack, so maybe there are things here to borrow?

    ------------------------------
    John Cosgrove
    ------------------------------

    Original Message


  • 8.  RE: CI/CD for Distil Connector configs?

    Posted 10-14-2020 04:11
    So I know the Cloudflare end won't be too hard to solve, it was more how people were taking the Imperva bundle, making there own customisation changes to it and then creating the build and getting the artifact out the other end, and handling the requirement for multiple different variations on this. So could be multiple pipelines that handle the main domain problem I have, with then just different build steps within it for prod & non prod configs.

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------

    Original Message


  • 9.  RE: CI/CD for Distil Connector configs?

    Posted 11-05-2020 08:54
    Hey Simon, I gathered some feedback from some smart people internally. The easiest option that we can recommend is for you to use version control software such as git to manage and maintain revisions. You could unzip the Connector that you are using, create a git repository from that unzipped package, and make revisions and updates from that package. You could follow a similar methodology for the other Connector integrations as needed. I hope this helps.

    ------------------------------
    Brooks Cunningham
    ------------------------------

    Original Message


  • 10.  RE: CI/CD for Distil Connector configs?

    Posted 11-05-2020 09:06
    Hey Brooks,

    We use Gitlab internally and we do commit the code bases back there but was a little more around structure and managing builting multiple varients etc. As it is I actually ended up in a call with a chap call Peter Klimek a couple of weeks back might be worth you touching base with him as was a couple of improvements we suggested in what we get given and is talk of changing the distribution method as well :)

    ------------------------------
    Simon Gunton
    Technical Lead - Business Operations
    Rentalcars.com
    ------------------------------

    Original Message