Levo Protection Module on Kubernetes

Install on Kubernetes

Prerequisites

Kubernetes version >= v1.18.0
Helm v3 installed and configured.
The Kubernetes cluster API endpoint should be reachable from the machine you are running Helm.
kubectl access to the cluster, with cluster-admin permissions.

1. Add Levo Helm Repository

helm repo add levoai https://charts.levo.ai && helm repo update levoai

2. Get your Levo credentials

Authorization key: Refer to Generating CLI Authorization Keys.
Organization ID: Refer to Accessing Organization IDs.

3. Create `levoai` Namespace and Install Protection Module

helm upgrade --install levoai-protection \
  --set extraEnv.LEVOAI_AUTH_KEY="<LEVOAI-AUTH-KEY>" \
  --set extraEnv.LEVOAI_ORG_ID="<LEVOAI-ORG-ID>" \
  --set extraEnv.LEVOAI_BASE_URL="<ApiUrl />" \
  --set extraEnv.LEVOAI_ENV="<Your Environment>" \
  --namespace levoai \
  --create-namespace \
  levoai/levoai-protection

info

You may need to set a different Levo Base URL if your SaaS/Dashboard account is created in the India domain.

For example, if you are accessing the Levo Dashboard with app.india-1.levo.ai, the installation command will be:

helm upgrade --install levoai-protection \
  --set extraEnv.LEVOAI_AUTH_KEY="<LEVOAI-AUTH-KEY>" \
  --set extraEnv.LEVOAI_ORG_ID="<LEVOAI-ORG-ID>" \
  --set extraEnv.LEVOAI_BASE_URL="https://api.india-1.levo.ai" \
  --set extraEnv.LEVOAI_ENV="<Your Environment>" \
  --namespace levoai \
  --create-namespace \
  levoai/levoai-protection

4. Add Server Configurations

Edit the configmap levoai-protection-nginx:

kubectl edit configmap levoai-protection-nginx

Add the server details using Nginx configuration.

5. Configure TLS for the Protection Module

For TLS, create a secret using the CRT and key:

kubectl create secret tls levoai-protection-tls-secret \
           --cert=./selfsigned.crt \
           --key=./selfsigned.key

Enable tls in values.yaml and specify the secret name levoai-protection-tls-secret in existingSecretName. Perform a Helm upgrade/install.

Edit the Nginx configuration using the configmap levoai-protection-nginx.

Certificates will be available in /etc/nginx/tls.

Sample Nginx configuration:

server {
            listen 443 ssl;
            server_name _;

            ssl_certificate /etc/nginx/tls/tls.crt;
            ssl_certificate_key /etc/nginx/tls/tls.key;
            location / {
                proxy_pass https://crapi-web:443;  # Replace with your backend
            }
        }

6. Other Resources

Add Custom modsec rules in the levoai-protection-modsec configmap.
Add Custom Lua scripts in the levoai-protection-lua configmap.
If you want to add multiple server configurations, add them by:
- Editing the levoai-protection-confd configmap.
- Or in the values.yml file, under confD, add the server config file content.
Refer to the Common Tasks page to know more about APIs for the protection module.

Install on Kubernetes​

Prerequisites​

1. Add Levo Helm Repository​

2. Get your Levo credentials​

3. Create levoai Namespace and Install Protection Module​

4. Add Server Configurations​

5. Configure TLS for the Protection Module​

6. Other Resources​