In this demo we show how to deploy NGINX App Protect in Kubernetes as part of a CI/CD pipeline in a per-service mode.

You may want to consider deploying WAF as a per‑service proxy when the following conditions are true:

• WAF policies are under the direction of a DevSecOps team and are specific to a small number of services.
• Updates to the policies can be managed by either a suitable container‑aware API, or by updating the WAF proxy Deployment.
• The WAF device operates appropriately in a Kubernetes environment.