About the project

The project centered on building a Kubernetes Operator for Akamai WAF – a tool that allows development teams to configure Akamai edge hostnames, DNS records, security policies and CP codes directly through Kubernetes manifests.

By mimicking the familiar Ingress controller pattern, the operator integrates Akamai’s powerful WAF and CDN capabilities into the Kubernetes ecosystem, treating them like first-class citizens within cluster management.

The operator was built to:

Enable self-service for application teams
Integrate WAF configuration into CI/CD pipelines
Offer full GitOps compatibility
Automate Akamai provisioning while maintaining security and auditability

Challenges

Before this solution, Akamai configuration was handled manually via external portals, dedicated infrastructure teams and scripted API calls, often outside the application lifecycle. This created several pain points:

Long lead times for provisioning or updates
Error-prone manual changes
Lack of version control
Minimal developer visibility or ownership
Poor integration with CI/CD and GitOps practices

Moreover, the complexity of Akamai’s APIs (EdgeGrid, PAPI, CPS) made it difficult to standardize changes and embed them in a modern DevSecOps workflow.

Solution

To solve these challenges, our team built a full-featured Kubernetes Operator, designed with developer usability and GitOps principles at its core.

Ingress-Inspired CRDs
The operator introduced AkamaiIngress, a custom resource definition (CRD) that mimics Kubernetes Ingress, but for Akamai infrastructure. This enables developers to treat Akamai as an extension of the cluster, not a separate system.

Infrastructure-as-Code for Edge Security
Akamai WAF configurations could now be defined and managed declaratively in Git, eliminating the need for portal access or scripting.

Developer Ownership of WAF
Application teams could define their hostname and WAF configs directly through Kubernetes manifests, empowering faster iterations and self-service.

Seamless Bridge to Global CDN
By abstracting Akamai’s APIs behind a native Kubernetes layer, the operator served as a powerful gateway between Kubernetes and Akamai’s global infrastructure.

Technologies used

CRDs

Kopf

PAPI, CPS, EdgeGrid APIs

Kubernetes Secrets

GitOps

Prometheus

Results

The implementation of the Akamai WAF Kubernetes Operator led to a significant transformation in how the organization managed edge configurations. What once required coordination between multiple teams and manual updates via portals or scripts could now be handled declaratively, directly from Git. This shift reduced the time to provision or update Akamai configurations by over 90%, while virtually eliminating the risk of manual error. Developers could manage WAF policies and DNS entries on their own, without depending on separate infrastructure teams or external tooling.

By integrating Akamai management into Kubernetes-native workflows, we enabled real-time, automated reconciliation of security configurations. This improved the security posture across environments, ensuring that any change went through version-controlled CI/CD pipelines with full traceability. Self-service became the default, not the exception, speeding up iterations and reducing the bottlenecks that previously stalled deployments.

Just as importantly, this solution aligned edge infrastructure management with GitOps best practices. Infrastructure changes became reproducible, auditable and far more resilient to misconfigurations.

Perspective

This project reimagined how global CDN and WAF configurations can be managed in the Kubernetes era. By bringing Akamai into the Kubernetes-native workflow, the operator transformed how teams think about ownership, speed and security at the edge.

Looking ahead, this operator provides a solid foundation for future innovation: