API Protect: Gloo Edge Agent Deployment
- Philip Deegan (Unlicensed)
Overview
The Data Theorem API Protect Gloo Edge agent can be deployed to one or several kubernetes clusters in order to monitor and collect data about incoming API requests. The data is then sent to Data Theorem’s platform for further analysis, in order to automatically discover APIs and detect attacks.
Deployment
Deploying the agent requires a configured Gloo Edge installation and the zip archive you should receive during oboarding.
If you haven’t received the zip archive yet, please contact support@datatheorem.com.
These instructions will enable traffic mirroring for selected incoming requests; the request will be sent to Data Theorem’s traffic analyzer services.
Installation
Step 1 : Extract all the items which you should receive during the onboarding process.
unzip DataTheorem-APIProtect-GLOO.zipStep 2 : Verify you are configured for the correct kubernetes cluster
kubectl config current-context
Step 3 : Install the API Protect for a given upstream
Find existing upstream configurations
glooctl get upstream
Step 4 : Choose an upstream to mirror and list its endpoints e.g "default-petstore-8080"
Add mirroring to the chosen endpoint. This step must be repeated for each endpoint.
KUBE_UPSTREAM_NAMESPACE=default
KUBE_UPSTREAM_NAME=petstore
KUBE_UPSTREAM_PORT=8080
printf -v UPSTREAM_ID "%05d" $(helm -n datatheorem list --filter 'gloo-vtap-endpoint' | wc -l)
helm install "gloo-vtap-endpoint-${UPSTREAM_ID}" \
./gloo_vtap_endpoint \\
--create-namespace \\
--namespace datatheorem \\
--set kubeUpstreamNamespace=${KUBE_UPSTREAM_NAMESPACE} \\
--set kubeUpstreamName=${KUBE_UPSTREAM_NAME} \\
--set kubeUpstreamPort=${KUBE_UPSTREAM_PORT}Step 9 : Verify the deployment
It should look something like this
helm list -n datatheorem
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
gloo-vtap-endpoint-00001 datatheorem 1 2023-06-20 11:56:08.223009524 +0100 CET deployed apiprotect_gloo_vtap-1.0.0 1.0.5Test the deployment
Finished.