API Protect: Istio Agent Deployment

Owned by John Gerlock
Jul 24, 2023
3 min read

Overview

The Data Theorem API Protect Istio agent can be deployed to one or several kubernetes clusters in order to monitor and collect data about incoming API requests. The data is then sent to Data Theorem’s platform for further analysis, in order to automatically discover APIs and detect attacks.

Deployment

Deploying the agent requires a configured Istio installation and the two zip archives you should receive during oboarding.

If you haven’t received the zip archives yet, please contact support@datatheorem.com.

These instructions will enable traffic mirroring for selected incoming requests; the request will be sent to Data Theorem’s traffic analyzer services.

Installation

Step 1 : Extract all the items which you should receive during the onboarding process.

unzip ISTIO.zip unzip network_analyzer_helm_charts.zip

Step 2 : Verify you are configured for the correct kubernetes cluster

kubectl config current-context

Step 3 : Install the API Protect base services

 

helm install network-analyzer \ ./network_analyzer \ --create-namespace \ --namespace datatheorem

Step 4 : Now you should have some kubernetes services/pods looking like this:

 

Step 5 : Find existing VirtualServices

Review existing VirtualServices with the following command:

Step 6 : Choose a VirtualService to mirror traffic

After choosing an appropriate VirtualService backed by a Gateway, retrieve the kubectl YAML for it with the following command:

Now if your output were to look something like this

 

Then to add the mirroring it should modified like this:

 

Now save your YAML to a file named kube.yaml, and execute it with the following:

Step 7 : Verify the deployment

It should look something like this

Finished.