AppSentinels Controller Deployment
The AppSentinels Controller processes API traffic from Sensors, and forwarding it to the Cloud Platform. This enables API discovery, parameter analysis, and AI/ML-driven security insights. As the first line of defense, the Controller detects and mitigates API attacks in real-time, enforcing security policies either directly or through Firewalls and API Gateways to ensure robust application protection.
Prerequisites
The following requirements must be met for deploying the AppSentinels Controller:
System Requirements
- Operating System: Ubuntu 22.04 or later / Red Hat 8.6 or later
- CPU: 4 cores (x86_64)
- RAM: 8 GB
- Disk Space: 50 GB of free space in the /var partition
Required Packages
- Docker: Version 23.0 or higher
- Docker Compose: Version 1.28.6 or higher (if deploying with docker-compose)
Network Connectivity Requirements
- Outbound TCP Port 443 must be open in the firewall to enable data transmission to the AppSentinels Security Platform.
- TCP Port 9002-9009 must be open to allow the AppSentinels Sensor/Plugin to send traffic logs to the AppSentinels Controller.
-
Access to Docker repositories is required to download the image. The
following domains must be whitelisted:
- docker.io
- auth.docker.io
- registry-1.docker.io
- production.cloudflare.docker.com
Deployment Options
AppSentinels Controller is available as a containerized application and can be deployed in a Docker or Kubernetes environment.
AppSentinels Controller Configuration Parameters
The following table provides details of the essential configuration parameters required for deploying the AppSentinels Controller. These parameters define the controller's connectivity, authentication, and integration with the application environment.
| Parameter | Description | Example |
|---|---|---|
| SAAS_SERVER_NAME | The fully qualified domain name (FQDN) of the AppSentinels Security Platform. | cloud.appsentinels.com |
| SAAS_API_KEY_VALUE | The API key used to authenticate the controller. | ******* |
| APPLICATION_DOMAIN | The domain of the application integrated with the controller. | PartnerApps |
| ENVIRONMENT | The deployment environment where the controller is running. | Production or Staging |
Deploying Controller Using Docker-Compose
Use the following YAML configuration:
version: "3.3"
volumes:
appsentinels_onprem_config: {}
services:
ng-edge-controller:
container_name: appsentinels-controller
restart: on-failure:5
image: appsentinels/ng-controller:latest
hostname: appsentinels-controller-<App Domain>
environment:
- APPLICATION_DOMAIN=<App Domain>
- ENVIRONMENT=<App Environment>
- SAAS_SERVER_NAME=<AppSentinels-Platform-FQDN>
- SAAS_API_KEY_VALUE=<API-KEY>
# Enable below for TLS logging
#- TLS_ENABLED_FOR_PLUGINS=true
ports:
- "9004:9004"
- "9006:9006"
- "9007:9007"
deploy:
replicas: 1
restart_policy:
condition: on-failure
resources:
limits:
cpus: '4'
memory: 8192M
logging:
driver: local
options:
max-size: 10m
volumes:
- appsentinels_onprem_config:/usr/local/appsentinels-onprem/config
# Enable below for TLS logging & have the certs in the same directory
#- ./server_public.pem:/certs/server.crt
#- ./server_private.pem:/certs/server.key
To deploy the controller using the above Docker Compose configuration, execute the following command in the terminal:
docker-compose -f docker-compose.yaml up -dDeploying Controller Using Kubernetes
Use the following Kubernetes Deployment configuration:
apiVersion: apps/v1
kind: Deployment
metadata:
name: appsentinels-controller
labels:
app: appsentinels-controller
spec:
replicas: 1
selector:
matchLabels:
app: appsentinels-controller
template:
metadata:
labels:
app: appsentinels-controller
spec:
containers:
- name: appsentinels-controller
image: appsentinels/ng-controller:latest
imagePullPolicy: Always
ports:
- containerPort: 9004
env:
- name: APPLICATION_DOMAIN
value: "<App Domain>"
- name: ENVIRONMENT
value: "<App Environment>"
- name: SAAS_SERVER_NAME
value: "<AppSentinels-Platform-FQDN>"
- name: SAAS_API_KEY_VALUE
value: "<API-KEY>"
# Uncomment the below to enable TLS logging
# - name: TLS_ENABLED_FOR_PLUGINS
# value: "true"
resources:
limits:
memory: "8192Mi"
cpu: "4"
readinessProbe:
httpGet:
path: /dp-ready
port: 9004
initialDelaySeconds: 180
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
livenessProbe:
httpGet:
path: /dp-health
port: 9004
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
volumeMounts:
- name: config-volume
mountPath: /usr/local/appsentinels-onprem/config
# Uncomment if using TLS certificates
#- name: cert-crt
# mountPath: /certs/server.crt
# subPath: server.crt
#- name: cert-key
# mountPath: /certs/server.key
# subPath: server.key
restartPolicy: Always
volumes:
- name: config-volume
emptyDir: {}
# Uncomment if using TLS certificates
#- name: cert-crt
# hostPath:
# path: /absolute/path/to/server_public.pem # <-- update with actual path
# type: File
#- name: cert-key
# hostPath:
# path: /absolute/path/to/server_private.pem # <-- update with actual path
# type: File
---
apiVersion: v1
kind: Service
metadata:
name: appsentinels-controller-service
spec:
selector:
app: appsentinels-controller
type: ClusterIP
ports:
- name: http-9004
port: 9004
targetPort: 9004
- name: port-9006
port: 9006
targetPort: 9006
- name: port-9007
port: 9007
targetPort: 9007
To deploy the controller using the above Kubernetes configuration, execute the following command in the terminal:
kubectl apply -f <kubernetes-deployment.yaml>Deploying Controller Using Helm chart
Download the AppSentinels Controller Helm Chart
To deploy the controller using the helm chart, extract the zip file and
navigate to the extracted directory. Then, modify the
values.yaml file as per your requirements. Once done,
execute the following command in the terminal:
helm install appsentinels-controller ./appsentinels-controller