AppSentinels Controller Deployment

The AppSentinels Controller processes API traffic from Sensors, and forwarding it to the Cloud Platform. This enables API discovery, parameter analysis, and AI/ML-driven security insights. As the first line of defense, the Controller detects and mitigates API attacks in real-time, enforcing security policies either directly or through Firewalls and API Gateways to ensure robust application protection.

Prerequisites

The following requirements must be met for deploying the AppSentinels Controller:

System Requirements

Required Packages

Network Connectivity Requirements

Deployment Options

AppSentinels Controller is available as a containerized application and can be deployed in a Docker or Kubernetes environment.

AppSentinels Controller Configuration Parameters

The following table provides details of the essential configuration parameters required for deploying the AppSentinels Controller. These parameters define the controller's connectivity, authentication, and integration with the application environment.

Parameter Description Example
SAAS_SERVER_NAME The fully qualified domain name (FQDN) of the AppSentinels Security Platform. cloud.appsentinels.com
SAAS_API_KEY_VALUE The API key used to authenticate the controller. *******
APPLICATION_DOMAIN The domain of the application integrated with the controller. PartnerApps
ENVIRONMENT The deployment environment where the controller is running. Production or Staging

Deploying Controller Using Docker-Compose

Use the following YAML configuration:

Copy
          
version: "3.3"

volumes:
  appsentinels_onprem_config: {}

services:
  ng-edge-controller:
    container_name: appsentinels-controller
    restart: on-failure:5
    image: appsentinels/ng-controller:latest
    hostname: appsentinels-controller-<App Domain>
    environment:
      - APPLICATION_DOMAIN=<App Domain>
      - ENVIRONMENT=<App Environment>
      - SAAS_SERVER_NAME=<AppSentinels-Platform-FQDN>
      - SAAS_API_KEY_VALUE=<API-KEY>
      # Enable below for TLS logging
      #- TLS_ENABLED_FOR_PLUGINS=true
    ports:
    - "9004:9004"
    - "9006:9006"
    - "9007:9007"
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
      resources:
        limits:
          cpus: '4'
          memory: 8192M      
    logging:
      driver: local
      options:
        max-size: 10m
    volumes:
      - appsentinels_onprem_config:/usr/local/appsentinels-onprem/config
      # Enable below for TLS logging & have the certs in the same directory
      #- ./server_public.pem:/certs/server.crt
      #- ./server_private.pem:/certs/server.key
          

To deploy the controller using the above Docker Compose configuration, execute the following command in the terminal:

docker-compose -f docker-compose.yaml up -d

Deploying Controller Using Kubernetes

Use the following Kubernetes Deployment configuration:

Copy
          
apiVersion: apps/v1
kind: Deployment
metadata:
  name: appsentinels-controller
  labels:
    app: appsentinels-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: appsentinels-controller
  template:
    metadata:
      labels:
        app: appsentinels-controller
    spec:
      containers:
        - name: appsentinels-controller
          image: appsentinels/ng-controller:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 9004
          env:
            - name: APPLICATION_DOMAIN
              value: "<App Domain>"
            - name: ENVIRONMENT
              value: "<App Environment>"
            - name: SAAS_SERVER_NAME
              value: "<AppSentinels-Platform-FQDN>"
            - name: SAAS_API_KEY_VALUE
              value: "<API-KEY>"
            # Uncomment the below to enable TLS logging
            # - name: TLS_ENABLED_FOR_PLUGINS
            #   value: "true"              
          resources:
            limits:
              memory: "8192Mi"
              cpu: "4"
          readinessProbe:
            httpGet:
              path: /dp-ready
              port: 9004
            initialDelaySeconds: 180
            periodSeconds: 5
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 3
          livenessProbe:
            httpGet:
              path: /dp-health
              port: 9004
            initialDelaySeconds: 30
            periodSeconds: 5
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 3          
          volumeMounts:
            - name: config-volume
              mountPath: /usr/local/appsentinels-onprem/config
            # Uncomment if using TLS certificates
            #- name: cert-crt
            #  mountPath: /certs/server.crt
            #  subPath: server.crt
            #- name: cert-key
            #  mountPath: /certs/server.key
            #  subPath: server.key              
      restartPolicy: Always
      volumes:
        - name: config-volume
          emptyDir: {}
        # Uncomment if using TLS certificates
        #- name: cert-crt
        #  hostPath:
        #    path: /absolute/path/to/server_public.pem  # <-- update with actual path
        #    type: File
        #- name: cert-key
        #  hostPath:
        #    path: /absolute/path/to/server_private.pem  # <-- update with actual path
        #    type: File          
---
apiVersion: v1
kind: Service
metadata:
  name: appsentinels-controller-service
spec:
  selector:
    app: appsentinels-controller
  type: ClusterIP
  ports:
    - name: http-9004
      port: 9004
      targetPort: 9004
    - name: port-9006
      port: 9006
      targetPort: 9006
    - name: port-9007
      port: 9007
      targetPort: 9007
        

To deploy the controller using the above Kubernetes configuration, execute the following command in the terminal:

kubectl apply -f <kubernetes-deployment.yaml>

Deploying Controller Using Helm chart

Download the AppSentinels Controller Helm Chart

To deploy the controller using the helm chart, extract the zip file and navigate to the extracted directory. Then, modify the values.yaml file as per your requirements. Once done, execute the following command in the terminal:

helm install appsentinels-controller ./appsentinels-controller