AppSentinels Controller Deployment
The AppSentinels Controller processes API traffic from Sensors, and forwarding it to the Cloud Platform. This enables API discovery, parameter analysis, and AI/ML-driven security insights. As the first line of defense, the Controller detects and mitigates API attacks in real-time, enforcing security policies either directly or through Firewalls and API Gateways to ensure robust application protection.
Prerequisites
The following requirements must be met for deploying the AppSentinels Controller:
System Requirements
- Operating System: Ubuntu 22.04 or later / Red Hat 8.6 or later
- CPU: 4 cores (x86_64)
- RAM: 8 GB
- Disk Space: 50 GB of free space in the /var partition
Required Packages
- Docker: Version 23.0 or higher
- Docker Compose: Version 1.28.6 or higher (if deploying with docker-compose)
Network Connectivity Requirements
- Outbound TCP Port 443 must be open in the firewall to enable data transmission to the AppSentinels Security Platform.
- TCP Port 9002-9009 must be open to allow the AppSentinels Sensor/Plugin to send traffic logs to the AppSentinels Controller.
-
Access to Docker repositories is required to download the image. The
following domains must be whitelisted:
- docker.io
- auth.docker.io
- registry-1.docker.io
- production.cloudflare.docker.com
Deployment Options
AppSentinels Controller is available as a containerized application and can be deployed in a Docker or Kubernetes environment.
AppSentinels Controller Configuration Parameters
The following table provides details of the essential configuration parameters required for deploying the AppSentinels Controller. These parameters define the controller's connectivity, authentication, and integration with the application environment.
Parameter | Description | Example |
---|---|---|
SAAS_SERVER_NAME | The fully qualified domain name (FQDN) of the AppSentinels Security Platform. | cloud.appsentinels.com |
SAAS_API_KEY_VALUE | The API key used to authenticate the controller. | ******* |
APPLICATION_DOMAIN | The domain of the application integrated with the controller. | PartnerApps |
ENVIRONMENT | The deployment environment where the controller is running. | Production or Staging |
Deploying Controller Using Docker-Compose
Use the following YAML configuration:
version: "3.3"
volumes:
appsentinels_onprem_config: {}
services:
ng-edge-controller:
container_name: appsentinels-controller
restart: on-failure:5
image: appsentinels/ng-controller:latest
hostname: appsentinels-controller-prod
environment:
- APPLICATION_DOMAIN=<App Domain>
- ENVIRONMENT=<App Environment>
- SAAS_SERVER_NAME=<AppSentinels-Platform-FQDN>
- SAAS_API_KEY_VALUE=<API-KEY>
ports:
- "9004:9004"
deploy:
replicas: 1
restart_policy:
condition: on-failure
resources:
limits:
cpus: '4'
memory: 8192M
logging:
driver: local
options:
max-size: 10m
volumes:
- appsentinels_onprem_config:/usr/local/appsentinels-onprem/config
To deploy the controller using the above Docker Compose configuration, execute the following command in the terminal:
docker-compose -f docker-compose.yaml up -d
Deploying Controller Using Kubernetes
Use the following Kubernetes Deployment configuration:
apiVersion: apps/v1
kind: Deployment
metadata:
name: appsentinels-controller
labels:
app: appsentinels-controller
spec:
replicas: 1
selector:
matchLabels:
app: appsentinels-controller
template:
metadata:
labels:
app: appsentinels-controller
spec:
containers:
- name: appsentinels-controller
image: appsentinels/ng-controller:latest
imagePullPolicy: Always
ports:
- containerPort: 9004
env:
- name: APPLICATION_DOMAIN
value: "<App Domain>"
- name: ENVIRONMENT
value: "<App Environment>"
- name: SAAS_SERVER_NAME
value: "<AppSentinels-Platform-FQDN>"
- name: SAAS_API_KEY_VALUE
value: "<API-KEY>"
resources:
limits:
memory: "8192Mi"
cpu: "4"
readinessProbe:
httpGet:
path: /dp-ready
port: 9004
initialDelaySeconds: 180
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
livenessProbe:
httpGet:
path: /dp-health
port: 9004
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
volumeMounts:
- name: config-volume
mountPath: /usr/local/appsentinels-onprem/config
restartPolicy: Always
volumes:
- name: config-volume
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: appsentinels-controller-service
spec:
selector:
app: appsentinels-controller
type: ClusterIP
ports:
- name: http-9004
port: 9004
targetPort: 9004
To deploy the controller using the above Kubernetes configuration, execute the following command in the terminal:
kubectl apply -f <kubernetes-deployment.yaml>