Start with Kubernetes
open-appsec for Kubernetes protects applications and APIs running in Kubernetes environments.
It integrates with the most popular NGINX Ingress Controller, serving as a secure HTTP/S load balancer for one or more Services inside Kubernetes clusters.
It also integrates with Kong Gateway (API Gateway), securing distributed, exposed APIs at the API Gateway level. Additional integrations (with e.g. Envoy, Ambassador) will be added soon as well.
NGINX Ingress Controller
Kong Gateway
The NGINX Ingress Controller and open-appsec for Kubernetes agent are deployed together with a single Helm chart. This diagram shows an example of a Kubernetes service exposed outside the Kubernetes cluster with an Ingress controller protected with open-appsec. The NGINX Ingress Controller container contains the open-appsec Attachment which communicates with the open-appsec Agent.
Kong and the open-appsec agent are deployed together with a single Helm chart in Kubernetes environments. This diagram shows K8s Web APIs/Apps exposed by an Kong API Gateway that is protected by open-appsec. Inside the Kong Gateway Pod there are following containers: Kong Gateway container, open-appsec Agent container and optional Kong Controller (Ingress Controller). Here open-appsec is integrated with the Kong Gateway container which contains the open-appsec Attachment for communication with the open-appsec Agent.
Choose between two deployment options:
You can always connect your deployment later to a SaaS management, which provides cloud logging & reporting, central management and monitoring of multiple K8s clusters and an easy-to-use WebUI for all administrative tasks.