API Security Deployment

Onboarding your API Security to Panoptica is a two-step process. You first deploy the API Security Controller in your cluster. Then you attach the Trace Sources by deploying a plugin to your API gateway.

Panoptica's API Security controller is deployed in any Kubernetes cluster using Helm charts. Together with trace sources, it can secure APIs across the entire cluster, including externally exposed APIs, and the third-party APIs your applications consume. Once the controller is deployed, Panoptica will automatically build a catalog of your APIs, analyze risks associated with them, and assign risk scores.

Prerequisites for the cluster

📘

Prerequisites

  • Kubernetes 1.23 or later
  • Helm version 3.8.0 or higher, with OCI registry support
  • At least three nodes in the cluster
  • K8s CLI (kubectl) should be installed on the machine or VM from which the deployment is run, with admin permissions to the cluster
  • DNS resolution and external access to Panoptica platform: console.panoptica.app, on port 443
  • Resources: 2 GB memory, 1 vCPU cores

Register the Controller

To get started, select Settings in the navigation pane, then API Security.
On the default API Controllers tab, select +Add Controller.

This will open the API Security Controller dialog box. Follow the on-screen steps, which are detailed below.

  1. Under Controller Name, enter a unique name for your API Security cluster, as you want it to appear in Panoptica.
  2. Click Register, and check the corner of your screen for a green "Controller has been registered" confirmation message.
  1. Registering the name will unblur the Helm commands, which you'll use to deploy the controller. Note that there are two Helm commands: one installs the ingress controller, and the other installs the API Security controller.
    Copy the Helm chart commands to install the Panoptica API Security controller in your cluster.
    For convenience, you can click the Copy button in the corner of the text window.

Deploy the Controller

Now go to your machine or VM and run the Helm chart installation commands to install the controller on your cluster. Note that there are two Helm commands; make sure you run both of them. The installer requires admin permissions to the cluster to deploy the controller. The Helm chart commands contain unique parameters, which may only be used to install Panoptica's controller on one cluster.

The cluster will now appear in the table on the Accounts page. Once the controller has been successfully deployed in your cluster, the Status will change to "Enabled".

Click the three dots (•••) at the end of each line to open a drop-down list of actions you can perform on that controller.

  • To review the Helm commands for deploying the controller, select View Installation Instructions.
  • If you need to remove the controller from your cluster, select Uninstall Controller to view the Helm uninstall command.
  • To remove the controller from Panoptica, select Delete Controller.

Update Controller

In the list of API Controllers, click the circled (i) next to the version to check for updates.
If your API Security controller needs an update, click the three dots (•••) at the end of the line, and select View Installation Instructions.
Copy both helm upgrade commands and execute them in your cluster to upgrade the controller.

Attach Trace Sources

To complete the onboarding and gain visibility into API traffic across your workloads—as well as to/from external sources—you also need to configure API Trace Sources. This is done by deploying a plugin to an API gateway, which communicates with the Panoptica controller deployed on the cluster. Navigate to the API Trace Sources tab in Panoptica's console to attach these trace sources.

Once the Controller is deployed and the Trace Sources are configured, Panoptica will start displaying information about your APIs on the API Security tab in Panoptica's main navigation menu. See API Security to learn more.