DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workkloads.

Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • A Guide to Container Runtimes
  • Docker vs Kubernetes: Which to Use and When?
  • Using KRaft Kafka for Development and Kubernetes Deployment
  • Mobile Backend With Docker, Kubernetes, and Microservices

Trending

  • Unlocking AI Coding Assistants Part 4: Generate Spring Boot Application
  • A Developer's Guide to Mastering Agentic AI: From Theory to Practice
  • Top Book Picks for Site Reliability Engineers
  • Breaking Bottlenecks: Applying the Theory of Constraints to Software Development
  1. DZone
  2. Software Design and Architecture
  3. Cloud Architecture
  4. Using Signal Sciences With Kubernetes

Using Signal Sciences With Kubernetes

If you're using Signal Sciences to monitor your app, here's how you can get visibility throughout your entire environment using Docker and Kubernetes.

By 
Douglas Coburn user avatar
Douglas Coburn
·
Updated Feb. 21, 17 · Tutorial
Likes (3)
Comment
Save
Tweet
Share
5.8K Views

Join the DZone community and get the full member experience.

Join For Free

One of the questions I hear regularly from customers is how to include Signal Sciences with some of the new technologies they are using to autoscale their environment. Containerization is an initiative that is being talked about regularly by customers across industry verticals. While the whole concept is great for providing new levels of economies of scale, redundancy and enabling CI/CD (Continuous Integration/Continuous Deployment), it can be a tricky thing to do in practice if your company has not moved over to this model. Not only do you need to potentially retrofit your application, or applications, to fit this model, you also need to ensure the technologies that secure your environment also work with it.

With the simple deployment model of our architecture it is very easy to include our components as part of the container running your application whether this is Apache, NGINX, PHP, Java, Node.js, or others. This article will walk you through how you can do this with Kubernetes in a fashion that will allow you to autoscale our WPP (Web Protection Platform) with your application deployment in Kubernetes.

Step 1: Creating the Docker Container

In order to be able to deploy something to Kubernetes we will need an initial Docker container to specify in the Kubernetes deployment. There is an example Docker container configuration at https://github.com/signalsciences/SigSciDockerExample. This repo also contains yaml files of the Deployment, Service, and Pods that get created as we walk through the process.

First, let’s take a look at the Dockerfile and understand some of the elements of what is going on.

With the copy command we are putting the repo information in place for apt in order to be able to automatically pull the Signal Sciences Agents and Modules.

COPY contrib/sigsci-release.list /etc/apt/sources.list.d/sigsci-release.list


In order to not get errors from Docker when building the container the run command does the following:

  1. Import the Signal Sciences gpg key for our apt repo.
  2. Install our Signal Sciences Agent & Module and install Apache2
  3. Clean out the apt cache to reduce the final docker size
  4. Enable the Apache Signal Sciences Module
RUN apt-get update; apt-get install -y apt-transport-https curl ; \
curl -slL https://apt.signalsciences.net/gpg.key | apt-key add -; \
apt-get update; apt-get install -y sigsci-agent sigsci-module-apache apache2; \
apt-get clean; /usr/sbin/a2enmod signalsciences; mkdir /var/lock/apache2


Alright, let’s clone the github repo to a local directory

git clone https://github.com/signalsciences/SigSciDockerExample


Next, we’ll need to move into the directory

cd SigSciDockerExample


You will want to ensure that start.sh is executable

chmod +x start.sh


We can use the provided Makefile to build the container automatically. The minimum options that you should specify should be DOCKERUSER, DOCKERNAME, DOCKERTAG.

make build DOCKERUSER=MYDOCKERUSER DOCKERNAME=sigsci-apache-demo DOCKERTAG=1.14.4–1.4.6


Note: I like to have the tag be the versions of items I’m interested in, and I use this as a version control method. For example the tag 1.14.4–1.4.6 means SigSci-Agent-1.14.4 and SigSci-ApacheModule-1.4.6

At this point you can now test the container by doing

make run DOCKERUSER=MYDOCKERUSER DOCKERNAME=sigsci-apache-demo DOCKERTAG=1.14.4–1.4.6 SIGSCI_ACCESSKEY=YOURACCESSKEY SIGSCI_SECRETKEY=YOURSECRETKEY


You should see something like the following screenshot with the Arrow pointing to the container id.

Image title

Now we’ll need to deploy the container to your Docker container repository. By default I’m using Docker hub, but it can be configured otherwise.

make deploy DOCKERUSER=MYDOCKERUSER DOCKERNAME=sigsci-apache-demo DOCKERTAG=1.14.4–1.4.6


Step 2: Creating Your Kubernetes Deployment

Believe it or not, the hardest part is now done. We new have a container that has Apache2 with the Signal Sciences module installed and the Signal Sciences agent. This container will be added into a pod within in Kubernetes. Anytime this pod is brought up all three components will be there which simplifies the deployment of Signal Sciences. Generally whenever you update your Apache2 container, the Signal Sciences components will also automatically be updated!

First lets log into your Kubernetes cluster and create a new application. All of these steps can also be performed via the command line using the Kubectl.

Image title

In the Create an App view you can either import one of the provided yaml files or input things manually. If you do import one of the YAML files you will need to update the environment variables for SIGSCI_ACCESSKEYID and SIGSCI_SECRETACCESSKEY to be the correct ones for your deployment.

You can get the agent keys in: https://dashboard.signalsciences.net -> Configuration -> Agents -> View Agent Keys

Create an App settings:

App Name: sigsci-apache-ubuntu1604
Container Image: DOCKERUSER/sigsci-apache-ubuntu1604:1.14.4–1.1.7
Service: External (This is done so that you can access the web server)
Port: 80
Target Port: 80
Description: Signal Sciences container with SigSci Agent and Module for Apache2
Environment Variables:
SIGSCI_ACCESSKEYID: YOURACCESSKEY
SIGSCI_SECRETACCESSKEY: YOURSECRETKEY

Image title

That’s it! You can hit deploy and see the deployment kick off. Once it is ready you can pull up the Kubernetes service information and try hitting the webpage.

Go to Services -> sigsci-apache-ubuntu1604 and under connections you will see the information about available endpoints.

Image title

If you hit the URL on the listening port you should now see:

Image title

After that check out the Agent information view in the Signal Sciences dashboard. You will see the name of the pod followed by the docker id. This is the hostname as reported back via the container within the guest.

Image title

Step 3: Scaling

Scaling is straightforward and easy to do using kubectl.

kubectl scale deployment sigsci-apache-ubuntu1604 — replicas 3


This will cause three more pods to be brought up:

Image title

If we check out the agent page we’ll see two new instances, the original plus two more:

Image title

Conclusion

One of the biggest challenges for security practitioners is actually getting visibility into everything that is happening within your environment. Being able to include Signal Sciences as part of a template in your container build process helps fill in the gap of covering your web applications. As you deploy new web applications or scale existing ones by including our WPP, you know that they will be protected from day one. There are definitely different ways you can create the Docker container but this gives you an example to get you started on your way!

Kubernetes Docker (software) Signal

Published at DZone with permission of Douglas Coburn, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • A Guide to Container Runtimes
  • Docker vs Kubernetes: Which to Use and When?
  • Using KRaft Kafka for Development and Kubernetes Deployment
  • Mobile Backend With Docker, Kubernetes, and Microservices

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!