API Gateways

You can extend Panoptica protection for workloads on your clusters accessing API servers on external VMs. With this, you can run trace analyses to monitor run-time activity and identify vulnerabilities.

This is done by deploying a plugin to your API gateway on the external Virtual Machine (VM), which communicates with the Panoptica controller deployed on the cluster.

API Servers that are identified on external VMs are listed in the Internal APIs tab on the APIs page, with an indication that it is using a gateway.

Connect a New Gateway

Follow these steps to configure a new gateway, download the installation package, and deploy it in your environment.

  1. Navigate to the APIs page, and select the GATEWAYS tab.
  2. Click + Connect Gateway.
  1. Enter a plugin name, as it will appear in Panoptica.
  2. Select the Gateway type.
  3. Select the cluster to which it will be attached. If the cluster is grayed out, hover over the information tool tip (i) to see an explanation as to why that cluster is unavailable.
  4. If you wish to attach a new cluster, click Attach cluster to open the 'Connect Cluster' wizard.
  5. Click FINISH to see the plugin installation instructions.
  6. From the Gateway plugin installation dialog, copy the customized installation code, in the following format:
tar -xzvf <your-gateway-name>_gw_bundle.tar.gz
  1. Extract the package and follow the instructions in Readme.md.

  2. The new gateway will appear in the list of gateways, but you're not done yet.


After defining the gateway in Panoptica, you still need to...

Install the Plugin

  1. Copy the gateway plugin bundle (that was downloaded above) to your environment, and unpack it.
  2. Follow the instructions in the Readme.md file to install the plugin.
  3. Once the plugin is installed, API servers discovered in your environment will appear in the INTERNAL APIS tab, with the Gateway field indicating the gateway through which it was identified.

Delete Gateway connections

To delete a gateway connection, simply remove it from the Panoptica console, and uninstall the Panoptica plugin from your API gateway, as follows:

  1. Find the gateway you wish to remove on the GATEWAYS tab on the APIs page.
  2. Click on Delete gateway from among the icons in the rightmost column to remove it. The gateway will be removed from the list, and any API servers that were using that gateway will be removed from the inventory list in the INTERNAL APIS tab.
  3. Uninstall the Panoptica plugin from your environment with the following command:
./install_bundle.sh --uninstall