Community Plugin: This plugin is developed, tested, and maintained by a third-party contributor.
ArecaBay enables enterprises to Discover, Monitor, and Secure APIs at object/data level.
ArecaBay’s Kong plugin installed in the Kong cluster is one type of ArecaBay MicroSensors that are light-weight software components built to access real-time API call level data without any modification to the applications or their runtime. They enable ArecaBay’s Dynamic API Risk Trackers (DART) and API DLP: a set of API level trackers and Data Leakage Prevention.
DART provides an API data security posture dashboard for DevSecOps to continuously discover and monitor APIs across all clouds with zero-impact to apps. DART’s anomaly detection enables API DLP to take policy action against highly targeted data fields and transactions. Please visit this link for more details.
In addition to API Security, for developers and/or DevOps, ArecaBay’s Kong plugin can be used to monitor and log application API calls with selective object level data.
Installation
The installation of ArecaBay’s Kong Plugin and the corresponding ArecaBay components is extremely simple and easy. It involves the following two steps:
- Install and setup ArecaBay’s Kong Plugin
- Access ArecaBay Cloud Webconsole and configure ArecaBay Kong Plugin as a MicroSensor
Install and setup ArecaBay’s Kong Plugin
Install the ArecaBay’s Kong plugin (ab-microsensor) on each node in your Kong cluster via luarocks. As this plugin source is already hosted in Luarocks.org, please run the below command:
luarocks install kong-plugin-ab-microsensor
Add to the custom_plugins list in your Kong configuration (on each Kong node):
custom_plugins = ab-microsensor
Access ArecaBay Cloud Webconsole and setup LocalBay
Please visit the Partners page and request your ArecaBay Cloud Webconsole account. Follow the quickstart guide within the Webconsole to configure your Kong Plugin as a MicroSensor. This involves providing details for the Kong Plugin MicroSensor and downloading the setup script. Run the setup script which internally uses the Kong Admin API to configure & run the Kong Plugin as a global plugin.
Configuration Reference
This plugin is compatible with DB-less mode.
Example plugin configuration
Enable on a service
Enable on a route
Enable on a consumer
Enable globally
The following examples provide some typical configurations for enabling
the ab-microsensor
plugin on a
service.
Admin API
Kubernetes
Declarative (YAML)
Make the following request:
curl -X POST http://localhost:8001/services/SERVICE_NAME|SERVICE_ID/plugins \
--data "name=ab-microsensor"
Replace SERVICE_NAME|SERVICE_ID
with the id
or name
of the service that this plugin configuration will target.
First, create a KongPlugin
resource:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ab-microsensor-example
config:
EXAMPLE_PARAMETER: EXAMPLE_VALUE
plugin: ab-microsensor
Next, apply the KongPlugin resource to a
service by annotating the
service as follows:
apiVersion: v1
kind: Service
metadata:
name: SERVICE_NAME|SERVICE_ID
labels:
app: SERVICE_NAME|SERVICE_ID
annotations:
konghq.com/plugins: ab-microsensor-example
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: SERVICE_NAME|SERVICE_ID
selector:
app: SERVICE_NAME|SERVICE_ID
Replace SERVICE_NAME|SERVICE_ID
with the id
or name
of the service that this plugin configuration will target.
Note: The KongPlugin resource only needs to be defined once
and can be applied to any service, consumer, or route in the namespace. If you
want the plugin to be available cluster-wide, create the resource as a
KongClusterPlugin
instead of KongPlugin
.
Add this section to your declarative configuration file:
plugins:
- name: ab-microsensor
service: SERVICE_NAME|SERVICE_ID
config:
EXAMPLE_PARAMETER: EXAMPLE_VALUE
Replace SERVICE_NAME|SERVICE_ID
with the id
or name
of the service that this plugin configuration will target.
The following examples provide some typical configurations for enabling
the ab-microsensor
plugin on a
route.
Admin API
Kubernetes
Declarative (YAML)
Make the following request:
curl -X POST http://localhost:8001/routes/ROUTE_NAME|ROUTE_ID/plugins \
--data "name=ab-microsensor"
Replace ROUTE_NAME|ROUTE_ID
with the id
or name
of the route that this plugin configuration will target.
First, create a KongPlugin
resource:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ab-microsensor-example
config:
EXAMPLE_PARAMETER: EXAMPLE_VALUE
plugin: ab-microsensor
Then, apply it to an ingress (route or routes)
by annotating the ingress as follows:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ROUTE_NAME|ROUTE_ID
annotations:
kubernetes.io/ingress.class: kong
konghq.com/plugins: ab-microsensor-example
spec:
rules:
- host: examplehostname.com
http:
paths:
- path: /bar
backend:
service:
name: echo
port:
number: 80
Replace ROUTE_NAME|ROUTE_ID
with the id
or name
of the route that this plugin configuration will target.
Note: The KongPlugin resource only needs to be defined once
and can be applied to any service, consumer, or route in the namespace. If you
want the plugin to be available cluster-wide, create the resource as a
KongClusterPlugin
instead of KongPlugin
.
Add this section to your declarative configuration file:
plugins:
- name: ab-microsensor
route: ROUTE_NAME
config:
EXAMPLE_PARAMETER: EXAMPLE_VALUE
Replace ROUTE_NAME|ROUTE_ID
with the id
or name
of the route that this plugin configuration
will target.
The following examples provide some typical configurations for enabling
the ab-microsensor
plugin on a
consumer.
Admin API
Kubernetes
Declarative (YAML)
Make the following request:
curl -X POST http://localhost:8001/consumers/CONSUMER_NAME|CONSUMER_ID/plugins \
--data "name=ab-microsensor"
Replace CONSUMER_NAME|CONSUMER_ID
with the id
or name
of the consumer that this plugin configuration will target.
You can combine consumer.id
, service.id
, or route.id
in the same request, to further narrow the scope of the plugin.
First, create a KongPlugin
resource:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: ab-microsensor-example
config:
EXAMPLE_PARAMETER: EXAMPLE_VALUE
plugin: ab-microsensor
Then, apply it to a consumer by
annotating the KongConsumer resource as follows:
apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
name: CONSUMER_NAME|CONSUMER_ID
annotations:
konghq.com/plugins: ab-microsensor-example
kubernetes.io/ingress.class: kong
Replace CONSUMER_NAME|CONSUMER_ID
with the id
or name
of the consumer that this plugin configuration will target.
Note: The KongPlugin resource only needs to be defined once
and can be applied to any service, consumer, or route in the namespace. If you
want the plugin to be available cluster-wide, create the resource as a
KongClusterPlugin
instead of KongPlugin
.
Add this section to your declarative configuration file:
plugins:
- name: ab-microsensor
consumer: CONSUMER_NAME|CONSUMER_ID
config:
EXAMPLE_PARAMETER: EXAMPLE_VALUE
Replace CONSUMER_NAME|CONSUMER_ID
with the id
or name
of the consumer that this plugin configuration will target.
A plugin which is not associated to any service, route, or consumer is
considered global, and will be run on every request. Read the
Plugin Reference and the Plugin Precedence
sections for more information.
The following examples provide some typical configurations for enabling
the ab-microsensor
plugin globally.
Admin API
Kubernetes
Declarative (YAML)
Make the following request:
curl -X POST http://localhost:8001/plugins/ \
--data "name=ab-microsensor"
Create a KongClusterPlugin
resource and label it as global:
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: <global-ab-microsensor>
annotations:
kubernetes.io/ingress.class: kong
labels:
global: \"true\"
config:
<optional_parameter>: <value>
plugin: ab-microsensor
Add a plugins
entry in the declarative
configuration file:
plugins:
- name: ab-microsensor
config:
EXAMPLE_PARAMETER: EXAMPLE_VALUE
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
Form Parameter |
Description |
name
required
Type: string |
The name of the plugin, in this case ab-microsensor . |
service.name or service.id
Type: string |
The name or ID of the service the plugin targets.
Set one of these parameters if adding the plugin to a service through the top-level /plugins endpoint.
Not required if using /services/SERVICE_NAME|SERVICE_ID/plugins . |
route.name or route.id
Type: string |
The name or ID of the route the plugin targets.
Set one of these parameters if adding the plugin to a route through the top-level /plugins endpoint.
Not required if using /routes/ROUTE_NAME|ROUTE_ID/plugins . |
consumer.name or consumer.id
Type: string |
The name or ID of the consumer the plugin targets.
Set one of these parameters if adding the plugin to a consumer through the top-level /plugins endpoint.
Not required if using /consumers/CONSUMER_NAME|CONSUMER_ID/plugins . |
enabled
Type: boolean
Default value: true |
Whether this plugin will be applied. |
api_id
Type: string |
The ID of the API the plugin targets.
Note: The API Entity is deprecated in favor of Services since CE 0.13.0 and EE 0.32. |
config.ab_localbay_ip
required
|
The ArecaBay LocalBay IP that this plugin will connect and provide API event data.
|
config.ab_localbay_port
required
|
The ArecaBay LocalBay Port that this plugin will connect and provide API event data.
|
config.ab_tenant_id
required
|
The tenant id specific to the ArecaBay LocalBay.
|
config.ab_localbay_passphrase
required
|
The passphrase for authentication with LocalBay.
|
config.ab_microsensor_name
required
|
The name of this microsensor to be used for display purposes in the web console.
|
config.ab_microsensor_id
required
|
The id of this microsensor.
|