Configurar App and API Protection para Java en Kubernetes
Este producto no es compatible con el
sitio Datadog seleccionado. (
).
You can enable App and API Protection for Java services with the following setup options:
- If your Java service already has APM tracing set up and running, then skip to service configuration.
- If your Java service doesn't have APM tracing set up, you can easily enable App and API Protection with Datadog's Automatic Installation.
- Otherwise, continue reading the manual setup instructions below.
Overview
App and API Protection leverages the Datadog Java library to monitor and secure your Java service. The library integrates seamlessly with your existing application without requiring code changes.
For detailed compatibility information, including supported Java versions, frameworks, and deployment environments, see Java Compatibility Requirements.
This guide explains how to set up App and API Protection (AAP) for Java applications. The setup involves:
- Installing the Datadog Agent.
- Enabling App and API Protection monitoring.
- Running your Java application with the Datadog Agent.
- Verifying the setup.
Requisitos previos
- Clúster de Kubernetes
- Aplicación Java en contenedor con Docker
- kubectl configurado para acceder a tu clúster
- Helm (recomendado para la instalación del Agent)
- Tu clave de API Datadog
- Biblioteca de rastreo Java Datadog (consulta los requisitos de la versión aquí)
1. Instalación del Datadog Agent
Instala el Datadog Agent siguiendo las instrucciones de instalación de Kubernetes.
2. Activación de la monitorización de App and API Protection
Automatically enabling App and API Protection through Remote Configuration
You can enable services with remote configuration on your services dashboard.
Check the box for the service you want to enable App and API Protection for under Activate on your APM services.
Activación manual de la monitorización de App and API Protection
Descarga la última versión de la biblioteca Java Datadog utilizando un contenedor de inicialización:
apiVersion: apps/v1
kind: Deployment
metadata:
name: your-java-app
spec:
template:
spec:
initContainers:
- name: download-agent
image: busybox
command: ['sh', '-c', 'wget -O /shared/dd-java-agent.jar https://dtdg.co/latest-java-tracer']
volumeMounts:
- name: agent-volume
mountPath: /shared
volumes:
- name: agent-volume
emptyDir: {}
Inicia tu aplicación Java con el Datadog Agent y App and API Protection activado mediante argumentos de línea de comando:
apiVersion: apps/v1
kind: Deployment
metadata:
name: your-java-app
spec:
template:
spec:
containers:
- name: your-java-app
image: your-java-app-image
volumeMounts:
- name: agent-volume
mountPath: /dd-java-agent.jar
subPath: dd-java-agent.jar
command: ["java"]
args: ["-javaagent:/dd-java-agent.jar", "-Ddd.appsec.enabled=true", "-Ddd.service=<MY_SERVICE>", "-Ddd.env=<MY_ENV>", "-jar", "/app.jar"]
Inicia tu aplicación Java con App and API Protection activado mediante variables de entorno:
apiVersion: apps/v1
kind: Deployment
metadata:
name: your-java-app
spec:
template:
spec:
containers:
- name: your-java-app
image: your-java-app-image
volumeMounts:
- name: agent-volume
mountPath: /dd-java-agent.jar
subPath: dd-java-agent.jar
env:
- name: DD_APPSEC_ENABLED
value: "true"
- name: DD_SERVICE
value: "<MY_SERVICE>"
- name: DD_ENV
value: "<MY_ENV>"
command: ["java"]
args: ["-javaagent:/dd-java-agent.jar", "-jar", "/app.jar"]
Para desactivar el rastreo APM mientras se mantiene activado App and API Protection, debes configurar la variable de rastreo APM como false.
Inicia tu aplicación Java con el Datadog Agent y App and API Protection activado mediante argumentos de línea de comando:
apiVersion: apps/v1
kind: Deployment
metadata:
name: your-java-app
spec:
template:
spec:
containers:
- name: your-java-app
image: your-java-app-image
volumeMounts:
- name: agent-volume
mountPath: /dd-java-agent.jar
subPath: dd-java-agent.jar
command: ["java"]
args: ["-javaagent:/dd-java-agent.jar", "-Ddd.appsec.enabled=true", "-Ddd.apm.tracing.enabled=false", "-Ddd.service=<MY_SERVICE>", "-Ddd.env=<MY_ENV>", "-jar", "/app.jar"]
Inicia tu aplicación Java con App and API Protection activado mediante variables de entorno:
apiVersion: apps/v1
kind: Deployment
metadata:
name: your-java-app
spec:
template:
spec:
containers:
- name: your-java-app
image: your-java-app-image
volumeMounts:
- name: agent-volume
mountPath: /dd-java-agent.jar
subPath: dd-java-agent.jar
env:
- name: DD_APPSEC_ENABLED
value: "true"
- name: DD_APM_TRACING_ENABLED
value: "false"
- name: DD_SERVICE
value: "<MY_SERVICE>"
- name: DD_ENV
value: "<MY_ENV>"
command: ["java"]
args: ["-javaagent:/dd-java-agent.jar", "-jar", "/app.jar"]
3. Ejecutar tu aplicación
Aplica tu despliegue actualizado:
kubectl apply -f your-deployment.yaml
4. Verify setup
To verify that App and API Protection is working correctly:
- Send some traffic to your application.
- Check for security signals and vulnerabilities in the Application Signals Explorer in Datadog.
Solucionar problemas
Si tienes problemas al configurar App and API Protection para tu aplicación Java, consulta la guía de resolución de problemas de App and API Protection en Java.
Referencias adicionales
Más enlaces, artículos y documentación útiles:
