Set up App and API Protection for Ruby in Kubernetes
Este producto no es compatible con el 
sitio Datadog seleccionado. (
).
You can enable App and API Protection for Ruby services with the following setup options:
- If your Ruby service doesn't have APM tracing set up, you can easily enable App and API Protection with Datadog's Automatic Installation
- Otherwise, keep reading the following manual setup instructions
Overview
App and API Protection works by leveraging the Datadog Ruby library to monitor and secure your Ruby service. The library integrates seamlessly with your existing application without requiring code changes.
For detailed compatibility information, including supported Ruby versions, frameworks, and deployment environments, see Ruby Compatibility Requirements.
This guide explains how to set up App and API Protection (AAP) for Ruby applications. The setup involves:
- Installing the Datadog Agent
- Enabling App and API Protection monitoring
- Run Your Application
- Verifying the setup
Prerequisites
- Kubernetes cluster
- Ruby application containerized with Docker
- kubectl configured to access your cluster
- Helm (recommended for Agent installation)
- Your Datadog API key
- Datadog Ruby tracing library (see version requirements)
1. Installing the Datadog Agent
Install the Datadog Agent by following the setup instructions for Kubernetes.
2. Enabling App and API Protection monitoring
Install and configure the datadog gem in your Ruby application.
Add the datadog gem to your Gemfile:
Configure Datadog library by adding an initializer:
Datadog.configure do |c|
  c.service = 'your_service_name'
  c.env = Rails.env
  c.agent.host = 'your_agent_host'
  c.tracing.enabled = true
  # Tracing instrumentation for Rails has to be explicitly enabled
  c.tracing.instrument :rails
  c.appsec.enabled = true
  c.appsec.api_security.enabled = true
  # Rails instrumentation is required for App and API Protection
  c.appsec.instrument :rails
end
Add the datadog gem to your Gemfile and require auto-instrumentation:
gem 'datadog', '~> 2.0', require: 'datadog/auto_instrument'
Set environment variables for your application. Add these to your deployment configuration file:
apiVersion: apps/v1
kind: Deployment
metadata:
  name: your-app
spec:
  template:
    spec:
      containers:
      - name: your-app
        image: your-app-image
        env:
        - name: DD_APPSEC_ENABLED
          value: "true"
        - name: DD_API_SECURITY_ENABLED
          value: "true"
        - name: DD_SERVICE
          value: "<MY_SERVICE>"
        - name: DD_ENV
          value: "<MY_ENV>"
        command: ["bin/rails"]
        args: ["server"]
To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing configuration to false.
Add the datadog gem to your Gemfile:
Configure Datadog library by adding an initializer:
Datadog.configure do |c|
  c.service = 'your_service_name'
  c.env = Rails.env
  c.agent.host = 'your_agent_host'
  # Disable APM Tracing
  c.tracing.enabled = false
  # Tracing instrumentation for Rails has to be explicitly enabled
  c.tracing.instrument :rails
  c.appsec.enabled = true
  c.appsec.api_security.enabled = true
  # Rails instrumentation is required for App and API Protection
  c.appsec.instrument :rails
end
Add the datadog gem to your Gemfile and require auto-instrumentation:
gem 'datadog', '~> 2.0', require: 'datadog/auto_instrument'
Set environment variables for your application. Add these to your deployment configuration file:
apiVersion: apps/v1
kind: Deployment
metadata:
  name: your-app
spec:
  template:
    spec:
      containers:
      - name: your-app
        image: your-app-image
        env:
        - name: DD_APPSEC_ENABLED
          value: "true"
        - name: DD_API_SECURITY_ENABLED
          value: "true"
        - name: DD_APM_TRACING_ENABLED
          value: "false"
        - name: DD_SERVICE
          value: "<MY_SERVICE>"
        - name: DD_ENV
          value: "<MY_ENV>"
        command: ["bin/rails"]
        args: ["server"]
3. Run your application
Apply your updated deployment:
kubectl apply -f your-deployment.yaml
4. Verify setup
To verify that App and API Protection is working correctly:
- Send some traffic to your application.
- Check the App and API Protection Service Inventory in Datadog.
- Find your service and check that App and API protection is enabled in the Coverage column.
Troubleshooting
If you encounter issues while setting up App and API Protection for your Ruby application, see the Ruby App and API Protection troubleshooting guide.
Further Reading
Más enlaces, artículos y documentación útiles: