Set up App and API Protection for Node.js in Kubernetes

문서 > Datadog 보안 > 애플리케이션 보안 관리 > Enabling App and API Protection > Enabling App and API Protection for Node.js > Set up App and API Protection for Node.js in Kubernetes

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

You can enable App and API Protection for Node.js services with the following setup options:

If your Node.js service already has APM tracing set up and running, then skip to service configuration
If your Node.js service doesn't have APM tracing set up, you can easily enable App and API Protection with Datadog's Automatic Installation
Otherwise, keep reading the following manual setup instructions

Overview

App and API Protection works by leveraging the Datadog Node.js library to monitor and secure your Node.js service. The library integrates seamlessly with your existing application without requiring code changes.

For detailed compatibility information, including supported Node.js versions, frameworks, and deployment environments, see Node.js Compatibility Requirements.

This guide explains how to set up App and API Protection (AAP) for Node.js applications. The setup involves:

Installing the Datadog Agent
Enabling App and API Protection monitoring
Running your Node.js application with the Datadog Agent
Verifying the setup

Prerequisites

Kubernetes cluster
Node.js application containerized with Docker
kubectl configured to access your cluster
Helm (recommended for Agent installation)
Your Datadog API key
Datadog Node.js tracing library (see version requirements)

1. Installing the Datadog Agent

Install the Datadog Agent by following the setup instructions for Kubernetes.

2. Enabling App and API Protection monitoring

Automatically enabling App and API Protection through Remote Configuration

APM Tracing cannot be disabled for the time being with remote config.

You can enable remote configuration on your services dashboard. Simply check the box for the service you want to enable App and API Protection for under "Activate on your APM services".

Manually enabling App and API Protection monitoring

Ensure your Dockerfile includes the Datadog Node.js library:

FROM node:18-alpine

# Install the Datadog Node.js library
RUN npm install dd-trace

# Copy your application files
COPY package*.json ./
COPY . .
RUN npm install

# Start the application with the Datadog tracer
CMD ["node", "--require", "dd-trace/init", "app.js"]

APM Tracing Enabled

Update your Kubernetes deployment to include the required environment variables:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: your-nodejs-app
spec:
  template:
    spec:
      containers:
      - name: your-nodejs-app
        image: your-nodejs-app-image
        env:
        - name: DD_APPSEC_ENABLED
          value: "true"
        - name: DD_SERVICE
          value: "<MY_SERVICE>"
        - name: DD_ENV
          value: "<MY_ENV>"

APM Tracing Disabled

To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false.

Update your Kubernetes deployment to include the required environment variables:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: your-nodejs-app
spec:
  template:
    spec:
      containers:
      - name: your-nodejs-app
        image: your-nodejs-app-image
        env:
        - name: DD_APPSEC_ENABLED
          value: "true"
        - name: DD_APM_TRACING_ENABLED
          value: "false"
        - name: DD_SERVICE
          value: "<MY_SERVICE>"
        - name: DD_ENV
          value: "<MY_ENV>"

3. Run your application

Apply your updated deployment:

kubectl apply -f your-deployment.yaml

4. Verify setup

To verify that App and API Protection is working correctly:

Send some traffic to your application
Check the Application Signals Explorer in Datadog
Look for security signals and vulnerabilities

Troubleshooting

If you encounter issues while setting up App and API Protection for your Node.js application, see the Node.js App and API Protection troubleshooting guide.