Connect Akto with eBPF on mTLS
Introduction
If your kubernetes system, has mTLS ( say using istio proxy or similar setup ) and SSL termination happens at the proxy/service, this other setup is recommended, please check it out.
If your proxy/service acts as a passthrough and the SSL termination happens at the end application itself, then please continue with the current setup.
Please note, both these setups have different docker images
. In case of any queries, please reach out to us at help@akto.io
.
Connecting with Akto's eBPF traffic collector is recommended mTLS systems where TLS termination occurs at application ( a system where your services are just passing the traffic directly to the application ).
For a better understanding, here's an architecture diagram of the setup.
Adding Akto traffic collector
Setup Akto data processor using the guide here
Apply the daemonset configuration given below using
kubectl apply -f akto-daemonset-config.yaml -n <NAMESPACE>
. You will findAKTO_NLB_IP
andAKTO_MONGO_CONN
after setting up Akto data processor, as mentioned above.
You can add and configure the env variables below to control the daemonset. Here's a diagram of how the module processes traffic:
You can check your
API inventory
on Akto dashboard to see endpoints being discovered.
Notes:
If you're running the daemonset outside of the kubernetes system, set the env
PROBE_ALL_PID
astrue
.Set
CAPTURE_SSL
env variable totrue
is recommended, if the TLS termination happens at the application. If the TLS termination happens at the service, we recommended to set it tofalse
.
Frequently Asked Questions (FAQs)
The traffic will contain a lot of sensitive data - does it leave my VPC?
Data remains strictly within your VPC. Akto doesn't take data out of your VPC at all.
Does adding DaemonSet have any impact on performance or latency?
Zero impact on latency. The DaemonSet doesn't sit like a proxy. It works on eBPF technology, which works on traces function calls at kernel level. It is very lightweight. We have benchmarked it against traffic as high as 20M API requests/min. It consumes very low resources (CPU & RAM).
I don't see my error on this list here.
Please send us all details at support@akto.io or reach out via Intercom on your Akto dashboard. We will definitely help you out.
Get Support for your Akto setup
There are multiple ways to request support from Akto. We are 24X7 available on the following:
In-app
intercom
support. Message us with your query on intercom in Akto dashboard and someone will reply.Join our discord channel for community support.
Contact
help@akto.io
for email support.Contact us here.
Last updated