Connect Akto with Envoy

If your API calls are being routed through ENVOY, you can use Akto's ENVOY module to send traffic to Akto dashboard. This module can also be used with Istio service mesh, because it is based on ENVOY proxy. Below guide will help you do this:

Creating AWS Policy

1. Go to Quick Start on your Akto dashboard and expand the Connect traffic data section.

2. Scroll down to Data processors setup section.

3. Copy the policy json and click on the Akto Dashboard role link.

4. Click on the JSON tab and paste the policy

5. Click on Review policy button.

6. Enter AktoDashboardPolicy as the policy name and click on Create Policy button

8. Once the policy is created, go back to the dashboard.

Setting up Data processors

1. Click on Setup traffic processors button.

2. This will bring up infra that will process your traffic.

3. Check that you have AKTO_NLB and AKTO_MONGO_IP vars once setup is complete.

Adding Akto traffic collector

  1. Download the following repository to the folder with envoy.yaml file and rename it as "lib".

  2. Add the following lines to the docker-compose.yaml file for the envoy proxy container.

COPY --chmod=777 ./lib/rdkafka /rdkafka
ADD  --chmod=777 ./lib/aktoModule.lua /lib/aktoModule.lua
RUN apt-get update -y
RUN apt-get install librdkafka-dev luarocks -y
RUN luarocks install lua-cjson
  1. Add the following lines to the envoy.yaml fie under the filters section. For more reference check this

http_filters:
- name: lua_filter_with_custom_name_0
  typed_config:
    "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
    default_source_code:
      inline_string:
        local aktoModule = require("lib.aktoModule")
        aktoModule.sendToAkto()
  1. Add an environment variable for AKTO_KAFKA_IP to the docker-compose.yaml file

AKTO_KAFKA_IP=<AKTO_NLB_IP>:9092
  1. Restart your envoy proxy container.

Last updated