Architecture and Components using Dynamic-based Deployment

Describes the deployment, the individual components, and the workflow of the Protegrity Application Protector REST product integrated with Resilient Package Proxy (RPP).

Key features of an dynamic-based deployment include:

  • The deployments can be used in use cases where policy updates need to be available on the cluster continuously.
  • The RPP component is synchronized with the ESA for policy updates at a predefined rate.
  • The dynamic deployment requires the ESA to be always connected to support the policy updates.

The following figure represents the architecture for deploying the REST Container with RPP on a Kubernetes cluster.

Workflow for the REST Container Integration with RPP

Deployment Steps:

  1. Create the ESA with the policy and datastore.

  2. Deploy the Resilient Package Proxy (RPP) instances with mTLS certificates to communicate with the ESA and to host the proxy endpoint for protectors.

  3. Deploy the REST protector with mTLS certificates to communicate with the RPP. The communication between the RPP and the protector is secured using mTLS.

  4. After the protector instance starts as part of the application POD, the protector sends a request to the RPP instance to retrieve the policy package.

  5. At periodic intervals, the protector tries to pull the new policy package from RPP instance. If the package present on the RPP instance has expired due to cache invalidation policy, the RPP pulls the new package from an upstream RPP or the ESA.


Last modified : December 18, 2025