Using RapidFort with Helm Charts

Simplify App deployment by consolidating Kubernetes and adding a Helm Chart to your cluster, accelerating the deployment of containerized applications.

When using RapidFort with Helm Charts, we need to extend the permissions for the security context.
Step 1: Get image info from Helm chart
helm show values bitnami/mongodb | yq e .image-
Step 2: Generate and push a stub image
docker pull bitnami/mongodb:4.4.6-debian-10-r8 
docker tag bitnami/mongodb:4.4.6-debian-10-r8 <your_repository>/mongodb:4.4.6-deb-10-r8
rfstub <your_repository>/mongodb:4.4.6-debian-10-r8 
docker push <your_repository>/mongodb:4.4.6-debian-10-r8-rfstub 
Step 3: Deploy the stub image to Kubernetes
helm install mongo bitnami/mongodb \
 --set image.registry=<your_repository>\ 
 --set image.repository=mongodb \ 
 --set image.tag=4.4.6-debian-10-r8-rfstub \
 --set image.pullPolicy=Always \
 --set containerSecurityContext.allowPrivilegeEscalation=true \ 
 --set containerSecurityContext.capabilities.drop="{all}" \ 
 --set containerSecurityContext.capabilities.add="{NET_BIND_SERVICE,SYS_PTRACE,NET_RAW,DAC_OVERRIDE,SETUID,SETGIG,SYS_CHROOT,CHOWN}"
Step 4: Test mongo deployment & generate hardened image
helm uninstall mongo
rfharden <your_repository>/mongodb:4.4.6-debian-10-r8-rfstub 
docker push <your_repository>/mongodb:4.4.6-debian-10-r8-rfhardened
Step 5: Deploy the Hardened Image
helm install mongo bitnami/mongodb \ 
 --set image.registry=<your_repository>\ 
 --set image.respostory=mongodb \
 --set image.tab=4.4.6-debian-10-r8-rfhardened

How To Guides - Previous

RapidFort GitLab CI/CD Integration

Next - Scanning with RapidFort

Overview

Last modified 1yr ago