Links

Using RapidFort with Helm Charts

Simplify App deployment by consolidating Kubernetes and adding a Helm Chart to your cluster, accelerating the deployment of containerized applications.
When using RapidFort with Helm Charts, we need to extend the permissions for the security context.

Step 1: Get image info from Helm chart

helm show values bitnami/mongodb | yq e .image-

Step 2: Generate and push a stub image

docker pull bitnami/mongodb:4.4.6-debian-10-r8
docker tag bitnami/mongodb:4.4.6-debian-10-r8 <your_repository>/mongodb:4.4.6-deb-10-r8
rfstub <your_repository>/mongodb:4.4.6-debian-10-r8
docker push <your_repository>/mongodb:4.4.6-debian-10-r8-rfstub

Step 3: Deploy the stub image to Kubernetes

helm install mongo bitnami/mongodb \
--set image.registry=<your_repository>\
--set image.repository=mongodb \
--set image.tag=4.4.6-debian-10-r8-rfstub \
--set image.pullPolicy=Always \
--set containerSecurityContext.allowPrivilegeEscalation=true \
--set containerSecurityContext.capabilities.drop="{all}" \
--set containerSecurityContext.capabilities.add="{NET_BIND_SERVICE,SYS_PTRACE,NET_RAW,DAC_OVERRIDE,SETUID,SETGIG,SYS_CHROOT,CHOWN}"

Step 4: Test mongo deployment & generate hardened image

helm uninstall mongo
rfharden <your_repository>/mongodb:4.4.6-debian-10-r8-rfstub
docker push <your_repository>/mongodb:4.4.6-debian-10-r8-rfhardened

Step 5: Deploy the Hardened Image

helm install mongo bitnami/mongodb \
--set image.registry=<your_repository>\
--set image.respostory=mongodb \
--set image.tab=4.4.6-debian-10-r8-rfhardened