Using RapidFort with Helm Charts
Simplify App deployment by consolidating Kubernetes and adding a Helm Chart to your cluster, accelerating the deployment of containerized applications.
When using RapidFort with Helm Charts, we need to extend the permissions for the security context.

Step 1: Get image info from Helm chart

1
helm show values bitnami/mongodb | yq e .image-
Copied!

Step 2: Generate and push a stub image

1
docker pull bitnami/mongodb:4.4.6-debian-10-r8
2
docker tag bitnami/mongodb:4.4.6-debian-10-r8 <your_repository>/mongodb:4.4.6-deb-10-r8
3
rfstub <your_repository>/mongodb:4.4.6-debian-10-r8
4
docker push <your_repository>/mongodb:4.4.6-debian-10-r8-rfstub
Copied!

Step 3: Deploy the stub image to Kubernetes

1
helm install mongo bitnami/mongodb \
2
--set image.registry=<your_repository>\
3
--set image.repository=mongodb \
4
--set image.tag=4.4.6-debian-10-r8-rfstub \
5
--set image.pullPolicy=Always \
6
--set containerSecurityContext.allowPrivilegeEscalation=true \
7
--set containerSecurityContext.capabilities.drop="{all}" \
8
--set containerSecurityContext.capabilities.add="{NET_BIND_SERVICE,SYS_PTRACE,NET_RAW,DAC_OVERRIDE,SETUID,SETGIG,SYS_CHROOT,CHOWN}"
Copied!

Step 4: Test mongo deployment & generate hardened image

1
helm uninstall mongo
2
rfharden <your_repository>/mongodb:4.4.6-debian-10-r8-rfstub
3
docker push <your_repository>/mongodb:4.4.6-debian-10-r8-rfhardened
Copied!

Step 5: Deploy the Hardened Image

1
helm install mongo bitnami/mongodb \
2
--set image.registry=<your_repository>\
3
--set image.respostory=mongodb \
4
--set image.tab=4.4.6-debian-10-r8-rfhardened
Copied!
Copy link
Contents