Using RapidFort with Helm Charts

Simplify App deployment by consolidating Kubernetes and adding a Helm Chart to your cluster, accelerating the deployment of containerized applications.

When using RapidFort with Helm Charts, we need to extend the permissions for the security context.
Step 1: Get image info from Helm chart
1
helm show values bitnami/mongodb | yq e .image-
Copied!
Step 2: Generate and push a stub image
1
docker pull bitnami/mongodb:4.4.6-debian-10-r8 
2
docker tag bitnami/mongodb:4.4.6-debian-10-r8 <your_repository>/mongodb:4.4.6-deb-10-r8
3
rfstub <your_repository>/mongodb:4.4.6-debian-10-r8 
4
docker push <your_repository>/mongodb:4.4.6-debian-10-r8-rfstub 
Copied!
Step 3: Deploy the stub image to Kubernetes
1
helm install mongo bitnami/mongodb \
2
 --set image.registry=<your_repository>\ 
3
 --set image.repository=mongodb \ 
4
 --set image.tag=4.4.6-debian-10-r8-rfstub \
5
 --set image.pullPolicy=Always \
6
 --set containerSecurityContext.allowPrivilegeEscalation=true \ 
7
 --set containerSecurityContext.capabilities.drop="{all}" \ 
8
 --set containerSecurityContext.capabilities.add="{NET_BIND_SERVICE,SYS_PTRACE,NET_RAW,DAC_OVERRIDE,SETUID,SETGIG,SYS_CHROOT,CHOWN}"
Copied!
Step 4: Test mongo deployment & generate hardened image
1
helm uninstall mongo
2
rfharden <your_repository>/mongodb:4.4.6-debian-10-r8-rfstub 
3
docker push <your_repository>/mongodb:4.4.6-debian-10-r8-rfhardened
Copied!
Step 5: Deploy the Hardened Image
1
helm install mongo bitnami/mongodb \ 
2
 --set image.registry=<your_repository>\ 
3
 --set image.respostory=mongodb \
4
 --set image.tab=4.4.6-debian-10-r8-rfhardened
Copied!

How To Guides - Previous

RapidFort GitLab CI/CD Integration

Next - Scanning with RapidFort

Overview

Last modified 6mo ago

Copy link

Contents