RapidFort Helm Chart AWS Deployment
Deploy RapidFort in your AWS Kubernetes Environment
- Kubernetes 1.19+
- Helm 3.0.0+
- Amazon Web Services (AWS) Account
- S3 Bucket for RapidFort data
- IAM User with Read/Write/List/Delete permissions for the S3 bucket
- AWS Access Key ID
- AWS Secret Access Key
- The node on which the
iso-master
RapidFort microservice will be deployed should have at least 2 TB of storage
The RapidFort Helm Chart is based on the Nginx Ingress Controller and creates an ingress rule. Please refer to Nginx Ingress Controller Deployment for more information.
This guide assumes that you have already installed and set up Kubernetes and Helm.
Before deploying RapidFort, you will need to create an S3 bucket and an IAM user with Read/List/Write permissions for the S3 bucket.
git clone https://github.com/rapidfort/rapidfort.git
secret:
aws_access_key_id: ""
aws_secret_access_key: ""
aws_default_region: ""
s3_bucket: ""
rf_app_admin: ""
rf_app_admin_passwd: ""
rf_app_host: ""
Update the values in the
secret
section.aws_access_key_id
: Specify the AWS Access Key ID.aws_secret_access_key
: Specify the AWS Secret Access Key.aws_default_region
: Specify the AWS region (e.g.us-east-1
,us-west-2
, etc) in which RapidFort will be deployed.s3_bucket
: Specify the name (not the ARN) of the S3 bucket that you created for RapidFort.- Example: AWS Commercial
- ARN:
arn:aws:s3::::rapidfort-s3
- Name:
rapidfort-s3
rf_s3_bucket: rapidfort-s3
- Example: AWS GovCloud
- ARN:
arn:aws-gov:s3::::rapidfort-s3
- Name:
rapidfort-s3
rf_s3_bucket: rapidfort-s3
rf_app_admin
: Specify the email address for the admin user. RapidFort will send a confirmation email when the deployment is ready.rf_app_admin_passwd
: Specify a temporary password for the admin user. You may change your password after logging into the RapidFort user interface.rf_app_host
: If you have a static IP address or hostname, then specify this. Otherwise, specify the IP address of the deployment.
global:
rf_app_host: ""
rf_app_host
: If you have a hostname or static IP address, then specify this here. Otherwise, leave this blank to assign a dynamic IP address to the RapidFort deployment.
sc:
enabled: false
ingress:
enabled: true
sc
: Leave this value as-is (enabled: false
).
aggregator:
enabled: true
image:
repository: "public.ecr.aws/rapidfort/aggregator-exe"
tag: "1.1.0-74bca60-2910-rfhardened"
backend:
enabled: true
image:
repository: "public.ecr.aws/rapidfort/backend-exe"
tag: "1.1.0-fe79693-2910-rfhardened"
frontrow:
enabled: true
authUrl: ""
image:
repository: "public.ecr.aws/rapidfort/frontrow"
tag: "1.1.0-c8e4edb-2910-rfhardened"
# other RapidFort services...
For each RapidFort service, update the
repository
and tag
if necessary.aggregator
backend
frontrow
authUrl
: Set this to the same value as theglobal
rf_app_host
.
iso-master
rf-scan
rfapi
rfpubsub
runner
logger:
enabled: false
env:
rf_s3_bucket: ""
aws_default_region: ""
If you would like to enable the logger, then update the following values:
enabled: true
rf_s3_bucket
: Specify the name (not the ARN) of the S3 bucket where the logs should be saved.- Example: AWS Commercial
- ARN:
arn:aws:s3::::rapidfort-s3
- Name:
rapidfort-s3
rf_s3_bucket: rapidfort-s3
- Example: AWS GovCloud
- ARN:
arn:aws-gov:s3::::rapidfort-s3
- Name:
rapidfort-s3
rf_s3_bucket: rapidfort-s3
aws_default_region
: Specify the AWS region (e.g.us-east-1
,us-west-2
,us-gov-east-1
, etc) in which RapidFort will be deployed.
Run the following command to deploy RapidFort.
helm upgrade --install rapidfort ./ -f values.yaml -n <namespace>
For example, to deploy RapidFort in the
rapidfort
namespace:helm upgrade --install rapidfort ./ -f values.yaml -n rapidfort
Make sure that the node on which the
iso-master
RapidFort microservice will be deployed has at least 2 TB of storage.If the deployment was successful, then you should receive a welcome email from RapidFort when the system is ready.
If you do not receive a welcome email, please review the deployment settings and Kubernetes logs.
Click on the link in the welcome email and log into the RapidFort dashboard using the email address and password that you specified earlier (
rf_app_admin
and rf_app_admin_passwd
). You may change your password after logging in.The RapidFort dashboard will guide you through the steps for contacting RapidFort Support ([email protected]) and requesting a license.
When RapidFort Support sends a license, then log back into the RapidFort dashboard to update the license.
Congratulations! You are now ready to start optimizing and securing your applications.
To uninstall RapidFort, run the following command:
helm uninstall rapidfort -n <namespace>
For example, if you deployed RapidFort in the
rapidfort
namespace:helm uninstall rapidfort -n rapidfort