CD PHASE
-
Create a secret for Virsec Container Registry using the below command:
-
kubectl create secret docker-registry regcred --docker-server="vartifacts.jfrog.io" --docker-username="<Virsec_Artifactory_username>" --docker-password="<Virsec_Artifactory_password>" -n <Target_Namepace>
-
-
Create a secret for Application Container Registry using the below command (if required):
-
kubectl create secret docker-registry regcred-app --docker-server="<Docker_Server>" --docker-username="<Docker_username>" --docker-password="<Docker_password>" -n <Target_Namepace>
-
-
Create Configuration for VSP-Host only
-
Config Map for Debian Buster Slim containers:
-
mkdir deb_buster_slim
-
cd deb_buster_slim
-
wget http://<LFR_IPAddress>/vsp/ld.so.preload
-
wget http://<LFR_IPAddress>/vsp/entrypoint_virsec_host.sh
-
wget http://<LFR_IPAddress>/vsp/debian/10/libvsp-hmm-agent.so
-
kubectl create configmap vsp-hmm-deb-buster-slim --from-file ld.so.preload --from-file entrypoint_virsec_host.sh --from-file libvsp-hmm-agent.so
-
-
-
Patch the yaml file
-
Log in to the Artifactory site using Virsec-provided credentials from the local machine
-
Navigate to the directory vsp > ReleaseNumber > Helm and download the below files
-
vsp_vdt_cd_kustom.sh
-
vsp_vdt_cd_kustom_wrapper.sh
-
VSP_Kustomization_Template.csv
-
-
Modify the file VSP_Kustomization_Template.csv with the below content
-
metadata-name |
kind |
container-name |
container-image |
configmap |
host-only |
alpine |
yaml-file-location |
gitlab-gitaly |
StatefulSet |
gitaly |
registry.gitlab.com/gitlab-org/build/cng/gitaly:v13.12.0 |
vsp-hmm-deb-buster-slim |
1 |
0 |
./gitlab/charts/gitlab/charts/gitaly/templates/statefulset.yml |
gitlab-gitlab-exporter |
Deployment |
gitlab-exporter |
registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:10.2.0 |
vsp-hmm-deb-buster-slim |
1 |
0 |
./gitlab/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml |
gitlab-gitlab-shell |
Deployment |
gitlab-shell |
registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v13.18.0 |
vsp-hmm-deb-buster-slim |
1 |
0 |
./gitlab/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml |
gitlab-postgresql |
StatefulSet |
gitlab-postgresql |
docker.io/bitnami/postgresql:11.9.0 |
vsp-hmm-deb-buster-slim |
1 |
0 |
./gitlab/charts/postgresql/templates/statefulset.yaml |
gitlab-redis-master |
StatefulSet |
redis |
docker.io/bitnami/redis:6.0.9-debian-10-r0 |
vsp-hmm-deb-buster-slim |
1 |
0 |
./gitlab/charts/redis/templates/redis-master-statefulset.yaml |
gitlab-redis-master |
StatefulSet |
metrics |
docker.io/bitnami/redis-exporter:1.12.1-debian-10-r11 |
vsp-hmm-deb-buster-slim |
1 |
0 |
./gitlab/charts/redis/templates/redis-master-statefulset.yaml |
gitlab-registry |
Deployment |
registry |
registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.2.1-gitlab |
vsp-hmm-deb-buster-slim |
1 |
0 |
./gitlab/charts/registry/templates/deployment.yaml |
gitlab-sidekiq-all-in-1-v1 |
Deployment |
sidekiq |
vartifacts.jfrog.io/virsec/gitlab-sidekiq-ee:v13.12.0 |
none |
0 |
0 |
./gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml |
gitlab-task-runner |
Deployment |
task-runner |
registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee:v13.10.2 |
vsp-hmm-deb-buster-slim |
1 |
0 |
./gitlab/charts/gitlab/charts/task-runner/templates/deployment.yaml |
gitlab-webservice-default |
Deployment |
webservice |
vartifacts.jfrog.io/virsec/gitlab-webservice-ee:v13.10.2 |
none |
0 |
0 |
./gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml |
gitlab-webservice-default |
Deployment |
gitlab-workhorse |
registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:v13.12.0 |
vsp-hmm-deb-buster-slim |
1 |
0 |
./gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml |
Table – VSP_Kustomization_Template.csv values
-
Use either Method 1 or 2 described below
METHOD 1: USING SCRIPT
-
cd rendered
-
./vsp_vdt_cd_kustom_wrapper.sh -c VSP_Kustomization_Template.csv -s regcred-app
METHOD 2: USING DOCKER COMMAND
-
docker run -it --rm -v /home/ubuntu/myapp/:/kustom-base -v /home/ubuntu/myapp/VSP_Kustomization_Template.csv:/input.csv -v /home/ubuntu/myapp/vsp_sidecar_frag.yaml:/kustom-base/vsp_sidecar_frag.yaml -e IMAGE_PULL_SECRET=app-regcred vartifacts.jfrog.io/virsec/vsp-cd:2.5.0