<< PREVIOUS  NEXT >>

 

VSP COMPONENT INSTALLATION IN APPLICATION CONTAINER (CI PHASE)


 

For VSP Web or VSP Memory, the application base container is transformed into a new container with “-vsp” appended to the name. This transformation is performed by Virsec Deployment Tool (VDT). 

  1. Log in to the Kubernetes node that has access to the Application image, VSP LFR and VSP CMS

  2. Execute the below commands to  transform application container to VSP-integrated application container:

    1. mkdir -p vsp/<ApplicationName>

       

       

    2. cd vsp/<ApplicationName>

       

       

    3. wget http://<LFR_IPAddress>/vsp/vsp_vdt_ci.sh && chmod +x vsp_vdt_ci.sh

       

       

    4. For Help on the script usage:

      ./vsp_vdt_ci.sh -h

       

       

    5. Method 1: Interactive

       

      ./vsp_vdt_ci.sh -b <BaseImageName>

       

       

      1. When prompted, select the appropriate VSP Controller configuration:

        Provide “1” to install VSP Controller in application container

      2. Parameter: “-m”:  Provide “1” to modify the entrypoint of the container image and start the VSP services automatically. The default method used by VSP relies on an injected library to start the VSP services

    6. Method 2: Automated

       

      ./vsp_vdt_ci.sh -b <BaseImageName> -s <VSP Controller deployment type>

       

       

      1. Parameter: “-s”: Provide the VSP Controller Deployment Type as below:

        “1” to install VSP Controller in application container

      2. Parameter: “-m”: Provide “1” to modify the entrypoint of the container image and start the VSP services automatically. The default method used by VSP relies on an injected library to start the VSP services

    7. Parameter: “-u”: Use this parameter if CMS is deployed with custom certificates. Refer Section VSP CMS Deployment for more information

  3. Once the script vsp_vdt_ci.sh is executed, a new application image with “-vsp” appended to the image name is created

  4. Verification: The application on CMS has the below icons: 

    1. Lock symbol – To prevent further updates on CMS

    2. Green Checkmark – To indicate CI tool execution

      image20

    3. If VSP Host is configured, follow the steps below:

      1. Navigate to Host Security > Host Monitoring in the left navigation pane. Ensure that the App Control Policy is associated with the existing Host Profile

        image18

      2. If not, modify the profile and select the required App Control Policy from the dropdown

        image21

 

<< PREVIOUS  NEXT >>