<< PREVIOUS  NEXT >>

 

APPLICATION POD SETUP (CD PHASE)Picture 54

 

  NOTE:

  The steps in this section are not required for Kubernetes environments only

 

Follow the below steps to integrate the deployment of VSP components in the CD phase and set up the Application Pod:

  1. Generate a Kubernetes configmap only for Host Monitoring functionality. For others, proceed with Step 3. The configmap contains the VSP Host files mounted on to the Application container at runtime

    1. Copy the below files from the LFR to the current directory:

      1. wget https://<LFR_IPAddress>:8443/vsp/ld.so.preload

         

      2. wget https://<LFR_IPAddress>:8443/vsp/entrypoint_virsec_host.sh

         

      3. wget https://<LFR_IPAddress>:8443/vsp/<Operating_System>/<Operating_System_Version>/libvsp-hmm-agent.so

         

    2. Execute the below commands to generate kubernetes configmap named vsp-hmm-deb-buster-slim (an arbitrary name)

      1. kubectl create configmap vsp-hmm-deb-buster-slim --from-file ld.so.preload --from-file entrypoint_virsec_host.sh --from-file libvsp-hmm-agent.so

         

  2. Log in to the Artifactory site using Virsec-provided credentials from the local machine 

  3. Navigate to the directory vsp > releases > public > 2 > 2.8 > <Patch_Version> > Helm and download the below files

    1. VSP_Kustomization_Template.csv

  4. Modify the csv file to list all the metadata and container information as shown below. Provide the below information:

    1. metadata-name – Name of the deployment or StatefulSet

    2. kind – Deployment Or StatefulSet

    3. Container Name – Name of the Application container

    4. Container Image – Name of the Container Image with tag

    5. Configmap – Provide the name of config map is the corresponding “Host-only” value is “1”, else provide the value as “0”

    6. Host-only – This parameter is used only when VSP Host protection is enabled and the VSP CI tool has not been executed on the application container (Refer Section 8 for more information about the CI tool). Provide the value as “1” for VSP-Host-only scenario, else provide the value as “0”

    7. Alpine - Used if the protected application container is an Alpine container. Provide the value as “1” for Alpine based containers, else provide the value as “0”

       

        NOTE: 

      Ensure that the format of the file VSP_Kustomization_Template.csv is not modified. Add or modify only the rows of individual metadata entries

       

  5. File VSP_Kustomization_Template.csv with sample values is depicted below:

    Picture 29

     

      NOTE: 

    In case where the VSP patch must be applied to multiple yaml files spread across different directories, a wrapper script (vsp_vdt_cd_kustom_wrapper.sh) is available to convert all the files. The file VSP_Kustomization_Template.csv must have a column (yaml-file-location) at the right to include the yaml file location

     

  6. Use either Method 1 or Method 2  

<< PREVIOUS  NEXT >>