Application Pod Setup (VSP-HOST)

APPLICATION POD SETUP (VSP-HOST)

NOTE:

The steps in this section are required for Kubernetes-based VSP-Host only environments

For Kubernetes-based deployments, follow the below steps to integrate the deployment of VSP components in the CD phase and set up the Application Pod for VSP-Host only environments:

The vsp_vdt_cd tool is downloaded to the directory (vsp/cms) created during CMS installation:
1. cd <Application_yamlDirectory>
2. Copy the file: vsp_vdt_cd from the directory: vsp/cms to the directory: Application_yamlDirectory
3. chmod +x vsp_vdt_cd
4. Copy the required SKU fragment file from the directory that stores CMS yaml files.
  
  cp ../vsp_sidecar/vsp_sidecar_frag.yaml
Generate a Kubernetes configmap only for Host Monitoring functionality. The configmap contains the VSP Host files mounted on to the Application container at runtime
1. Copy the below files from the directory (vsp/cms) that gets created during CMS installation to the current directory:
  1. ld.so.preload
  2. entrypoint_virsec_host.sh
  3. <application_container_os_type>/libvsp-hmm-agent.so
2. Execute the below commands to generate kubernetes configmap named vsp-hmm (an arbitrary name)
  1. kubectl create configmap vsp-hmm --from-file ld.so.preload --from-file entrypoint_virsec_host.sh --from-file libvsp-hmm-agent.so
  NOTE:
  
  Separate config maps must be created for each Operating System type
Modify the application yaml file to integrate the required VSP configurations into the application yaml file:
1. For help on the tool usage:
  
  ./vsp_vdt_cd -h
2. Execute the script using the below command:
  
  ./vsp_vdt_cd [--host-only] [--alpine] <Application_yaml_filename> <VSP Sidecar YAML fragment filename> <Customer_BaseContainerName> <vRule Engine Configuration> <vsp-host-configmap> -C <CMS_URL> -K <KAFKA_HOSTNAME> -p <KAFKA_PORT> -L <LFR_URL>
  1. --host-only (Optional) - This parameter is used only when VSP Host protection is enabled and the VSP CI tool has not been executed on the application container (Refer Section VSP Component Installation in Application Container for more information about the CI tool)
  2. --alpine (Optional) - This parameter is used if VSP Host is enabled on an alpine-based application container
  3. <VSP Sidecar YAML fragment filename> - Provide the Sidecar fragment yaml filename (Required for VSP-Host only configuration)
  4. <vRule Engine Configuration> - Provide “0” for Embedded vRule Engine and “1” for Remote vRule Engine (Refer vRule Engine Configuration of VSP Architecture for more information)
  5. <vsp-host-configmap> - kubernetes configmap filename generated in Step 2 above. If application has gone through the VSP_VDT_CI tool, then, provide a single '-' (dash)
  6. --host-ignore-tag - Ignore the application image tag for VSP Host Monitoring
  7. -c CMS_IP, --cms-ip CMS_IP - The VSP CMS IP Address
  8. -C CMS_URL, --cms-url CMS_URL - The VSP CMS Load Balancer URL (Required for VSP-Host only configuration)
  9. -k KAFKA_IP, --kafka-ip KAFKA_IP - The VSP Kafka Server IP Address
  10. -K KAFKA_HOSTNAME, --kafka-hostname KAFKA_HOSTNAME - The VSP Kafka Server Load Balancer URL (Required for VSP-Host only configuration)
  11. -p KAFKA_PORT, --kafka-port KAFKA_PORT - The VSP Kafka Server port used to connect VSP pods to CMS (Required for VSP-Host only configuration)
  12. -L LFR_URL, --lfr-url LFR_URL - The VSP LFR Load Balancer URL (Required for VSP-Host only configuration)
  13. -P LFR_PORT, --lfr-port LFR_PORT - The VSP LFR Port
3. vsp_vdt_cd tool produces a modified version of the application yaml file with the required configurations for VSP Controller and other required environment variables. The file name is <Application_yaml_filename>-vsp.yaml

<< PREVIOUS NEXT >>