📙 You will learn
How to create custom Defect templates in a Kubernetes environment.
Prerequisites
Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 15 minutes
Tools required: If anyN/A
This guide covers how to create custom Defect templates using Persistent Volumes and custom Defect templates using ConfigMaps, however, only one of the following sections should be utilized in an environment. The following guide assumes an instance using the default release name tf, if using a custom release name, replace tf with the appropriate release name. For example, if using the release name tf-qa, replace instances of tf-appsec with tf-qa-appsec.
Custom Defect Templates Using Persistent Volumes:
| Note |
|---|
ThreadFix AppSec must be running before running the following commands. |
Create a file named
velocity-templates.yamlwith the following content:Code Block apiVersion: v1 kind: PersistentVolumeClaim metadata: name: tf-appsec-velocity-templates spec: accessModes: - ReadWriteOnce resources: requests: storage: 1GCreate the Persistent Volume Claim:
Code Block kubectl apply -f velocity-templates.yaml
Create a file named
appsec-patch.yamlwith the following content (<tf_version>should be replaced with the user’s current version of ThreadFix):Code Block spec: template: spec: initContainers: - name: tf-appsec-init image: docker.io/denimgroup/appsec:<tf_version> volumeMounts: - mountPath: /opt/velocityTemplates name: velocity-templates command: - bash - -c - | cp -r /usr/local/tomcat/webapps/threadfix/velocityTemplates/* /opt/velocityTemplates containers: - name: tf-appsec volumeMounts: - mountPath: /usr/local/tomcat/webapps/threadfix/velocityTemplates name: velocity-templates volumes: - name: velocity-templates persistentVolumeClaim: claimName: tf-appsec-velocity-templatesApply the AppSec patch (Re-run this step anytime the configuration is changed via helm, for example
helm upgrade...):Code Block kubectl patch deploy tf-appsec -p "$(cat appsec-patch.yaml)"
Follow the Customize Defect Descriptions guide to create additional velocity templates.
Set the ThreadFix AppSec Pod with the following:
Code Block TF_APPSEC=$(kubectl get pods -l app.kubernetes.io/name=appsec -o jsonpath='{ .items[].metadata.name }')Copy templates to the ThreadFix container (
<new_template>should be replaced with the name of the user’s new or modified template):Code Block kubectl cp ./<new_template> ${TF_APPSEC}:/usr/local/tomcat/webapps/threadfix/velocityTemplates/defect/<new_template>Restart the ThreadFix AppSec container:
Code Block kubectl rollout restart deploy/tf-appsec
Custom Defect Templates Using ConfigMaps
| Note |
|---|
ThreadFix AppSec must be running before running the following commands. |
Set the ThreadFix AppSec Pod with the following:
Code Block TF_APPSEC=$(kubectl get pods -l app.kubernetes.io/name=appsec -o jsonpath='{ .items[].metadata.name }')Copy existing templates to the local machine:
Code Block kubectl cp ${TF_APPSEC}:/usr/local/tomcat/webapps/threadfix/velocityTemplates/defect ./defectTemplatesAdd new velocity templates to the
./defectTemplatesdirectory. Follow the Customize Defect Descriptions guide for more information.Remove existing velocity templates ConfigMap (if necessary):
Code Block kubectl delete cm tf-defect-templates
Create ConfigMap from velocity templates:
Code Block kubectl create configmap tf-defect-templates --from-file=./defectTemplates
Create
appsec-patch.yamlwith the following content:Code Block spec: template: spec: containers: - name: tf-appsec volumeMounts: - mountPath: /usr/local/tomcat/webapps/threadfix/velocityTemplates/defect name: defect-templates volumes: - name: defect-templates configMap: name: tf-defect-templatesAdd the patch to AppSec (repeat this step on every helm upgrade):
Code Block kubectl patch deploy tf-appsec -p "$(cat appsec-patch.yaml)"
Table of Contents
| Table of Contents |
|---|