Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
📙 You will learn
How to create custom Defect templates in a Kubernetes environment.
Prerequisites
Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 15 minutes
Tools required: If anyN/A
This guide covers how to create custom Defect templates using Persistent Volumes and custom Defect templates using ConfigMaps, however, only one of the following sections should be utilized in an environment. The following guide assumes an instance using the default release name tf
, if using a custom release name, replace tf
with the appropriate release name. For example, if using the release name tf-qa
, replace instances of tf-appsec
with tf-qa-appsec
.
Custom Defect Templates Using Persistent Volumes:
Note |
---|
ThreadFix AppSec must be running before running the following commands. |
Create a file named
velocity-templates.yaml
with the following content:Code Block apiVersion: v1 kind: PersistentVolumeClaim metadata: name: tf-appsec-velocity-templates spec: accessModes: - ReadWriteOnce resources: requests: storage: 1G
Create the Persistent Volume Claim:
Code Block kubectl apply -f velocity-templates.yaml
Create a file named
appsec-patch.yaml
with the following content (<tf_version>
should be replaced with the user’s current version of ThreadFix):Code Block spec: template: spec: initContainers: - name: tf-appsec-init image: docker.io/denimgroup/appsec:<tf_version> volumeMounts: - mountPath: /opt/velocityTemplates name: velocity-templates command: - bash - -c - | cp -r /usr/local/tomcat/webapps/threadfix/velocityTemplates/* /opt/velocityTemplates containers: - name: tf-appsec volumeMounts: - mountPath: /usr/local/tomcat/webapps/threadfix/velocityTemplates name: velocity-templates volumes: - name: velocity-templates persistentVolumeClaim: claimName: tf-appsec-velocity-templates
Apply the AppSec patch (Re-run this step anytime the configuration is changed via helm, for example
helm upgrade...
):Code Block kubectl patch deploy tf-appsec -p "$(cat appsec-patch.yaml)"
Follow the Customize Defect Descriptions guide to create additional velocity templates.
Set the ThreadFix AppSec Pod with the following:
Code Block TF_APPSEC=$(kubectl get pods -l app.kubernetes.io/name=appsec -o jsonpath='{ .items[].metadata.name }')
Copy templates to the ThreadFix container (
<new_template>
should be replaced with the name of the user’s new or modified template):Code Block kubectl cp ./<new_template> ${TF_APPSEC}:/usr/local/tomcat/webapps/threadfix/velocityTemplates/defect/<new_template>
Restart the ThreadFix AppSec container:
Code Block kubectl rollout restart deploy/tf-appsec
Custom Defect Templates Using ConfigMaps
Note |
---|
ThreadFix AppSec must be running before running the following commands. |
Set the ThreadFix AppSec Pod with the following:
Code Block TF_APPSEC=$(kubectl get pods -l app.kubernetes.io/name=appsec -o jsonpath='{ .items[].metadata.name }')
Copy existing templates to the local machine:
Code Block kubectl cp ${TF_APPSEC}:/usr/local/tomcat/webapps/threadfix/velocityTemplates/defect ./defectTemplates
Add new velocity templates to the
./defectTemplates
directory. Follow the Customize Defect Descriptions guide for more information.Remove existing velocity templates ConfigMap (if necessary):
Code Block kubectl delete cm tf-defect-templates
Create ConfigMap from velocity templates:
Code Block kubectl create configmap tf-defect-templates --from-file=./defectTemplates
Create
appsec-patch.yaml
with the following content:Code Block spec: template: spec: containers: - name: tf-appsec volumeMounts: - mountPath: /usr/local/tomcat/webapps/threadfix/velocityTemplates/defect name: defect-templates volumes: - name: defect-templates configMap: name: tf-defect-templates
Add the patch to AppSec (repeat this step on every helm upgrade):
Code Block kubectl patch deploy tf-appsec -p "$(cat appsec-patch.yaml)"
Table of Contents
Table of Contents |
---|