Requirements
- Kubernetes 1.19+
- Helm 3.0.0+
- Amazon Web Services (AWS) Account
- S3 Bucket for RapidFort data
- IAM User with Read/Write/List/Delete permissions for the S3 bucket
- AWS Access Key ID
- AWS Secret Access Key
- The node on which the iso-master RapidFort microservice will be deployed should have at least 2 TB of storage
The RapidFort Helm Chart is based on the Nginx Ingress Controller and creates an ingress rule. Refer to Nginx Ingress Controller Deployment for more information.
Deployment
Before deploying RapidFort SASM platform, install and set up Kubernetes and Helm.
- Create an S3 bucket and an IAM user with Read/List/Write permissions for the S3 bucket.
- Get the RapidFort Helm Chart
- Get the RapidFort Helm Chart:
- git clone https://github.com/rapidfort/rapidfort.git
- Step 3: Update values.yaml
For more information on available parameters, please refer to Parameters.
Update secret
secret:
aws_access_key_id: ""
aws_secret_access_key: ""
aws_default_region: ""
s3_bucket: ""
rf_app_admin: ""
rf_app_admin_passwd: ""
rf_app_host: ""
Update the values in the secret section.
aws_access_key_id: Specify the AWS Access Key ID.
aws_secret_access_key: Specify the AWS Secret Access Key.
aws_default_region: Specify the AWS region (e.g. us-east-1, us-west-2, etc) in which RapidFort will be deployed.
s3_bucket: Specify the name (not the ARN) of the S3 bucket that you created for RapidFort.
Example: For AWS Commercial
ARN: arn:aws:s3::::rapidfort-s3
Name: rapidfort-s3
rf_s3_bucket: rapidfort-s3
Example: For AWS GovCloud
ARN: arn:aws-gov:s3::::rapidfort-s3
Name: rapidfort-s3
rf_s3_bucket: rapidfort-s3
rf_app_admin: Specify the email address for the admin user. RapidFort will send a confirmation email when the deployment is ready.
rf_app_admin_passwd: Specify a temporary password for the admin user. You may change your password after logging into the RapidFort user interface.
rf_app_host: If you have a static IP address or hostname, then specify this. Otherwise, specify the IP address of the deployment.
Update global
global:
rf_app_host: ""
rf_app_host: If you have a hostname or static IP address, then specify this here. Otherwise, leave this blank to assign a dynamic IP address to the RapidFort deployment.
sc and ingress
sc:
enabled: false
ingress:
enabled: true
sc: Leave this value as-is (enabled: false).
ingress: If you are using an NGINX ingress controller, then set enabled: true.
Update RapidFort Services
aggregator:
enabled: true
image:
repository: "public.ecr.aws/rapidfort/aggregator-exe"
tag: "1.1.0-74bca60-2910-rfhardened"
backend:
enabled: true
image:
repository: "public.ecr.aws/rapidfort/backend-exe"
tag: "1.1.0-fe79693-2910-rfhardened"
frontrow:
enabled: true
authUrl: ""
image:
repository: "public.ecr.aws/rapidfort/frontrow"
tag: "1.1.0-c8e4edb-2910-rfhardened"
# other RapidFort services…
For each RapidFort service, update the repository and tag if necessary.
-
-
- aggregator
- backend
- Frontrow
- authUrl: Set this to the same value as the global rf_app_host.
- iso-master
- rf-scan
- rfapi
- rfpubsub
- Runner
-
Update logger
logger:
enabled: false
env:
rf_s3_bucket: ""
aws_default_region: ""
If you would like to enable the logger, then update the following values:
-
-
- enabled: true
- rf_s3_bucket: Specify the name (not the ARN) of the S3 bucket where the logs
- Example: AWS Commercial
-
ARN: arn:aws:s3::::rapidfort-s3
Name: rapidfort-s3
rf_s3_bucket: rapidfort-s3
-
- Example: AWS GovCloud
- Example: AWS GovCloud
ARN: arn:aws-gov:s3::::rapidfort-s3
Name: rapidfort-s3
rf_s3_bucket: rapidfort-s3
-
-
- aws_default_region: Specify the AWS region (e.g. us-east-1, us-west-2, us-gov-east-1, etc) in which RapidFort will be deployed.
-
Run the following command to deploy RapidFort:
helm upgrade --install rapidfort ./ -f values.yaml -n <namespace>
For example, to deploy RapidFort in the rapidfort namespace:
helm upgrade --install rapidfort ./ -f values.yaml -n rapidfort
⚠ Make sure that the node on which the iso-master RapidFort microservice will be deployed has at least 2 TB of storage.
Post Deployment
Welcome Email
If the deployment was successful, you will receive a welcome email from RapidFort when the system is ready.
⚠ If you do not receive a welcome email, review the deployment settings and Kubernetes logs.
Visit the RapidFort Dashboard
Click on the link in the welcome email and log into the RapidFort dashboard using the email address and password you specified earlier (rf_app_admin and rf_app_admin_passwd). You may change your password after logging in.
Get a RapidFort License
The RapidFort dashboard will guide you through the steps for contacting RapidFort Support and requesting a license.
Upon receipt of the license, log back into the RapidFort dashboard to update the license.
Congratulations! You are now ready to start optimizing and securing your applications.
How to Uninstall RapidFort
To uninstall RapidFort, run the following command:
helm uninstall rapidfort -n <namespace>
For example, if you deployed RapidFort in the rapidfort
helm uninstall rapidfort -n rapidfort