search

Kubernetes

Install and attach K2's Ruby Language Agent with your Ruby application hosted on Kubernetes for Runtime Self Application Protection.

hashtag
Prerequisites

  • Make sure you have created an account on K2 Portal(SaaS or On-Premises).

  • Make sure you have installed K2 Agents as per your environment.

Please follow our step-by-step Protect Ruby Application guide to complete the above two prerequisites. Ignore if done already.

Protect Ruby Applicationchevron-right

hashtag
Steps to protect Ruby application

There are following options you can select at your convenience for protecting your application workloads

hashtag
Option 1: (Recommended)

  • This assumes you are using one of the Kubernetes’ Volumes/CSI as described in https://kubernetes.io/docs/concepts/storage/volumes/arrow-up-right

    • Perform Kubernetes Volume/CSI setup as mentioned here .

    • Mount the created ‘k2-volume-1-10-16-PRODUCTION’ volume at /opt/k2-ic inside your application pod/container using Kubernetes’ volumeMounts like below in your pod spec:

      apiVersion: v1
kind: Pod 
metadata:
 name: application-pod
spec:
 containers:
 - image: k8s.gcr.io/test-webserver
   name: app-container
   volumeMounts:
   - mountPath: /opt/k2-ic
     name: k2-volume-1-10-16-PRODUCTION
 volumes:
 - name: k2-volume-1-10-16-PRODUCTION
 # Your Volume Config here

  • For Ruby on Rails applications, make sure you have Ruby version 2.6, Rails version 6.0 and Puma version 4.3.5 installed.

  • For any containerized Ruby web application (Docker/K8s), the host path "/opt/k2-ic" is to be mounted at "/opt/k2-ic" inside the container with option 'z'.

  • The K2-Ruby agent can be attached to your application by running the following commands:Install the gem file as

    gem install /opt/k2-ic/k2-ruby-agent.gem

    Append below line to 'Gemfile' of Ruby application.

    gem 'k2agent'

  • For Sinatra application, add the below require statement in app main module after sinatra require statement.

    require 'k2agent'

  • Create a properties file named 'k2-ruby-agent.properties' in application root directory with following property. (Mandatory for Passenger and Unicorn Server)

    APP_PORT=<application-port-number>

  • Start the Ruby application. Fire a few Http requests on the application to attach K2 Ruby agent

  • To verify if the given application is protected by K2 Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.

  • You can check your application in Protected processes View under applications on K2 Portal.

    Alternatively go to Applications | K2 Portalarrow-up-right

hashtag
Option 2:

  • This method is ideal for a scenario when you don’t have a storage delivery mechanism in your Kubernetes cluster and hence this method requires you to bake-in K2’s Language Collector into your application image via your CI/CD system.

    • For this, please download corresponding Language collector with the following command :

    • Once done, place the downloaded contents inside your application’s image at /opt/k2-ic location.

  • For Ruby on Rails applications, make sure you have Ruby version 2.6, Rails version 6.0 and Puma version 4.3.5 installed.

  • For any containerized Ruby web application (Docker/K8s), the host path "/opt/k2-ic" is to be mounted at "/opt/k2-ic" inside the container with option 'z'.

  • The K2-Ruby agent can be attached to your application by running the following commands:Install the gem file as

    Append below line to 'Gemfile' of Ruby application.

  • For Sinatra application, add the below require statement in app main module after sinatra require statement.

  • Create a properties file named 'k2-ruby-agent.properties' in application root directory with following property. (Mandatory for Passenger and Unicorn Server)

  • Start the Ruby application. Fire a few Http requests on the application to attach K2 Ruby agent

  • To verify if the given application is protected by K2 Prevent-Web, refer to the "Protected processes" subsection of the "Applications" page and locate the application based on name and node IP. The host namespace PID(in case of a host application) and container namespace PID(in case of a containerised application) can also be used to locate the protected application.

  • You can check your application in Protected processes View under applications on K2 Portal.

    Alternatively go to Applications | K2 Portalarrow-up-right

PreviousNode/VM/EC2NextAWS ECS/EKS/Fargate

Last updated

Was this helpful?