Deploying an IAST agent on Kubernetes
AppScan supports automatic installation of IAST agent on a Kubernetes cluster. Using a MutatingAdmissionWebhook, the IAST agent is automatically installed on any starting pod.
About this task
Procedure
- Download the ASoC Kubernetes IAST agent, as described here.
- Extract the contents of the ZIP file.
-
To install the IAST agent in your Kubernetes cluster:
- Optional:
You can configure the IAST installer to skip specific pods or specify the language of
the pod for agent detection. The config file must be placed in the “config” folder before
running the install-secagent-webhook.sh script.
Examples of configurations are available in the "examples" folder of the extracted zip.
{ // don't install IAST agent on service1. Default for ignore is false "name":"service1", "namespace":"default", "ignore":true }, { // hint IAST installer that service2 is Java. Possible values: java, net-core, nodejs "name":"service2", "namespace":"my-namespace", "agents":["java"] },
- To view the pod name of the issues reported from the different pods, see the Additional Info section of the Issue Details tab.
-
To uninstall the IAST agent in your Kubernetes cluster:
-
Run the
uninstall-secagent-webhook.sh
script. - To complete the uninstallation process, you need to restart any running pods since the agent is not automatically removed from them during uninstallation.
-
Run the