A Rails App in Kubernetes with Hoop

Learn How to Audit, Monitor, and Protect your Application

In this tutorial we will show how to Audit, Monitor, and Protect your Rails Application, in this case we're using Kubernetes to deploy the application. You only need to install the hoop agent to have a secure access and apply data masking by default.

Requirements

Hoop agent installation
Docker installation
Kubernetes cluster, you can use minikube

Deploy the Application in Kubernetes

The sample code repository is here, the image build used is hoop/ruby-sample:latest

Deploy the ruby on rails application on Kubernetes:

kubectl create deployment ruby-console --image=hoop/ruby-sample:latest

Continue reading? Get the full guide.

Just-in-Time Access + Kubernetes RBAC: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Validate the application is running successfully.

kubectl get pods
NAME                            READY   STATUS    RESTARTS   AGE
ruby-console-5578769f4d-kcx76   1/1     Running   0          8m51s

Access to the Rails Console

kubectl exec -it ruby-console-5578769f4d-kcx76 -- rails console

Loading development environment (Rails 7.0.4.3)
irb(main):001:0>

Setting Hoop Access to the Cluster

Validate the Hoop agent running in the machine with access to Kubernetes

You need to login to the instance `hoop login`

hoop admin get agents
UID   NAME   VERSION   HOSTNAME   PLATFORM   STATUS

Start the Hoop agent

hoop start agent
{"level":"info","timestamp":"2023-09-04T20:37:44-03:00","logger":"agent/main.go:38","msg":"version=1.15.26, platform=darwin/arm64, mode=webregister, grpc_server=app.hoop.dev:8443, tls=true - starting agent"}
{"level":"info","timestamp":"2023-09-04T20:37:44-03:00","logger":"agent/main.go:43","msg":"webregister - connecting, attempt=1"}

--------------------------------------------------------------------------
VISIT THE URL BELOW TO REGISTER THE AGENT
<https://app.hoop.dev/agents/new/x-agt-3db8cbe9-1818-4be4-b4e8-f5a83c3b2a87>
--------------------------------------------------------------------------

{"level":"info","timestamp":"2023-09-04T20:37:51-03:00","logger":"agent/main.go:43","msg":"webregister - connecting, attempt=2"}
{"level":"info","timestamp":"2023-09-04T20:37:59-03:00","logger":"agent/main.go:43","msg":"webregister - connecting, attempt=3"}
{"level":"info","timestamp":"2023-09-04T20:38:07-03:00","logger":"agent/main.go:43","msg":"webregister - connecting, attempt=4"}
{"level":"info","timestamp":"2023-09-04T20:38:14-03:00","logger":"agent/main.go:43","msg":"webregister - connecting, attempt=5"}

Visit the URL to Register the Agent

Validate the agent status

 hoop admin get agents
 
UID                                    NAME           VERSION   HOSTNAME                  PLATFORM       STATUS
cb7a978b-fffc-4eaf-9144-e2670d842313   agent-my-k8s   1.15.26   krol-MacBookPro-2.local   darwin/arm64   ONLINE

Create the Hoop connection using the hoop application

Create the Hoop connection using Hoop command line

Note that in Kubernetes by default the config file is in `~/.kube/config`

hoop admin create connection my-k8s --agent agent-my-k8s --type command-line -e "b64-filesystem:KUBECONFIG=$(cat config |base64)" --  kubectl

Access to the Rails Console with Hoop

hoop connect my-k8s -- exec --stdin  deploy/ruby-console -- bash

Access to the recording session of your users in the Hoop app