Use Kubernetes with Helm to deploy your External S-TAPs.
Before you begin
Before you can use Helm, take the following steps:
- Make sure that Git and Kubernetes are installed in your environment.
- Download and unpack Helm. For more information, see the Installing Helm topic
from the Helm Docs website.
- Provide the following information:
- DB host endpoint IP/address - The database hostname or IP address.
- DB host endpoint port - The database host port number.
- DB host endpoint type - The database type. For more information about
supported data sources, see System Requirements for Guardium® 11.5.
- Guardium appliance IP/address - The Guardium collector hostname or IP address.
About this task
Helm helps automate your External S-TAP® deployment.
Procedure
-
After you download and unpack Helm, install Helm. For Linux®, run the following commands:
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
- From Git, clone the External S-TAP Helm
charts:
git clone https://github.com/IBM/Guardium_External_S-TAP
cd Guardium_External_S-TAP/charts
- From the /charts directory, open the
overrides_example.yaml file.
- Search for required parameters in overrides_example.yaml and enter
the appropriate values for your site. Parameters are described in the
overrides_example.yaml file.
Based on your environment, determine
how to install the certificate for your site. Uncomment the lines for the method that you select, as follows:
Notes:
- To use a certificate stored in a Kubernetes secret, create the Kubernetes secret by using one of
the following
methods:
kubectl create secret generic <secret-name> --from-literal=estap-token=<TOKEN>
Or
kubectl create secret tls <secret-name> --key="your-certificate.key" --cert="your-certificate.crt"
- If needed, use the following command to import the ca.pem file from the
secret to the production environment, as
follows:
kubectl get secret/estap-secret template- {{ 'print (index .data "ca.pem")' | base64 -d}}
- Be sure to look at all of the parameters to make sure that they are correct for your
environment. For example, make sure that the Container image tag references
your current Guardium version.
When
you are done, save the overrides_example.yaml file.
- Run one of the following commands to either install or upgrade the Helm chart:
What to do next
The External S-TAP is now
available for use. View and manage the External S-TAP from the
Guardium UI.
For more information, see Edit External S-TAP group tab.