Use Kubernetes with Helm to automate your External S-TAPs
deployment.
Before you begin
Before you use Helm, take the following steps:
- Make sure that Git and Kubernetes are installed in your environment.
- Download and unpack Helm. For more information, see Installing Helm from the
Helm Docs website.
- Gather the following information to use during installation:
- DB host endpoint IP/address - The database hostname or IP address.
- DB host endpoint port - The database host port number.
- DB host endpoint type - The database type. For more information about
supported data sources, see System requirements.
- Guardium appliance IP/address - The Guardium® collector hostname or IP address.
Procedure
-
Install Helm. On Linux®, run the following
commands:
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
- In Git, clone the External S-TAP Helm
charts:
git clone https://github.com/IBM/Guardium_External_S-TAP
cd Guardium_External_S-TAP/charts
- From the /charts directory, open the
overrides_example.yaml file.
- Search for required parameters in overrides_example.yaml and enter
the appropriate values for your site. Parameters are described in the
overrides_example.yaml file.
- Based on your environment, determine how to install the certificate for your site.
Uncomment the lines for the method that you select, as follows:
Tip: To use a certificate stored in a Kubernetes secret, create the Kubernetes secret by
using one of the following methods:
If needed, use the following command to import the
ca.pem file from the
secret to the production environment, as
follows:
kubectl get secret/estap-secret template- {{ 'print (index .data "ca.pem")' | base64 -d}}
Make
sure that all the parameters are correct for your environment. For example, make sure that the
Container image tag references your current Guardium version.
When you are done, save the
overrides_example.yaml file.
- Run one of the following commands to either install or upgrade the Helm chart:
where,
- my-estap-deployment is the name for this deployment. Specify the name in the
Estap Settings section of the yaml file.
- estap is the name of the External S-TAP Helm chart.
What to do next
The External S-TAP is now
available for use. View and manage the External S-TAP from Guardium. For
more information, see Edit External S-TAP group tab.You can now delete the Helm
installation files by using the
helm delete command to make sure that all the
necessary files are properly removed. For
example,
helm delete my-estap-deployment
where
my-estap-deployment is the name of the deployment to delete.