Deploying External S-TAP from the Guardium UI
If your site uses Kubernetes, you can deploy an External S-TAP directly from Guardium®.
About this task
Before you can deploy an External S-TAP from
Kubernetes, you need to:
- Create a Kubernetes admin user.
- Retrieve the Kubernetes cluster access token.
- Retrieve the Kubernetes control plane URL.
- Create the registry key for your cluster.
- Ensure that any SSL-enabled collectors have valid SSL certificates.
Note: For Google Cloud deployments only: If
you plan to deploy the External S-TAP from the
Guardium GUI,
make sure that the IAM user has the following permissions:
container.clusterRoleBindings.create
and
container.clusterRoles.bin
.These permissions allow the IAM user to add the cluster user and create tokens for GUI deployment.
Without these permissions, the IAM user can still deploy with Kubernetes by using the templates. For more information about generating and using the templates, see Deploy External S-TAP window.
Procedure
What to do next
After you complete these tasks, you can deploy a new External S-TAP directly from Guardium. Kubernetes automatically manages the Docker container and balancing the load.
For more information, see The External S-TAP user interface and the Deploy External S-TAP window