Prepare for installing IBM Guardium Data Security Center
Before you install Guardium Data Security Center, complete the following steps to prepare your system.
To plan your installation of OpenShift® Container Platform, see https://access.redhat.com/documentation/en-us/openshift_container_platform/4.16 and https://docs.openshift.com/container-platform/4.16/welcome/index.html.
Red Hat® OpenShift Container Platform Version 4.14.x can be downloaded and installed by accessing https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/. Verify that you download Red Hat OpenShift Container Platform Version 4.14.x.
Provide backup and restore information in the Guardium Data Security Center CR (custom resource) file
As of Version 3.2.7, you must provide backup and restore information when you install Guardium Data Security Center. If you want to backup and restore, create a backup PV and PVC and then update the Guardium Data Security Center CR (custom resource) file to include this setting:
guardiumInsightsGlobal:
backupsupport:
enabled: "true"
name: <GI_Backup_PVC>
storageClassName: <Storage class>
size: 500Gi
If you do not want to backup and restore, set backupsupport
to
false
in the CR.
guardiumInsightsGlobal:
backupsupport:
enabled: "false"
For more information, see External storage allocation for backups.
Obtain your entitlement key
You must have an entitlement key for Guardium Data Security Center. To obtain an entitlement key from the IBM Entitled Registry, complete the following steps.
- Log in to the IBM® Container software library by using your IBMid.
- Select Get entitlement key in the navigation panel on the left.
- Click Copy key in the Access your container software page.
- Store the key in a safe location.
Use the entitlement key when you access the Docker
registry during installation (in the installation instructions, the entitlement user is denoted as
CP_REPO_USER
and the entitlement key is denoted as
CP_REPO_PASS
).
To confirm that your entitlement key is valid for Guardium Data Security Center, select View library in the left navigation panel of the Container software library. This shows you a list of products that you are entitled to. If Guardium Data Security Center is not listed or the View library link is not available, your username does not have entitlement for Guardium Data Security Center. In this case, the entitlement key is not valid for installing the software.
Access the command line tools
Tools for command line administration of the cluster and Guardium Data Security Center can be accessed from the Red Hat OpenShift Container Platform and IBM Cloud Pak® foundational services web consoles. The following tables detail the tools and versions that are required for Guardium Data Security Center.
Tool | Download | Version |
---|---|---|
oc
|
4.10.35 or later | |
kubectl |
https://mirror.openshift.com/pub/openshift-v4/clients/ocp/ | 1.16 or later |
cloudctl |
https://github.com/IBM/cloud-pak-cli/releases | 3.17.0 or later |
openssl |
https://www.openssl.org/source/ | 3.3.1 |
ibm-pak |
https://github.com/IBM/ibm-pak/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz To install:
|
1.10.0 |
python with PyYAML installed (must have a symbolic link to
python ) |
https://www.python.org/downloads | 3.x or later |
yq | https://github.com/mikefarah/yq/#install | |
docker (or podman ) |
|
|
skopeo (Offline installations only) |
https://github.com/containers/skopeo/blob/master/install.md | 1.0.0 |
|
||
htpasswd (Offline installations only) |
||
Cluster administrator privileges to run the setup scripts | ||
Your login credentials to cp.icr.io
|
SecurityContextConstraints
requirements
The Guardium Data Security Center installation workflow uses an
operator that requires SecurityContextConstraints
to be bound to the target
namespace before the installation. To meet this requirement, cluster-scoped and namespace-scoped
pre- and post-actions may need to occur.
SecurityContextConstraints
that come preinstalled with
OpenShift are verified for this
operator:restricted-v2
If your target namespace is bound to these SecurityContextConstraints
, you can
proceed to install the operator.
Validated storage options
What to do next
Follow the instructions in Downloading the Guardium Data Security Center CASE file and set up your environment for dependencies.