Guardium Insights simplifies your organization's
data security architecture and enables access to long-term data security and compliance data. It
provides security teams with risk-based views and alerts, along with advanced analytics based on
proprietary machine learning technology to uncover hidden threats. Guardium Insights gives security professionals the ability to
quickly create data security and audit reports, monitor activity in on-premises and DBaaS sources,
and act from a central location.
Procedure
- Create a YAML file that uses the indentation from one of the following
examples.
Version 3.3.xapiVersion: gi.ds.isc.ibm.com/v1
kind: GuardiumInsights
metadata:
#name: This must be 10 or less characters
name: staging
namespace: staging
spec:
ssh-service:
serviceAnnotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "false"
version: 3.4.0
license:
accept: true
licenseType: L-YRPR-ZV3BA6
guardiumInsightsGlobal:
image:
insightsPullSecret: ibm-entitlement-key
repository: cp.icr.io/cp/ibm-guardium-insights
backupsupport:
enabled: "false"
licenseAccept: true
# Guardium Insights template size can be defined as below using the size parameter
size: values-small
insights:
ingress:
hostName: staging.apps.<cluster_name>.guardium-insights.com
#domainName: Change this
domainName: apps.<cluster_name>.guardium-insights.com
ics:
#Namespace of where IBM Common Services is running
namespace: ibm-common-services
#storageClassName: This must be a ReadWriteMany StorageClass
storageClassName: rook-cephfs
#storageClassNameRWO: Must be a ReadWriteOnce StorageClass
storageClassNameRWO: "ocs-storagecluster-ceph-rbd"
Version 3.4.x and laterNote: Use the same
namespace as your Guardium Insights project. This example
uses staging
as the namespace.
apiVersion: gi.ds.isc.ibm.com/v1
kind: GuardiumInsights
metadata:
#name: This must be 10 or less characters
name: staging
namespace: staging
spec:
ssh-service:
serviceAnnotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "false"
version: 3.4.0
license:
accept: true
licenseType: L-YRPR-ZV3BA6
guardiumInsightsGlobal:
image:
insightsPullSecret: ibm-entitlement-key
repository: cp.icr.io/cp/ibm-guardium-insights
backupsupport:
enabled: "false"
licenseAccept: true
# Guardium Insights template size can be defined as below using the size parameter
size: values-small
insights:
ingress:
hostName: staging.apps.<cluster_name>.guardium-insights.com
#domainName: Change this
domainName: apps.<cluster_name>.guardium-insights.com
ics:
namespace: staging
registry: common-service
#storageClassName: Change this to a ReadWriteMany StorageClass!!!
storageClassName: efs-test-sc
storageClassNameRWO: gp3-csi
dependency-db2:
image:
insightsPullSecret: ibm-entitlement-key
db2instance:
installAsDefault: true
dbConfig:
LOGARCHMETH1: "DISK:/mnt/logs/archive"
db2Settings:
encrypt: "YES"
nodes: 2
resources:
requests:
cpu: "6"
memory: "48Gi"
limits:
cpu: "6"
memory: "48Gi"
storage:
- name: meta
spec:
storageClassName: "efs-test-sc"
accessModes:
- ReadWriteMany
resources:
requests:
storage: "1000Gi"
type: create
- name: data
spec:
storageClassName: "gp3-csi-fast"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "4000Gi"
type: template
- name: archivelogs
spec:
storageClassName: "efs-test-sc"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2000Gi
type: create
- name: tempts
spec:
storageClassName: "gp3-csi-fast"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1000Gi
type: template
partitionConfig:
total: 2
instance:
registry:
DB2_4K_DEVICE_SUPPORT: "ON"
dependency-kafka:
kafka:
storage:
type: persistent-claim
size: 250Gi
class: "gp3-csi"
zookeeper:
storage:
type: persistent-claim
size: 20Gi
class: "gp3-csi"
mini-snif:
persistentVolumesClaims:
mini-snif-shared:
storageClassName: "efs-test-sc"
universal-connector-manager:
persistentVolumesClaims:
universal-connector-manager-shared:
storageClassName: "efs-test-sc"
settings-datasources:
persistentVolumesClaims:
settings-datasources:
storageClassName: "efs-test-sc"
ticketing:
persistentVolumesClaims:
ticketing-keystore:
storageClassName: "efs-test-sc"
dependency-mongodb:
storage:
- metadata:
name: data-volume
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: "gp3-csi"
- metadata:
name: logs-volume
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: "gp3-csi"
dependency-redis:
persistence:
enabled: true
storageClass: "gp3-csi"
dependency-postgres:
postgres:
storage:
size: 12Gi
storageClassName: "gp3-csi"
dependency-s3:
storageClassName: "gp3-csi"
- Create the instance by using the example file by using one of the following
commands:
- Check the status of the instance creation:
oc get guardiuminsights
Before completion, the output is similar
to:
NAME TYPE STATUS REASON MESSAGE DESIRED_VERSION INSTALLED_VERSION
staging Running True GuardiumInsightsInstallRunning Running installation of Guardium Insights 3.3.0
After completion, the output is similar
to:
NAME TYPE STATUS REASON MESSAGE DESIRED_VERSION INSTALLED_VERSION
staging Ready True Completed Completed Reconciliation 3.4.0 3.4.0
Tip: The displayed versions in the output vary based on the
Guardium Insights version that you want to install and the
current version on your system.
Results
Limitations:
- Only one instance of Guardium Insights can be installed
on a cluster.
- This product can run only on amd64 architecture type with AVX enabled hardware.
- This product's operator supports an
OwnNamespace
type only for the installation
mode.