Contents x
Step 8 - Install Glasswall Halo services
    • PDF
    Contents

    Step 8 - Install Glasswall Halo services

      • PDF
      Article summary

      The detailed configurations options that can be set in Glasswall Halo can be accessed here.

      Engine service will be deployed to engine nodepool and all remaining Glasswall Halo services will be deployed to cdrplatform nodepool. These 2 node pools are created in the pre-requisites step.

      Install RabbitMQ and storage components

      helm upgrade --install cdrplatform-storage cdrplatform-storage -n cdrplatform

helm upgrade --install cdrplatform-rabbitmq cdrplatform-rabbitmq -n cdrplatform \
  --set image.repository=glasswallhub.azurecr.io/cdrplatform-rabbitmq \
  --set image.tag=85056 \
  --set replicas=3 \
  --set nodeSelector.agentpool=cdrplatform \
  --set resources.requests.cpu=2 \
  --set resources.requests.memory=6Gi \
  --set resources.limits.cpu=2 \
  --set resources.limits.memory=6Gi \
  --set reporting_enabled=false \
  --atomic

      Install external secrets service

      For the next step, select the same method which you used to configure your access to the Key Vault in Step 4 (Managed Identity or Service Principal), and follow the corresponding steps below to configure external secrets and install the secret synchronization.

      • A - Managed Identity

        • Obtain the kubelet Managed Identity client ID via the following command.
        az aks show -g "${rgp}" -n "${aksname}"
        • Find the same element as last time "identityProfile/kubeletidentity" but this time you need the Client ID value.
        • Next, install the supporting components (ensuring ${kvname} is substituted for the Key Vault name and ${MIclientID} is replaced with the value sourced above):
        helm upgrade --install cdrplatform-external-secrets cdrplatform-external-secrets \
--set cloud_providers.azurekv.enabled=true \
--set cloud_providers.azurekv.vaultUrl="https://${kvname}.vault.azure.net" \
--set cloud_providers.azurekv.clientId=${MIclientID}  \
-n cdrplatform


      OR

      B - Service Principal

      In addition to the 'ClientID' and 'ClientSecret' you set in the previous Service Principal step, you will also need to enter the 'tenantId' of the Service Principal. The 'tenantID' can be found in Azure Active Directory.

      • Once obtained, enter the following command to install cdrplatform external secrets to use the desired service principal.
      helm upgrade --install cdrplatform-external-secrets cdrplatform-external-secrets --create-namespace \
--set cloud_providers.azurekv.enabled=true \
--set cloud_providers.azurekv.authType=ServicePrincipal \
--set cloud_providers.azurekv.tenantId=${tenantid} \
--set cloud_providers.azurekv.authSecretRef.clientId.name=keyvault-service-principal \
--set cloud_providers.azurekv.authSecretRef.clientId.key=ClientID \
--set cloud_providers.azurekv.authSecretRef.clientSecret.name=keyvault-service-principal \
--set cloud_providers.azurekv.authSecretRef.clientSecret.key=ClientSecret \
--set cloud_providers.azurekv.vaultUrl="https://"${kvname}".vault.azure.net"
-n cdrplatform

      Install Engine

      helm upgrade --install cdrplatform-engine cdrplatform-engine \
  --set image.tag=87692 \
  --set image.repository=glasswallhub.azurecr.io/cdrplatform-engine \
  --set nodeSelector.agentpool=engine \
  --set resources.requests.cpu=1.5 \
  --set resources.requests.memory=5900Mi \
  --set resources.limits.cpu=1.5 \
  --set resources.limits.memory=5900Mi \
  --set keda.enabled=false \
  --atomic -n cdrplatform

      Install Synchronous API

      helm upgrade --install cdrplatform-sync-api cdrplatform-sync-api \
  --set image.tag=87709 \
  --set image.repository=glasswallhub.azurecr.io/cdrplatform-sync-api \
  --set nodeSelector.agentpool=cdrplatform \
  --set resources.requests.cpu=2 \
  --set resources.requests.memory=6Gi \
  --set resources.limits.cpu=2 \
  --set resources.limits.memory=6Gi \
  --set keda.minReplicaCount=5 \
  --set keda.maxReplicaCount=100 \
  --set configuration.RATELIMITING__MaxMessageCount=10000 \
  --set configuration.RATELIMITING__FastPollMessageCountThreshold=9999 \
  --atomic -n cdrplatform

      Install Report Extractor

      helm upgrade --install cdrplatform-report-extractor cdrplatform-report-extractor \
      --set image.tag=87707 \
      --set image.repository=glasswallhub.azurecr.io/cdrplatform-report-extractor \
      --set configuration.GenerateReport="false" \
      --set nodeSelector.agentpool=cdrplatform \
      --set keda.enabled=false \
      --atomic -n cdrplatform

      Install Cleanup

      helm upgrade --install cdrplatform-cleanup cdrplatform-cleanup \
      --set image.tag=87691 \
      --set image.repository=glasswallhub.azurecr.io/cdrplatform-cleanup \
      --set nodeSelector.agentpool=cdrplatform \
      --set keda.enabled=false \
      --atomic -n cdrplatform

      Configure Halo License

      To activate your Glasswall Halo license, first obtain the license file and execute the commands. below Replace <Path to license file> with the actual path of the license file.

      licenseFilePath=<Path to license file>
licenseData=$(sed '1d;$d' $licenseFilePath)
kubectl create configmap glasswall-license --from-literal=license=$(echo $licenseData | base64 -d)  -o yaml --dry-run=client | kubectl apply -f -

      When you execute the command for the first timw, you might see the warning below which can be ignored.

      Warning: resource configmaps/glasswall-license is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.


       

      Was this article helpful?
      What's Next