Prerequisites

Before you begin the process of deploying Glasswall Halo, ensure that you have the following tools and resources installed and setup.

Required tools

• Helm
• Kubectl
• Google Cloud CLI

• Windows OS:

• Map .bashrc for the Google Cloud SDK with:

export PATH="/usr/lib/google-cloud-sdk/bin:$PATH"

• Mac OS:

• Map .zprofile for the Google Cloud SDK with:

export PATH=$PATH:/Users/user-name/google-cloud-sdk/bin

Note: for help using the Google Cloud CLI or troubleshooting, please refer to the GKE documentation.

Required Google resources

1. GKE instance

• Recommended total of at least 8 vCPU and 32 GB RAM.
• Minimum node size is 4 vCPU and 16 GB RAM.
• For production workloads a minimum of 2 nodes is recommended.
• Recommended GKE cluster release channel and version: stable release channel v1.27.13-GKE.1070002
• Enable the Filestore CSI driver cluster feature on your GKE cluster.
  • This allows cluster storage to utilize the GKE Filestore CSI driver.
• In the steps below, the GKE cluster is referred to as: gkename

Note: Glasswall Halo does not support ARM64 node VMs.

For guidance on creating an GKE cluster please refer to:

• Create GKE cluster - Console
• Create GKE Cluster - CLI
• Google Kubernetes Engine Service - Best Practices

2. Enable API services

Required Google Cloud APIs that are required (enabled) for setting up and managing a GKE cluster:

• Google Kubernetes Engine API
• Compute Engine API
• Cloud Resource Manager API
• IAM Service Account Credentials API
• Cloud DNS API
• Cloud Storage API
• Cloud Filestore API
• Identity and access management (IAM) API
• Secrets Manager API
• Service Networking API

3. MongoDB database

MongoDB is used to store the Glasswall Halo's content management policies, tally accumulator data, and data for asynchronous file processing and metrics.

MongoDB is deployed directly inside of your cluster, via the use of MongoDB Helm charts, as seen in Step 8.

Note: the steps below assume each resource is in the same GCP project referred to as: project_id.

4. Access to Glasswall Artifact Registry

• You are provided with a token & token ID to access Glasswall's Artifact Registry.
• This allows you to directly pull container images and Helm charts from your GKE cluster.
• In the steps below, the token and token ID will be referred to as: token and token_id.

5. Assigning variables

Variables assigned before you begin:

The variables mentioned in required tools above can be assigned before you can begin the Glasswall Halo installation.

Note: you'll need to replace "..." with your own values.

• Google GCP project ID: project_id="..."
• Google Kubernetes cluster name: gkename="..."
• Google Container Registry token ID: token_id="..."
• Google Container Registry token: token="..."

---

Continue

Need help?