## GKE iam user * A GKE iam user is included in the prerequisites section with all the permissions required: * To enable Halo access to the cloud storage bucket which contains the CDR reports, an iam user (compute@developer.gserviceaccount.com) is assigned the compute storage user/admin role. ## Cloud storage bucket To enable Halo's access to the reporting cloud storage bucket ('`saname`'): * Enable your current project as the default project for interoperable access within the interoperability settings within your cloud storage settings. * Navigate to _cloud storage settings_ and select the **interoperability** tab, then click **default project for interoperable access** and select your project from the drop down menu. * Create access key and secret for storage, like above. * Navigate to _cloud storage settings_ and select the **interoperability** tab, then in the **default project for interoperable access** section, click create key. **Note:** principals can access cloud storage data according to their project roles. to modify other permissions, use these group ids to identify these roles. * Add your access key and secret for storage to Kubernetes secrets: ```shell kubectl create secret generic storage-access -n cdrplatform --from-literal=storage-access-key= --from-literal=storage-secret-key= ``` ## MongoDB connection string To enable Glasswall Halo's Policy Management API to create and manage the policies in MongoDB, and Asynchronous API to create and manage the requests, MongoDB needs to be deployed using Helm charts listed in Step 8. ### Add the MongoDB passwords to Kubernetes secrets Two users will be created by the MongoDB Helm chart and the corresponding user's password needs to be set in Kubernetes secrets. ```shell kubectl create secret generic cdrplatform-secrets -n cdrplatform --from-literal=mongodb-cdrp-password= --from-literal=mongodb-admin-password= ``` * * *

Continue Need help?