Now that you have access to the Helm charts, they can be deployed.

- First install the prerequisite components.

```sh
helm upgrade --install rabbitmq-cluster-operator oci://glasswallhub.azurecr.io/docker/bitnamicharts/rabbitmq-cluster-operator \
  --atomic \
  --version 4.4.34 \
  --set global.imageRegistry=glasswallhub.azurecr.io \
  --set global.imagePullSecrets[0]=acr-secret \
  --set global.security.allowInsecureImages=true \
  --set msgTopologyOperator.fullnameOverride=rabbitmq-messaging-topology-operator \
  --set clusterOperator.image.repository="cgr.dev/rabbitmq-cluster-operator" \
  --set clusterOperator.image.tag=2.17.0 \
  --set msgTopologyOperator.image.repository="cgr.dev/rabbitmq-messaging-topology-operator" \
  --set msgTopologyOperator.image.tag=1.18.3 \
  --set credentialUpdaterImage.repository="cgr.dev/rabbitmq-default-user-credential-updater" \
  --set credentialUpdaterImage.tag=1.0.12 \
  --set rabbitmqImage.repository="cgr.dev/rabbitmq" \
  --set rabbitmqImage.tag=4.2.6 \
  --set clusterOperator.watchAllNamespaces=false \
  --set clusterOperator.watchNamespaces={cdrplatform} \
  --set msgTopologyOperator.watchAllNamespaces=false \
  --set msgTopologyOperator.watchNamespaces={cdrplatform} \
  --set clusterOperator.resources.requests.cpu=100m \
  --set clusterOperator.resources.requests.memory=256Mi \
  --set clusterOperator.resources.limits.cpu=100m \
  --set clusterOperator.resources.limits.memory=256Mi \
  --set msgTopologyOperator.resources.requests.cpu=100m \
  --set msgTopologyOperator.resources.requests.memory=256Mi \
  --set msgTopologyOperator.resources.limits.cpu=100m \
  --set msgTopologyOperator.resources.limits.memory=256Mi

helm upgrade --install keda "oci://glasswallhub.azurecr.io/ghcr/home-operations/charts-mirror/keda" --atomic \
  --set imagePullSecrets[0].name=acr-secret \
  --set global.image.registry="glasswallhub.azurecr.io" \
  --set image.keda.repository="cgr.dev/keda" \
  --set image.keda.tag=2.19.0 \
  --set image.metricsApiServer.repository="cgr.dev/keda-metrics-apiserver" \
  --set image.metricsApiServer.tag=2.19.0 \
  --set image.webhooks.repository="cgr.dev/keda-admission-webhooks" \
  --set image.webhooks.tag=2.19.0 \
  --version 2.19.0

helm upgrade --install nginx-ingress oci://glasswallhub.azurecr.io/k8s/ingress-nginx/charts/ingress-nginx --atomic \
  --set imagePullSecrets[0].name=acr-secret \
  --set global.image.registry="glasswallhub.azurecr.io" \
  --set controller.image.image="cgr.dev/ingress-nginx-controller" \
  --set controller.image.tag=1.14.4-nginx.1.27 \
  --set controller.image.digest="" \
  --set controller.admissionWebhooks.patch.image.image="cgr.dev/kube-webhook-certgen" \
  --set controller.admissionWebhooks.patch.image.tag=1.14.4 \
  --set controller.admissionWebhooks.patch.image.digest="" \
  --version v4.15.0

helm upgrade --install external-secrets oci://glasswallhub.azurecr.io/ghcr/external-secrets/charts/external-secrets \
  --atomic \
  --set imagePullSecrets[0].name=acr-secret \
  --set webhook.imagePullSecrets[0].name=acr-secret \
  --set certController.imagePullSecrets[0].name=acr-secret \
  --set image.repository="glasswallhub.azurecr.io/cgr.dev/external-secrets" \
  --set image.tag=2.1.0 \
  --set webhook.image.repository="glasswallhub.azurecr.io/cgr.dev/external-secrets" \
  --set webhook.image.tag=2.1.0 \
  --set certController.image.repository="glasswallhub.azurecr.io/cgr.dev/external-secrets" \
  --set certController.image.tag=2.1.0 \
  --version 2.1.0 \
  --set installCRDs=true
```

Next, install the supporting components below:

```sh
helm upgrade --install cdrplatform-storage cdrplatform-storage \
  --set cloud_provider=gcp \
  --set gcp.network=[projects/<project-id>/global/networks/<network-name>] \
  --set gcp.tier=standard
```

**Note:** confirm storage has successfully deployed and is mounted before continuing to the steps below.

```sh
helm upgrade --install cdrplatform-rabbitmq cdrplatform-rabbitmq \
  --set image.registry=glasswallhub.azurecr.io \
  --set image.tag="2.18.1-183506" \
  --set cloud_provider=gcp
```

Note: if your VPC network is shared from another project, use the fully qualified network path: `projects/<project-id>/global/networks/<network-name>`.

## Managed identity

For the next step, select the same method which you used to configure your access to the Secrets Manager in [Step 3](/halo/gke-step-3), and follow the corresponding steps below to configure external secrets and install the secret synchronization.


```sh
helm upgrade --install cdrplatform-external-secrets cdrplatform-external-secrets \
  --set cloud_providers.gcpsm.enabled=true \
  --set cloud_providers.gcpsm.projectID=[project_id] \
  --set cloud_providers.gcpsm.auth.workloadIdentity.clusterLocation=[region] \
  --set cloud_providers.gcpsm.auth.workloadIdentity.clusterName=[clusterName] \
  --set cloud_providers.gcpsm.auth.workloadIdentity.serviceAccountRef.name=external-secrets-sa
```

* * *
<!-- markdownlint-disable MD033 -->
<div class="text--center margin-top--lg" style={{display: 'flex', justifyContent: 'center', gap: '12px'}}>
  <a href="/halo/gke-step-8" class="button button--primary button--lg">
    Continue
  </a>

  <a href="https://www.glasswall.com/support" class="button button--primary button--lg">
    Need help?
  </a>
</div>
<!-- markdownlint-disable MD033 -->