Contents x
- Glasswall CDR
- Embedded Engine
- About Embedded Engine
- Overview
- Getting Started
- API
- Engine Release Notes
- Release 16.6.0
- Release 16.5.1
- Release 16.5.0
- Release 16.4.0
- Release 16.3.0
- Release 16.2.0
- Release 16.1.0
- Release 16.0.1
- Release 16
- Release 15
- Release 14
- Release 13.1 (beta)
- Release 13
- Release 12
- Release 11
- Release 10
- Release 9
- Release 8
- Release 7
- Release 6
- Release 5.4
- Release 5.3
- Release 5.2
- Release 5.1
- Release 5
- Release 4
- Legacy
- Supporting Tools
- Appendix
- Terms of Service
- Halo
- About Halo
- Glasswall Halo FAQs
- Overview
- Getting Started
- Evaluation via AWS Marketplace
- Evaluation via minikube
- Deployment
- Deployment Overview
- Shared Responsibility Model
- Glasswall Artifact Registry
- Configuration Changes
- Authentication
- AKS
- AKS Setup Guide
- Prerequisites
- Step 1 - Set your Kubernetes context to AKS
- Step 2 - Create Glasswall Halo namespace
- Step 3 - Add secrets in Key Vault
- Step 4 - Enable your AKS cluster to access Key Vault
- Step 5 - Enable access to Glasswall's Artifact Registry
- Step 6 - Pull Helm charts
- Step 7 - Install and configure prerequisite components
- Step 8 - Install CDR components
- Amazon EC2
- EKS
- EKS Setup Guide
- Prerequisites
- Step 1 - Set your Kubernetes context to EKS
- Step 2 - Create Glasswall Halo namespace
- Step 3 - Create secrets in Secrets Manager
- Step 4 - Enable access to Glasswall's Artifact Registry
- Step 5 - Pull Helm charts
- Step 6 - Install and configure prerequisite components
- Step 7 - Install CDR components
- GKE
- GKE Setup Guide
- Prerequisites
- Step 1 - Set your Kubernetes context to GKE
- Step 2 - Create Glasswall Halo namespace
- Step 3 - Enable your GKE cluster to access Secrets
- Step 4 - Manage Secrets
- Step 5 - Enable access to Glasswall's Artifact Registry
- Step 6 - Pull Helm charts
- Step 7 - Install and configure prerequisite components
- Step 8 - Install CDR components
- OKE
- Single Node VM
- License Management
- Functionality
- Using Halo
- Halo Release Notes
- v2.7.2
- v2.7.1
- v2.7.0
- v2.6.2
- v2.6.1
- v2.6.0
- v2.5.4
- v2.5.3
- v2.5.2
- v2.5.1
- v2.5.0
- v2.4.15
- v2.4.13
- v2.4.12
- v2.4.11
- v2.4.10
- v2.4.9
- v2.4.8
- v2.4.7
- v2.4.6
- v2.4.5
- v2.4.4
- v2.4.3
- v2.4.2
- v2.4.1
- v2.4.0
- v2.3.0
- v2.2.1
- v2.2.0
- V2.1.4
- v2.1.3
- v2.1.2
- v2.1.1
- v2.1.0
- v2.0.7
- V2.0.6
- V2.0.5
- v2.0.4
- v2.0.3
- v2.0.2
- Single Node VM
- v2.7.2 RHEL9.4 RKE1.28.10+rke2r1 [Full]
- v2.7.0 RHEL9.4 RKE1.28.10+rke2r1 [Full]
- v2.6.2 RHEL9.4 RKE1.28.10+rke2r1 [Full]
- v2.6.1 RHEL9.4 RKE1.28.10+rke2r1 [Full]
- v2.6.0 RHEL9.4 RKE1.28.10+rke2r1 [Full]
- v2.5.4 RHEL9.4 RKE1.28.10+rke2r1 [Full]
- v2.5.3 RHEL9.4 RKE1.28.10+rke2r1 [Full]
- v2.5.2 RHEL9.4 RKE1.28.10+rke2r1 [Full]
- v2.5.1 RHEL9.4 RKE1.28.10+rke2r1 [Full]
- v2.4.13 RHEL8.8 RKE1.25.9+rke2r1 [Full]
- v2.4.12 RHEL8.8 RKE1.25.9+rke2r1 [Full]
- v2.4.11 RHEL8.8 RKE1.25.9+rke2r1 [Full]
- v2.4.10 RHEL8.8 RKE1.25.9+rke2r1 [Full]
- v2.4.9 RHEL8.8 RKE1.25.9+rke2r1 [Full]
- v2.4.8 RHEL8.8 RKE1.25.9+rke2r1 [Full]
- v2.4.7 RHEL8.8 RKE1.25.9+rke2r1 [Full]
- v2.4.5 RHEL8.8 RKE1.25.9+rke2r1 [Full]
- v2.4.5 RHEL8.8 RKE1.25.9+rke2r1
- v2.4.4 RHEL8.8 RKE1.25.9+rke2r1
- v2.4.4 RHEL8.8 RKE1.25.9+rke2r1 [Full]
- v2.3.0 RHEL8.8 RKE1.25.9+rke2r1
- v2.2.1 RHEL8.8 RKE1.25.9+rke2r1
- Appendix
- Terms of Service
- Constellations
- About Constellations
- Constellations FAQs
- Overview
- Getting Started
- Architecture
- Deployment
- Glasswall Artifact Registry
- AKS
- AKS Setup Guide
- Prerequisites
- Step 1 - Set your Kubernetes context to AKS
- Step 2 - Create namespaces
- Step 3 - Add secrets in Key Vault
- Step 4 - Enable your AKS cluster to access Key Vault
- Step 5 - Enable access to Glasswall's Artifact Registry
- Step 6 - Pull Helm charts
- Step 7 - Install and configure prerequisite components
- Step 8 - Install Glasswall Halo services
- Step 9 - Install Constellations components
- Constellations Release Notes
- Terms of Service
- Performance
- Meteor
- About Meteor
- Meteor Versions
- Getting Started
- Using Meteor
- Meteor Connect
- About Meteor Connect
- Minimum Requirements
- Install Glasswall Meteor Connect
- User Interface
- Preferences
- File Versions
- Support
- Storage Protocols
- Connect Mode
- Meteor Connect Release Notes
- Cloud Folders
- Meteor Release Notes
- Appendix
- Terms of Service
- Glasswall REST APIs
- Glasswall Research
Step 4 - Manage Secrets
- PDF
Contents
Step 4 - Manage Secrets
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
GKE IAM user
- A GKE IAM user is included in the Prerequisites section with all the permissions required:
- To enable Halo access to the Cloud Storage bucket which contains the CDR reports, an IAM user (compute@developer.gserviceaccount.com) is assigned the Compute Storage User/Admin role.
Cloud Storage Bucket
To enable Halo's access to the reporting Cloud Storage Bucket ('saname'):
- Enable your current project as the default project for interoperable access within the interoperability settings within your Cloud Storage settings.
- Navigate to Cloud Storage Settings and select the INTEROPERABILITY tab, then click Default project for interoperable access and select your project from the drop down menu.
- Create Access key and Secret for storage, like above.
- Navigate to Cloud Storage Settings and select the INTEROPERABILITY tab, then in the Default project for interoperable access section, click Create key.
Note: Principals can access Cloud Storage data according to their project roles. To modify other permissions, use these group IDs to identify these roles.
- Add your Access key and Secret for Storage to Kubernetes Secrets:
kubectl create secret generic storage-access -n cdrplatform --from-literal=storage-access-key=<Add-Value> --from-literal=storage-secret-key=<Add-Value>Shell
MongoDB connection string
To enable Glasswall Halo's Policy API to create and manage the policies in MongoDB, and Async API to create and manage the requests, MongoDB needs to be deployed using Helm charts listed in Step 8.
Add the MongoDB passwords to Kubernetes Secrets
Two users will be created by the MongoDB Helm chart and the corresponding user's password needs to be set in Kubernetes Secrets.
kubectl create secret generic cdrplatform-secrets -n cdrplatform --from-literal=mongodb-cdrp-password=<Add-Value> --from-literal=mongodb-admin-password=<Add-Value>Shell
Menlo API key
To enable API key based authentication in Menlo API, add a secret menlo-api-key with an API key you would like to use.
echo -n "<strong_api_key>" | gcloud secrets create "menlo-api-key" --data-file --replication-policy="automatic"Shell
Was this article helpful?
Thank you for your feedback! Our team will get back to you
How can we improve this article?
Your feedback
Comment
Comment (Optional)
Character limit : 500
Please enter your comment
Email (Optional)
Email
Please enter a valid email
