Contents x
Deployment
    • PDF
    Contents

    Deployment

      • PDF
      Article summary

      Deploy ICAP Server

      To deploy the ICAP-server and ICAP Profile Management API:

      1. Follow all the steps in the Deployment section to deploy Glasswall Halo depending on your cloud provider.
        Once Halo is up and running follow the steps below to deploy the ICAP server.
      2. Pull the ICAP-server Helm chart:
      helm pull oci://glasswallhub.azurecr.io/helm/icap-server --version 0.0.9 --untar --untardir .
      1. Install the ICAP-server Helm chart:

      Option A: without MTS enabled

          helm upgrade --install icap-server icap-server --atomic \
        --set image.tag="102995" \
        --set image.repository="glasswallhub.azurecr.io/icap-server" \
        --set configuration.HALO__Version=2.5.3 \
        -n cdrplatform

      Option B: with MTS enabled

      • Create mtls certificates by following Step 3 in the corresponding cloud provider.
      • Run the command below to sync the Kubernetes secrets with the secrets provider immediately.
          kubectl annotate externalsecret external-secret force-sync=$(date +%s) --overwrite
      1. Deploy the Helm chart.
           helm upgrade --install icap-server icap-server --atomic \
      --set image.tag="102995" \
      --set image.repository="glasswallhub.azurecr.io/icap-server" \
      --set configuration.HALO__Version=2.5.3 \
      --set configuration.ENABLE_MTLS=yes \
      -n cdrplatform

      Note: the icap-server deployment runs a cache cleanup job post-install and post-upgrade. To find out more, please refer to Caching.

      1. Install the ICAP Profile Management API in api-access by setting the CLIENTS__IcapProfile__BaseAddress configuration.
      helm upgrade --install cdrplatform-api-access cdrplatform-api-access \
 --set image.repository=glasswallhub.azurecr.io/cdrplatform-api-access \
 --set image.tag=101756 \
 --set configuration.CLIENTS__IcapProfile__BaseAddress="http://policy-api:8080" \
 --atomic

      Note: the full list of available options for the api-access Helm chart can be found in the Deployment steps based on the cloud provider used.

      Specifying database provider

      During Helm chart deployment, the database provider can be configured with the configuration 'DATABASE__PROVIDER'. At the time of writing, Mongo and Cosmos are supported options.

      --set configuration.DATABASE__Provider="Mongo"
      Was this article helpful?
      What's Next