Google Cloud Resources¶
Overview¶
Before installing the Privacera Manager software, the following Google Cloud resources need to be created:
| Prerequisite | Description |
|---|---|
| VM Instance | A virtual machine to run the Privacera Manager software. Refer here for more details. For self-managed: Required. PrivaceraCloud Data plane: Required. PrivaceraCloud Data plane + Privacera Discovery: Required. |
| GKE cluster | GKE cluster to run the Privacera software. Refer here for more details. For self-managed: Required. PrivaceraCloud Data plane: Required. PrivaceraCloud Data plane + Privacera Discovery: Required. |
| Google SQL Server | Google SQL Server (MySQL or PostgreSQL) for the Privacera database. Refer here for more details. For self-managed: Required. PrivaceraCloud Data plane: Not Required. PrivaceraCloud Data plane + Privacera Discovery: Required. |
| Wildcard certificate and Key | A wildcard certificate for the domain name used for the Privacera service endpoints, along with the private key. Refer here for more details. For self-managed: Required. PrivaceraCloud Data plane: Required. PrivaceraCloud Data plane + Privacera Discovery: Required. |
Appendix¶
Google VM Instance for running Privacera Manager¶
VM Instance
Privacera Manager runs on a VM instance that has access to the Kubernetes cluster and can create and manage cloud resources.
Tip
The Privacera Manager installation on this VM instance will include signed certificates necessary for subsequent upgrades. Therefore, it is recommended that this VM instance is not deleted and is protected from termination. It is also strongly advised to backup the contents of the Privacera Manager folder on regular basis.
You don't need to run this VM instance 24x7. You can stop the VM instance when it is not in use.
Vitrual Machine configuration
The Vitrual Machine needs to be provisioned to run the Privacera Manager software. At a minimum, the instance should have the following specifications:
- Ubuntu 20.04.6 LTS
- Minimum 1 vCPUs
- Minimum 4 GB RAM
- Minimum 100 GB disk space
- SELinux should be disabled
- Allow HTTP and HTTPS traffic in instance Firewall configuration.
Following software should be installed on the VM Instance:
Packages
- ssh, curl, tar, wget, gcc*,
docker
Create a Privacera user with sudo access and then run the below commands.
Relogin to the jump host.kubectl
Follow the instructions on this link.
helm
Follow the instructions on this link.
Google GKE cluster for running Privacera Software¶
Google GKE Cluster
Google GKE cluster with the following specifications:
- Kubernetes version - For supported version check Privacera release notes
- Node type - e2-standard-4 or similar
- Auto-scaling node group: min 3 to max 10 nodes
Google SQL Server¶
Google SQL Server
You can create either MySQL or PostgreSQL Server with the following specifications:
- MySQL 5.7 or MySQL 8.0
- 8 vCPU and 32GB RAM
- Storage as per usage (atleast 500GB)
- Keep High Availability enabled.
- PostgreSQL 13 or higher
- 8 vCPU and 32GB RAM
- Storage as per usage (atleast 500GB)
- Keep High Availability enabled.
Wildcard certificate and Private Key¶
Wildcard certificate and Private Key
A wildcard certificate for the domain name used for the Privacera service endpoints, along with the private key. This should one of these:
- Wild-card certificate. The certificate requirements are given in TLS Certificate.
- Certificate with specific host names generated by Privacera Manager
- Certificate with specific host names generated by you for the service endpoints.
- Prev Prerequisites
- Next Setup