Skip to content

Enable Diagnostics in D2P

This document provides instructions to enable the Privacera Diagnostics Tool in Data Plane (D2P) deployments. The Diagnostics Tool is disabled by default in Data Plane deployments.

The Privacera Diagnostics Tool operates only in SSL mode.

ALB Configuration

  • If ALB is NOT deployed: Set DIAG_SERVER_K8S_SVC_TYPE: "ClusterIP" and use port-forwarding to access the diagnostics server (see Access Diagnostics Server section below).
  • If ALB is deployed: You can omit or comment out the DIAG_SERVER_K8S_SVC_TYPE variable. Access the diagnostics server URL from the normal post-install process. The ALB will handle the routing and SSL termination automatically.

Setup

  1. Copy the vars.privacera-diagnostics.yml file from config/sample-vars to config/custom-vars and edit the file

    Bash
    1
2
3
    cd ~/privacera/privacera-manager
cp config/sample-vars/vars.privacera-diagnostics.yml config/custom-vars
vi config/custom-vars/vars.privacera-diagnostics.yml

  2. Add or edit the following variables

    YAML
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
    # Enable privacera-diagnostics
PRIVACERA_DEPLOY_DIAGNOSTICS_TOOL: "true"

# Set to "true" to enable diagnostics client sidecar containers in Kubernetes pods
# This enables diagnostics monitoring for all Privacera services in Kubernetes
K8S_DEPLOY_DIAGNOSTICS_TOOL: "true"

# Diagnostics Server Kubernetes Service Type
# Use "ClusterIP" only when ALB is not deployed
# If ALB is deployed, you can omit this variable or comment it out
DIAG_SERVER_K8S_SVC_TYPE: "ClusterIP"

  3. Generate the Helm charts

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup

  4. Apply the Helm charts

    Bash
    1
    ./pm_with_helm.sh upgrade

  5. Run the post-installation steps

    Bash
    1
    ./privacera-manager.sh post-install

  6. Verify that the Diagnostics Tool is enabled by checking the pod status

    Bash
    1
    kubectl get pods -n <K8S_NAMESPACE> | grep diagnostics

Access Diagnostics Server

Access Method Based on ALB Deployment

The access method depends on whether ALB is deployed in your environment.

ALB-disabled environments

When DIAG_SERVER_K8S_SVC_TYPE is set to "ClusterIP", the diagnostics server is only accessible within the Kubernetes cluster. To access it from outside the cluster, use kubectl port-forward:

  1. Get the diagnostics server pod name

    Bash
    1
    kubectl get pods -n <K8S_NAMESPACE> -l app=diagnostics-server

  2. Port forward to access diagnostics server

    Bash
    1
    kubectl port-forward -n <K8S_NAMESPACE> <DIAGNOSTICS_SERVER_POD_NAME> 2424:2424 --address 0.0.0.0

  3. Access the diagnostics server

    Text Only
    1
    https://<POD_IP>:2424/login

Replace the following placeholders

  • Replace <K8S_NAMESPACE> with your actual Kubernetes namespace
  • Replace <DIAGNOSTICS_SERVER_POD_NAME> with the actual pod name
  • Replace <POD_IP> with the pod IP (get it using: kubectl get pods -n <K8S_NAMESPACE> -l app=diagnostics-server -o wide)

SSL Certificate Warning

The diagnostics server uses a self-signed certificate, so browsers will show a "Not Secure" warning when accessing via pod IP with port-forward.

ALB-enabled environments

Access the diagnostics server URL from the normal post-install process. The ALB will handle the routing and SSL termination automatically. No SSL warning will appear when accessing through ALB with proper ACM certificate configured.

For more information about using the Diagnostics Tool, refer to the Privacera Diagnostics Tool Overview.