Discovery Configuration - Self Managed and Data Plane¶
Ensure that you have completed the Prerequisites before proceeding with the Discovery configuration.
Enable Discovery features¶
Run the following commands on the Privacera Manager host to enable Discovery features in Self-Managed and PrivaceraCloud Data Plane deployments.
Copy the vars.discovery.aws.yml
from config/sample-vars
to config/custom-vars
and edit the file.
Bash | |
---|---|
Add or edit the following variables:
Replace the following placeholders
These were created as part of the Prerequisites -> AWS steps.
DISCOVERY_BUCKET_NAME: Discovery configuration bucket name.
DISCOVERY_IAM_ROLE_ARN: ARN of the IAM role created for Discovery driver, executor and Portal pods
DISCOVERY_CONSUMER_IAM_ROLE_ARN: ARN of the IAM role created for Discovery consumer pods
PORTAL_IAM_ROLE_ARN: ARN of the IAM role created for Discovery driver, executor and Portal pods
Copy the vars.discovery.azure.yml
from config/sample-vars
to config/custom-vars
.
Bash | |
---|---|
Add or edit the following variables:
Replace the following placeholders
These were created as part of the Prerequisites -> Azure steps.
DISCOVERY_FS_PREFIX: Discovery configuration container name.
DISCOVERY_AZURE_STORAGE_ACCOUNT_NAME: Discovery configuration storage account name.
DISCOVERY_AZURE_STORAGE_ACCOUNT_KEY: Key for discovery configuration storage account if created manually else comment it.
DISCOVERY_AZURE_LOCATION: Default value is East US to create discovery resources by privacera manager else provide region where resource created manually.
CREATE_AZURE_RESOURCES: Make this property true in case you want privacera manager to create resources for you. if resources are created manually then keep it false.
DISCOVERY_AZURE_COSMOS_DB_ACCOUNT: Azure CosmosDB name which can create by privacera manager during installation. if you have created Azure CosmosDB manually then comment it.
DISCOVERY_COSMOSDB_URL: Provide url for Azure CosmosDB if created manually else comment it.
DISCOVERY_COSMOSDB_KEY: Provide key for Azure CosmosDB if created manually else comment it.
DISCOVERY_COSMOSDB_SERVERLESS: Make this property true in case you are using serverless cosmosDB
DISCOVERY_AZURE_APPLICATION_ID: If you want Privacera Manager to create resources using the Azure Subscription Principal, provide the Application ID. If you are using Managed Service Identity (MSI) for resource creation, leave it commented.
DISCOVERY_AZURE_APP_CLIENT_SECRET_BASE64: If you want Privacera Manager to create resources using the Azure Subscription Principal, provide the Application Secret for Azure AD [Base64 encoded]. If you are using Managed Service Identity (MSI) for resource creation, leave it commented.
DISCOVERY_AZURE_TENANTID: If you want Privacera Manager to create resources using the Azure Subscription Principal, provide the Tenant ID for Azure AD. If you are using Managed Service Identity (MSI) for resource creation, leave it commented.
Copy the vars.discovery.gcp.yml
from config/sample-vars
to config/custom-vars
and edit the file.
Bash | |
---|---|
Add or edit the following variables:
Enable Kafka for Discovery¶
Kafka is required for inter process communication between the Discovery components.
Copy the vars.kafka.yml
from config/sample-vars
to config/custom-vars
and edit the file.
Bash | |
---|---|
Add or edit the following variables:
Copy the vars.kafka.yml
from config/sample-vars
to config/custom-vars
and edit the file.
Bash | |
---|---|
Add or edit the following variables:
Kafka is not required for GCP as it uses pubsub. Please refer prerequisites for GCP for more details
Apply the configuration¶
To apply the configuration you should run Privacera Manager to restart the services.
- Prev Prerequisites
- Next Advanced Configuration