Skip to content

Discovery Configuration - Self Managed and Data Plane

Make sure you have completed the Prerequisites before proceeding with the Discovery configuration.

Enable Discovery features

Run the following commands on the Privacera Manager host to enable Discovery features in Self Managed and PrivaceraCloud Data Plane deployments.

Copy the vars.discovery.aws.yml from config/sample-vars to config/custom-vars and edit the file.

Bash
1
2
3
cd ~/privacera/privacera-manager
cp -n config/sample-vars/vars.discovery.aws.yml config/custom-vars/
vi config/custom-vars/vars.discovery.aws.yml

Add or edit the following variables:

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Discovery bucket name. Should be without 's3://' prefix 
# and can contain optional folder path
#
# Example 1: DISCOVERY_BUCKET_NAME: "my-discovery-bucket"
# Example 2: DISCOVERY_BUCKET_NAME: "my-discovery-bucket/my-path"
# This bucket will be created by Privacera Manager using terraform.
DISCOVERY_BUCKET_NAME: “<PLEASE_CHANGE>”

# If you do not want Privacera Manager to create the S3bucket, 
# uncomment the following,
# DISCOVERY_CREATE_BUCKET: "false"

# If you do not want Privacera Managerto create the DynamoDB tables, uncomment 
# the following,
#DISCOVERY_CREATE_NOSQL_TABLES: "false"

# If you have created DynamoDB tables with different names, then uncomment the following,
# and set the values to the table names.
#
# NOTE: Privacera Manager will not create tables with these names, you have to create
# them manually and set DISCOVERY_CREATE_NOSQL_TABLES: "false"
#
# SCAN_REQUEST_TABLE: "<PLEASE_CHANGE>"
# RESOURCE_TABLE: "<PLEASE_CHANGE>"
# ALERT_TABLE: "<PLEASE_CHANGE>"
# AUDIT_SUMMARY_TABLE: "<PLEASE_CHANGE>"
# ACTIVE_SCANS_TABLE: "<PLEASE_CHANGE>"
# STATE_TABLE: "<PLEASE_CHANGE>"

# If you do not want Privacera Manager to create the SQS queue, uncomment 
# the following
#DISCOVERY_CREATE_SQS: "false"

# If you want to use a different name for the SQS queue, uncomment the following
# DISCOVERY_BUCKET_SQS_NAME: "<PLEASE_CHANGE>"

# IAM Role for Service Account used by Discovery Driver and Executor Pods
DISCOVERY_USE_POD_IAM_ROLE: "true"
DISCOVERY_IAM_ROLE_ARN: "<PLEASE_CHANGE>"

DISCOVERY_CONSUMER_ENABLE: "true"
DISCOVERY_CONSUMER_USE_POD_IAM_ROLE: "true"
DISCOVERY_CONSUMER_IAM_ROLE_ARN: "<PLEASE_CHANGE>"

PORTAL_USE_POD_IAM_ROLE: "true"
PORTAL_IAM_ROLE_ARN: "<PLEASE_CHANGE>"

DISCOVERY_K8S_SPARK_DYNAMIC_ALLOCATION_ENABLED: "true"

Replace the following placeholders

These were created as part of the Prerequisites -> AWS steps.

DISCOVERY_BUCKET_NAME: Discovery configuration bucket name.

DISCOVERY_IAM_ROLE_ARN: ARN of the IAM role created for Discovery driver, executor and Portal pods

DISCOVERY_CONSUMER_IAM_ROLE_ARN: ARN of the IAM role created for Discovery consumer pods

PORTAL_IAM_ROLE_ARN: ARN of the IAM role created for Discovery driver, executor and Portal pods

Copy the vars.discovery.azure.yml from config/sample-vars to config/custom-vars.

Bash
1
2
3
cd ~/privacera/privacera-manager  
cp -n config/sample-vars/vars.discovery.azure.yml config/custom-vars
vi config/custom-vars/vars.discovery.azure.yml

Add or edit the following variables:

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
DISCOVERY_FS_PREFIX: "<PLEASE_CHANGE>"
DISCOVERY_AZURE_STORAGE_ACCOUNT_NAME: <PLEASE_CHANGE>"
DISCOVERY_AZURE_STORAGE_ACCOUNT_KEY: "<PLEASE_CHANGE>"

DISCOVERY_AZURE_LOCATION: "<PLEASE_CHANGE>"

CREATE_AZURE_RESOURCES: "false"

DISCOVERY_AZURE_RESOURCE_GROUP: "<PLEASE_CHANGE>"

DISCOVERY_AZURE_COSMOS_DB_ACCOUNT: "<PLEASE_CHANGE>"
DISCOVERY_COSMOSDB_URL: <PLEASE_CHANGE>"
DISCOVERY_COSMOSDB_KEY: "<PLEASE_CHANGE>"

DISCOVERY_CONSUMER_ENABLE: "true"

Copy the vars.discovery.gcp.yml from config/sample-vars to config/custom-vars and edit the file.

Bash
1
2
3
cd ~/privacera/privacera-manager
cp -n config/sample-vars/vars.discovery.gcp.yml config/custom-vars/
vi config/custom-vars/vars.discovery.gcp.yml

Add or edit the following variables:

Bash
1
2
3
BIGTABLE_INSTANCE_ID: "<PLEASE_CHANGE>"
DISCOVERY_BUCKET_NAME: "<PLEASE_CHANGE>"
DISCOVERY_CONSUMER_ENABLE: "true"

Enable Kafka for Discovery

Kafka is required for inter process communication between the Discovery components.

Copy the vars.kafka.yml from config/sample-vars to config/custom-vars and edit the file.

Bash
1
2
3
cd ~/privacera/privacera-manager
cp -n config/sample-vars/vars.kafka.yml config/custom-vars/
vi config/custom-vars/vars.kafka.yml

Add or edit the following variables:

Bash
1
2
# Add or edit the following variables in the file
USE_KAFKA_SPECIFIC_STORAGE_CLASS: "true"

Copy the vars.kafka.yml from config/sample-vars to config/custom-vars and edit the file.

Bash
1
2
3
cd ~/privacera/privacera-manager
cp -n config/sample-vars/vars.kafka.yml config/custom-vars/
vi config/custom-vars/vars.kafka.yml

Add or edit the following variables:

Bash
1
2
# Add or edit the following variables in the file
USE_KAFKA_SPECIFIC_STORAGE_CLASS: "true"

Kafka is not required for GCP as it uses pubsub. Please refer prerequisites for GCP for more details

Apply the configuration

To apply the configuration you should run Privacera Manager to restart the services.

Bash
1
2
3
cd ~/privacera/privacera-manager
./privacera-manager.sh setup
./pm_with_helm.sh upgrade

Comments