Customize Deployment Files

This topic shows how you can configure additional properties by merging Kubernetes configuration YAML files. When you install and deploy Privacera services, default Kubernetes configuration files for each Privacera service get created. If you want to extend the configuration of a Privacera service, you can create a new configuration file where all the new properties get defined, and then merge them together.

Configuration Filenames

The following table provides the list of Privacera services whose configurations can be merged. The tables gives the list of configuration files for a Privacera service that can be created and merged, and where these configuration files should be stored in a directory. You would need to refer this table to get the filename and location when creating the new configuration file.

Service Name	Custom Service Directory	Config File Names
Auditserver	~/privacera/privacera-manager/config/custom-vars/auditserver	- auditserver-service.yml - auditserver-storageclass.yml - auditserver-statefulset.yml
Audit-fluentd	~/privacera/privacera-manager/config/custom-vars/audit-fluentd	- audit-fluentd-service.yml - audit-fluentd-storageclass.yml - audit-fluentd-statefulset.yml
Access-Request-Manager	~/privacera/privacera-manager/config/custom-vars/portal	- access-request-manager-service.yml - access-request-manager-deployment.yml
Mariadb	~/privacera/privacera-manager/config/custom-vars/mariadb	- mariadb-service.yml - mariadb-secret.yml - mariadb-pvc.yml - mariadb-storageclass.yml - mariadb-deployment.yml
Zookeeper	~/privacera/privacera-manager/config/custom-vars/zookeeper	- zookeeper-service.yml - zookeeper-poddisruptionbudget.yml - zookeeper-storageclass.yml - zookeeper-statefulset.yml
Solr	~/privacera/privacera-manager/config/custom-vars/solr	- solr-service.yml - solr-poddisruptionbudget.yml - solr-storageclass.yml - solr-statefulset.yml
Ranger-admin	~/privacera/privacera-manager/config/custom-vars/ranger-admin	- ranger-service.yml - ranger-service-ingress.yml - ranger-deployment.yml
Ranger-usersync	~/privacera/privacera-manager/config/custom-vars/ranger-usersync	- usersync-deployment.yml
Ranger-kms/crypto	~/privacera/privacera-manager/config/custom-vars/ranger-kms	- ranger-kms-service.yml - ranger-kms-deployment.yml
Peg	~/privacera/privacera-manager/config/custom-vars/peg	- peg-service.yml - peg-deployment.yml - peg-hpa.yml
Portal	~/privacera/privacera-manager/config/custom-vars/portal	- portal-service.yml - portal-deployment.yml
Dataserver	~/privacera/privacera-manager/config/custom-vars/dataserver	- dataserver-service.yml - dataserver-service-account.yml - dataserver-role-binding.yml - dataserver-deployment.yml
Discovery	~/privacera/privacera-manager/config/custom-vars/discovery	- discovery-service.yml - discovery-pvc.yml - discovery-storageclass.yml - discovery-deployment.yml
Policysync	~/privacera/privacera-manager/config/custom-vars/policysync	- policysync-deployment.yml - policysync-pvc.yml - policysync-rocksdb-pvc.yml - policysync-storageclass.yml
Kafka	~/privacera/privacera-manager/config/custom-vars/kafka	- kafka-statefulset.yml
Pkafka	~/privacera/privacera-manager/config/custom-vars/pkafka	- pkafka-deployment.yml
Trino	~/privacera/privacera-manager/config/custom-vars/trino	- trino-deployment.yml - trino-service.yml - trino-worker-statefulset.yml - trino-worker-storageclass.yml
Grafana	~/privacera/privacera-manager/config/custom-vars/grafana	- grafana-service.yml - grafana-pvc.yml - grafana-storageclass.yml - grafana-deployment.yml
Graphite	~/privacera/privacera-manager/config/custom-vars/graphite	- graphite-service.yml - graphite-pvc.yml - graphite-storageclass.yml - graphite-deployment.yml
Common - RBAC	~/privacera/privacera-manager/config/custom-vars/rbac	- service-account.yml - role.yml - role-binding.yml

Procedure

To merge Kubernetes configuration files, perform the following steps:

1. Refer to the table above, and choose the service whose configuration you want to be merged. Get the filename of the configuration file, and the directory where the file will be stored.

2. Create the directory with the service name. Replace <SERVICE_NAME> with the name of the Privacera service whose configuration you want to merge.

   cd ~/privacera/privacera-manager/config/custom-vars
   mkdir <SERVICE_NAME>
   

3. Create the new configuration file. Replace <CONFIG_FILENAME> with the name of the configuration file of the Privacera service.

   vi <CONFIG_FILENAME>
   

4. Add the properties in the configuration file. The following is an example of adding a nodeselector property.

   spec:
     template:
       spec:
         nodeSelector:
           node: privacera
   

5. Verify the deployment file by running the setup command.

   ./privacera-manager.sh setup
   

   Once the command is completed, you can find the deployment file at the following location:

   vi ~/privacera/privacera-manager/output/kubernetes/helm/portal/templates/<CONFIG_FILENAME>
   

6. Run the update command.

   cd ~/privacera/privacera-manager
   ./privacera-manager.sh update
   

Example: Assigning pods to a node

If you want to assign a pod to a node for the Portal service, perform the following steps:

1. From the table above, refer the Portal service, and get the filename, portal-deployment.yml.

2. Create the directory with the service name as portal.

   cd ~/privacera/privacera-manager/config/custom-vars
   mkdir portal
   

3. Create the configuration file, portal-deployment.yml.

   vi portal-deployment.yml
   

4. Add the following property in the configuration file. Modify the <key> and <value>.

   spec:
     template:
       spec:
         nodeSelector:
           <key>: <value>
   

5. Before running the install, verify the deployment file by running the setup command.

   ./privacera-manager.sh setup
   

   Once the command is completed, you can find the deployment file at the following location:

   vi ~/privacera/privacera-manager/output/kubernetes/helm/portal/templates/portal-deployment.yml
   

   Contents of the custom portal deployment file is merged with the regular portal deployment file already available in Privacera Manager using Ansible Combine Filter. This merge only works with hashes/dictionaries. The new deployment file is generated in the output folder in the YAML format.

   CLick the tabs to display the properties of the deployment file before and after running the setup command.

   Before

   The following is the properties of the deployment file before running the setup command. Expand to view it.

   Expand

   apiVersion: apps/v1
   kind: Deployment
   metadata:
   labels:
       app: portal
   name: portal
   spec:
   replicas: 1
   selector:
       matchLabels:
       app: portal
   strategy:
       type: Recreate
   template:
       metadata:
       labels:
           app: portal
       spec:
       containers:
       - image: hub2.privacera.com/privacera:rel.latest
           imagePullPolicy: IfNotPresent
           livenessProbe:
           failureThreshold: 3
           initialDelaySeconds: 400
           periodSeconds: 30
           tcpSocket:
               port: 6868
           name: portal
           ports:
           - containerPort: 6868
           readinessProbe:
           failureThreshold: 6
           initialDelaySeconds: 120
           periodSeconds: 30
           tcpSocket:
               port: 6868
           resources:
           limits:
               cpu: '0.5'
               memory: 2457M
           requests:
               cpu: '0.2'
               memory: 307M
           volumeMounts:
           - mountPath: /opt/privacera/portal/conf
           name: conf-vol
           - mountPath: /opt/privacera/portal/bin
           name: bin-vol
       imagePullSecrets:
       - name: privacera-hub
       initContainers:
       - command:
           - bash
           - -c
           - /scripts/wait-for-it.sh zk-0.zkensemble:2181:2181 -t 300 --
           image: hub2.privacera.com/privacera:rel.latest
           name: wait-for-zookeeper
       - command:
           - bash
           - -c
           - /scripts/wait-for-it.sh solr-service:8983 -t 300 --
           image: hub2.privacera.com/privacera:rel.latest
           name: wait-for-solr
       - command:
           - bash
           - -c
           - /scripts/wait-for-it.sh mariadb:3306 -t 300 --
           image: hub2.privacera.com/privacera:rel.latest
           name: wait-for-mariadb
       - command:
           - bash
           - -c
           - cp -r /conf_ro/. /opt/privacera/portal/conf
           image: hub2.privacera.com/privacera:rel.latest
           name: copy-conf
           volumeMounts:
           - mountPath: /opt/privacera/portal/conf
           name: conf-vol
           - mountPath: /conf_ro
           name: portal-conf
       - command:
           - bash
           - -c
           - cp -r /bin_ro/. /opt/privacera/portal/bin
           image: hub2.privacera.com/privacera:rel.latest
           name: copy-bin
           volumeMounts:
           - mountPath: /opt/privacera/portal/bin
           name: bin-vol
           - mountPath: /bin_ro
           name: portal-bin
       restartPolicy: Always
       securityContext:
           fsGroup: 200
       serviceAccountName: privacera-sa
       topologySpreadConstraints:
       - labelSelector:
           matchLabels:
               app: portal-1
           maxSkew: 1
           topologyKey: zone
           whenUnsatisfiable: ScheduleAnyway
       - labelSelector:
           matchLabels:
               app: portal-1
           maxSkew: 1
           topologyKey: node
           whenUnsatisfiable: DoNotSchedule
       volumes:
       - configMap:
           name: portal-conf
           name: portal-conf
       - configMap:
           defaultMode: 493
           name: portal-bin
           name: portal-bin
       - emptyDir: {}
           name: conf-vol
       - emptyDir: {}
           name: bin-vol
   status: {}
   

   After

   The following is the properties of the deployment file after running the setup command. Expand to view it. Two additional lines nodeSelector: and node: privacera are added.

   Expand

   apiVersion: apps/v1
   kind: Deployment
   metadata:
   labels:
       app: portal
   name: portal
   spec:
   replicas: 1
   selector:
       matchLabels:
       app: portal
   strategy:
       type: Recreate
   template:
       metadata:
       labels:
           app: portal
       spec:
       containers:
       - image: hub2.privacera.com/privacera:rel.latest
           imagePullPolicy: IfNotPresent
           livenessProbe:
           failureThreshold: 3
           initialDelaySeconds: 400
           periodSeconds: 30
           tcpSocket:
               port: 6868
           name: portal
           ports:
           - containerPort: 6868
           readinessProbe:
           failureThreshold: 6
           initialDelaySeconds: 120
           periodSeconds: 30
           tcpSocket:
               port: 6868
           resources:
           limits:
               cpu: '0.5'
               memory: 2457M
           requests:
               cpu: '0.2'
               memory: 307M
           volumeMounts:
           - mountPath: /opt/privacera/portal/conf
           name: conf-vol
           - mountPath: /opt/privacera/portal/bin
           name: bin-vol
       imagePullSecrets:
       - name: privacera-hub
       initContainers:
       - command:
           - bash
           - -c
           - /scripts/wait-for-it.sh zk-0.zkensemble:2181:2181 -t 300 --
           image: hub2.privacera.com/privacera:rel.latest
           name: wait-for-zookeeper
       - command:
           - bash
           - -c
           - /scripts/wait-for-it.sh solr-service:8983 -t 300 --
           image: hub2.privacera.com/privacera:rel.latest
           name: wait-for-solr
       - command:
           - bash
           - -c
           - /scripts/wait-for-it.sh mariadb:3306 -t 300 --
           image: hub2.privacera.com/privacera:rel.latest
           name: wait-for-mariadb
       - command:
           - bash
           - -c
           - cp -r /conf_ro/. /opt/privacera/portal/conf
           image: hub2.privacera.com/privacera:rel.latest
           name: copy-conf
           volumeMounts:
           - mountPath: /opt/privacera/portal/conf
           name: conf-vol
           - mountPath: /conf_ro
           name: portal-conf
       - command:
           - bash
           - -c
           - cp -r /bin_ro/. /opt/privacera/portal/bin
           image: hub2.privacera.com/privacera:rel.latest
           name: copy-bin
           volumeMounts:
           - mountPath: /opt/privacera/portal/bin
           name: bin-vol
           - mountPath: /bin_ro
           name: portal-bin
       nodeSelector:
         node: privacera
       restartPolicy: Always
       securityContext:
           fsGroup: 200
       serviceAccountName: privacera-sa
       topologySpreadConstraints:
       - labelSelector:
           matchLabels:
               app: portal-1
           maxSkew: 1
           topologyKey: zone
           whenUnsatisfiable: ScheduleAnyway
       - labelSelector:
           matchLabels:
               app: portal-1
           maxSkew: 1
           topologyKey: node
           whenUnsatisfiable: DoNotSchedule
       volumes:
       - configMap:
           name: portal-conf
           name: portal-conf
       - configMap:
           defaultMode: 493
           name: portal-bin
           name: portal-bin
       - emptyDir: {}
           name: conf-vol
       - emptyDir: {}
           name: bin-vol
   status: {}
   

6. Run the update command.

   cd ~/privacera/privacera-manager
   ./privacera-manager.sh update