Skip to main content

Privacera Platform

Advanced Kubernetes configuration

Proxy configuration for Kubernetes

If your clusters rely on a proxy service on the Privacera host, set the protocol, domain or IP address and port of your proxy server in the environment variable K8S_AUTH_PROXY in the script you create at installation.

  1. Open the file.

    cd privacera/privacera-manager/
    vi config/
  2. Add the following property.

  3. Restart Privacera.

    ./ update
Pod topology

If your pods are distributed across different nodes, zones or regions, you can use pod topology in Privacera Manager to control them for high availability and efficient resource utilization. For more information on pod topology, refer to the Kubernetes documentation.

By default, pod topology is disabled. To enable it:

  1. Copy the .yml file to the custom-vars directory and open it.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.kubernetes.pod-topology.yml config/custom-vars/
    vi config/custom-vars/vars.kubernetes.pod-topology.yml

Externalize access to Privacera services - Nginx Ingress


NGINX Ingress with Privacera is supported only for AWS.

By deploying NGINX Ingress in Privacera, you can provide external access to Privacera services such as Privacera Portal, Audit Server, Solr and Ranger.

Steps to deploy NGINX Ingress
  1. Copy the .yml file to the /custom-vars directory and open it.

    cd ~/privacera/privacera-manager/ 
    cp config/sample-vars/vars.kubernetes.nginx-ingress.yml config/custom-vars/ 
    vi config/custom-vars/vars.kubernetes.nginx-ingress.yml
  2. To enable NGINX Ingress, set K8S_NGINX_INGRESS_ENABLE:"true".

  3. Choose whether you want to deploy the NGINX Ingress controller for Privacera Manager. If you set it to true, then Privacera Manager deploys NGINX Ingress controller in privacera-services namespace of your Kubernetes cluster.


    Do not set the property to true, if NGINX Ingress controller is already installed in your cluster.

  4. If K8S_NGINX_INGRESS_CONTROLLER_ENABLE is false, then provide your existing controller service load balancer URL.

  5. By default DNS names of Privacera services are set in the following pattern: service_name-namespace.domain_name. If you want to change the domain-name for the Privacera service URL, edit the AWS_ROUTE53_DOMAIN_NAME property.

  6. Provide AWS Route53 Zone ID to allow Privacera Manager to create records of DNS names.


    You can get the value by doing one of the following:

    • Run the following command where your Privacera Manager is installed.

      aws route53 list-hosted-zones-by-name --dns-name <ZONE_NAME> --query HostedZones[].Id --output text | cut -d/ -f3


    • Navigate to your AWS account > Route53 > Hosted Zone ID.