Skip to content

Kubernetes#

This section is applicable only if you are installing Privacera in Kubernetes

Prerequisite Notes
Kubernetes Cluster For security reasons, it is recommended to have Kubernetes dedicated for Privacera
Kubernetes Namespace Privacera will automatically create the Namespace in the Kubernetes cluster. But you have the option to pre-create one and make it available during Privacera installation
IAM Roles for NodeGroups (AWS) The NodeGroups where Privacera's pods run will need the IAM roles based on the services enabled. For the complete list refer here.

Pod Topology#

If your pods are distributed across different nodes, zones or regions, you can use pod topology in Privacera Manager to control them for high availability and efficient resource utilization. For more information on pod topology, refer the Kubernetes documentation - click here.

By default, pod topology is disable. To enable it, do the following

  1. Run the following command:

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.kubernetes.pod-topology.yml config/custom-vars/
    vi config/custom-vars/vars.kubernetes.pod-topology.yml
    
  2. Set the following to true.

    K8S_POD_TOPOLOGY_ENABLE: "true"
    

Proxy Configuration for Kubernetes#

If your clusters rely on a proxy service, on the Privacera host, set the protocol, domain or IP address, and port of your proxy server in the environment variable K8S_AUTH_PROXY in the pm-env.sh script you create at installation.

  1. Run the following command.

    cd privacera/privacera-manager/
    vi config/pm-env.sh
    
  2. Add the following property.

    export K8S_AUTH_PROXY="http://10.0.0.1:1234"
    
  3. Restart Privacera.

    ./privacera-manager.sh update
    

Last update: October 11, 2021