Skip to content

Discovery#

This topic allows you to set up the GCP configuration for installing Privacera Discovery in a Docker and Kubernetes environment.

Prerequisites#

Ensure the following prerequisites are met:

  • Create a service account and add the following roles. For more information, refer to Creating a new service account.

    • Editor
    • Owner
    • Private Logs Viewer
    • Kubernetes Engine Admin (Required only for a Kubernetes environment)
  • Create a Bigtable instance and get the Bigtable Instance ID. For more information, refer to Creating a Cloud Bigtable instance.

Configuration#

  1. SSH to the Privacera Host VM.

  2. If you're configuring Discovery for a Kubernetes environment, run the following commands. For a Docker environment, you can skip this step.

    Get the URL by running the following.

    kubectl cluster-info
    

    Run the following commands.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.discovery.kubernetes.yml config/custom-vars/
    vi config/custom-vars/vars.discovery.kubernetes.yml
    

    Add the Kubernetes info.

    DISCOVERY_K8S_SPARK_MASTER: "<PLEASE_CHANGE>"
    
  3. Run the following commands.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.discovery.gcp.yml config/custom-vars/
    vi config/custom-vars/vars.discovery.gcp.yml
    
  4. Edit the following properties.

    BIGTABLE_INSTANCE_ID: "<PLEASE_CHANGE>"
    DISCOVERY_BUCKET_NAME: "<PLEASE_CHANGE>"
    

    Property Description Example
    BIGTABLE_INSTANCE_ID Get the value by navigating to Navigation Menu->Databases->BigTable->Check the instance id column. BIGTABLE_INSTANCE_ID: "table_1"
    DISCOVERY_BUCKET_NAME Give a name where the Discovery will store it's metadata files. DISCOVERY_BUCKET_NAME="bucket_1"

  5. (Optional) If you want to customize Discovery configuration further, you can add custom Discovery properties. For more information, refer to Discovery Custom Properties.

    For example, by default, the username and password for the Discovery service is padmin/padmin. If you choose to change it, refer to Add Custom Properties.

  6. For real-time scanning, run the following.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.pkafka.gcp.yml config/custom-vars/
    

    Note

    • Recommended: Use Google Sink based approach to enable real-time scan of applications on different projects, click here.

    • Optional: Use Google Logging API based approach to enable real-time scan of applications on different projects, click here.

  7. Run the following commands.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

Last update: August 26, 2021