[go: up one dir, main page]
Scribd
Upload
24 views5 pages

Onebox Microkubernetes Service Deployment Guide

Uploaded by

John Shepard
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views5 pages

Onebox Microkubernetes Service Deployment Guide

Uploaded by

John Shepard
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Onebox Microkubernetes Service Deployment Guide

31 Oct, 2022 . Article

This document outlines the recommended installation steps for


a Onebox deployment to the OneTrust Data Discovery scanner.

Prerequisites

Supported:

Ubuntu 18.04 (Recommended)

RHEL 7.6-7.9; 8.1-8.5

CIS RHEL 7 Level 1

CIS RHEL 8 Level 1

CentOS 7.7-7.9; 8.1-8.4

CIS CentOS 7

CIS CentOS 8

Installed MicroK8s, see Introduction to MicroK8s


(https://microk8s.io/docs) for more information.

VM service account for sudo access with admin privileges

Latest version of kubectl, with a minimum version of 1.18


Firewall rule for server open inbound on port 8200. This will
permit vault web UI access. You can restrict to needed
source IPs.

Hardware Requirements

Minimum Recommended

vCPUs 16 24

RAM 28GB 48GB

DISK 256GB 512GB*

NOTE

*512GB shall be allocated to the /var
directory.

If the VM is partitioned to use a


separate filesystem mounted for the
/var directory, the storage of snap,
microk8s and the persistent volume
created by Onebox installer uses that
space.
Alternatively, if a VM is partitioned in
a different manner, then all of the
disk space shall be allocated on the /
(root) path as there is no separate
mount path for /var. All the disk
space going into /var directory will
use the / (root) path's disk space.
Onebox Deployment

Please refer to the following installation resources to deploy


with Onebox:

Manual Installation Overview (/s/article/UUID-998890eb-


cb65-bd66-d81f-8ce810df652f)

Guided Installation Overview (/s/article/UUID-b8535190-


16f8-51b2-5e64-1d2a62bb3353)

Credential Vault Configuration

For more information on configuring credential vaults and the


supported providers, please reference Credential Vault
Configuration for Data Sources (/s/article/UUID-26d6548b-897a-
c516-646d-c85689ab3e79).

Validating MicroK8s Installation

NOTE

For customers using an internal DNS
server, ensure the internal VM IP address
is not included in the CIDR range used by
MicroK8s to avoid collision. By default,
MicroK8s uses 10.1.0.0.

To change pods and to learn more about


CIDR in clusters, please refer to MicroK8s
install documentation
(https://microk8s.io/docs/change-cidr).

1 Check if ufw (Uncomplicated Firewall) is installed by


running the following command:
sudo ufw status

2 If not installed, install by running the following:

sudo yum install epel-release -y


sudo yum install --enablerepo="epel" ufw -y

sudo ufw enable

3 To allow traffic on vxlan.calico, run the following:

sudo ufw allow in on vxlan.calico && sudo u

4 To allow pods to communicate with each other and


outside, run the following:

sudo ufw default allow routed

5 To check the installation and confirm no warnings, run


the following:

microk8s inspect

Attachment

Want to receive
updates about
this article?
Join the
DataGovernance
Group.
Join the
Group
ON THIS
PAGE

Prerequisites

Onebox
Deployment

Credential
Vault
Configuration

Validating
MicroK8s
Installation

You might also like