Install Forcepoint DSPM using Helm

Note: Ensure k3s is installed as explained in Single node K3s installation. For HA configurations refer K3s installation in HA

Steps

  1. Install Helm 3 as documented in Installing Helm.
  2. Configure GetVisibility private Docker image registry (replace $USERNAME and $PASSWORD with the Docker credentials provided by Forcepoint Technical Support.): 
    kubectl create secret docker-registry gv-docker-registry \
  --docker-server=https://images.master.k3s.getvisibility.com \
  --docker-username=$USERNAME \
  --docker-password=$PASSWORD \
  --docker-email=no@email.com
  3. Configure GetVisibility private Helm repository (replace $USERNAME and $PASSWORD with the Helm credentials provided): 
    helm repo add gv_stable https://charts.master.k3s.getvisibility.com/stable --username $USERNAME --password $PASSWORD

    
helm repo update
  4. Install chart GetVisibility Essentials and wait for the pods to become ready.

    Run one of the below commands, replacing the replacing the $IPADDRESS placeholder with an actual IP Address, host name or FQDN the cluster will be accessed on (e.g. "10.20.30.40" or "dspm.mycompany.com"). This will create an initial configuration and only allow dashboard log in when accessing the server no its designated hostname or IP.

    For FDC: 

    helm upgrade --install gv-essentials gv_stable/gv-essentials --wait \
--debug--timeout=10m0s --kubeconfig /etc/rancher/k3s/k3s.yaml \
--set eck-operator.enabled=true --set eck-operator.settings.cpu=1 \
--set eck-operator.settings.memory=2 --set eck-operator.settings.storage=40 \
--set updateclusterid.enabled=false --set keycloak.url=$IPADDRESS

    
kubectl get deploy --output name | xargs -n1 -t kubectl rollout status

    For Forcepoint DSPM and Ultimate:

    helm upgrade --install gv-essentials gv_stable/gv-essentials --wait \
--debug--timeout=10m0s --kubeconfig /etc/rancher/k3s/k3s.yaml \
--set eck-operator.enabled=true --set eck-operator.settings.cpu=4 \
--set eck-operator.settings.memory=20 --set eck-operator.settings.storage=160 \
--set updateclusterid.enabled=false --set keycloak.url=$IPADDRESS

    
kubectl get deploy --output name | xargs -n1 -t kubectl rollout status
  5. Install the platform. Replace the $PRODUCT with one of: synergy (for FDC), dspm (for DSPM) or ultimate. 
    helm upgrade --install gv-platform gv_stable/gv-platform --wait \
--debug--timeout=10m0s --kubeconfig /etc/rancher/k3s/k3s.yaml \
--set-string clusterLabels.environment=prod \
--set-string clusterLabels.cluster_reseller=forcepoint \
--set-string clusterLabels.cluster_name=mycluster \
--set-string clusterLabels.product=$PRODUCT
  6. (Optional) Install the monitoring tools:: To collect metrics and logs of all services running:
    1. Install the CRDs 
      $ helm upgrade --install rancher-monitoring-crd gv_stable/rancher-monitoring-crd --wait \
--kubeconfig /etc/rancher/k3s/k3s.yaml \
--namespace=cattle-monitoring-system \
--create-namespace
    2. Install the monitoring tools 
      helm upgrade --install rancher-monitoring gv_stable/rancher-monitoring --wait \
--kubeconfig /etc/rancher/k3s/k3s.yaml \
--namespace=cattle-monitoring-system \
--version=100.1.2+up19.0.5 \
--set k3sServer.enabled=true \
--set k3sControllerManager.enabled=true \
--set k3sScheduler.enabled=true \
--set k3sProxy.enabled=true \
--set prometheus.retention=5 \
--set global.grafana_ingress.enabled=true