Install Forcepoint DSPM using Helm without Rancher

Refer to K3S installation here for installation requirements. All the commands in this runbook were tested against a VM with Canonical, Ubuntu, 20.04 LTS, amd64 as root.

Steps

  1. Install K3s and wait for the pods to become ready: 
    curl -sfL https://assets.master.k3s.getvisibility.com/k3s/k3s.sh | INSTALL_K3S_VERSION="v1.26.10+k3s1" K3S_KUBECONFIG_MODE="644" sh -s - server --node-name=local-01

kubectl get deploy -n kube-system --output name | xargs -n1 -t kubectl rollout status -n kube-system
  2. Install Helm 3: 
    wget --quiet https://raw.githubusercontent.com/helm/helm/master/scripts/get -O /tmp/get_helm.sh \
&& chmod 0755 /tmp/get_helm.sh \
&& /tmp/get_helm.sh -v v3.8.2
  3. Configure GetVisibility private Docker image registry (replace $USERNAME and $PASSWORD with the Docker credentials provided): 
    kubectl create secret docker-registry gv-docker-registry \
  --docker-server=https://images.master.k3s.getvisibility.com \
  --docker-username=$USERNAME \
  --docker-password=$PASSWORD \
  --docker-email=no@email.com
  4. Configure GetVisibility private Helm repository (replace $USERNAME and $PASSWORD with the Helm credentials provided): 
    helm repo add gv_stable https://charts.master.k3s.getvisibility.com/stable --username $USERNAME --password $PASSWORD

helm repo update
  5. Install chart GetVisibility Essentials and wait for the pods to become ready.

    For FDC (32 GB RAM machines), replace keycloak.url= IPADDRESS/DNS/FQDN with IP Adress or FQDN or DNS name for Keycloak in formats like below.

    helm upgrade --install gv-essentials gv_stable/gv-essentials --wait \
--timeout=10m0s --kubeconfig /etc/rancher/k3s/k3s.yaml \
--set eck-operator.enabled=true --set eck-operator.settings.cpu=1 \
--set eck-operator.settings.memory=1 --set eck-operator.settings.storage=40 \
--set updateclusterid.enabled=false --set keycloak.url= IPADDRESS/DNS/FQDN

kubectl get deploy --output name | xargs -n1 -t kubectl rollout status

    For Forcepoint DSPM and Ultimate (48+ GB RAM machines), replace keycloak.url= IPADDRESS/DNS/FQDN with IP Adress or FQDN or DNS name for Keycloak in formats like below.

    helm upgrade --install gv-essentials gv_stable/gv-essentials --wait \
--timeout=10m0s --kubeconfig /etc/rancher/k3s/k3s.yaml \
--set eck-operator.enabled=true --set eck-operator.settings.cpu=8 \
--set eck-operator.settings.memory=20 --set eck-operator.settings.storage=160 \
--set updateclusterid.enabled=false --set keycloak.url= IPADDRESS/DNS/FQDN

kubectl get deploy --output name | xargs -n1 -t kubectl rollout status
  6. Depending on the theme you want to use, run one of the commands below to install the chart GV Platform (do not forget to replace $PRODUCT with either synergy or enterprise):
    1. GetVisibility theme: 
      helm upgrade --install gv-platform gv_stable/gv-platform --wait \
--timeout=10m0s --kubeconfig /etc/rancher/k3s/k3s.yaml \
--set-string clusterLabels.environment=prod \
--set-string clusterLabels.cluster_reseller=getvisibility \
--set-string clusterLabels.cluster_name=mycluster \
--set-string clusterLabels.product=$PRODUCT
    2. Forcepoint theme: 
      helm upgrade --install gv-platform gv_stable/gv-platform --wait \
--timeout=10m0s --kubeconfig /etc/rancher/k3s/k3s.yaml \
--set-string clusterLabels.environment=prod \
--set-string clusterLabels.cluster_reseller=forcepoint \
--set-string clusterLabels.cluster_name=mycluster \
--set-string clusterLabels.product=$PRODUCT