Installing Privacy Dynamics
Install
Deploy latest version
From the Replicated admin console, click on the "Check for Update" link to get the latest version of Privacy Dynamics. The latest version is displayed on the top of the list. It will show "Pending Config" as the customer needs to input some values, click on "Configure" to enter the configuration. This action will navigate to the "Config" tab.
"Dataframe Upload Secret" and "Profile Upload Secret" are specified by each customer. "UI Fully Qualified Domain Name" should be app.pvcy.customer.com
and "API Fully Qualified Domain Name" should be api.pvcy.customer.com
, where the sub-domain matches the customer's chosen sub-domain.
Set environment variables
- Dataframe Upload Secret. A 12 character alphanumeric encryption secret used to protect data.
- Profile Upload Secret. A 12 character alphanumeric encryption secret used to encrypt data connection credentials. Changing the secret will invalidate historical job information.
- Storage class for data volume. The installation requires a
PhysicalVolumeClaim
that supports ReadWriteMany access mode for its temporary storage. Azure users can use theazurefile-csi
StorageClass. AWS users can follow our directions to set up EFS storage. For Google cloud we recommend using CSI drivers for FileStore.
Tip
It is possible to manage the internal application database separately, though this is mainly for legacy users. To do so, check the "Use External PostgreSQL Database" box and follow the instructions for setting up an external database.
Auxiliary Software
To make the install process easier, it is possible to install auxiliary software that will assist in the functioning of Privacy Dynamics software. Installation through this method is entirely optional. The following software are currently available:
- NGINX Ingress Controller - Privacy Dynamics software assumes an NGINX ingress controller is present, this will install the standard
ingress-nginx
Helm chart, which will create anIngressClass
callednginx
and, for public clouds, can provision a load balancer. - ExternalDNS - this connects to a public cloud DNS provider (e.g. Route 53 or Cloud DNS) to create DNS records when a new ingress is created.
- cert-manager - this provisions certificates from a public CA for ingresses on your cluster.
- We have included the capability to create a
ClusterIssuer
using the ACME Issuer type with a DNS01 challenge. The default Certificate Authority is Let's Encrypt. You can decline creating theClusterIssuer
if you have different requirements.
- We have included the capability to create a
- Loki - this is the popular log aggregator from Grafana Labs
- Prometheus stack - this is a bundle of Prometheus/Alertmanager and Grafana
If you are using cert-manager and our ClusterIssuer
, the installer can also attempt to create the ingresses for the Privacy Dynamics application, API, and KOTS Admin Console.
Verify the application is running
Once the application is deployed, its pods will be running on the cluster. You can view them by running the command kubectl get pods -n pvcy
.
analyzer-app
is the front-end application.privacy-api
is the back-end application.celery
are the data-processing containers.nginx-privacy-api
is a proxy server for the back-end (privacy-api).redis
task queue.reloader
synchronizes the state of the pods if any config values are changed.
View the application logs using: kubectl logs api-[XXX] -n pvcy
. You may see migrations run on the pvcydb
.
Verify API endpoint
You can make a basic HTTP request to verify that the API ingress has been setup right. This call does not need authentication.
curl https://api.pvcy.customer.com/v1/ping --insecure
{
"result": "Ping succeeded",
"request_id": "590ffb9d72f3230e316dd3b7cbe5a553",
"processing_time": "0.00026s",
"request_timestamp": 1667912466
}