Azure is currently in Private Preview and is not available for General Availability (GA). It should not be used in production environments, as features and functionality may change before the final GA release.
Installing Features
After the PPC deployment is complete, optional components can be installed to extend the functionality.
Note: Feature installation is decoupled from PPC and must be performed separately. For detailed installation instructions, refer to the documentation provided by the respective feature teams.
Policy Workbench
This section describes how to install, verify, and uninstall Policy Workbench on a Kubernetes cluster without deploying Karpenter resources.
Prerequisites
Before running the Helm command, ensure the following prerequisites are in place:
Helm 3.xinstalled and configured on your workstation.kubectlinstalled and connected to the target Kubernetes cluster.- Access to the Protegrity OCI registry
registry.protegrity.com:9443with valid credentials. - Network connectivity to pull images from the registry.
- Cluster has sufficient resources like CPU, memory, and storage to run Policy Workbench.
Authentication to Registry
Log in to the OCI registry to allow Helm to pull the chart and images:
helm registry login registry.protegrity.com:9443 \
--username '<your-username>' \
--password '<your-password>'
Installing Policy Workbench without Karpenter
Policy Workbench is installed from the Protegrity OCI Helm registry. On the jump box run the following command:
helm upgrade --install policy-workbench \
oci://registry.protegrity.com:9443/azure-tech-preview/policy-workbench/1.11/helm/policy-workbench \
--version 1.11.0 \
--namespace policy-workbench \
--create-namespace \
--set keystore.backend=hsm \
--set keystore.hsm.imageRef=registry.protegrity.com:9443/azure-tech-preview/protegrity-provisioned-cluster/third-party/softhsm:2.6.1-openssl-3.3.2 \
--set karpenterResources.enabled=false
Here,
keystore.backend=hsmtogether withkeystore.hsm.imageRef=…softhsm:2.6.1-openssl-3.3.2configures Policy Workbench to use a SoftHSM keystore.karpenterResources.enabled=falsedisables Karpenter-specific resource hints; AKS uses the Cluster Autoscaler, so Karpenter is not present.If the OCI registry requires authentication, run
helm registry login registry.protegrity.com:9443first using the same credentials you supplied during bootstrap.
Verifying Installation
To check if the pods are running in the policy-workbench namespace, run the following command:
kubectl get pods -n policy-workbench
helm status policy-workbench -n policy-workbench
Post-Installation
After successful installation,
The Keystore Backend is configured to use HSM with SoftHSM image
2.6.1-openssl-3.3.2.karpenterResources.enabled=falseensures no Karpenter resources are deployed.
Uninstalling Policy Workbench
To uninstall the Policy Workbench, run the following command:
helm uninstall policy-workbench -n policy-workbench
kubectl delete namespace policy-workbench
Protegrity Agent
This section describes how to install the Protegrity Agent using Helm, along with the required prerequisites and steps to verify a successful installation.
Prerequisites
Before installing the Protegrity Agent, ensure the following requirements are met:
- A running Kubernetes cluster with access to create namespaces and deploy workloads.
kubectlinstalled and configured to connect to the target cluster.Helm v3installed on the jump box or workstation used for installation.- Access to the Protegrity OCI Helm registry
registry.protegrity.com:9443. - A values file, for example, custom-values.yaml, containing the Protegrity Agent configuration.
- The
custom-values.yamlfile should include:
karpenterResources:
enabled: false
proagentService:
secrets:
# Main Endpoint
OPENAI_API_ENDPOINT: ""
OPENAI_API_KEY: ""
OPENAI_API_VERSION: ""
OPENAI_LLM_MODEL: ""
# Embeddings
OPENAI_EMBEDDINGS_API_ENDPOINT: ""
OPENAI_EMBEDDINGS_API_KEY: ""
OPENAI_EMBEDDINGS_API_VERSION: ""
OPENAI_EMBEDDING_MODEL: ""
Note: Store sensitive data such as API keys securely and ensure the values file is protected according to the organization’s security guidelines.
Authentication to Registry
To log in to the OCI registry to allow Helm to pull the chart and images, run the following command:
helm registry login registry.protegrity.com:9443 \
--username '<your-username>' \
--password '<your-password>'
Installing Protegrity Agent without Karpenter
Ensure the
custom-values.yamlfile is available in the working directory. The following entry must be present.karpenterResources: enabled: falseTo install or upgrade the Protegrity Agent, run the following Helm command:
helm upgrade --install protegrity-agent oci://registry.protegrity.com:9443/azure-tech-preview/protegrity-agent/1.0/helm/protegrity-agent --version 1.0.0 --namespace pty-protegrity-agent --create-namespace --set databaseService.nodepoolName="" -f custom-values.yamlTo label all nodes in the node pool, run the following command:
kubectl get nodes -o name | xargs -I{} kubectl label {} karpenter.sh/nodepool=protegrity-agent --overwrite
Verifying Installation
After the Helm command completes, verify that all Protegrity Agent components are running:
- To list the pods in the Protegrity Agent namespace, run the following command:
kubectl get pods -n pty-protegrity-agent
- Confirm that all pods are in the
Runningstate and showREADYas1/1. A successful installation should display pods similar to the following:
NAME READY STATUS RESTARTS AGE
database-statefulset-0 1/1 Running 0 2m4s
protegrity-agent-db-backup-init-r1-7m9n4 1/1 Running 0 2m4s
protegrity-agent-deployment-847c869c47-65sgz 1/1 Running 0 2m4s
protegrity-agent-ui-deployment-569c68c88f-4474n 1/1 Running 0 2m4s
If all pods are running and ready, the Protegrity Agent installation is complete and ready for use.
Uninstalling Protegrity Agent
To uninstall Protegrity Agent, run the following command:
helm uninstall protegrity-agent -n pty-protegrity-agent
Feedback
Was this page helpful?