LightBeam Installer

PreviousLightBeam Deployment Instructions NextWeb App Deployment

Last updated 5 months ago

LightBeam Installer

1.0 LightBeam Installation

NOTE:

Dockerhub registry access is needed from all worker nodes of the Kubernetes cluster.
Outbound traffic to access datasource APIs such as google APIs, Microsoft APIs, and Slack APIs depends on the data sources registered.

a. Copy the lightbeam.zip file shared by the LightBeam team on the Jump Box.

b. Change the default storage class name in values.yaml

c. Install the LightBeam chart:

Note: Verify that the EKS cluster has internet access.

If you are installing the LightBeam chart on a self-managed kubernetes cluster, add the --self_managed flag to the installer script as shown below. Replace this with --eks or --aks if you are installing the chart on AWS EKS or Azure kubernetes. The --spectra flag specifies the spectra deployment. Use the --privacy_ops flag to specify the privacy ops deployment.

export DOCKER_USERNAME="lbcustomers" DOCKER_REGISTRY_PASSWORD="<DOCKER_REGISTRY_TOKEN>" KBLD_REGISTRY_HOSTNAME="docker.io" KBLD_REGISTRY_USERNAME="lbcustomers" KBLD_REGISTRY_PASSWORD="<DOCKER_REGISTRY_TOKEN>"
./installer/lb-install.sh --install --spectra --self_managed --values charts/lightbeam/values.yaml --final_values charts/lightbeam/values.yaml

Contact for DOCKER_REGISTRY_TOKEN.

One can verify the installation by running `kubectl get pods -n lightbeam` and check the status of all pods.

Install the logging chart

Update the default storage class name in standalone-cluster.yaml as used for installing LightBeam.

helm install logging charts/lightbeam-logging/ --namespace logging --create-namespace -f charts/lightbeam-logging/standalone-cluster.yaml  --debug

Install the monitoring chart

Update the default storage class name in standalone-cluster.yaml as used for installing LightBeam.

 helm install logging charts/lightbeam-monitoring --namespace monitoring --create-namespace -f charts/lightbeam-monitoring/standalone-cluster.yaml --debug.

d. Post-install setup:

Use the following command to get the address to access Lightbeam UI

kubectl get ingress -n lightbeam

2.0 LightBeam UI Access

Copy the Address from the ingress and run the following commands:

kubectl patch cm/lightbeam-common-configmap -n lightbeam --type merge -p '{"data": {"AUTH_BASE_URL": "http://<COPIED_ADDRESS>"}}'
kubectl delete pods -l app=lightbeam-api-gateway -n lightbeam

Now open the copied address in your browser and log in through the credentials copied in the previous step.

Accessing the LightBeam application:

Once the deployment is successful, run the following command:

kubectl get ingress -n lightbeam

Here, you can see the ingress load-balancer URL. Copy-paste the same to the browser, and start exploring the LightBeam portal using default credentials provided by LightBeam.

Default credentials to access the LightBeam cluster will be provided by the LightBeam team. Please change the password right away.

An alternative to the above is using Jumpbox Public IP:

Create a new file at /usr/local/bin/lightbeam.sh and populate it with:

#!/usr/bin/env bash

trap 'kill $(jobs -p)' EXIT
/usr/bin/kubectl port-forward service/kong-proxy -n lightbeam --address 0.0.0.0 80:80 443:443 --kubeconfig /root/.kube/config &
PID=$!

/bin/systemd-notify --ready

while(true); do
    FAIL=0
    kill -0 $PID
    if [[ $? -ne 0 ]]; then FAIL=1; fi
    status_code=`curl -s -o /dev/null -w "%{http_code}" http://localhost/api/health`
    echo "Lightbeam cluster health check: $status_code"
    if [[ $? -ne 0 || $status_code -ne 200 && $status_code -ne 301 ]]; then FAIL=1; fi
    if [[ $FAIL -eq 0 ]]; then /bin/systemd-notify WATCHDOG=1; fi
    sleep 1
done

Change file permissions:

chmod u+x /usr/local/bin/lightbeam.sh

Create a new file at /etc/systemd/system/lightbeam.service with the content:

[Unit]
Description=LightBeam Application
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
StartLimitIntervalSec=500
StartLimitBurst=10000
[Service]
Type=notify
Restart=always
RestartSec=1
TimeoutSec=5
WatchdogSec=5
ExecStart=/usr/local/bin/lightbeam.sh

[Install]
WantedBy=multi-user.target

Enable and start services:

systemctl enable lightbeam
systemctl start lightbeam
systemctl status lightbeam

Run following command to set jumpbox public IP address as UI endpoint:


kubectl patch cm/lightbeam-common-configmap -n lightbeam --type merge -p '{"data": {"AUTH_BASE_URL": "http://<JUMP_BOX_IP_ADDRESS>"}}'
kubectl delete pods -l app=lightbeam-api-gateway -n lightbeam

Access LightBeam UI using public IP and port 80: http://<PUBLIC_IP>:80

Note: Here, Public IP of the Jumpbox VM can be used.

3.0 LightBeam Upgrade

The LightBeam team shares the latest release LightBeam chart which needs to be copied on the Jump Box. Upgrade the LightBeam chart:

NOTE: Dockerhub registry access is needed from all worker nodes of the kubernetes cluster.

The --spectra flag specifies the spectra deployment. Use the --privacy_ops flag to specify the privacy ops deployment.

export DOCKER_USERNAME="lbcustomers" DOCKER_REGISTRY_PASSWORD="<DOCKER_REGISTRY_TOKEN>" KBLD_REGISTRY_HOSTNAME="docker.io" KBLD_REGISTRY_USERNAME="lbcustomers" KBLD_REGISTRY_PASSWORD="<DOCKER_REGISTRY_TOKEN>"
./installer/lb-install.sh --upgrade --spectra --values charts/lightbeam/values.yaml --final_values charts/lightbeam/values.yaml

One can verify the upgrade by running kubectl get pods -n lightbeam and checking the status of all pods.

As part of upgrade, the following actions are taken:

Pausing datasource scanning and processing.
Updating latest database schema.
Updating all LightBeam services to the respective release versions. As part of this step, all latest release version Docker images from Dockerhub registry are downloaded on respective worker nodes.
A post-upgrade job is executed which resumes scans for all data sources and starts processing, also verifies all services health.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.

PreviousLightBeam Deployment Instructions NextWeb App Deployment

Last updated 5 months ago

1.0 LightBeam Installation

NOTE:

Dockerhub registry access is needed from all worker nodes of the Kubernetes cluster.
Outbound traffic to access datasource APIs such as google APIs, Microsoft APIs, and Slack APIs depends on the data sources registered.

a. Copy the lightbeam.zip file shared by the LightBeam team on the Jump Box.

b. Change the default storage class name in values.yaml

c. Install the LightBeam chart:

Note: Verify that the EKS cluster has internet access.

export DOCKER_USERNAME="lbcustomers" DOCKER_REGISTRY_PASSWORD="<DOCKER_REGISTRY_TOKEN>" KBLD_REGISTRY_HOSTNAME="docker.io" KBLD_REGISTRY_USERNAME="lbcustomers" KBLD_REGISTRY_PASSWORD="<DOCKER_REGISTRY_TOKEN>"
./installer/lb-install.sh --install --spectra --self_managed --values charts/lightbeam/values.yaml --final_values charts/lightbeam/values.yaml

Contact for DOCKER_REGISTRY_TOKEN.

One can verify the installation by running `kubectl get pods -n lightbeam` and check the status of all pods.

Install the logging chart

Update the default storage class name in standalone-cluster.yaml as used for installing LightBeam.

helm install logging charts/lightbeam-logging/ --namespace logging --create-namespace -f charts/lightbeam-logging/standalone-cluster.yaml  --debug

Install the monitoring chart

Update the default storage class name in standalone-cluster.yaml as used for installing LightBeam.

 helm install logging charts/lightbeam-monitoring --namespace monitoring --create-namespace -f charts/lightbeam-monitoring/standalone-cluster.yaml --debug.

d. Post-install setup:

Use the following command to get the address to access Lightbeam UI

kubectl get ingress -n lightbeam

2.0 LightBeam UI Access

Copy the Address from the ingress and run the following commands:

kubectl patch cm/lightbeam-common-configmap -n lightbeam --type merge -p '{"data": {"AUTH_BASE_URL": "http://<COPIED_ADDRESS>"}}'
kubectl delete pods -l app=lightbeam-api-gateway -n lightbeam

Now open the copied address in your browser and log in through the credentials copied in the previous step.

Accessing the LightBeam application:

Once the deployment is successful, run the following command:

kubectl get ingress -n lightbeam

Here, you can see the ingress load-balancer URL. Copy-paste the same to the browser, and start exploring the LightBeam portal using default credentials provided by LightBeam.

Default credentials to access the LightBeam cluster will be provided by the LightBeam team. Please change the password right away.

An alternative to the above is using Jumpbox Public IP:

Create a new file at /usr/local/bin/lightbeam.sh and populate it with:

#!/usr/bin/env bash

trap 'kill $(jobs -p)' EXIT
/usr/bin/kubectl port-forward service/kong-proxy -n lightbeam --address 0.0.0.0 80:80 443:443 --kubeconfig /root/.kube/config &
PID=$!

/bin/systemd-notify --ready

while(true); do
    FAIL=0
    kill -0 $PID
    if [[ $? -ne 0 ]]; then FAIL=1; fi
    status_code=`curl -s -o /dev/null -w "%{http_code}" http://localhost/api/health`
    echo "Lightbeam cluster health check: $status_code"
    if [[ $? -ne 0 || $status_code -ne 200 && $status_code -ne 301 ]]; then FAIL=1; fi
    if [[ $FAIL -eq 0 ]]; then /bin/systemd-notify WATCHDOG=1; fi
    sleep 1
done

Change file permissions:

chmod u+x /usr/local/bin/lightbeam.sh

Create a new file at /etc/systemd/system/lightbeam.service with the content:

[Unit]
Description=LightBeam Application
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
StartLimitIntervalSec=500
StartLimitBurst=10000
[Service]
Type=notify
Restart=always
RestartSec=1
TimeoutSec=5
WatchdogSec=5
ExecStart=/usr/local/bin/lightbeam.sh

[Install]
WantedBy=multi-user.target

Enable and start services:

systemctl enable lightbeam
systemctl start lightbeam
systemctl status lightbeam

Run following command to set jumpbox public IP address as UI endpoint:


kubectl patch cm/lightbeam-common-configmap -n lightbeam --type merge -p '{"data": {"AUTH_BASE_URL": "http://<JUMP_BOX_IP_ADDRESS>"}}'
kubectl delete pods -l app=lightbeam-api-gateway -n lightbeam

Access LightBeam UI using public IP and port 80: http://<PUBLIC_IP>:80

Note: Here, Public IP of the Jumpbox VM can be used.

3.0 LightBeam Upgrade

The LightBeam team shares the latest release LightBeam chart which needs to be copied on the Jump Box. Upgrade the LightBeam chart:

NOTE: Dockerhub registry access is needed from all worker nodes of the kubernetes cluster.

The --spectra flag specifies the spectra deployment. Use the --privacy_ops flag to specify the privacy ops deployment.

export DOCKER_USERNAME="lbcustomers" DOCKER_REGISTRY_PASSWORD="<DOCKER_REGISTRY_TOKEN>" KBLD_REGISTRY_HOSTNAME="docker.io" KBLD_REGISTRY_USERNAME="lbcustomers" KBLD_REGISTRY_PASSWORD="<DOCKER_REGISTRY_TOKEN>"
./installer/lb-install.sh --upgrade --spectra --values charts/lightbeam/values.yaml --final_values charts/lightbeam/values.yaml

One can verify the upgrade by running kubectl get pods -n lightbeam and checking the status of all pods.

As part of upgrade, the following actions are taken:

Pausing datasource scanning and processing.
Updating latest database schema.
Updating all LightBeam services to the respective release versions. As part of this step, all latest release version Docker images from Dockerhub registry are downloaded on respective worker nodes.
A post-upgrade job is executed which resumes scans for all data sources and starts processing, also verifies all services health.

About LightBeam

For any questions or suggestions, please get in touch with us at: .