Installing Privacy Dynamics in Your Cloud

Privacy Dynamics can be installed within a customer’s cloud account in Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP). Privacy Dynamics is a Kubernetes-based application and relies on the third-party application, Replicated, to perform the initial installation and manage upgrades.

Requirements

In order to fully install Privacy Dynamics, you will need the components below:

• A Kubernetes cluster, version 1.28, 1.29, and 1.30, with access to the internet
  • An Ingress controller on the cluster (see below)
• DNS records corresponding to application ingresses (see below)
• Certificates corresponding to application ingresses (see below)

Ingress Controller

To access the Privacy Dynamics software after installation, a few Ingress resources will be created on the cluster. These Ingresses will require a running Ingress controller in order to function. While are are many Ingress controllers to choose from, we recommend the NGINX Ingress Controller. This uses the popular NGINX web server, and is the only Ingress controller tested to work with our software. This can be installed through the Privacy Dynamics Installer, but manual instructions are available if needed.

DNS Records

Installation best practice is to partition off Privacy Dynamics into a subdomain, keeping everything separate from the rest the customer's infrastructure. We recommend creating a subdomain, such as pvcy.customer.com, which is dedicated to hosting Privacy Dynamics endpoints. This will ensure there is no unintended interference with other DNS records. Within that subdomain, DNS records will need to point URLs corresponding to the application ingresses to the cluster's load balancer.

The example domain customer.com is used throughout the documentation and is intended to represent the customer's domain name. The customer's domain should be used wherever customer.com is present in code samples.

Our Terraform modules will create a DNS zone on your cloud DNS provider, and our Installer can install ExternalDNS to manage the creation of DNS records. Manual instructions are available as well.

Certificates

We recommend making your application ingresses available over HTTPS, which will require a valid certificate from a trusted Certificate Authority. These certificates will need to be rotated over time as they expire. We recommend using cert-manager to handle certificate management. Our Installer can install the cert-manager Operator and also configure it to issue certificates from Let's Encrypt. Manual instructions are also available.

Observability Tools

While not required, observability tools are always recommended. Our Installer facilitates the installation of Prometheus, Alertmanager, Grafana, Loki, and Promtail. Manual instructions are also available.

CLI Tools

To assist you in completing these tasks, the following CLI tools are recommended:

• kubectl
• Management tools for your cloud provider
  • AWS CLI
  • eksctl
  • Azure CLI
  • gCloud CLI
• Terraform (optional, for scripted installations)
• Helm v3 (optional, for manual installations)

Installation Process

The basic steps to get Privacy Dynamics running are listed below.

1. Provision Kubernetes Cluster and Cloud Resources
2. Configure Cluster
3. Install Replicated
4. Install Privacy Dynamics
5. Configure Alerting