Connecting to the Bastion and Installing Software Packages

The following procedures cover connecting to the bastion, installing the required tools, and performing several configuration tasks.

In the examples, it's assumed that the keypair is stored in ~/.ssh

  1. Run the following command to connect to the bastion:

    ssh -i ~/.ssh/<keypair_name> <USERNAME>@<Bastion_Public_IP_address>

    Where:

    <keypair_name> is the private part of your keypair

    <USERNAME> is the username as created in Creating the SSH Keypair

    <Bastion_Public_IP_address> is the bastion's public IP address

  2. Install kubectl and configure the bastion by executing the following commands:

    To determine the Kubernetes version to use when deploying the ArcSight Platform to Google Cloud, check the Hybrid Cloud Support page of the Technical Requirements for ArcSight Platform 23.3.
    sudo yum install -y epel-release
sudo yum install -y vim docker mc nfs-utils unzip jq htop ncdu nload nano xauth firefox
sudo groupadd docker
sudo usermod -a -G docker root
sudo usermod -a -G docker <username>
sudo systemctl start docker
sudo systemctl enable docker
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable-<GKE_VERSION>.txt)/bin/linux/amd64/kubectl"
chmod +x ./kubectl
sudo mv kubectl /usr/bin
sudo gcloud components install gke-gcloud-auth-plugin
sudo yum install google-cloud-sdk-gke-gcloud-auth-plugin
sudo yum install -y openssl

    Where:

    <GKE_VERSION> is the major GKE version (for example, 1.26 for a GKE version 1.26.5-gke.1400)

    The GKE credentials can be obtained by running the following command:

    If the GKE is zonal:

    gcloud container clusters get-credentials <cluster_name> --zone <zone>

    If the GKE is regional:

    gcloud container clusters get-credentials <cluster_name> --region <region>

    Where:

    <cluster_name> is the name of the cluster to get credentials for

    <zone> is the cluster zone

    <region> is the cluster region

    Example for a zonal GKE:

    gcloud container clusters get-credentials gcp-arcsight-test-gks --zone us-central1-a

    Example for a regional GKE:

    gcloud container clusters get-credentials arcsight-suite-miguel-gks2 --region us-central1

  3. Check that the cluster has been configured with the following command:

    kubectl get svc

  4. Configure the access to the Artifactory Registry with the following commands:

    gcloud auth configure-docker <registry>
gcloud auth print-access-token --impersonate-service-account <service_account> | podman login -u oauth2accesstoken --password-stdin https://<region>-docker.pkg.dev

    Where:

    <registry> is the registry name to configure the access for

    <service_account> is the service account created in Identity and Access Management (IAM), check the Google Cloud worksheet(add link to worksheet) for the value.

    <region> is the bastion compute region (check the Google Cloud worksheet(add link to worksheet))

    Example:

    gcloud auth configure-docker us-central1-docker.pkg.dev
gcloud auth print-access-token --impersonate-service-account gcp-arcsight-test-sa@security-arcsight-nonprod.iam.gserviceaccount.com | podman login -u oauth2accesstoken --password-stdin https://us-central1-docker.pkg.dev

  5. Optional - to obtain the list of Kubernetes cluster/pods use the following command:

    kubectl get svc/kubectl get pods -A