Deploy Sync server in Kubernetes

You can use the docker image described at "Installing Sync server using Docker". Here you have a sample Kubernets YAML descriptor to deploy it.

Mind that any certificate present in the folder /opt/soffid/iam-sync/trustedcerts is considered as a trusted certificate. It is important to include the root syncserver certificate or any other certificate the sync server must connect with.

Another aspect to be aware of is the DNS resolution cache implemented by the java virtual machine. Because pods and service names often change its IP address, it suggested to disable the DNS cache adding the -Dsun.net.inetaddr.ttl=-1 parameter. Unlike the IAM console, the java options for the Sync server are not placed in the kubernetes descriptor, but in the console page to manage sync servers configuration.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: syncserver-conf-claim
spec:
  storageClassName: standard
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: syncserver01
  labels:
    app: soffid
    type: syncserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: soffid
      type: syncserver
  template:
    metadata:
      labels:
        app: soffid
        type: syncserver
    spec:
      containers:
        - name: syncserver
          image: soffid/iam-sync:3.0.0-beta-1
          ports:
            - containerPort: 760
              name: syncserver-port
          env:
            - name: DB_USER
              value: soffid
            - name: DB_PASSWORD
              value: 5uper5ecret
            - name: SOFFID_HOSTNAME
              value: syncserver01.soffid.com
            - name: SOFFID_MAIN
              value: "yes"
            - name: DB_URL
              value: jdbc:mariadb://mariadb-service/soffid
          volumeMounts:
          - name: conf-storage
            mountPath: /opt/soffid/iam-sync/conf
      volumes:
        - name: conf-storage
          persistentVolumeClaim:
            claimName: syncserver-conf-claim
---
apiVersion: v1
kind: Service
metadata:
  name: syncserver
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  selector:
    app: soffid
    type: syncserver
  ports:
  - name: syncserver
    protocol: TCP
    port: 760
    targetPort: 760