Deploy Sync server in Kubernetes
You can use the docker image described at "Installing Sync server using Docker". Here you have a sample Kubernets YAML descriptor to deploy it.
Mind that any certificate present in the folder /opt/soffid/iam-sync/trustedcerts is considered as a trusted certificate. It is important to include the root syncserver certificate or any other certificate the sync server must connect with.
Another aspect to be aware of is the DNS resolution cache implemented by the java virtual machine. Because pods and service names often change its IP address, it suggested to disable the DNS cache adding the -Dsun.net.inetaddr.ttl=-1 parameter. Unlike the IAM console, the java options for the Sync server are not placed in the kubernetes descriptor, but in the console page to manage sync servers configuration.
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: syncserver-conf-claim spec: storageClassName: standard accessModes: - ReadWriteOnce resources: requests: storage: 10Mi --- apiVersion: apps/v1 kind: Deployment metadata: name: syncserver01 labels: app: soffid type: syncserver spec: replicas: 1 selector: matchLabels: app: soffid type: syncserver template: metadata: labels: app: soffid type: syncserver spec: containers: - name: syncserver image: soffid/iam-sync:3.0.0-beta-1 ports: - containerPort: 760 name: syncserver-port env: - name: DB_USER value: soffid - name: DB_PASSWORD value: 5uper5ecret - name: SOFFID_HOSTNAME value: syncserver01.soffid.com - name: SOFFID_MAIN value: "yes" - name: DB_URL value: jdbc:mariadb://mariadb-service/soffid volumeMounts: - name: conf-storage mountPath: /opt/soffid/iam-sync/conf volumes: - name: conf-storage persistentVolumeClaim: claimName: syncserver-conf-claim --- apiVersion: v1 kind: Service metadata: name: syncserver spec: externalTrafficPolicy: Local type: LoadBalancer selector: app: soffid type: syncserver ports: - name: syncserver protocol: TCP port: 760 targetPort: 760