How to copy to Kubernetes Secrets

~~Guide~~

When making any manual changes to ~~install~~the Sync server onconfiguration ~~Kubernetes.~~

files,

Prerequisites

~~Soffid~~will ~~IAM~~be ~~sync~~necessary ~~server~~to ~~requires~~copy these changes to the ~~following~~Kubernetes ~~requirements:~~secrets.

~~Supported database installed~~

~~Soffid Console Installed~~

Video Tutorial

Linux

Installation

~~You can use the docker image described at~~ ~~Installing Sync server using Docker. Here you have a sample Kubernets YAML descriptor to deploy it.~~

# Secrets to store syncserver configuration
apiVersion: v1
kind: Secret
metadata:
  name: syncserver
type: Opaque
data:
  config: c3Nva20=
---
# Service account for sync server
apiVersion: v1
kind: ServiceAccount
metadata:
  name: syncserver
---
# Role to access the sync server
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: syncserver
rules:
  - verbs:
      - get
      - update
    apiGroups:
      - ''
    resources:
      - deployments
      - pods/attach
      - secrets
      - secrets/syncserver
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: syncserver
  namespace: default
subjects:
  - kind: ServiceAccount
    name: syncserver
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: syncserver
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: syncserver01
  labels:
    app: soffid
    type: syncserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: soffid
      type: syncserver
  template:
    metadata:
      labels:
        app: soffid
        type: syncserver
    spec:
      serviceAccountName: syncserver
      containers:
        - name: syncserver
          image: soffid/iam-sync:3.0.0
          ports:
            - containerPort: 760
              name: syncserver-port
          readinessProbe:
            initialDelaySeconds: 5
            failureThreshold: 1
            httpGet:
              path: /diag
              scheme: HTTPS
              port: 760
          livenessProbe:
            initialDelaySeconds: 5
            timeoutSeconds: 3
            failureThreshold: 3
            httpGet:
              path: /diag
              scheme: HTTPS
              port: 760
          env:
            - name: DB_USER
              value: soffid
            - name: DB_PASSWORD
              value: 5uper5ecret
            - name: SOFFID_HOSTNAME
              value: syncserver01.cloud.soffid.com
            - name: SOFFID_MAIN
              value: "yes"
            - name: KUBERNETES_CONFIGURATION_SECRET
              value: "syncserver"
            - name: DB_URL
              value: jdbc:mariadb://mariadb-service/soffid
---
apiVersion: v1
kind: Service
metadata:
  name: syncserver
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  selector:
    app: soffid
    type: syncserver
  ports:
  - name: syncserver
    protocol: TCP
    port: 760
    targetPort: 760

Linux commands

~~Apply the YAML file with the defining Kubernetes resources~~

kubectl apply -f syncserver.yaml

~~Check deployments~~Command:

kubectljava get-cp deployments"/opt/soffid/iam-sync/bin/bootstrap.jar" com.soffid.iam.sync.bootstrap.KubernetesSaver

~~Chek~~ ~~pods:~~

~~you~~

Soffid ~~can~~version ~~check~~3.x ~~pods~~upgrade automatically the certificates when the certificate end date is close and ~~their~~no ~~status~~

manual

kubectl get pods

~~View Sync server log~~

kubectl logs <your-pod-syncserver-name>

~~Now you can connect to the IAM console~~ ~~http://<Node-Ip>:<publish-port>/soffid~~ ~~and chek if Console and Syncserver~~actions are ~~connected.~~required.