Installing Sync server
Guide to install Sync server on Kubernetes.
Prerequisites
Soffid IAM sync server requires the following requirements:
Video Tutorial
Linux
Installation
You can use the docker image described at Installing Sync server using Docker. Here you have a sample Kubernets YAML descriptor to deploy it.
# Secrets to store syncserver configuration
apiVersion: v1
kind: PersistentVolumeClaimSecret
metadata:
name: syncserver-conf-claimsyncserver
spec:type: storageClassName:Opaque
standarddata:
accessModes:config: c3Nva20=
---
# Service account for sync server
apiVersion: v1
kind: ServiceAccount
metadata:
name: syncserver
---
# Role to access the sync server
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: syncserver
rules:
- ReadWriteOnceverbs:
- get
- update
apiGroups:
- ''
resources:
requests:- storage:deployments
10Mi- pods/attach
- secrets
- secrets/syncserver
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: syncserver
namespace: default
subjects:
- kind: ServiceAccount
name: syncserver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: syncserver
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: syncserver01
labels:
app: soffid
type: syncserver
spec:
replicas: 1
selector:
matchLabels:
app: soffid
type: syncserver
template:
metadata:
labels:
app: soffid
type: syncserver
spec:
serviceAccountName: syncserverpoc
containers:
- name: syncserver
image: soffid/iam-sync:3.0.0
ports:
- containerPort: 760
name: syncserver-port
readinessProbe:
initialDelaySeconds: 5
failureThreshold: 1
httpGet:
path: /diag
scheme: HTTPS
port: 760
livenessProbe:
initialDelaySeconds: 5
timeoutSeconds: 3
failureThreshold: 3
httpGet:
path: /diag
scheme: HTTPS
port: 760
env:
- name: DB_USER
value: soffid
- name: DB_PASSWORD
value: 5uper5ecret
- name: SOFFID_HOSTNAME
value: syncserver01.cloud.soffid.com
- name: SOFFID_MAIN
value: "yes"
- name: KUBERNETES_CONFIGURATION_SECRET
value: "syncserverpoc"
- name: DB_URL
value: jdbc:mariadb://mariadb-service/soffid
volumeMounts:
- name: conf-storage
mountPath: /opt/soffid/iam-sync/conf
volumes:
- name: conf-storage
persistentVolumeClaim:
claimName: syncserver-conf-claim
---
apiVersion: v1
kind: Service
metadata:
name: syncserversyncserverpoc
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app: soffid
type: syncserver
ports:
- name: syncserver
protocol: TCP
port: 760
targetPort: 760
Linux commands
Apply the YAML file with the defining Kubernetes resources
kubectl apply -f syncserver.yaml
Check deployments
kubectl get deployments
Chek pods: you can check pods and their status
kubectl get pods
View Sync server log
kubectl logs <your-pod-syncserver-name>
Now you can connect to the IAM console http://<Node-Ip>:<publish-port>/soffid and chek if Console and Syncserver are connected.