Skip to main content

Installing Sync server

Guide to install Sync server on Kubernetes.

Prerequisites

Soffid IAM sync server requires the following requirements:

Video Tutorial

Linux

Installation

You can use the docker image described at Installing Sync server using Docker. Here you have a sample Kubernets YAML descriptor to deploy it.

# Secrets to store syncserver configuration
apiVersion: v1
kind: PersistentVolumeClaimSecret
metadata:
  name: syncserver-conf-claimsyncserver
spec:type: storageClassName:Opaque
standarddata:
  accessModes:config: c3Nva20=
---
# Service account for sync server
apiVersion: v1
kind: ServiceAccount
metadata:
  name: syncserver
---
# Role to access the sync server
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: syncserver
rules:
  - ReadWriteOnceverbs:
      - get
      - update
    apiGroups:
      - ''
    resources:
      requests:- storage:deployments
      10Mi- pods/attach
      - secrets
      - secrets/syncserver
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: syncserver
  namespace: default
subjects:
  - kind: ServiceAccount
    name: syncserver
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: syncserver
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: syncserver01
  labels:
    app: soffid
    type: syncserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: soffid
      type: syncserver
  template:
    metadata:
      labels:
        app: soffid
        type: syncserver
    spec:
      serviceAccountName: syncserverpoc
      containers:
        - name: syncserver
          image: soffid/iam-sync:3.0.0
          ports:
            - containerPort: 760
              name: syncserver-port
          readinessProbe:
            initialDelaySeconds: 5
            failureThreshold: 1
            httpGet:
              path: /diag
              scheme: HTTPS
              port: 760
          livenessProbe:
            initialDelaySeconds: 5
            timeoutSeconds: 3
            failureThreshold: 3
            httpGet:
              path: /diag
              scheme: HTTPS
              port: 760
          env:
            - name: DB_USER
              value: soffid
            - name: DB_PASSWORD
              value: 5uper5ecret
            - name: SOFFID_HOSTNAME
              value: syncserver01.cloud.soffid.com
            - name: SOFFID_MAIN
              value: "yes"
            - name: KUBERNETES_CONFIGURATION_SECRET
              value: "syncserverpoc"
            - name: DB_URL
              value: jdbc:mariadb://mariadb-service/soffid
          volumeMounts:
          - name: conf-storage
            mountPath: /opt/soffid/iam-sync/conf
      volumes:
        - name: conf-storage
          persistentVolumeClaim:
            claimName: syncserver-conf-claim
---
apiVersion: v1
kind: Service
metadata:
  name: syncserversyncserverpoc
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  selector:
    app: soffid
    type: syncserver
  ports:
  - name: syncserver
    protocol: TCP
    port: 760
    targetPort: 760

Linux commands

Apply the YAML file with the defining Kubernetes resources

kubectl apply -f syncserver.yaml

Check deployments 

kubectl get deployments

Chek pods: you can check pods  and their status

kubectl get pods

View Sync server log

kubectl logs <your-pod-syncserver-name>

 

Now you can connect to the IAM console  http://<Node-Ip>:<publish-port>/soffid  and chek if Console and Syncserver are connected.