-
Notifications
You must be signed in to change notification settings - Fork 64
Kubernetes
The following is not a definitive process of adding Sal to Kubernetes but instead an overview of the types of config you can do.
The following is based on the assumption that you have a compatible database you wish to use and a Kubernetes cluster with relevant tooling setup.
This guide is not complete and is best efforts as API compatibility changes with Version and environment.
The provided resource definitions reference secrets that must be added to the Kubernetes cluster before the associated pods can start.
These secrets are
The resource definitions ensure that the secrets are loaded as environment variables (or mounted to the filesystem in the case of the TLS certificate and private key. If the secrets are not defined, containers will not start.
The recommended method for creating secrets is to save the secret values into files, and then create the secret resources using the kubectl create secret
command.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: "sal"
namespace: "default"
labels:
k8s-app: "sal"
spec:
revisionHistoryLimit: 2
replicas: 1
template:
metadata:
labels:
k8s-app: "sal"
component: "sal"
annotations:
poddns/name: "sal"
poddns/port: "443"
spec:
containers:
- name: sal
image: macadmins/sal-saml:3.3.16
imagePullPolicy: Always
command:
- "/run.sh"
ports:
- containerPort: 8080
name: sal-server
protocol: TCP
env:
- name: DB_NAME
value: ""
- name: DB_USER
value: ""
- name: DB_HOST
value: ""
- name: DB_PASS
value: ""
- name: DB_PORT
value: "5432"
- name: MEMCACHED_PORT_11211_TCP_ADDR
value: "memcached"
volumeMounts:
# - mountPath: /home/docker/sal/sal/settings.py
# name: cfgmap
# subPath: settings.py
# - mountPath: /home/docker/sal/sal/metadata.xml
# name: cfgmap
# subPath: metadata.xml
- mountPath: /home/docker/sal/plugins
name: sal-plugins
- name: memcached
image: memcached:1.4.37
ports:
- containerPort: 11211
name: memcached
protocol: TCP
volumes:
- name: cfgmap
configMap:
name: sal"-config
- name: sal-plugins
gcePersistentDisk:
pdName: fooBarDiskName
fsType: ext4
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/scrape: "true"
labels:
k8s-app: sal
name: sal
namespace: default
spec:
ports:
- port: 8080
name: sal-http
protocol: TCP
targetPort: 8080
selector:
k8s-app: sal
type: ClusterIP
- Brute force protection
- LDAP integration
- Active Directory integration
- API
- Usage reporting
- License Management
- Maintenance
- Search
- Troubleshooting
- SAML
- IAM Authentication for AWS RDS Postgres
- Docker
- Ubuntu 14.04
- Ubuntu 16.04
- RHEL 7
- Kubernetes
- Heroku?