Deployment on Kubernetes with Helm
To deploy the RSA on Kubernetes we will utilize a packaged Helm solution to deploy the container itself as well as the additional components required to run on that platform. See the Helm Documentation for more details. These instructions support both the 2.X and 3.X versions of the Helm command line tool.
As this project is built on top of the JAVA Spring framework, it utilizes a common IDENTOS Helm chart used for deploying Spring applications.
To deploy an RSA:
Enable the IDENTOS Helm chart repository:
$ helm repo add identos https://charts.dev.identos.caDeploy using the following command to a namespace called 'my-namespace' using the configuration file 'configuration.yaml'
$ helm upgrade --install rsa identos/spring -n my-namespace -f configuration.yaml
Configuration
Configuration for a Helm chart is provided as a YAML formatted file. The following table lists the configuration parameters, a description and their default values. These properties are common between both the RSA and the RSA Admin API.
Note that a valid ingress controller must be installed within your Kubernetes environment to make use of the ingress element.
Currently, the RSA and RSA Admin API are deployed via separate Helm charts.
Common Helm Chart Properties
| Parameter | Description | Default |
|---|---|---|
| suffix | Optionally override the fully qualified name. | "" |
| replicas | The number of replicas to create. | 1 |
| image.repository | The RSA docker container repository. | registry.git.identos.ca/rsa/adapter-base |
| image.tag | Overrides the docker container image version. This value can be changed later as required to point to an exact version. | latest |
| image.pullPolicy | The image pull policy. Refer to the Kubernetes reference documentation for more information. | IfNotPresent |
| image.credentials | Secret name containing docker credentials for private repository. | nil |
| application.enableHTTPS | Option to disable SSL termination, self signed certificate will be used. | false |
| application.port | Port number for the service to run under. | 8080 |
| application.config | Full configuration for docker container see OIDC Configuration or LDAP Configuration for details. | "" |
| ingress.enabled | Flag to enable or disable ingress element creation for service. | false |
| ingress.annotations | Annotations to apply to ingress element. | [] |
| ingress.host | Hostname for the ingress element to listen on. | "" |
| resources | Pod resource requests and limits. | {} |
| mysql.enabled | Enable MySQL helm chart dependency. | IfNotPresent |
| mysql.* | See Configuration for details | - |
| deployment.annotations | Any Kubernetes annotations to apply to the deployment object used for this application. | {} |