In the latest installment of my blog series on IBM Cloud Data Shield, I’m going to look at converting and deploying an application in an IBM Cloud Data Shield environment.
Pro tip: You need to have the service installed and a Docker secret configured to follow the steps in this post. Need help? Check out the first blog in this series: Installing IBM Cloud Data Shield.
Be sure that you have the following permissions before you get started:
- Access to the cluster where you installed IBM Cloud Data Shield
- Pull permissions for the input registry
- Push permissions for the output registry
- Access to the Enclave Manager UI account
Getting set up
Before I can convert my app, I need to be logged in to my account and able to access the Enclave Manager:
- Log in to IBM Cloud. Use the prompts to finish the login process:
- Next, I need to grab my IAM token by running the following command. The output will be
Bearer. I only need to copy the long string of letters and numbers—not including
- I’ll also need to get my Enclave Manager UI host URL. The URL follows the format—
Converting by using the IBM Cloud Data Shield Enclave Manager UI
- I need to log in to the Enclave Manager by using the IAM token from Step 2 in the previous section:
- In the Enclave Manager, go to the Tools tab. As you can see in the following image, I specify my source image and an output image (which is what the converted image is named). Then, click Convert:
- After the tool finishes converting, the following message will show. This means I’m now ready to deploy my application:
Converting using IBM Cloud Data Shield Converter API
- First, I’ll export my IAM token as “token”:
- Now, in order to execute the conversion, I need to specify the
outputImageName. I also need to replace the
ingress-domainwith my cluster’s ingress domain. After I have specified all the data in the curl command, I can execute it:
- After the conversion is completed successfully, a message like the following will show up, which means our application has been converted and I’m now ready to deploy:
Deploying converted applications
After my app is converted, I’m ready to deploy it to my cluster.
- I’ll create my deployment.yml file, making sure the image value matches the converted image registry and name:
- Now, I’ll create my deployment:
- After a minute or two, I can check if my pod is up and running. When the pod is in a “running” state, it means that it has been deployed successfully and that I’m ready to use my application:
That’s it! The application is now running in an IBM Cloud Data Shield secure enclave.
We’d love to hear from you with feedback and questions:
- If you have technical questions about the service, post your question on Stack Overflow and tag your question with
- For questions about the service and getting started instructions, use the IBM Developer Answers forum. Include the
- Open a support ticket in the IBM Cloud menu.
For more information and options, check out the IBM Cloud Data Shield documentation.