Configuring on-premises Identity Brokerage with GCP managed PostgreSQL

Edit online

Manage the configuration of Identity Brokerage on-premises components to connect with a managed PostgreSQL service hosted on Google Cloud Platform (GCP)

Before you begin

  • Deployment operation of on-premises components needs to be done. See Deploying the on-premises components for more details.
  • Ensure that the PostgreSQL service is reachable through a static IP or DNS name within your cloud environment.
  • Configure the identity agent for provisioning in IBM® Verify. To configure the identity agent, navigate to Integrations > Identity agents and create an agent. See Configuring through the Verify user interface for more information.
  • Deploy and configure the IBM Verify Identity Brokerage on-premises component. This gateway allows Verify to integrate with on-premises targets by using Verify adapters.
  • Ensure that the administrative user is configured as Postgres.
  • Create a database named ibdb within the PostgreSQL instance.

Procedure

  1. Kubernetes configuration
    Update the ib-secrets
    • Locate the ib-secrets section in ${identity_agent_name}-k8s-deployment.yml and update the following field: 
      
apiVersion: v1
kind: Secret
metadata:
   namespace: isv
   name: ib-secrets
type: Opaque
data:
   POSTGRES_PASSWORD: <base64-encoded-postgres-password>
    • Replace <base64-encoded-postgres-password> with the Base64-encoded value of your actual PostgreSQL password.
    Modify the ib-configmap
    • Locate the ib-configmap section in ${identity_agent_name}-k8s-deployment.yml and update the following field: 
      
apiVersion: v1
kind: ConfigMap
metadata:
    namespace: isv
    name: ib-configmap
data:
    DB_SERVICE_NAME: <postgres-host-ip-or-dns>
    • Replace <postgres-host-ip-or-dns> with the IP address or DNS name of your PostgreSQL instance.
    Note: Since an external PostgreSQL service is being used, you can exclude the following Kubernetes resources from the ${identity_agent_name}-k8s-deployment.yml:
    • postgres-vol (PersistentVolumeClaim)
    • ibdb (Deployment and Service)
    • pv-db (PersistentVolume)
  2. Docker configuration
    Update environment variables
    • In the identity-brokerage service section of the ${identity_agent_name}-docker-compose.yml, add or update the following environment variables: 
      
services:
  identity-brokerage:
    environment:
      - DB_SERVICE_NAME=<postgres-host-ip-or-dns>
      - POSTGRES_PASSWORD=<postgres-password>
    • Replace <postgres-host-ip-or-dns> and <postgres-password> with your PostgreSQL instance and password.
    Note: Since an external PostgreSQL service is being used, you can exclude the following from the ${identity_agent_name}-docker-compose.yml:
    • ibdb service
    • postgres-vol volume