You can access IBM Security Guardium Key Lifecycle Manager that is
installed on a Red Hat® OpenShift® cluster only on an HTTP port by
default. To access IBM Security Guardium Key Lifecycle Manager on non-HTTP ports,
such as IPP and KMIP, complete the steps in this topic.
Procedure
- Log in to the Red Hat OpenShift console as the cluster
administrator,
kube-admin
.
- Create a route for the IPP or KMIP port.
- In the left pane, expand
, and click
Create Route.
- Specify values for the following properties on the page.
Table 1. Properties and their
description
Property |
Description |
Name |
For IPP: ipp-route-name
For KMIP: kmip-route-name
|
Service |
sklmapp |
Target port |
For IPP: 3801 For KMIP: 5696
|
Security |
Select the Secure route check box. |
TLS Termination |
Select Passthrough as the TLS termination type. |
Insecure Traffic |
Select Passthrough as the insecure traffic type. |
- Click Create.
-
Log in to infrastructure node with root privileges.
- Depending on the port type, add the following front-end and back-end entries to the
/etc/haproxy/haproxy.cfg file.
For IPP:frontend ipp-route-name
bind *:IPP Node Port
default_backend ipp-route-name
mode tcp
option tcplog
backend ipp-route-name
balance source
mode tcp
server worker0 private-ip:IPP Node Port check
server worker1 private-ip:IPP Node Port check
server worker2 private-ip:IPP Node Port check
Where,
ipp-route-name is the route name and IPP Node Port is the
corresponding node port that is assigned to this route.
For KMIP:frontend kmip-route-name
bind *:KMIP Node Port
default_backend kmip-route-name
mode tcp
option tcplog
backend kmip-route-name
balance source
mode tcp
server worker0 private-ip:KMIP Node Port check
server worker1 private-ip:KMIP Node Port check
server worker2 private-ip:KMIP Node Port check
Where,
kmip-route-name is the route name and KMIP Node Port is the
corresponding node port that is assigned to this route.
- Restart the
haproxy
service using the following command:
systemctl restart haproxy
- You can now access IBM Security Guardium Key Lifecycle Manager on the
respective node ports (IPP Node Port or KMIP Node Port) for
IPP devices and KMIP clients.