Contribute in GitHub:
Open doc issue|Edit online
Creating the FDS Container
Use the following steps to create the FDS container.
- Ensure that the kubectl context is set to the correct environment. The mechanism differs based on the Kubernetes environment in use.
- Create a ConfigMap definition file that is named
ibm-svdi-fds-config.yaml
. This definition file contains the configuration YAML for the Directory Integrator FDS container. For example,apiVersion: v1 kind: ConfigMap metadata: name: ibm-svdi-fds-config namespace: default data: ca.pem: | <insert-ca.pem-here> config.yaml: | general: license: key: "add-your-license-key-here" accept: true fds: connection: ibm-directory: authentication: name: cn=root password: passw0rd1 target-container: o=ibm,c=us url: ldaps://ldap.ibm.com type: ibm-directory endpoints: - ibm-directory: authentication: name: cn=root password: passw0rd1 target-container: o=ibm,c=us url: ldaps://endpoint.ibm.com name: my-target flows: - name: "my-flow" source: name: "my-target" keyfile: trusted-certificates: - "@/var/isvd/config/ca.pem"
- Create the ConfigMap.
kubectl create –f ibm-svdi-fds-config.yaml
- Create the persistent volume claim that is used by the container to store the Directory Integrator server data. The mechanism varies based on the Kubernetes environment in use. The following example shows how to create a persistent volume claim
in an IBM cloud environment.
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: ibm-svdi-fds-claim labels: billingType: "hourly" region: au-syd zone: syd04 spec: accessModes: - ReadWriteOnce resources: requests: storage: 45Gi storageClassName: ibmc-block-silver
- Create a deployment file that is named
ibm-svdi-fds-container.yaml
. This deployment file defines a Directory Integrator FDS container for your environment.# # The deployment description of the Verify Directory Integrator FDS container. # apiVersion: apps/v1 kind: Deployment metadata: name: ibm-svdi-fds labels: app: ibm-svdi-fds spec: selector: matchLabels: app: ibm-svdi-fds template: metadata: labels: app: ibm-svdi-fds spec: # The name of the service account which has the required # capabilities enabled for the container. serviceAccountName: ibm-svdi # We use a volume to store the configuration for the # environment. volumes: - name: config-volume configMap: name: ibm-svdi-fds-config - name: data-volume persistentVolumeClaim: claimName: ibm-svdi-fds-claim containers: - name: ibm-svdi-fds # The fully qualified name of the image. image: icr.io/isvdi/verify-directory-integrator-fds:latest # Environment definition. env: - name: YAML_CONFIG_FILE value: /var/IBM/svdi/config/config.yaml # The configuration volume. volumeMounts: - name: config-volume mountPath: /var/IBM/svdi/config - name: data-volume mountPath: /var/isvdi/data # The liveness, readiness and startup probes are used by # Kubernetes to monitor the health of the container. Our # health is governed by the health_check.sh script which is # provided by the container. livenessProbe: exec: command: - /sbin/health_check.sh - livenessProbe initialDelaySeconds: 5 periodSeconds: 10 readinessProbe: exec: command: - /sbin/health_check.sh initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: exec: command: - /sbin/health_check.sh - startupProbe initialDelaySeconds: 5 periodSeconds: 10
- Create the container.
kubectl create –f ibm-svdi-fds-container.yaml
- You can monitor the bootstrapping of the container by using the logs command.
kubectl logs -f `kubectl get -o json pods -l app=ibm-svdi-fds | jq -r .items[0].metadata.name`