Installing the IDPV Server
Install and deploy either Docker (standalone) or Kubernetes with Docker to run the IDPV server.
Docker/Podman
SafeNet IDPrime Virtual Server is provided as a Docker image. To install and run the latest release of the Docker software you can follow the documentation on the Docker website.
The values in <angle brackets> must also be updated. After the update, remove the angle brackets.
-
Unzip the provided image file as a TAR by executing the following command:
gzip -d <image-name.tar.gz> -
After unzipping, load the image in the Docker registry by executing the following command:
docker load -i <image-name.tar>For RHEL 9 or 8 with podman environment, the command is:
podman load -i <image-name.tar> -
After the above command is successfully executed, it returns an output in the following format:
For example:Loaded image: idprimevirtual_server: 2.5.0.12 -
Create a
/var/thales/configdirectory and copy the files downloaded from the delivery package provided with the IDPV package.appsettings.ymlidp-configuration.jsonIngrianNAE.propertieslog4net.configpolicy-configuration.jsonREADME.txtsws-configuration.json
This document uses
/var/thales/config/and/var/thales/hsm/directories for placing configuration files. However, based on requirements, you can use different directory names. If you choose different names, use them with discretion in relation to the names mentioned in this document. When configuring the HSM, please follow the instructions for placing content in the/var/thales/hsm/directory, based on the type of HSM you are using.
Kubernetes
The following steps are used to deploy IDPrime Virtual Server in Kubernetes:
These steps are for reference only and may vary depending on the environment.
-
Create a Kubernetes namespace for your project in Kubernetes.
-
Create a
namespacefor your project in Kubernetes using the following configuration of the YAML file:apiVersion: v1kind: Namespacemetadata:name: idpv-stagingThe namespace created in the above case is
idpv-staging.Alternatively, you can use the following command to create a namespace:
kubectl create namespace idpv-stagingThe namespace (idpv-staging) can be any name but once defined, the same name must be used in all of the subsequent deployment procedures.
-
Create a
/var/thales/configdirectory, and copy the files downloaded from the delivery package provided with the IDPV package.appsettings.ymlpolicy-configuration.jsonidp-configuration.jsonlog4net.configservercertificate.pfx
This document uses
/var/thales/config/and/var/thales/hsm/directories for placing configuration files. However, based on requirements, you can use different directory names. If you choose different names, use them with discretion in relation to the names mentioned in this document.Configure the IDPrime Virtual Server Parameters (
appsettings.yml) to configure the IDPV Server files. -
-
Create
SecretandConfigMapfor IDPV server and HSM client configuration respectively.-
Create a
secretusing the application-related configuration files prepared in the above step 1. -
Copy
kustomization.yamlin/var/thales/config/directory from the delivery package, and follow the steps provided in thekubectl apply -kfile.The dot character at the end of the command above represents the current directory.
The directory must contain the above mentioned files.
-
Create a
ConfigMapfor the HSM client related files. For more information, refer to Configuring Luna Client on Host Machine.For DPoD and KeySecure, refer to Configuring Data Protection on Demand and Configuring KeySecure respectively.
kubectl create configmap idpv-config-hsm --from-file=/var/thales/hsm/ -n idpv-staging
-
-
Update the deployment
yamlfile given in the deployment package.-
Update the deployment
yamlfile in the package.Update the values in
<angle brackets>(after the update, remove the angle brackets) for the following parameters:volumes: - name: vol1name secret: secretName: <idpv-configuration-secret> - name: vol2name configMap: name: idpv-config-hsmVolumes
vol1nameandvol2namecan be any names. But once defined, the same name must be used for all the further references.
SecretandConfigMapmust be defined as created in step 2 and step 3 above. -
If you are having the server Docker image in a Docker registry go to Step-e below. Otherwise, unzip the provided image file as a TAR by executing the following command:
gzip -d <image-name.tar.gz> -
After unzipping the file, load the image in the Docker registry by executing the following command:
docker load –i <image-name.tar>For RHEL 9 or 8 with podman environment, the command is:
podman load -i <image-name.tar> -
Configure a private Docker registry. For setting up the private registry, refer to Official Docker documentation.
Tag and push the image in the private Docker registry by executing the following commands:
docker tag <image-name> <docker-registry/repository/image-name:tag> docker push <docker-registry/repository/image-name:tag>In podman environment, use the respective commands for tagging and pushing the image.
-
In the
Kubernetes-Deployment.yamldeployment file, update the value in<angle brackets>(after the update, remove the angle brackets) for the following parameter:containers: - name: idpv-server image: <docker-registry/repository/image-name:tag> -
Update the following value fields in the deployment file:
-
The values,
vol1nameandvol2name, must be updated for name fields under the volumeMounts section:volumeMounts: - name:
mountPath: /publish/Config - name: mountPath: /usr/local/hsm -
The value field, docker-reg-creds-secret-name, must be updated in the deployment file:
imagePullSecrets: - name: <docker-reg-creds-secret-name>
-
-
Once the above changes are complete, create a deployment in the Kubernetes namespace. This deploys the server in a container pod.
-
-
Create a service to expose server outside of Kubernetes cluster.
-
Create a service using the YML file (provided in the package).
-
Update the
nodePortvalue as per the availability.nodePort: <nodePort-value>
-
