Skip to main content

Installation

Installation Requirements

What is needed to install mPower packaged Kobil services? Find "values.yaml" example file for mPower and other dependency covering the full overall description.

  • mPower Readme
  • dependencies

Platform requirements

  • kubernetes platform running k8s v1.19+ (and higher)
  • helm v3.3+ deployment tool
  • Kobil Image repository credential set for image downloads
  • Kobil chart-museum repository credential set or delivered Kobil mPower chart package

Operation requirements

  • Mail-Service/Host (depending on user registration process)
  • Database Services for Kobil Security Server-, IAM/IDP- and SCP-Services (plus Dashboard-ServiceDBs and internal services DBs (redis/eCache..))

Infrastructure requirements

  • Domain ownership, Certificates/SAN

Different type of installs - Overview

Test-Install

Build a test-install (all_in install without Kobil license) as a "sandbox" for simple testing purposes only

 * main key parameter for test-install (**ssms:certificate:testInstallation**) - keep this to **testInstallation: true** results in a test-installation - which is fixed and **could be NOT migrated into a licensed Kobil Service**.  
 * using mBattery to prepare runtime for mPower into the used k8s-cluster providing ingress-controller, databases and monitoring, tracing or logging services for Kobil Services.

New Production Install

New production install with Kobil licensing

* production install with Kobil License (see License procedure / registration procedure)  
  [Licensing Procedure for Kubernetes/OpenShift for Security Server 3.4++](/docs/ssms-docs/ssmsinstallconfig/kubernetes-opbased/installation-k8s/installation/new-prod-install/licenseprocedure-k8s-oc-ssms3) - and - [Security Server Production License Installation for Security Server 3.5.*/3.6*](/docs/ssms-docs/ssmsinstallconfig/kubernetes-opbased/installation-k8s/installation/new-prod-install/ssmsprodlicenseinstallation3.5).  
* database compatibility and driver for mysql-jconnector - mPower meta-configuration file with appropriate key-value pairs.  
* external database credential sets / firewall or proxy info to ensure accessibility.  
* creating database schemas or configure mPower charts to do so - find parameter "ensure_DB" per mPower component.

Migration Install

  • Migration install - new installation for using existing Security Server database by new install for mPower(Security Server) on Kubernetes

    • multi-tenant / single-tenant considerations
    • installation re-uses existing Security Server database content by now k8s-hosted Security Server-services
    • follow migration advise to use "config.xml" configuration data from original Security Server-service (installer) installation.
    • mapping existing tuning for the Security Server service into kubernetes Security Server services as per Configuration of Kubernetes based Security Server 3.4.x and higher.
    • default tenant handling (single-tenant/standard Security Server data will be migrated to MT-Security Server "MASTER" tenant for k8s hosted Security Server sevices) - more details in Migration Install section.
    • ensuring User/Device registration at Security Server logic is not affected (user and device context for Security Server functionality remains).

Partial Install

  • Partial install - install only selective components out of the Kobil mPower services matching implementation requirements

    • Installation of Security Server only
    • Installation of IDP/IAM only, or combined with Security Server-service
    • API-related only install with no dashboards
    • all mPower components are enabled( or disabled) by single key:value "enable: true" per component section in the mPower meta-configuration "values.yaml"

Software Delivery

Delivery process:

  1. KOBIL provides access to private Image repository for Image download and for Chart package download - find details here: Kobil Repository.
  2. KOBIL ensures image upload and integrity to the repository. This covers documented SHA-256 hash value for each Kobil image.
  3. The operating party verifies the delivery of the image with the hash.
  4. The operating party confirms KOBIL the correctness of the hash of the delivery via email.
  5. The operating party transfers the delivery to the installation environment.

Installation Procedure and parameter configuration & deployment tuning

Configuration Parameter Handling:

  1. KOBIL Charts and Kobil Service are designed to use pre-defined configuration data (i.e secrets and configmaps). In addition deployment meta-chart configuration file (values.yaml) overruling default sub-chart parameter settings will well defined defaults.

  2. KOBIL recommends to use your specific meta-chart deployment configuration file and not to configure/edit sub-charts parameter file (i.e. do not edit ./charts/ssms/values.yaml - but edit meta-configuration chart file "values.yaml" adding tuned parameter from the sub-charts to honor specific settings).

Upgrade Procedure using "helm"

  • Upgrading mPower package
    • using helm tool for upgrades
  • sample - demo-test-install
  • sample - production-licensed-install

Installation Demo

  • find Installation demo under Build-a-test-install - covering detailed how to here: Demo Installation.