Skip to main content

New production install

Setup a full mPower production install covering new Kobil Security Server license. The Security Server license procedure is triggered at time of first deployment and could not be done prior to that.
Most important for a new productive Kobil Security Server license is the mPower configuration section (values.yaml):ssms:certificate: - here to set the CountryCode, Organization Name and eMail address.
Find more info below and in the Configuration Guide

Production Install - new install from scratch for a full mPower deployment

Considerations for using mBattery deployment (using mBattery created new Ingress-Controller DaemonSet / or to use existing platform specific routing for the Kobil-Services). Most likely the use of existing k8s-cluster infrastructure services is the target and integrate the mPower deployment into this.

Considerations for using existing DB-Services (DB-drivers and/or specific parameter set for accessing the DB-services for Security Server, IDP and SCP services)

Prepare "license" parameter for Security Server registration

This was done by "CU" in Standalone install.

  • prepare "license" parameter in your mPower meta-chart configuration file mPower configuration section (values.yaml):ssms:certificate: - here to set the CountryCode, Organization Name and eMail address.
    Licensing Procedure for Kubernetes/OpenShift for Security Server 3.4++ - and - Security Server Production License Installation for Security Server 3.4./3.5.
  • retrieve DB-service endpoints and credentials for Security Server, IPD, SCP services (depending on selected services - update mpower "values.yaml")
  • consider Security Server-tuning configuration info for sizing the services (communication.xml,server.xml,,,) (optional / could be applied lateron)
  • consider to use custom truststore.jks data and apply them prio to install into appropriate configmap objects
  • when deployment is started (helm install <mpower>) this will startup the Security Server-service pods and triggering the License procedure. The Pod/Service startup is blocked at runtime of "master-configuration"-pod.
    Now retrieve the CSR and provide this to Kobil for "license"-creation. Once the "license" secret is installed to the Kubernetes namespace followup with the full Kubernetes deployment takes place.

Run helm Install

run "helm install" into namespace

  • ensure to have repository pull-secret created prior to run "helm install" and helm kobil repository access enabled
  • ensure to honor the mPower pre-req from readem
  • helm install mpower -f ./values.yaml kobil/mpower
  • watch "ssms-master-config*" Pod(job) log output find created secret "ssms-certificate-sign-request"
  • .. follow license procedure
  • watch "ssms-mgt/svc" Pod log output to verify access to Security Server-DB is possible