Part 01: Deploying WSO2 Identity Server 5.11.0 on Kubernetes with all new K8s Operator
WSO2 Identity Server is one of the worlds leading Identity Access Management (IAM) solutions that facilitate security while connecting and managing multiple identities across different applications. It enables enterprise architects and developers to improve customer experience through a secure single sign-on environment.
WSO2 has recently released its latest version, known as 5.11.0 with a lot of features including a React-based brand new look. Open Source and IAM enthusiasts are now able to download and try out the Identity Server at zero cost from the given link https://wso2.com/identity-and-access-management/
Kubernetes is a great choice for the developers who are trying to deploy IS on production environments. As Kubernetes handles all the stressful tasks for you. Autoscaling, monitoring of traffic, maintaining 100% uptime have become very much easier with Kubernetes environments.
In traditional ways, developers had to use HELM charts or manual deployment methods in order to get the Identity Server up and running on Kubernetes Clusters. But there are a lot of cons when compared to what we have now.
The Kubernetes Operator for WSO2 Identity Server is more capable of doing many stressful tasks on behalf of you. Let’s have a look at how it solves many of your problems on Kubernetes.
Auto healing of Resources
In case if something goes wrong in your cluster, you might experience unexpected behaviors in your application. At whatever point the framework is influenced. The Operators self-healing capability guarantees that the clusters continuously work at the ideal state. … Kubernetes’s orchestration capabilities can screen and supplant undesirable holders as per the specified configuration. Auto healing functionality is not available in previous deployment methods, therefore if something goes down/wrong the server admin had to manually find where the issue is and apply a fix.
Ability to deploy a test Instances
There are many developers who want to try out WSO2 IS on Kubernetes with minimal configuration. We have made it possible with the use of IS Operator. The developer will have to write very few lines of configs in order to get your ‘Test IS’ up and running. Previously it took heavy configurations, even to deploy testing IS instance, isn’t it good this way?
apiVersion: iam.wso2.com/v1beta1
kind: Wso2Is
metadata:
name: identity-server
spec:
replicas: 1
configurations:
host: identityserver
serviceType: NodePortAbility to provision multiple IS Instances on the Same Cluster
If anybody is seeking to deploy multiple IS instances on the same Kubernetes Cluster we’ve made it possible too. We believe, this will be a huge advantage for large-scale companies and it’ll reduce the hardware expense a lot.
kubectl apply -f sampleconfig.yaml --namespace=<Another namespace>Custom Keystore mounting ability
If anybody is seeking to have custom Keystores in Identity Server K8s deployments, the process has become much easier now. It's just a matter of adding a few lines to the configuration file. All the Keystores will be stored as secrets. Previously developers had to go through a long process to mount Keystores to IS instances on Kubernetes Clusters.
keystoreMounts:
- name: samplekey1.jks
data: <keystore body>
- name: samplekey2.jks
data: <keystore body>Ability to mount custom deployment TOML files
By default, the IS Operator generates its own configs based on what the user has entered. In case if anybody is planning to add custom configurations the user will be able to get it done as well.
apiVersion: iam.wso2.com/v1beta1
kind: Wso2Is
metadata:
name: identity-server
spec:
replicas: 2
configurations:
host: identityserver
serviceType: NodePort
tomlConfig: |
[server]
hostname = "localhost"
node_ip = "127.0.0.1"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"
[super_admin]
username = "admin"
password = "admin"
create_admin_account = true
[user_store]
type = "read_write_ldap_unique_id"
connection_url = "ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}"
connection_name = "uid=admin,ou=system"
connection_password = "admin"
base_dn = "dc=wso2,dc=org" #refers the base dn on which the user and group search bases will be generated
...Feel free to check out my talk at the IAM Community call and have a better understanding of how it works: https://www.youtube.com/watch?v=z5g9v0ZZPWU
Contributions, suggestions, and improvements are warmly welcome at
https://github.com/wso2/k8s-wso2is-operator/
In my next article, I’ll be writing on step by step instructions to get your IS instance up and running with the operator.
Don’t hesitate to reach me out if you require any further guidance or clarifications: https://www.linkedin.com/in/sureshmichael/
👋 Join FAUN today and receive similar stories each week in your inbox! ️ Get your weekly dose of the must-read tech stories, news, and tutorials.
Follow us on Twitter 🐦 and Facebook 👥 and Instagram 📷 and join our Facebook and Linkedin Groups 💬
