4.2 Installing Advanced Edition on Rancher

Prerequisites

  • Install Load Balancer

  • Setup Rancher

  • Install Postgres

To install Advanced Edition on Rancher, perform the following:

  1. Download the Advanced Edition docker image and helm chart from Software Licenses and Downloads.

  2. Unzip the docker image and helm chart.

  3. Upload the Advanced Edition docker image to docker registry:

    1. Load the Advanced Edition docker image by running the following command:

      docker load --input .\<name-of-the-Advanced-Edition-docker-image>

    2. Tag the docker image by running the following command:

      docker tag <source repo:tag> <docker-username>/<repository-name>:<tag>

      For example, docker tag security-securelogin-docker.btpartifactory.swinfra.net/sl_server:9.1.0.0-326 johndoe/sl_server:9.1.0.0-326

    3. Push the docker image to the registry by running the following command:

      docker push <docker-username>/<repository-name>:<tag>

      For example, docker push johndoe/sl_server:9.1.0.0-326

  4. Create an image pull secret. For information, see Create an image pull secret.

    NOTE:For higher security, use a text file containing the password as an argument to docker-password in the command. For example, docker-password=$(< password.txt).

  5. On Cloud Shell, edit the values of the SecureLogin-Server-x.x.x.x\values.yaml file.

    IMPORTANT:The PostgreSQL database must be installed before performing this step.

    Specify or modify the following values:

    Section

    Value

    image

    This section includes information about the docker image.

    repository

    The container image repository to be used.

    Path: <docker-username>/< repository-name>

    For example, johndoe/sl_server

    tag

    The tag or version of the docker image.

    For example, 9.1.0.0-326

    imagePullSecrets

    Specify the image pull secret that you created in Step 4.

    For example, my-secret

    The image pull secret is used to pull images from docker registry to the Kubernetes cluster.

    service.type

    Specify the service type as NodePort for Advanced Edition deployment on Rancher.

    ingress.enabled

    Specify whether an internal load balancer is used.

    For example, false.

    When set to false, Kubernetes ingress resource installation is skipped.

    ingress.host

    The host route for the ingress resource.

    NOTE:It is valid only when Kubernetes ingress is used. Skip if ingress.enabled is set to false.

    <dns/fqdn>

    For example, www.google.com

    serverAdmin

    This section creates the username and password of the Advanced Edition’s administrator.

    secret

    Specifies the name of the generic secret having the credentials.

    For example, my-k8s-secret

    username

    Specifies the username of the administrator.

    For example, john_doe

    password

    The password of the administrator. You must change the default value before deployment.

    NOTE:To change the password for the first time, no need to change the value of secret. However, the next time onwards, you must change both password and secret under serverAdmin.

    DBProperties

    This section includes the database configuration details.

    secret

    The secret name.

    For example, my-db-secret

    SecureLogin does not save username, password, host, port, and data base name into a text file. These are converted into a secret. The server pod uses this secret. All pods refer to this secret to use the same credentials.

    username

    The username of the PostgreSQL database.

    password

    The password of the PostgreSQL database. You must change the default value before deployment.

    NOTE:To change this password for the first time, no need to change the value of secret. However, the next time onwards, you must change both password and secret in DBProperties.

    host

    The database’s IP address or service name.

    port

    The port used by the database.

    For example, 5432

    dbName

    The database name.

    For example, securelogin_top_db

  6. Install Advanced Edition by running the following command:

    helm install <name-of-the-release> <name-of-the-helm-chart> -n <namespace>

    For example, helm install slserver001 SecureLogin-Server-x.x.x.x -n nsl-namespace

    where, slserver001 is the release name, SecureLogin-Server-x.x.x.x is the name of the helm chart, and nsl-namespace is the name of the namespace.

  7. Create a third-party certificate. For more information, see Using Your CA Signed Certificate.

    NOTE:You can also perform this step after configuring Advanced Edition.

  8. Configure Advanced Edition. Log in to the Advanced Edition web console at https://<dns/fqdn>. For more information, see Configuring Advanced Edition.

    You can view the Advanced Edition version on the web console by clicking <username> > About.