In my previous post, I described how to build your own Centos 7 system, with Docker (and docker-compose) installed, so that you could run an IBM Security Access Manager system using containers.
This post extends that system so that you can explore deployment of Access Manager via Kubernetes. It also includes installation of Helm so that you can explore deployment using Helm Charts.
Kubernetes is an orchestration technology which controls deployment of containers in a Kubernetes cluster. This is a common way to deploy containers onto cloud platforms such as IBM Cloud or Google Kubernetes Engine (GKE).
Helm is described as "a package manager for Kubernetes". A Helm Chart is a definition of one or more Kubernetes deployments (usually related to a single application) which allows dynamic scripting within the YAML files which define the Kubernetes objects.
This post provides step-by-step instructions for installing:
- minikube (a stand-alone Kubernetes cluster);
- kubectl (the Kubernetes command-line client); and
- helm (the Helm command-line client)
onto your test system.
Once you have completed the steps in this post, you’ll be able to use my Access Manager with Kubernetes
and my Access Manager with Helm
This post assumes that you already have a Centos 7 system set up. Instructions for this are in my previous post. For my environment, I used a virtual machine running under VMWare but you could use a different hypervisor or a physical machine. For my virtual machine I used these settings:
- Minimum 8GB Memory
- Minimum 30GB Disk
- Minimum 4 CPUs
- Enable nested hypervisor support (required for minikube)
This blog assumes you have a standard user account. I created a standard user with username of
demouser but you can choose your own name. You will also need root access for the installation steps.
Install Kubernetes command-line client
Kubernetes clusters are managed using a REST API. The
kubectl utility provides a command-line client for this REST API.
As root, enter the following commands to add the Kubernetes repository to yum and install:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
yum install -y kubectl
echo "source <(kubectl completion bash)" >> /etc/bashrc
Helm Charts are created and installed using the
helm utility. It is also used to initialize a Kubernetes cluster for Helm by installing a service caller Tiller.
As root, enter the following commands to run the installer for Helm and set up command completion:
curl -L https://git.io/get_helm.sh | bash
echo "source <(helm completion bash)" >> /etc/bashrc
Install KVM and Minikube
Minikube is a self-contained Kubernetes cluster that can run locally under a hypervisor. In this case it will be installed under the KVM hypervisor.
As root, enter the following commands to install KVM and Minikube:
yum install -y qemu-kvm
qemu-img virt-manager libvirt libvirt-python libvirt-client
virt-install virt-viewer bridge-utils libvirt-daemon-kvm
systemctl enable libvirtd
systemctl start libvirtd
curl -Lo minikube
&& chmod +x minikube && cp minikube /usr/local/bin/
&& rm -f minikube
curl -LO https://storage.googleapis.com/minikube/releases/latest/docker-machine-driver-kvm2 && install docker-machine-driver-kvm2 /usr/local/bin/ && rm -f docker-machine-driver-kvm2
Add standard user to libvirt group
If you want a standard user to be able to start Minikube, they must be added to the
As root, enter the following commands (replacing demouser with the username of your standard user):
usermod -aG libvirt demouser
The installation is complete. To activate KVM you must now Reboot the system.
Set minikube configuration
Once your system has rebooted, login as the standard user that you created during Centos 7 installation. In my case the user is demouser.
Enter the following commands set minikube configuration:
minikube config set vm-driver kvm2
minikube config set memory 4096
minikube config set cpus 4
Start minikube for the first time
As the standard user, enter the following command to start minikube for the first time:
This first start can take several minutes as assets are downloaded from the internet to initialize the Kubernetes system. Once minikube has started successfully, enable the ingress add-on which will allow access to services using well-known ports:
minikube addons enable ingress
Test kubectl connection
When minikube is started, the configuration for kubectl is updated so that it is connected to the minikube Kubernetes cluster.
Use this following command to check that the connection has been made:
You should see output similar to the following:
Kubernetes master is running at https://192.168.39.91:8443
KubeDNS is running at https://192.168.39.91:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
Your minikube Kubernetes cluster is ready to use.
Stop minikube to release memory
If you're not going to use it right away, you can now stop minikube to reduce CPU and memory usage:
Prepare for Cookbooks
Clone scripts from isamdocker git repository
As the standard user, clone the git repository that contains the scripts used by my cookbooks and link into the user’s home directory:
git clone https://github.com/jonpharry/isamdocker.git ~/isamdocker
ln -s ~/isamdocker/studentfiles/container-install ~/studentfiles/container-install