Installing IBM Security Guardium Key Lifecycle Manager on Red Hat OpenShift using PostgreSQL Database
Introduction
This document provides a step-by-step guide to deploying PostgreSQL on an OpenShift cluster using the OpenShift Web Console (GUI). The guide is designed for users who prefer a graphical interface for managing applications within OpenShift followed by installing IBM Security Guardium Key Lifecycle Manager (SGKLM).
Prerequisites
Before proceeding with the deployment, ensure the following requirements are met:
- An OpenShift cluster is set up and accessible.
- A user account with sufficient permissions to deploy applications.
- OpenShift Web Console access.
1: Access OpenShift Web Console
- Open a web browser and navigate to your OpenShift Web Console.
- Log in with your credentials.
- Select the appropriate project or create a new one where PostgreSQL will be deployed.
2: Deploy PostgreSQL from the Developer Catalog
- Click on Developer perspective in the left navigation pane.
2. Select +Add from the menu.
3. Choose Database from the available options.
4. Locate PostgreSQL and click on it.
5. Click Create to start the deployment process.
3: Configure PostgreSQL Deployment
- Provide a Name for the PostgreSQL instance.
- Select the desired Version of PostgreSQL.
- Choose the Deployment Strategy (e.g., Deployment or DeploymentConfig).
- Define the CPU and Memory Limits as per your requirements.
- Configure Environment Variables, including:
POSTGRESQL_USER: Define a username.POSTGRESQL_PASSWORD: Define a secure password.POSTGRESQL_DATABASE: Define the database name.
- Set up Persistent Storage (if required):
- Enable persistent storage and select an appropriate Persistent Volume Claim (PVC).
- Define the storage size (e.g., 1Gi, 5Gi, etc.).
4: Create and Expose the Service
- Click Create to deploy PostgreSQL.
- Navigate to Topology View to monitor the deployment progress.
- Once the pod is running, expose the service by:
- Clicking on the PostgreSQL component.
- Selecting Create Route to make the database accessible externally if needed.
5: Verify the Deployment
- Click on the Pods section to ensure the PostgreSQL pod is running successfully.
6: Manage and Scale PostgreSQL
- Navigate to Workloads > Deployments to adjust scaling options.
- Increase or decrease the replica count as needed.
- Configure Auto-scaling if required.
7. update docker secrete value
1. log in to your Red Hat® OpenShift cluster instance.
oc login -u <KUBE_USER> -p <KUBE_PASS> [--insecure-skip-tls-verify=true]
2. Create the secret in project to download the build from build server using command shown in screenshot.
oc create secret docker-registry regcred --docker-server=sec-sklm-build-docker-local.artifactory.swg-devops.com --docker-username=abc@in.ibm.com --docker-password=<password>
8. Update the values.yaml with respective values.
repository: sec-sklm-build-docker-local.artifactory.swg-devops.com/sklm
tag: Rel_xxxx.x86_64
type: NodePort
sklmapp_https_port: 3xxxx
sklmapp_ipp_tls_port: 3xxxx
sklmapp_kmip_port: 3xxxx
storage_class: <nfs-storage>
SKLM installation refer this link --- > https://community.ibm.com/community/user/security/blogs/tamil-selvam-r/2025/01/29/installing-ibm-security-guardium-key-lifecycle-man
Using with Ceph Storage Class refer this link --- > https://community.ibm.com/community/user/security/blogs/tamil-selvam-r/2025/02/06/deploying-ceph-storage-integrating-with-openshift
# helm install sklmapp ...
- check the sklm pod status
- verify and Access the SGKLM Application:
Summary
This guide provides a step-by-step approach to deploying PostgreSQL using the OpenShift Web Console. It covers efficient management of PostgreSQL instances within an OpenShift environment, along with the deployment of IBM Security Guardium Key Lifecycle Manager (SGKLM) using Helm charts. Finally, it includes verification steps to ensure proper installation and access to the SGKLM application.
Author: Tamilselvam R (tamilselvam.ramalingam@ibm.com)