IBM Security Verify

I have been trying to look at this post at the knowledge centre:

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.4/com.ibm.isam.doc/admin/concept/con_kubernetes.html
There are some inconsistencies when it comes to the implementation, 1. The runtime container implementation is not there, 2. service discovery using web services or volume mounting is not clearly explained. Has anyone managed to deploy this on any cloud besides IBM cloud, maybe GKE, EKS or AKS?

Can someone assist on the above?

------------------------------
Tinashe Wilbrod Chipomho
------------------------------

Hello there,

A recording of my presentation covering Access on Docker has been published on the Security Learning Academy.  Perhaps this can help with some concepts:
https://www.securitylearningacademy.com/course/view.php?id=3179

I'm not sure what you mean by service discovery via web services.  That sounds like something provider-specific.

You're right that there isn't a full set of YAML files for all container types in the documentation.  However, it should be possible to extrapolate what is shown for WebSEAL container to build a Runtime or DSC container.

Personally I have only deployed to Minikube and IBM Cloud but I know that others have successfully deployed (using Kubernetes) to Google, Amazon, and Azure.  What specific assistance do you need?  What are you trying to do and what is your challenge?

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: 11-11-2018 08:22
From: Tinashe Wilbrod Chipomho
Subject: ISAM on kubernetes

I have been trying to look at this post at the knowledge centre:

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.4/com.ibm.isam.doc/admin/concept/con_kubernetes.html
There are some inconsistencies when it comes to the implementation, 1. The runtime container implementation is not there, 2. service discovery using web services or volume mounting is not clearly explained. Has anyone managed to deploy this on any cloud besides IBM cloud, maybe GKE, EKS or AKS?

Can someone assist on the above?

------------------------------
Tinashe Wilbrod Chipomho
------------------------------

Hi,

What is the issue you are running into? I've tried it on Minikube on my laptop, on the docker kubernetes native support on mac, as well as on IBM Cloud and GKE. On GKE, once you've the cluster up and running and published your services then you need to expose the required services and manage the PVC firewall rules to ensure traffic is allowed for those ports as well.

regards,
rohit

------------------------------
Rohit Satyanarayana
IBM
Singapore
------------------------------

Original Message:
Sent: 11-11-2018 08:22
From: Tinashe Wilbrod Chipomho
Subject: ISAM on kubernetes

I have been trying to look at this post at the knowledge centre:

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.4/com.ibm.isam.doc/admin/concept/con_kubernetes.html
There are some inconsistencies when it comes to the implementation, 1. The runtime container implementation is not there, 2. service discovery using web services or volume mounting is not clearly explained. Has anyone managed to deploy this on any cloud besides IBM cloud, maybe GKE, EKS or AKS?

Can someone assist on the above?

------------------------------
Tinashe Wilbrod Chipomho
------------------------------

Hi, I am trying to set it up on GKE. My services for my container deployments seem not to be communicating. Is it possible to be able to get a step by step approach you used for your GKE implementation together with the suggested yaml files? 


------------------------------
Tinashe Wilbrod Chipomho
------------------------------

Original Message:
Sent: 11-12-2018 07:12
From: Rohit Satyanarayana
Subject: ISAM on kubernetes

Hi,

What is the issue you are running into? I've tried it on Minikube on my laptop, on the docker kubernetes native support on mac, as well as on IBM Cloud and GKE. On GKE, once you've the cluster up and running and published your services then you need to expose the required services and manage the PVC firewall rules to ensure traffic is allowed for those ports as well.

regards,
rohit

------------------------------
Rohit Satyanarayana
IBM
Singapore

Original Message:
Sent: 11-11-2018 08:22
From: Tinashe Wilbrod Chipomho
Subject: ISAM on kubernetes

I have been trying to look at this post at the knowledge centre:

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.4/com.ibm.isam.doc/admin/concept/con_kubernetes.html
There are some inconsistencies when it comes to the implementation, 1. The runtime container implementation is not there, 2. service discovery using web services or volume mounting is not clearly explained. Has anyone managed to deploy this on any cloud besides IBM cloud, maybe GKE, EKS or AKS?

Can someone assist on the above?

------------------------------
Tinashe Wilbrod Chipomho
------------------------------

Hello,

To try and help out, I've published the scripts that I use to get Access Manager running in various Docker environments on github.  You can find them here:

https://github.com/jonpharry/isamdocker

I just used them to deploy Access Manager to a Google Kubernetes cluster.

Please let me know how you get on with these; hopefully my instructions (in readme.md of github repository) are clear enough.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: 11-12-2018 16:17
From: Tinashe Wilbrod Chipomho
Subject: ISAM on kubernetes

Hi, I am trying to set it up on GKE. My services for my container deployments seem not to be communicating. Is it possible to be able to get a step by step approach you used for your GKE implementation together with the suggested yaml files? 


------------------------------
Tinashe Wilbrod Chipomho

Original Message:
Sent: 11-12-2018 07:12
From: Rohit Satyanarayana
Subject: ISAM on kubernetes

Hi,

What is the issue you are running into? I've tried it on Minikube on my laptop, on the docker kubernetes native support on mac, as well as on IBM Cloud and GKE. On GKE, once you've the cluster up and running and published your services then you need to expose the required services and manage the PVC firewall rules to ensure traffic is allowed for those ports as well.

regards,
rohit

------------------------------
Rohit Satyanarayana
IBM
Singapore

Original Message:
Sent: 11-11-2018 08:22
From: Tinashe Wilbrod Chipomho
Subject: ISAM on kubernetes

I have been trying to look at this post at the knowledge centre:

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.4/com.ibm.isam.doc/admin/concept/con_kubernetes.html
There are some inconsistencies when it comes to the implementation, 1. The runtime container implementation is not there, 2. service discovery using web services or volume mounting is not clearly explained. Has anyone managed to deploy this on any cloud besides IBM cloud, maybe GKE, EKS or AKS?

Can someone assist on the above?

------------------------------
Tinashe Wilbrod Chipomho
------------------------------