Install using Google Cloud Platform

In this tutorial you will learn how to use a Helm package provided by Curity to install the Curity Identity Server on a Kubernetes Cluster in Google Cloud Platform - the Google Kubernetes Engine.

Prerequisites

What you need to follow this tutorial:

• Installation of Google Cloud SDK
• Installation of Helm

Create a project

A project is needed. Create one, or use an existing one. To get a list of available projects:

gcloud projects list

Set the default project:

gcloud config set project PROJECT_ID

Create a Kubernetes Cluster

‌Create a Kubernetes Cluster that the Helm Chart can be deployed to. The following commands should serve as an example for how a cluster could be created.

gcloud container clusters create curity-cluster --zone us-west2-a

Example output (truncated for readability):

NAME            LOCATION    MASTER_VERSION  MASTER_IP
curity-cluster  us-west2-a  1.15.12-gke.2   35.92.133.165

Take note of the NAME and LOCATION.

Connect to the Kubernetes cluster:

gcloud container clusters get-credentials curity-cluster --zone us-west2-a

This should result in the following response:

Fetching cluster endpoint and auth data.
kubeconfig entry generated for curity-cluster.

Install the Curity Identity Server with Helm

When installing the Helm chart for the very first time add Curity to the list of chart repositories:

$ helm repo add curity https://curityio.github.io/idsvr-helm/

Make sure the repository is up to date before installing the chart:

$ helm repo update

Install the chart. You have to provide a password. The following example also specifies to use the latest Docker image and enables the admin UI. Also, increase the initial delay for the liveness checks of the admin and runtime pods. Sometimes the default delays can be not enough when deploying to GCP.

$ helm install idsvr-tutorial curity/idsvr \
    --set image.tag=latest \
    --set curity.config.password=Pass1 \
    --set curity.config.uiEnabled=true \
    --set curity.admin.livenessProbe.initialDelaySeconds=240 \
    --set curity.runtime.livenessProbe.initialDelaySeconds=240

Give it some time to finish setting up the cluster. You can check the status of the pods using Kubernetes command kubectl:

$ kubectl get pods --namespace default --selector="app.kubernetes.io/instance=idsvr-tutorial"

The result will look similar to the example below. Note the list of pods that are not ready yet and observe their status.

NAME                                      READY   STATUS    RESTARTS   AGE
idsvr-tutorial-admin-96cdb5bd6-fnb4b      0/1     Running   0          5s
idsvr-tutorial-runtime-7c69bf6dc6-xkfzh   0/1     Running   0          5s

You need to configure port forwarding for your pod to be able to access the Admin UI. To do that you need the name of the admin pod. You can copy the name from the output of the get pods command, or you can use the following command which will find the name for you and put it in an environment variable. You can also find this command in the output of the helm install command:

$ export POD_NAME=$(kubectl get pods --namespace default -l "role=idsvr-tutorial-admin,app.kubernetes.io/instance=idsvr-tutorial" -o jsonpath="{.items[0].metadata.name}")
$ kubectl port-forward $POD_NAME 6749:6749

Once the server is up, you can access the Admin UI by visiting https://localhost:6749/admin.

Next Steps

Now the Curity Identity Server is up and running but without any configuration. The next step is to set up the basic profiles and services. Move on to the First Configuration Tutorial.