Ensure that you have completed the tasks mentioned in the Requirements for Deploying Advanced Edition section before beginning the Advanced Edition installation.
Download the Advanced Edition docker image and helm chart from Software Licenses and Downloads.
Unzip the docker image and helm chart.
Upload the Advanced Edition docker image to ACR:
Load the Advanced Edition docker image by running the following command:
docker load --input .\<name-of-the-Advanced-Edition-docker-image>
Tag the docker image by running the following command:
docker tag <source repo:tag> <acr-login-server>/<repository-name>:<tag>
For example, docker tag security-securelogin-docker.btpartifactory.swinfra.net/sl_server:9.0.0.0-326 nslacr.azurecr.io/sl_server:9.0.0.0-326
Push the docker image to the registry by running the following command:
docker push <acr_login-server>/< repository-name>:<tag>
For example, docker push nslacr.azurecr.io/sl_server:9.0.0.0-326
Create an image pull secret. For information, see Create an image pull secret.
NOTE:For higher security, use a text file containing the password as an argument to docker-password in the command. For example, docker-password=$(< principal-password.txt).
On Cloud Shell, edit the values of the SecureLogin-Server-x.x.x.x\values.yaml file.
IMPORTANT:The PostgreSQL database must be installed before performing this step.
Specify or modify the following values:
|
Section |
Value |
|---|---|
|
image This section includes information about the docker image. |
|
|
repository |
The container image repository to be used. Path: <acr_login-server>/< repository-name> For example, nslacr.azurecr.io/sl_server |
|
tag |
The tag or version of the docker image. For example, 9.0.0.0-326 |
|
imagePullSecrets |
Specify the image pull secret that you created in Step 5. For example, my-secret The image pull secret is used to pull images from ACR to the Kubernetes cluster. For more information, see Pull images from an Azure container registry to a Kubernetes cluster. |
|
ingresshost |
The host route for the ingress resource. <dns>.<cluster_region>.cloudapp.azure.com For example, nsl-dns.southeastasia.cloudapp.azure.com |
|
serverAdmin This section creates the username and password of the Advanced Edition’s administrator. |
|
|
secret |
Specifies the name of the generic secret having the credentials. For example, my-k8s-secret |
|
username |
Specifies the username of the administrator. For example, john_doe |
|
password |
The password of the administrator. You must change the default value before deployment. NOTE:To change the password for the first time, no need to change the value of secret. However, the next time onwards, you must change both password and secret under serverAdmin. |
|
DBProperties This section includes the database configuration details. |
|
|
secret |
The secret name. For example, my-db-secret SecureLogin does not save username, password, host, port, and data base name into a text file. These are converted into a secret. The server pod uses this secret. All pods refer to this secret to use the same credentials. |
|
username |
The username of the PostgreSQL database. |
|
password |
The password of the PostgreSQL database. You must change the default value before deployment. NOTE:To change this password for the first time, no need to change the value of secret. However, the next time onwards, you must change both password and secret in DBProperties. |
|
host |
The database’s IP address or service name. |
|
port |
The port used by the database. For example, 5432 |
|
dbName |
The database name. For example, securelogin_top_db |
Install Advanced Edition by running the following command:
helm install <name-of-the-release> <name-of-the-helm-chart> -n <namespace>
For example, helm install slserver001 SecureLogin-Server-x.x.x.x -n nsl-namespace
where, slserver001 is the release name, SecureLogin-Server-x.x.x.x is the name of the helm chart, and nsl-namespace is the name of the namespace.
(Optional) Replace the default certificate with a third-party certificate. For more information, see Using Your CA Signed Certificate.
NOTE:You can also perform this step after configuring Advanced Edition.
Configure Advanced Edition. Log in to the Advanced Edition web console at https://<dns>.<cluster_geo_location>.cloudapp.azure.com. For more information, see Configuring Advanced Edition.
You can view the Advanced Edition version on the web console by clicking <username> > About.