Install PingIntelligence for APIs in the Kubernetes cluster, Amazon Elastic Kubernetes Service (EKS).
PingIntelligence ships with Helm-Chart that is packaged with the Docker toolkit and can be used to deploy PingIntelligence in a Kubernetes cluster.
PingIntelligence creates the following resources in the Kubernetes cluster:
- Seven statefulsets with one container each for:
- MongoDB
- API Behavioral Security (ABS) AI engine
- API Security Enforcer (ASE)
- API Publish
- PingIntelligence Dashboard
- Apache Zookeeper
- Kafka
- Six external services (LoadBalancer type), one each for (Configurable to expose):
- MongoDB
- ABS AI engine
- ASE
- API Publish
- Zookeeper
- Kafka
Note:Each component has an external service of type LoadBalancer that can be exposed by setting the flag in values.yaml (
expose_external_service: false
). By default, this value is true for ASE. The Dashboard will always be exposed since it must be accessible externally. - Six internal services (clusterIP type), one each for:
- MongoDB
- ABS AI engine
- ASE
- API Publish
- Zookeeper
- Kafka
PingIntelligence Kubernetes supports RHEL 7.9.
This deployment of PingIntelligence on a Kubernetes cluster node is suitable for Amazon EKS.
The Kubernetes cluster can be configured on the Amazon EKS. You can install PingIntelligence on a Kubernetes cluster node using Amazon EKS.
Deploying PingIntelligence using Amazon EKS
To deploy PingIntelligence on a Kubernetes cluster node using Amazon EKS:
Deploying PingIntelligence in Kubernetes cluster
Make sure you have a valid PingIntelligence license.
The Helm-Chart to deploy PingIntelligence in Kubernetes is shipped inside the Docker toolkit.
To deploy PingIntelligence in a Kubernetes cluster:
Verify that the deployment is successful by entering the following command:
kubectl get pods -n pingidentity
Below is an example of what you should see:
NAME READY STATUS RESTARTS AGE
abs-0 1/1 Running 0 3d
apipublish-0 1/1 Running 1 3d
ase-0 1/1 Running 0 3d
dashboard-0 1/1 Running 0 3d
kafka-0 1/1 Running 0 3d
mongo-0 1/1 Running 0 3d
zookeeper-0 1/1 Running 0 3d
Fetch the IP addresses of ASE, ABS, and Dashboard by entering the following command:
kubectl get svc -n pingidentity
Below is an example of what you should see:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
abs-internal-service ClusterIP None <none> 8080/TCP 3d
apipublish-internal-service ClusterIP None <none> 8050/TCP 3d
ase-external-service LoadBalancer 10.100.249.102 a0f15298c7d7d42f183605d73258ebb1-2044570848.ap-northeast-2.elb.amazonaws.com 8000:30180/TCP,8443:31961/TCP 3d
ase-internal-service ClusterIP None <none> 8020/TCP,8010/TCP 3d
dashboard-external-service LoadBalancer 10.100.205.84 aa08fa369b08a4ed997a9371faf4418c-349939151.ap-northeast-2.elb.amazonaws.com 443:32068/TCP 3d
kafka ClusterIP 10.100.198.185 <none> 9092/TCP,9093/TCP 3d
mongo-internal-service ClusterIP None <none> 27017/TCP 3d
zookeeper ClusterIP 10.100.59.16 <none> 2182/TCP,2181/TCP 3d
If you are deploying in the sideband mode, take the NodePort IP address of ASE to use in API gateway integration.