IdentityIQ in Azure Kubernetes Service

IdentityIQ in Azure Kubernetes Service

Matt Shirilla Matt Shirilla

Matt Shirilla

Helping organizations create secure cloud environments that accelerate their businesses.

发布日期: 2023年2月27日
+ 关注

This is my first in a series of articles about IdentityIQ deployments using Azure Kubernetes Service, which greatly simplifies operations and improves the security of your IdentityIQ deployment.?

Everything in this series is fleshed out with Terraform, Kubernetes artifacts, Azure GitOps and DevOps, and containers. If you want some help implementing this design, DM me on LinkedIn or at matt@xinios.io.

Cloud migrations are an opportunity to simplify operations and improve security.?But the sad reality is that for complex applications like IdentityIQ, the migration often becomes little more than a lift and shift.?Even for organizations that have a strong cloud, container and devops culture, there is a skill gap in its intersection with IdentityIQ. Even greenfield deployments are often like this too.

Part 1 - Runtime Architecture

Here is a quick tour of the components that make up the IdentityIQ environment running in AKS.

领英推荐

No alt text provided for this image

The AKS cluster (1) is GitOps/Flux2 enabled.?The IaC Git Repo (2) has the Kubernetes manifests Kustomize yaml files, GitOps enforces that the AKS cluster is running the deployments, pods, etc. that are defined in the repo.?For example, an architect approves a GitHub PR that sets a replicas: 3 in a Kubernetes yaml file to scale an additional task server.?Flux2 detects this and updates the cluster to deploy another task server container in true GitOps fashion. 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: iiq-sbx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: iiq-sbx
      developer: base-template
  template:
    metadata:
      labels:
        app: iiq-sbx
        developer: base-template
    spec:
      containers:1

The IdentityIQ container images are stored in Azure Container Registry (4).?The IdentityIQ containers will assume the role of task or UI servers based on environment variables that are set in the yaml.?Java memory parameters and other settings are also declared as environment variables.

The pods mount Azure Storage (5) so that they can write logs, read source data files and more.?The AKS cluster reaches out to the Azure Keyvault (6) to retrieve the secrets for the backend database and provides them to the task and UI pods as secrets.??

The AKS cluster uses Azure Active Directory (7) managed identities to connects to the other Azure resources, Azure AD maanges the credentials automatically.

Azure SQL is the backend store for the application and the Load Balancer (8) routes traffic to the UI servers.?Azure Defender (9) is a CNAPP solution designed to protect cloud-based applications from various cyber threats and vulnerabilities.?

Alex Carroll

2 å¹´

Great write up, thanks for sharing!

赞
回复

要查看或添加评论,请登录

Matt Shirilla的更多文章

  • How I get rid of access keys for AWS.
    2023年9月24日

    How I get rid of access keys for AWS.

    Scott Piper of Wiz wrote a nice series about getting rid of access keys in the cloud - “These keys are problematic…

  • Azure DevOps for IdentityIQ
    2023年3月15日

    Azure DevOps for IdentityIQ

    This is the second article in a series about IdentityIQ deployments in Azure Kubernetes. In the first article I talked…

社区洞察

其他会员也浏览了