Configuring LDAP on Kubernetes

The LDAP trust store and password can be imported into Kubernetes as a secret and then define the secret in the Sametime configuration.

Before you begin

  • Create a trust store in p12 format that contains a copy of the LDAP server’s certificate.
  • To perform this step you need to know the password of your trust store.

About this task

The following steps describe how to create a secret that contains your certificate. The changes in this task affect the following pods:
  • community

Procedure

  1. Rename your trust store file name to ldaptruststore.p12.
  2. Copy the ldaptruststore.p12 file to the machine where you are running kubectl.
  3. Create the Kubernetes secret by running the following command. Substitute your password for password.
    If you have a namespace dedicated to Sametime, add the-n argument with your namespace to ensure it is created in the correct namespace. 
    kubectl create secret generic ldap-config-secret --from-literal=KeyStorePassword=password --from-file=./ldaptruststore.p12
  4. Change to the helm directory where Sametime was unzipped. Open the values.yaml file and remove the character from the ldapConfigSecret parameter. Set the value to ldap-config-secret.
    When this step is complete, the value should look like this:
     ldapConfigSecret: ldap-config-secret
  5. Save and close the values.yaml file.
  6. Apply your changes to the environment.
    Verify that you are in the helm directory and run the following command to apply changes. Specify the Sametime deployment name for your environment. 
    helm upgrade sametime_deployment_name .
    Note: Be sure to include the dot at the end. It is part of the command.
    The default for Sametime Premium version 12 is sametime. f you upgraded from an earlier Sametime release, the default name is sametime-meetings. If you don't know the Sametime deployment name, run the helm list command to find the name.
  7. Restart the pods with the changes. Use the kubectl scale command to scale the pods to zero and then to one that have been changed. You must run the commands for each pod that the change affects.
    1. Run the following command to scale the pod to zero.
      Scale the pod to zero, where pod_deployment_name is the pod name.
      
kubectl scale deploy pod_deployment_name --replicas=0
    2. Run the following command to scale the pod to one. 
      
kubectl scale deploy pod_deployment_name --replicas=1