Securing LDAP on Kubernetes

This section covers the steps to import your LDAP trust store and password into Kubernetes as a secret, then define the secret in the Sametime configuration.

Before you begin

Create a trust store in p12 format that contains a copy of the LDAP server’s certificate. To perform this step you will need to know the password of your trust store.

About this task

The changes in this task affect the following pods:
  • community

Procedure

  1. Create a secret a secret that contains your certificate.
    1. Rename your trust store file name to ldaptruststore.p12.ls.
    2. Copy the ldaptruststore.p12 file to the machine where you are running kubectl.
    3. Run the following command to create the Kubernetes secret. 
      kubectl create secret generic ldap-config-secret --from-literal=KeyStorePassword=password --from-file=./ldaptruststore.p12
      Substitute your password for password. If you have a namespace dedicated to Sametime, add the -n argument with your namespace to ensure the secret is created in the correct namespace.
    4. Change to the helm directory where the Sametime installation package was decompressed. Open the values.yaml file to update the secret parameter.
      Set the value of the ldapConfigSecret parameter to ldap-config-secret. 
      ldapConfigSecret: ldap-config-secret
      If the parameter is commented out, remove the comment tag.
    5. Save and close the file.
    6. Ensure you are in the helm directory. To apply your changes to the environment run the following command, specifying the deployment name in your environment. The default for Sametime version 12 is sametime. 
      helm upgrade deployment_name.
      If you are unsure of your deployment name, issue the helm list command to find the name. If you upgraded from an earlier Sametime release, the default name is sametime-meetings.
      Note: Be sure to include the dot, it is part of the command.
    7. Scale the Community pods to zero and then to one.
      Run the following command to scale the pod to zero. 
      
kubectl scale deploy community --replicas=0
      Run the following command to scale the pod to one.
      
kubectl scale deploy community --replicas=1
  2. Apply your changes to the environment.
    Verify that you are in the helm directory and run the following command to apply changes. Specify the Sametime deployment name for your environment. The default for Sametime Premium version 12 is sametime.
    helm upgrade sametime_deployment_name .
    Note: Be sure to include the dot at the end. It is part of the command.
    If you are unsure of your deployment name, issue the helm list command to find the name. If you upgraded from an earlier Sametime release, the default name is sametime-meetings.
  3. Restart the pods with the changes. Use the kubectl scale command to scale the pods to zero and then to one that have been changed. You must run the commands for each pod that the change affects.
    1. Run the following command to scale the pod to zero.
      Scale the pod to zero, where pod_deployment_name is the pod name.
      
kubectl scale deploy pod_deployment_name --replicas=0
    2. Run the following command to scale the pod to one. 
      
kubectl scale deploy pod_deployment_name --replicas=1