Deploying IBM Sterling Secure Proxy using an IBM Certified Container Software

The IBM Certified Container Software offers a Red Hat certiﬁed IBM Sterling Secure Proxy image and Helm chart and can be used to deploy a production-ready IBM Sterling Secure Proxy image into Red Hat OpenShift/ Kubernetes Service.

IBM Certified Containers are more than a simple Helm chart that accelerate time to value and improve enterprise readiness at a lower cost than containers alone.

The IBM Certified Container meets standard criteria for packaging and deployment of containerized software with platform integrations.

Prerequisites

The following prerequisites tasks must be completed to successfully use Kubernetes based container:

Installing a Kubernetes cluster and configuring kubectl client for the user.
Applying security configurations to your deployment. For minimum security configuration, see Creating Pod Security Policy for Kubernetes Cluster for Kubernetes and Creating security context constraints for OpenShift Cluster.
Installing and Configuring helm client for the user

Note: For more information on how to install and secure a Helm installation, see Installing Helm.

Overview

A Certified Container provides the basic features of package manager (Helm Chart) to help with the installation and maintenance of software. Using a Certified Container you can perform following actions on helm chart:

Deploy
Upgrade
Configure

Key Concepts

Charts
A Certified Container Software uses a packaging format called Charts. IBM Sterling Secure Proxy Chart is a collection of ﬁles that consists of a few YAML conﬁguration ﬁles and templates rendered into Kubernetes manifest ﬁles. Charts are created as ﬁles laid out in a directory tree that you can package into versioned archives that the system deploys.
Release
Release is a running instance of a chart combined with a speciﬁc conﬁguration. A Certified Container release uses:
- A command line tool, helm to provide a user interface
- Packaging format called Charts.

Key Components

A Certified Container Software software has two major components:

Helm Client: It manages charts and is a command line interface for end users. Use Helm client to:
- Develop charts
- Manage repositories
- Send charts to be used for deployment
- Ask for information about Releases
- Request upgrades or uninstallation of existing Releases
A container image

Network

The Certified Container Software release is tested with Weave Net-type network for Kubernetes. For more information, refer to Kubernetes Networking