--- title: Deploy a PingAccess Cluster with PingIdentity Helm Charts Without a Server Profile description: Create and deploy a PingAccess Cluster using PingIdentity Helm Charts, without having to create a custom server profile. This process will allow you to quickly bring up the PingAccess UI and conduct any tests you need. component: devops page_id: devops::deployment/deployPACluster canonical_url: https://developer.pingidentity.com/devops/deployment/deployPACluster.html section_ids: devops-purpose: Purpose devops-prerequisites: Prerequisites devops-steps: Steps --- # Deploy a PingAccess Cluster with PingIdentity Helm Charts Without a Server Profile | | | | - | ---------------------------------------------------------------------------------------------------------- | | | The instructions in this document are for testing and learning and are not intended for use in production. | ## Purpose Create and deploy a PingAccess Cluster using PingIdentity Helm Charts, without having to create a custom server profile. This process will allow you to quickly bring up the PingAccess UI and conduct any tests you need. ## Prerequisites * [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) * Access to a Kubernetes cluster ## Steps 1. Confirm that your kuberenetes context and namespace are set correctly ```sh # Display kuberenetes context kubectx # Display namespace kubens -c ``` If these values are not set or are incorrect, you can set them with the following commands. If you do not yet have a namespace, or do not have access to a kubernetes cluster, refer to [Deploy an Example Stack](../get-started/getStartedExample.html). ```sh # Display kuberenetes context kubectx # Display namespace kubens ``` 2. Confirm that there are no conflicting persistent volumes. ```sh #List any persistent volumes kubectl get pvc ``` If you see a persistent volume with a name that resembles `out-dir-demo-pingaccess-admin-0`, then delete it before deploying your cluster. ```sh #Delete name_of_pvc persistent volume kubectl delete pvc out-dir-demo-pingaccess-admin-0 ``` | | | | - | -------------------------------------------------------------------------------------------------------------------------------- | | | This functionality has only been implemented for Sprint tags of 2211 or later. Therefore, it will not work for all earlier tags. | 3. Create a YAML file similar to the one shown here. Make sure to replace `insert domain name here` with your domain name. ```sh global: envs: PING_IDENTITY_ACCEPT_EULA: "YES" ingress: enabled: true addReleaseNameToHost: prepend defaultDomain: "insert domain name here" defaultTlsSecret: annotations: nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" kubernetes.io/ingress.class: "nginx-public" ############################################################# # pingaccess-admin values ############################################################# pingaccess-admin: enabled: true privateCert: generate: true envs: PING_IDENTITY_PASSWORD: "2FederateM0re!" ############################################################# # pingaccess-engine values ############################################################# pingaccess-engine: enabled: true container: replicaCount: 1 envs: PING_IDENTITY_PASSWORD: "2FederateM0re!" ``` 4. Create the default PingAccess cluster. Make sure that you fill in the "PATH" to your new values.yaml file. This deployment may take a few minutes to become healthy. ```sh helm upgrade --install demo pingidentity/ping-devops -f /values.yaml ``` 5. To display the status of the deployed components, you can use [k9s](https://k9scli.io/) or issue the corresponding commands shown here: * Display the services (endpoints for connecting) by running `kubectl get service --selector=app.kubernetes.io/instance=demo` ``` NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE demo-pingaccess-admin ClusterIP 172.20.221.233 9090/TCP,9000/TCP 37s demo-pingaccess-admin-cluster ClusterIP None 37s demo-pingaccess-engine ClusterIP 172.20.126.86 3000/TCP 37s ``` * To view the pods, run `kubectl get pods --selector=app.kubernetes.io/instance=demo` - you will need to run this at intervals until all pods have started (**Running** status): ``` NAME READY STATUS RESTARTS AGE demo-pingaccess-admin-0 1/1 Running 0 28m demo-pingaccess-engine-6b977b9498-298jw 1/1 Running 0 28m ``` * To see the ingresses you will use to access the product, run `kubectl get ingress`. If the ingress controller is configured properly, the URL you will see under demo-pingaccess-admin HOST (`demo-pingaccess-admin.`) will be the URL you use to access the PingAccess management console. ``` NAME CLASS HOSTS ADDRESS PORTS AGE demo-pingaccess-admin demo-pingaccess-admin. adab69408130011eab1cd028479a4fe3-532fea1b3272797d.elb.us-east-2.amazonaws.com 80, 443 2m1s demo-pingaccess-engine demo-pingaccess-engine. adab69408130011eab1cd028479a4fe3-532fea1b3272797d.elb.us-east-2.amazonaws.com 80, 443 2m1s ``` * To see everything tied to the helm release run `kubectl get all --selector=app.kubernetes.io/instance=demo`: ``` NAME READY STATUS RESTARTS AGE pod/demo-pingaccess-admin-0 1/1 Running 0 29m pod/demo-pingaccess-engine-6b977b9498-298jw 1/1 Running 0 29m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/demo-pingaccess-admin ClusterIP 172.20.221.233 9090/TCP,9000/TCP 29m service/demo-pingaccess-admin-cluster ClusterIP None 29m service/demo-pingaccess-engine ClusterIP 172.20.126.86 3000/TCP 29m NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/demo-pingaccess-engine 1/1 1 1 29m NAME DESIRED CURRENT READY AGE replicaset.apps/demo-pingaccess-engine-6b977b9498 1 1 1 29m NAME READY AGE statefulset.apps/demo-pingaccess-admin 1/1 29m ``` * To view logs, look at the logs for the deployment of the product in question. For example: ``` #Admin pod logs kubectl logs demo-pingaccess-admin-0 #Engine pod logs kubectl logs demo-pingaccess-engine-6b977b9498 ``` 6. Below are the credentials and URL to sign on to the PingAccess management console after the cluster is up and healthy. | | | | - | ------------------------------------------------------------------------------------------------------------------- | | | This example uses self-signed certificates that will have to be accepted in your browser or added to your keystore. | With the ingress in place, you can access the product at the URL seen below, using the domain-name you set in your values.yaml file. | Product | Connection Details | | ---------- | ---------------------------------------------------------------------------------------------------------- | | PingAccess | * URL: https\://demo-pingaccess-admin.(domain-name) * Username: Administrator * Password: 2FederateM0re! | 7. When you are finished, you can remove the demonstration components by running the uninstall command for helm: `helm uninstall demo` 8. Finally make sure to prune the persistent volume created in the deployment of your PingAccess cluster, by running the delete pvc command for kubectl: ```sh #Delete name_of_pvc persistent volume kubectl delete pvc out-dir-demo-pingaccess-admin-0 ```