Articles

Security

End-to-End Encryption

Sombra on Kubernetes


## Overview

As a Docker container image, Sombra can easily be deployed into a Kubernetes (k8s) environment. For a complete reference on deployment options, see the [Self-hosting Sombra](/_docs/security/end-to-end-encryption/deploying-sombra.mdx) guide.

## Deployment Using Helm Chart

You can follow our [guide](https://github.com/transcend-io/sombra-helm-chart) to deploy Sombra and related self-hosted products using our official Helm chart.

## Deployment Using Sample Kubernetes Configuration File

```yaml
apiVersion: v1
kind: Namespace
metadata:
  name: transcend
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sombra-transcend-ingress
  namespace: transcend
  annotations:
    kubernetes.io/ingress.class: 'nginx'
spec:
  rules:
    - host: sombra-transcend.my-domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: sombra-transcend-ingress
                port:
                  number: 5042
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sombra-customer-ingress
  namespace: transcend
  annotations:
    kubernetes.io/ingress.class: 'nginx-internet'
spec:
  rules:
    - host: sombra-customer.my-domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: sombra-customer-ingress
                port:
                  number: 5039
---
apiVersion: v1
kind: Service
metadata:
  name: sombra-transcend-ingress
  namespace: transcend
spec:
  selector:
    app: transcend-app
  ports:
    - protocol: TCP
      port: 5042
      targetPort: 5042
  type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
  name: sombra-customer-ingress
  namespace: transcend
spec:
  selector:
    app: transcend-app
  ports:
    - protocol: TCP
      port: 5039
      targetPort: 5039
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: transcend-app
  namespace: transcend
spec:
  replicas: 1
  selector:
    matchLabels:
      app: transcend-app
  template:
    metadata:
      labels:
        app: transcend-app
    spec:
      containers:
        - name: transcend-container
          image: sombra:latest
          env:
            - name: ORGANIZATION_URI
              value: 'some-org'
            - name: SOMBRA_ID
              value: 'some-id'
            - name: JWT_ECDSA_KEY
              value: 'some-key'
            - name: INTERNAL_KEY_HASH
              value: 'some-key'
            - name: EMPLOYEE_AUTHENTICATION_METHODS
              value: transcend,session
            - name: DATA_SUBJECT_AUTHENTICATION_METHODS
              value: transcend,session
            - name: TRANSCEND_URL
              value: 'https://api.transcend.io' # https://api.us.transcend.io if hosted in the US environment.
          ports:
            - containerPort: 5042
            - containerPort: 5039
          resources:
            requests:
              memory: '1000Mi'
              cpu: '2000m'
            limits:
              memory: '2000Mi'
              cpu: '3000m'
```


Deployment Using Sample Kubernetes Configuration File