Sombra on Kubernetes

As a Docker container image, Sombra can easily be deployed into a Kubernetes (k8s) environment. This guide will provide a minimal example of a Sombra deployment on Kubernetes. For a full reference on deployment options, see the Self-hosting Sombra guide.

apiVersion: v1
kind: Namespace
metadata:
  name: transcend
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sombra-transcend-ingress
  namespace: transcend
  annotations:
    kubernetes.io/ingress.class: 'nginx'
spec:
  rules:
    - host: sombra-transcend.my-domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: sombra-transcend-ingress
                port:
                  number: 5042
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sombra-customer-ingress
  namespace: transcend
  annotations:
    kubernetes.io/ingress.class: 'nginx-internet'
spec:
  rules:
    - host: sombra-customer.my-domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: sombra-customer-ingress
                port:
                  number: 5039
---
apiVersion: v1
kind: Service
metadata:
  name: sombra-transcend-ingress
  namespace: transcend
spec:
  selector:
    app: transcend-app
  ports:
    - protocol: TCP
      port: 5042
      targetPort: 5042
  type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
  name: sombra-customer-ingress
  namespace: transcend
spec:
  selector:
    app: transcend-app
  ports:
    - protocol: TCP
      port: 5039
      targetPort: 5039
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: transcend-app
  namespace: transcend
spec:
  replicas: 1
  selector:
    matchLabels:
      app: transcend-app
  template:
    metadata:
      labels:
        app: transcend-app
    spec:
      containers:
        - name: transcend-container
          image: sombra:v7.147.6
          env:
            - name: ORGANIZATION_URI
              value: 'some-org'
            - name: SOMBRA_ID
              value: 'some-id'
            - name: INTERNAL_KEY
              value: 'some-key'
            - name: JWT_ECDSA_KEY
              value: 'some-key'
            - name: INTERNAL_KEY_HASH
              value: 'some-key'
            - name: EMPLOYEE_AUTHENTICATION_METHODS
              value: transcend,session
            - name: DATA_SUBJECT_AUTHENTICATION_METHODS
              value: transcend,session
          ports:
            - containerPort: 5042
            - containerPort: 5039
          resources:
            requests:
              memory: '1000Mi'
              cpu: '2000m'
            limits:
              memory: '2000Mi'
              cpu: '3000m'