How to deploy shibboleth service provider in Kubernetes environment?
Peter Schober
peter.schober at univie.ac.at
Fri May 24 09:56:38 EDT 2019
* Karthikeyan Sundararajan <karthikeyan.s at accionlabs.com> [2019-05-24 15:18]:
> In non-docker environment, apache2 and shibd services runs no the same
> server and apache2 communicates with shibd using mod_shib apache module
> (correct me if am wrong)
Well, on GNU/Linux and Unix mod_shib and shibd communicate over a unix
domain socket by default, on MS-Windows they use a TCP socket.
Cf. https://wiki.shibboleth.net/confluence/display/SP3/Listener
While you could use TCP sockets on GNU/Linux note that there's no
security layer in that protocol, so securing that would be left to the
deployer.
> Is it possible to deploy shibboleth service provider in separate
> container and apache in separate container?
It's possible, but why would you chose to do that?
Just keeping them both in the same container avoids security issues
and makes deployment easier. I don't think you can swap out either
half for other verions or running different build/packaging so it's
best to treat those as a single system.
> Now I just want to deploy one more container for shibboleth, is it possible?
Probably, but you'll need to put mod_shib within your httpd container,
too, so just put shibd there, too, the way supported OS packaging does.
-peter
More information about the users
mailing list