Configuring LTPA in Kubernetes
This topic includes the steps to configure LTPA keys on Kubernetes.
Before you begin
About this task
The changes in this task affect the following pods:
- community
Procedure
-
Create a secret that contains your LTPA keys.
kubectl create secret generic ltpa-keys --from-file=./ltpa.keys
- Change to the helm/templates directory and open the sametime-secrets.yaml file.
-
Find the base64 encoded value for your pass code.
To base64 encode the password, you can enter the following command in a Linux shell:
echo -n 'ltpa_key_password' | base64
-
Locate the
LtpaKeysPassword
line and replace the existing text with the base64 encoded LTPA key password. - Save and close the sametime-secrets.yaml file.
-
In the helm/values.yaml file set
enableLtpa
to true.enableLtpa : true
-
Add a new line that defines the number of minutes that the LTPA token is
valid.
The number of minutes must match the Domino web SSO token expiration field. For example, if the Domino Web SSO token expiration is 30 minutes, for example:
ltpaDurationMinutes: "30"
Note: The new line must be indented with two spaces. -
When using a realm, add a new line that defines the realm name.
ltpa.realm: <defaultrealm>
Note: For integrations with Connections, you must define the realm name in the values.yaml/config if/. For more information, see Integrating with HCL Connections. -
Apply your changes to the environment.
Verify that you are in the helm directory and run the following command to apply changes. Specify the Sametime deployment name for your environment. The default for Sametime Premium version 12 is sametime.
helm upgrade sametime_deployment_name .
Note: Be sure to include the dot at the end. It is part of the command.If you are unsure of your deployment name, issue the helm list command to find the name. If you upgraded from an earlier Sametime release, the default name is sametime-meetings. - Optional:
Restart the pods with the changes. Use the kubectl scale
command to scale the pods to zero and then to one that have been changed. You
must run the commands for each pod that the change affects.