Skip to main content

Importing Cloudentity Configuration Using Import Job

This article provides instructions on configuring import job for importing the Cloudentity platform configuration.

About Import Job

The Cloudentity platform enables DevSecOps engineers to import its configuration according to the GitOps approach, where all configuration is stored within a Git repository. There is possibility to declarativly import configuration that stores tenants, servers, clients and much more.

To learn more about declarative configuration, see Declarative Configuration.

Prerequisites

  • Kubernetes cluster v1.16+

  • Helm v3.0+

Configure Import Job

There are two ways to proceed with import:

  • Helm chart built-in job

    This import job is recommended to be used for the Cloudentity platform deployed on Kubernetes with Helm Charts. For other deployments using the dedicated acp-cd Helm Chart described below is more convenient.

    It will create Helm hook to create K8s job which utilizes Cloudentity import command.

    Enable migrate job and provide data sample:

    importJob:
      enabled: true
      data:
        policies:
          - tenant_id: mytenant
            server_id: myworkspace
            id: block_test_policy
            policy_name: block_test
            language: cloudentity
            type: api
            validators:
              - name: "false"                  
  • Dedicated acp-cd helm chart

    As the configuration for declarative import could be complex, it will make values file less readable then it should. Additionally import job is done once ACP is running so it could be considered as provisioning task, not deployment one. For those reasons, you have a choice to use dedicated acp-cd helm chart to configure your Cloudentity deployment.

    To learn more about acp-cd, see the Install acp-cd Helm Chart documentation.