Kubernetes Gateways
Prerequisites
- A running Kubernetes cluster with publicly accessible nodes and stable IPs
Instructions
First, add your gateway/relay to the Admin UI and generate a token for it. To do this, log into the Admin UI and select Gateways on the left navigation bar. Click on the add gateway button in the upper right, and a box will pop up. You can rename the gateway here, or do it later.
If you intend to instead create a relay, click add relay, fill in the name, and click create. For more information on the difference between gateways and relays, please check out the gateway documentation.
Advertised host should be the IP address or host that the gateway will be listening on. Select a TCP port (default 5000) for the service to listen on.
Click on create and the token will appear onscreen.
Copy the token and put it aside, being careful to capture every character. You will need it again below. See sdm admin relay create-gateway if you want to generate a token via the CLI.
Encode the resulting token in base64:
echo -n [token-string>]| base64If you generate the token from the CLI, it will have a trailing
\ncharacter, which you will have to strip before passing it throughbase64.Create the YML file for your Kubernetes gateway/relay. Use the following, replacing
[token-in-base64]with the Base64-encoded token:---kind: SecretapiVersion: v1metadata:name: sdm-relay-secrettype: Opaquedata:token: [token-in-base64]---kind: DeploymentapiVersion: apps/v1metadata:name: sdm-relay-deploymentlabels:app: sdm-relayspec:replicas: 1 # must always be 1.selector:matchLabels:app: sdm-relaytemplate:metadata:labels:app: sdm-relayspec:# You may use node affinity to ensure that these containers are only# deployed to publicly visible nodes.# This doesn't work with fargate profiles# affinity:# nodeAffinity:# requiredDuringSchedulingIgnoredDuringExecution:# nodeSelectorTerms:# - matchExpressions:# - key: alpha.eksctl.io/nodegroup-name# operator: In# values:# - ng-1containers:- name: sdm-relayimage: quay.io/sdmrepo/relay:latestimagePullPolicy: Alwaysenv:- name: SDM_ORCHESTRATOR_PROBESvalue: ":9090"- name: SDM_RELAY_TOKENvalueFrom:secretKeyRef:name: sdm-relay-secretkey: tokenlivenessProbe:httpGet:path: /livenessport: 9090initialDelaySeconds: 5periodSeconds: 10If you are setting up a relay, that is the end of the config file. If you are setting up a gateway, you need the following added to your YML:
---kind: ServiceapiVersion: v1metadata:name: sdm-relay-servicelabels:app: sdm-relayspec:type: "NodePort"selector:app: sdm-relayports:- name: gateway# or relayport: 30001targetPort: 5000nodePort: 30001# You may use externalIPs as a way to get a stable IP configuration.# then map 80.11.12.10 to sdmrelay.mycompany.comexternalIPs:- 34.220.97.45To ensure that the external IP address is persistent, you'll need to either use node affinity (in the Deployment section) or
externalIPsin the NodePort section.To activate your gateway/relay, execute the kubectl command
$ kubectl create -f name-of-gateway-file.ymlTo verify that it is running, run
kubectl get servicesagain. You should see your gateway on the list of running services.$ kubectl get servicesNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEkubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21hsdm-relay-service NodePort 10.104.132.14 <none> 30001:30001/TCP 21hLogin to the Admin UI. In that section, the gateway you created should appear Online, with a heartbeat.
Relay status in Admin UI
If any errors occur or if the gateway does not report "online" status, please contact support@strongdm.com for assistance.