Kubernetes Gateways

Prerequisites

• A running Kubernetes cluster with publicly accessible nodes and stable IPs

Instructions

1. First, add your gateway/relay to the Admin UI and generate a token for it. To do this, log into the Admin UI and select Gateways on the left navigation bar. Click on the add gateway button in the upper right, and a box will pop up. You can rename the gateway here, or do it later.

   If you intend to instead create a relay, click add relay, fill in the name, and click create. For more information on the difference between gateways and relays, please check out the gateway documentation.

   Advertised host should be the IP address or host that the gateway will be listening on. Select a TCP port (default 5000) for the service to listen on.

   Click on create and the token will appear onscreen.

   Copy the token and put it aside, being careful to capture every character. You will need it again below. See sdm admin relay create-gateway if you want to generate a token via the CLI.

2. Encode the resulting token in base64: echo -n [token-string>]| base64

   If you generate the token from the CLI, it will have a trailing \n character, which you will have to strip before passing it through base64.

3. Create the YML file for your Kubernetes gateway/relay. Use the following, replacing [token-in-base64] with the Base64-encoded token:

   kind: Secret
   apiVersion: v1
   metadata:
   name: sdm-relay-secret
   type: Opaque
   data:
   # replace [token-in-base64] with the token generated by "sdm create relay-gateway"
   token: "[token-in-base64]"
   ---
   kind: Deployment
   apiVersion: apps/v1beta2
   metadata:
   name: sdm-relay-deployment
   labels:
   app: sdm-relay
   spec:
   replicas: 1 # must always be 1.
   selector:
   matchLabels:
   app: sdm-relay
   template:
   metadata:
   labels:
   app: sdm-relay
   spec:
   # You may use node affinity to ensure that these containers are only
   # deployed to publicly visible nodes.
   # affinity:
   #   nodeAffinity:
   #     requiredDuringSchedulingIgnoredDuringExecution:
   containers:
   - name: sdm-relay
   image: quay.io/sdmrepo/relay:latest
   imagePullPolicy: Always
   env:
   - name: SDM_ORCHESTRATOR_PROBES
   value: ":9090"
   - name: SDM_RELAY_TOKEN
   valueFrom:
     secretKeyRef:
       name: sdm-relay-secret
       key: token
   livenessProbe:
   httpGet:
   path: /liveness
   port: 9090
   initialDelaySeconds: 5
   periodSeconds: 10
   ---
   kind: Service
   apiVersion: v1
   metadata:
   name: sdm-relay-service
   labels:
   app: sdm-relay
   spec:
   type: "NodePort"
   ports:
   - name: gateway
   # or relay
   port: 30001
   targetPort: 8080
   nodePort: 30001
   # You may use externalIPs as a way to get a stable IP configuration.
   # then map 80.11.12.10 to sdmrelay.mycompany.com
   # externalIPs:
   #   - 80.11.12.10
   selector:
   app: sdm-relay

   To ensure that the external IP address is persistent, you'll need to either use node affinity (in the Deployment section) or externalIPs in the NodePort section.

4. To activate your gateway/relay, execute the kubectl command $ kubectl create -f name-of-gateway-file.yml

5. To verify that it is running, run kubectl get services again. You should see your gateway on the list of running services.

   $ kubectl get services
   NAME                TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)           AGE
   kubernetes          ClusterIP   10.96.0.1       <none>        443/TCP           21h
   sdm-relay-service   NodePort    10.104.132.14   <none>        30001:30001/TCP   21h

6. Login to the Admin UI. In that section, the gateway you created should appear Online, with a heartbeat.

   

If any errors occur or if the gateway does not report "online" status, please contact support@strongdm.com for assistance.