Creating a Kubernetes Gateway

Prerequisites

Instructions

  1. Generate a gateway token. Log into the Admin UI and select Gateways on the left navigation bar. Click on the add gateway button in the upper right, and a box will pop up. You can rename the gateway here, or do it later. Advertised host should be the IP address or host that the gateway will be listening on. Select a port for the service to listen on which should match port and nodePort in the YML files below. Bind IP should be 0.0.0.0 unless you only want the gateway to listen on one specific interface. Finally, the second port field should match targetPort in the YML below.

    Click on create and the gateway token will appear onscreen.

    New Gateway

    Copy the gateway token and put it aside, being careful to capture every character. You will need it again below.

    Note: See sdm relay create-gateway if you want to generate a token via the CLI.

  2. Encode the resulting token in base64: echo -n <token-string> | base64

    Note: If you generate the token from the CLI, it will have a trailing \n character, which you will have to strip before passing it through base64.

  3. Create the YML file for your Kubernetes gateway relay. Use the following, replacing <<< token-in-base64 >>> with the Base64-encoded token:

     kind: Secret
     apiVersion: v1
     metadata:
       name: sdm-relay-secret
     type: Opaque
     data:
       # replace <<< token-in-base64 >>> with the token generated by "sdm create relay-gateway"
       token: "<<< token-in-base64 >>>"
     ---
     kind: Deployment
     apiVersion: apps/v1beta2
     metadata:
       name: sdm-relay-deployment
       labels:
         app: sdm-relay
     spec:
       replicas: 1 # must always be 1.
       selector:
         matchLabels:
           app: sdm-relay
       template:
         metadata:
           labels:
             app: sdm-relay
         spec:
           # You may use node affinity to ensure that these containers are only
           # deployed to publicly visible nodes.
           # affinity:
           #   nodeAffinity:
           #     requiredDuringSchedulingIgnoredDuringExecution:
           containers:
           - name: sdm-relay
             image: quay.io/sdmrepo/relay:latest
             imagePullPolicy: Always
             env:
               - name: SDM_ORCHESTRATOR_PROBES
                 value: ":9090"
               - name: SDM_RELAY_TOKEN
                 valueFrom:
                   secretKeyRef:
                     name: sdm-relay-secret
                     key: token
             livenessProbe:
               httpGet:
                 path: /liveness
                 port: 9090
               initialDelaySeconds: 5
               periodSeconds: 10
     ---
     kind: Service
     apiVersion: v1
     metadata:
       name: sdm-relay-service
       labels:
         app: sdm-relay
     spec:
       type: "NodePort"
       ports:
       - name: gateway
         port: 30001
         targetPort: 8080
         nodePort: 30001
       # You may use externalIPs as a way to get a stable IP configuration.
       # then map 80.11.12.10 to sdmrelay.mycompany.com
       # externalIPs:
       #   - 80.11.12.10
       selector:
         app: sdm-relay
    

    Note: To ensure that the external IP address is persistent, you’ll need to either use node affinity (in the Deployment section) or externalIPs in the NodePort section.

  4. To activate your gateway, execute the kubectl command

    $ kubectl create -f name-of-gateway-file.yml

  5. To verify that it is running, run kubectl get services again. You should see your gateway on the list of running services.

     $ kubectl get services
     NAME                TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)           AGE
     kubernetes          ClusterIP   10.96.0.1       <none>        443/TCP           21h
     sdm-relay-service   NodePort    10.104.132.14   <none>        30001:30001/TCP   21h
    
  6. Login to the Admin UI. In that section, the gateway you created should appear Online, with a heartbeat.

    "Relay status in Admin UI"

    If any errors occur or if the gateway does not report “online” status, please contact support@strongdm.com for assistance.