Deploy the Client Gateway

The information below assumes, as an example, that the user has selected the Azure Kubernetes service.

The Helm repository is available at:

https://ewfcontainerregistry.azurecr.io/helm/v1/repo

Add `ewf` helm repo

helm repo add ewf https://ewfcontainerregistry.azurecr.io/helm/v1/repo

In case you have run the command before, simply run helm repo update for the latest chart version (ddhub-client-gateway-api chart version 1.3.0 or 1.4.0 are recommended).

Create a namespace in the cluster

As an example, you might select ddhub-demo as the namespace in the cluster for this release. This namespace will be used throughout this document.

kubectl create namespace ddhub-demo

Create a Kubernetes secret

Depending on your secret engine choice, please run below command to create a secret, Replace the placeholder with your values or set them in your terminal environment.

Make sure the secret name matches the ‘nameOverride' in your helm overwrite-values.yaml, '-secret' is expected suffix.

AWS Secrets Manager - Secret Creation Command

/kubectl create secret generic ddhub-client-gateway-demo-secret --from-literal=AWS_REGION=$AWS_REGION --from-literal=AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID --from-literal=AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY --from-literal=DB_NAME=$DB_NAME -n $namespace

Azure Key Vault - Secret Creation Command

kubectl create secret generic ddhub-client-gateway-demo-secret --from-literal=AZURE_VAULT_URL=$AZURE_VAULT_URL --from-literal=AZURE_CLIENT_ID=$AZURE_CLIENT_ID --from-literal=AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET --from-literal=AZURE_TENANT_ID=$AZURE_TENANT_ID --from-literal=DB_NAME=$DB_NAME -n $namespace

HashiCorp Vault Engine - Secret Creation Command

kubectl create secret generic ddhub-client-gateway-demo-secret --from-literal=VAULT_TOKEN=$VAULT_TOKEN --from-literal=DB_NAME=$DB_NAME -n $namespace

Overwrite default helm values

Before running the installation command, please overwrite some default helm values accordingly.

In order to do so, create overwrite-values.yaml file. Copy and paste below snippet in to overwrite-values.yaml.

Please refer to GitHub - energywebfoundation/ddhub-client-gateway-helm for more helm chart values

clientgateway:
  config:
    websocket: NONE # Options: SERVER, CLIENT, NONE
    secret_engine: vault
    secret_engine_endpoint: http://demo-vault.ddhub-demo.svc:8200
    mtls_enabled: true
    dsb_base_url: https://ddhub-ewc.energyweb.org
    parent_namespace: dsmb.apps.ddhub.energyweb.auth.ewc
  scheduler:
    enabled: true
    image:
      tag: latest
    appConfig:
      USER_AUTH_ENABLED: "false"
      FETCH_MESSAGES_CRON_ENABLED: "true"
      CLEANUP_MESSAGES_CRON_ENABLED: "true"
      FETCH_MESSAGES_CRON_SCHEDULE: "* * * * *"
      CLEANUP_MESSAGES_CRON_SCHEDULE: "*/15 * * * *"
  ui:
    image:
      tag: latest
    
image:
  tag: latest
    
nameOverride: "ddhub-client-gateway-demo"
fullnameOverride: "ddhub-client-gateway-demo"
  
ingress:
  enabled: true
  annotations:
      kubernetes.io/ingress.class: azure/application-gateway
      appgw.ingress.kubernetes.io/ssl-redirect: "true"
  hosts:
    - host: ddhub-gateway-demo.YOURS.org
      paths:
      - path: /docs
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo
          servicePort: 80
      - path: /api
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo
          servicePort: 80
      - path: /docs-json
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo
          servicePort: 80
      - path: /events
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo
          servicePort: 80
      - path: /
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo-ui
          servicePort: 80
  tls:
    - secretName: your-tls-secret
      hosts:
        - ddhub-gateway-demo.YOURS.org

Before changing other values below, please note that, on line 32 in the sample above, azure/application-gateway is chosen ingress.class. This can be any equivalent ingress controller class (example: alb); simply update the ingress annotation accordingly.

If you want to run websocket mode, change Line 3 to [SERVER | CLIENT] read more

Change the values as described below:

Line 4 (secret_engine) - Update to the secret engine of choice: [vault | aws | azure]
Line 5 (secret_engine_endpoint)- If secret of choice is vault, update this value to your vault server address. Otherwise, skip this.
Line 13, the extra environment variables you can set for the API and Scheduler containers. `FETCH_MESSAGES_CRON_ENABLED` needs to be true (The appConfig will be merged with app’s Secret)
Line 35(host) and 59 - Replace these values with the hostname you have for this application.
Line 63 - (Optional for this demo) Create a TLS secret in the ddhub-demo namespace and replace this with the TLS secret name.

Install ddhub-client-gateway (based on gateway helm chart version 1.3.0)

After updating overwrite-values.yaml, simply run the below command at the same directory where the yaml file is located.

helm install ddhub-gateway-demo -f ./overwrite-values.yaml ewf/ddhub-client-gateway-api --version 1.3.0 -n ddhub-demo

After executing the command, please check the deployed pods by running the command below.

kubectl get all -n ddhub-demo

Configure Ingress (IP) address on the DNS provider

Run the below command to get the ingress (IP) address and set it accordingly on your DNS provider.

kubectl get ingress -n ddhub-demo

PreviousDeploy with Kubernetes NextVisit the Client Gateway

Last updated 18 hours ago