Understand and prepare the prerequisites

The following prerequisites are required to successfully deploy a client gateway:

  1. A Postgres database

  2. A key vault service

Familiarity with Helm CLI installation is also required when opting to deploy with Kubernetes.

For deployment with Docker, a machine with below items installed is required:

  1. GIT CLI - please refer to the official guide for installation

  2. Docker - please refer the official guide for installation

A Postgres database

For deployment with Kubernetes, a Kubernetes cluster containing a Posgres database may be required.

A postgres database and user (with read and write access) credentials are required. They are crucial environment variables for the client gateway application.

The postgres database connection string is required. It may look like something like:

postgresql://USER:PASSWORD@POSTGRES_HOST:5432/DATABASE_NAME

If you need help with deploy a self-hosted postgres server, please refer to the Postgres deployment guide.

If you opt out using the postgres in the guide’s docker-compose file, you can remove the 'postgres' service and update the places depending on it.

Also replace other services' environment variable 'DB_NAME' with your own postgres db connection string.

A key vault service

The key vault service could be any one of the following options.

Whichever option is chosen, please see further guidance on how to obtain key vault access credentials for your chosen service.

Please use the values in the appropriate table below (click to expand) to configure the environment variables.

Azure Key Vault
Key
Type
Required
Value

SECRETS_ENGINE

String

true

azure

SECRET_PREFIX

String

false

ddhub/

AZURE_VAULT_URL

String

true

the key vault url, e.g. https://<VAULT NAME>.vault.azure.net

AZURE_CLIENT_ID

String

true

‘clientId’ of the service principle

AZURE_CLIENT_SECRET

String

true

'clientSecret' of the service principle

AZURE_TENANT_ID

String

true

'tenantId' of the service principle

AWS Secrets Manager
Key
Type
Required
Value

SECRETS_ENGINE

String

true

aws

SECRET_PREFIX

String

false

ddhub/

AWS_REGION

String

true

ap-southeast-2 (recommended)

AWS_ACCESS_KEY_ID

String

true

user’s access key id

AWS_SECRET_ACCESS_KEY

String

true

user’s secret access key

Vault Secrets Engine
Key
Type
Required
Value

SECRETS_ENGINE

String

true

vault

SECRET_PREFIX

String

false

ddhub/

VAULT_ENDPOINT

String

true

vault server address

VAULT_TOKEN

String

true

vault server access token

Familiarity with Helm installation

Please refer to Helm’s guide to installing the Helm CLI and prerequisites.

PreviousSelf-HostedNextDeploy with Kubernetes

Last updated