Deploying and connecting Service Interconnect edge gateways by using the CLI

Edit online

Use the palmctl CLI to deploy your Red Hat® Service Interconnect® gateways in IBM® Hybrid Cloud Mesh (Mesh) and connect the gateways by using a remote connection.

Prerequisites

  1. Install an Open Horizon agent to manage the gateway. See Installing an Open Horizon agent.
  2. Install the Mesh CLI. See Installing the CLI.
  3. Create or identify a Mesh network segment that contains the managed namespace. For more information about creating a network segment, see Creating Mesh network segments by using the CLI.
  4. Create or identify a Mesh-managed namespace that represents the Kubernetes namespace where you want to deploy the gateway.
  5. If you want to specify the version of Red Hat Service Interconnect that is installed when you deploy the gateway, complete the following steps:
    1. View the supported versions by running the following command: 
      palmctl get rhsi-versions
    2. When you deploy the gateway, include the following field with the appropriate version: 
      "intended_version": "<rhsi_version>"
    If a version is not specified, the latest supported version is installed. See Supported platforms and software.
Enabling external client access:

To enable applications that are running in non-Kubernetes environments to access services at this gateway, you must enable external client access when you deploy the gateway. By default, external client access is disabled.

For more information, see Configuring external client access by using the Mesh CLI.

Deploy the gateway

To deploy a gateway by using the palmctl CLI, follow these steps:
  1. Configure the gateway by using the palmctl patch command. For example, run a command like this: 
    cat << EOF | palmctl patch gateway --name <gateway-name> -f -
intended_compute_profile: <intended_compute_profile_type>
site_configuration: '{
  "ingress": "<ingress>",
  "ingress_host": "<ingress_host>",
  "router_ingress_host": "<router_ingress_host>",
  "controller_ingress_host": "<controller_ingress_host>",
  "ingress_annotations": "<ingress_annotations>",
  "flow_collector": true/false,
  "console": true/false,
  "router_console": true/false,
  "router_cpu": "<router_cpu>m",
  "router_cpu_limit": "<router_cpu_limit>m",
  "router_memory": "<router_memory>Mi",
  "router_memory_limit": "<router_memory_limit>Mi",
  "run_as_user": <run_as_user>,
  "controller_pod_annotation": "<controller_pod_annotation>",
  "site_name": "<site_name>",
  "router_mode": "interior",
  "labels": "<labels>",
  "router_logging": "<router_logging>",
  "create_network_policy": false,
  "enable_rest_api": true/false,
  "annotations": "<annotations>",
  "router_service_annotations": "<router_service_annotations>",
  "router_pod_annotations": "<router_pod_annotations>",
  "enable_service_sync": true,
  "routers": "<routers_count>",
  "router_load_balancer_ip": "<router_load_balancer_ip>",
  "router_data_connection_count": "<router_data_connection_count>",
  "enable_skupper_events": true/false
}'
EOF
    The parameters in the site configuration section are optional. For some of the parameters, the following default values apply if you do not provide a value. 
    router-mode: interior
router-logging: Information
create-network-policy: False
enable-service-sync: true
routers: 0
  2. Create the namespace where you want to deploy the gateway, if one does not exist already. For example, run a command like this: 
    cat << EOM | palmctl create namespace --cloud-name <cloud-name> --cluster-name <cluster-name> -f -
name: <namespace-name>
network_segment_id: <network_segment_id>
EOM
  3. Set the network segment ID and gateway ID for the namespace by using the palmctl patch command. For example, run a command like this: 
    cat << EOM | palmctl patch namespace --cloud-name <cloud-name> --cluster-name <cluster-name> --name <namespace-name> -f -
network_segment_id: <network_segment_id>
gateway_id: <gateway_id>
EOM
    The gateway is deployed with the parameters that you specified in step 1.
Notes:
  • <gateway-name> must be unique.
  • The available values for the intended_compute_profile are small, medium, large, and custom. For custom, the user can select router_cpu, router_cpu_limit, router_memory, or router_memory_limit to provide custom values. This field determines the maximum CPU and memory resources that the gateway can use. After the gateway is deployed, you cannot modify these settings.
  • The ingress attribute in the site_configuration field determines the ingress controller that is used when the gateway is deployed. For more information about the configuration settings, see the Initialise Skupper help document.
  • All site configuration parameters are optional.
  • For more information about the router configuration settings, see the Initialise Skupper help document. View the information about the site-name, router-mode, router-logging, annotations, router-service-annotations, router-pod-annotations, routers, router-data-connection-count, router-load-balancer-ip, create-network-policy, enable-service-sync, and labels options.
  • You can only update the site configuration parameters when the life_cycle_state parameter is set to gw-not-deployed. The life_cycle_state parameter is a Service Interconnect edge property.

Deploy the gateway by using YAML or JSON files

You can apply the gateway settings by using a YAML or JSON file. Using these files allows users to reuse them later. You can also use tools such as yq or jq to verify the integrity of the YAML or JSON.

  1. Create a YAML file to hold your input parameters. For example, create a file called gw_site_config_params.yaml and add the following input parameters:

    intended_compute_profile: <intended_compute_profile_type>
site_configuration: '{
  "ingress": "<ingress>",
  "ingress_host": "<ingress_host>",
  "router_ingress_host": "<router_ingress_host>",
  "controller_ingress_host": "<controller_ingress_host>",
  "ingress_annotations": "<ingress_annotations>",
  "flow_collector": true/false,
  "console": true/false,
  "router_console": true/false,
  "router_cpu": "<router_cpu>m",
  "router_cpu_limit": "<router_cpu_limit>m",
  "router_memory": "<router_memory>Mi",
  "router_memory_limit": "<router_memory_limit>Mi",
  "run_as_user": <run_as_user>,
  "controller_pod_annotation": "<controller_pod_annotation>",
  "site_name": "<site_name>",
  "router_mode": "interior",
  "labels": "<labels>",
  "router_logging": "<router_logging>",
  "create_network_policy": false,
  "enable_rest_api": true/false,
  "annotations": "<annotations>",
  "router_service_annotations": "<router_service_annotations>",
  "router_pod_annotations": "<router_pod_annotations>",
  "enable_service_sync": true,
  "routers": "<routers_count>",
  "router_load_balancer_ip": "<router_load_balancer_ip>",
  "router_data_connection_count": "<router_data_connection_count>",
  "enable_skupper_events": true/false
}'
EOF
  2. Create a JSON file to hold your input parameter. For example, created a file called siteconfig.json and the following input parameters: 
    {   "Intended_compute_profile": "custom",   "site_configuration": "{ \"ingress\":
      \"route\", \"ingress_host\": \"ingress.host.name\", \"router_ingress_host\":
      \"router.ingress.host.name\", \"controller_ingress_host\":
      \"controller.ingress.host.name\", \"ingress_annotations\":
      \"ingress_annotations6=ingress_annotations61\", \"flow_collector\": true, \"console\":
      false, \"router_console\": false, \"router_cpu\": \"100m\", \"router_cpu_limit\":
      \"1000m\", \"router_memory\": \"100Mi\", \"router_memory_limit\": \"1000Mi\",
      \"run_as_user\": 1000, \"controller_pod_annotation\":
      \"skupper.io/component=controller\", \"site_name\": \"site2266\", \"router_mode\":
      \"interior\", \"labels\": \"test2266\", \"router_logging\": \"info\",
      \"create_network_policy\": false, \"enable_rest_api\": false, \"annotations\":
      \"annotations=annotations2266\", \"router_service_annotations\":
      \"routerservice=value2266\", \"router_pod_annotations\": \"routerpod=value1\",
      \"enable_service_sync\": false, \"routers\": \"6\", \"router_load_balancer_ip\":
      \"6.5.5.5\", \"router_data_connection_count\": \"6\", \"enable_skupper_events\": false
      }" }

  3. Apply the gateway settings by using either a YAML or JSON file. For example, run a command like this:

    palmctl patch gateway --name <gw-name> -f gw_site_config_params.yaml
    palmctl patch gateway --name <gw-name> -f siteconfig.json
    Notes:
    • <gateway-name> must be unique.
    • The available values for the intended_compute_profile are small, medium, large, and custom. For custom, the user can select router_cpu, router_cpu_limit, router_memory, or router_memory_limit to provide custom values. This field determines the maximum CPU and memory resources that the gateway can use. After the gateway is deployed, you cannot modify these settings.
    • The ingress attribute in the site_configuration field determines the ingress controller that is used when the gateway is deployed. For more information about the configuration settings, see the Initialise Skupper help document.
    • All site configuration parameters are optional.
    • For more information about the router configuration settings, see the Initialise Skupper help document. View the information about the site-name, router-mode, router-logging, annotations, router-service-annotations, router-pod-annotations, routers, router-data-connection-count, router-load-balancer-ip, create-network-policy, enable-service-sync, and labels options.
    • You can only update the site configuration parameters when the life_cycle_state parameter is set to gw-not-deployed. The life_cycle_state parameter is a Service Interconnect edge property.

Connect two gateways

To connect two Service Interconnect edge gateways, you need to create a Mesh remote connection. The gateways that you are connecting must be associated with the same network segment.

Tip: A Mesh remote connection is unidirectional and has a source gateway and a destination gateway. However, Service Interconnect edge gateways are bidirectional. You do not need to create a Mesh remote connection in both directions.

To create a remote connection, you need the name of the source gateway and the ID of the destination gateway.

Complete the following steps:
  1. Get the ID of the destination gateway: 
    palmctl get gateways --cloud-name <cloud-name>
    • <cloud-name> is the name of the Mesh cloud where the gateways are defined.
    • The ID of the destination gateway is shown in the resource_id field in the output.
  2. Create the remote connection: 
    cat << EOM | palmctl create remoteconnection --gateway-name=<gateway-name> -f -
name: <connection-name>
remote_gw_id: <destination-gateway-resource-id>
EOM
    • <gateway-name> is the name of the source gateway.
    • <connection-name> must be unique.
    To establish communication between the gateways, Mesh requests a link that is secret from the destination gateway and deploys it on the source gateway.
    Tip: The output of the palmctl get remoteconnection and palmctl get remoteconnections commands contains a secure_health_status value. Use this value to determine whether a secure remote connection is up, down, or initializing. Ignore the health_status attribute.

What to do next

Create a Mesh connection policy so that service requests can flow over your Service Interconnect edge gateway. See Connecting applications by using policies with the Mesh CLI.