Deploying and connecting Service Interconnect edge gateways by using the Mesh console

Prerequisites

1. Install the Open Horizon agent to manage the gateway. See Installing an Open Horizon agent.

   After the Open Horizon agent is installed, the Service Interconnect edge gateway is automatically registered in Mesh and is shown on the Unmanaged gateways tab on the Gateways page.

2. Create a Mesh network segment to support the interconnections between the Service Interconnect edge gateways. See Creating network segments by using the Mesh console.

Deploy a Service Interconnect edge gateway

Complete the following steps in the Mesh console:

1. On the Gateways page, click the Unmanaged gateways tab.
2. Click Deploy gateway for the gateway that you want to deploy. A default gateway name is provided but you can edit the name.
3. Click Type and select from a list of supported versions of Red Hat Service Interconnect or Skupper.
4. Click Network segment name. Then choose a network segment name or click Create a network segment.
5. Select the gateway infrastructure group.
6. Click Connect cluster.
   1. Choose the cluster where you want to deploy the gateway.
   2. Select the application group, then click Select.
7. Optional: Enter a label and a description.
8. Click Next.
9. In the Gateway configuration section, select a router size for the gateway. You can also specify a custom router size. The router size determines the following CPU and memory settings for the gateway:
   • The initial CPU and memory resources that are requested for the gateway.
   • The maximum CPU and memory resources that the gateway can use.
   After the gateway is deployed, you cannot modify these settings.

   For more information about the settings, see the Initialise Skupper help document. View the information about the router-cpu, router-memory, router-cpu-limit, and router-memory-limit options.

10. Enable access at this gateway for external client applications. By default, external client access is disabled.
    Enable applications that are running in non-Kubernetes environments such as VMs to access services that are available at this gateway.

    1. From the External client access list, select Enabled (LoadBalancer).
    2. Enter the range of IP addresses that the gateway can assign to services that are exposed at this gateway.

       The services are exposed at the gateway by connection policies. When external client access is enabled and the gateway assigns an IP address to a service, a service entry point is created in Mesh automatically.

    For more information, see Configuring external client access by using the Mesh console.

11. Specify the ingress configuration settings.

    When the gateway is deployed, these settings are provided as parameters to the Red Hat Service Interconnect site controller on the edge cluster. If you don't specify the ingress settings, the Skupper router selects the appropriate ingress type and other settings that are used.

    For more information about the configuration settings, see the Initialise Skupper help document. View the information about the ingress, ingress-host, router-ingress-host, controller-ingress-host, and ingress-annotations options.

    1. (Optional for gateways on the inbound side of a remote connection) Select an ingress type from the list. The ingress type determines the ingress controller that is used when the gateway is deployed.

       If you don't select an ingress type or select Not specified, a default type is assigned automatically when the gateway is deployed. For Red Hat OpenShift® clusters, the OpenShift Route type is assigned. For other Kubernetes clusters, the Load balancer type is assigned.

       For gateways that are on the inbound side of a remote connection, an ingress type is required. These gateways receive a connection request and must have permission to allow incoming traffic. If you don't choose an ingress type, a default type is assigned.

       For gateways that are on the outbound side, no ingress type is required. You can choose None so that a default ingress type is not assigned when the gateway is deployed.

    2. In the Ingress host name field, you can specify the host name for the general ingress controller in the Red Hat Service Interconnect installation.

       The host name must be a valid domain name, for example router1.example.com. The host name points to the location where the ingress controller is deployed, such as a load balancer or a specific node on the cluster. The value must be a publicly accessible host name or IP address that external clients can reach over the network.

    3. In the Router ingress host name and Controller ingress host name fields, you can specify the host names for the Red Hat Service Interconnect router and controller.

       These fields enable more granular control over how external traffic is routed to services within the Kubernetes cluster. If you don't specify values, these fields default to the Ingress host name value.

    4. In the Ingress annotations field, you can specify annotations that provide additional information about the ingress resources that are created during the gateway deployment.

       Enter a comma-separated list of key-value pairs in this format:

       <name1>=<value1>,<name2>=<value2>

       For example:

       kubernetes.io/ingress.class=traefik,nginx.ingress.kubernetes.io/ssl-passthrough=true

       For more information about the format rules, see Syntax and character set in Kubernetes annotations.

12. Specify the router configuration settings.

    If you don't specify the router configuration settings, the Skupper router selects the appropriate settings that are used.

    For more information about the configuration settings, see the Initialise Skupper help document. View the information about the site-name, router-mode, router-logging, annotations, router-service-annotations, router-pod-annotations, routers, router-data-connection-count, router-load-balancer-ip, create-network-policy, enable-service-sync and labels options.

    1. In the Site name field, specify the host name for the Red Hat Service Interconnect installation.
    2. In the Router logging drop-down, select a log level for the router from the list. If you don't select a router log level, the default log level assigned is information.
    3. In the Annotations, Router service annotations, and Router pod annotations fields, specify annotations that provide additional information about the router resources that are created during the gateway deployment.

       Enter a comma-separated list of key-value pairs in this format:

       <name1>=<value1>,<name2>=<value2>

       For example:

       kubernetes.io/ingress.class=traefik,nginx.ingress.kubernetes.io/ssl-passthrough=true

       For more information about the format rules, see Syntax and character set in Kubernetes annotations.

    4. In the Routers field, specify the number of router instances that you want to start in the Red Hat Service Interconnect gateway.

       If you specify two or more router instances, it does not make the gateway highly available. Instead, the second instance acts as a backup. It doesn’t actively handle traffic, but is ready to take over if the primary instance fails.

    5. In the Router data connection count field, specify the number of active data connections that the router can establish with other routers on the network.
    6. In the Load balancer field, specify the IP address of the load balancer.

       If you specified the ingress type as Load balancer for your Kubernetes cluster, then you can specify the IP address that the load balancer allocates to your router instance.

    7. In the Labels field, enter a label. Click Add.
13. Click Deploy.

The deployment of a gateway can take several minutes. You can view the status of the deployment on the Gateways page, under the Managed gateways tab.

Connect two Red Hat Service Interconnect gateways with a remote connection

To connect two Service Interconnect edge gateways, you must create a Mesh remote connection. The remote connection establishes a communication channel between the two gateways. The gateways must be associated with the same network segment.

When you create the remote connection, you must choose the gateway that initiates the connection. When the connection is established, data can flow in either direction between the two gateways.

For example, you might have an application in a cloud environment and an application in an on-prem VMware vSphere™ environment and you need to connect the two environments. Service Interconnect edge gateways are deployed in both environments. The cloud environment allows inbound and outbound connections. The firewall rules in the on-prem environment allow outbound connections but prevent inbound connections.

When you create the remote connection, you must specify that the on-prem gateway is on the outbound side of the connection. Therefore, the on-prem gateway initiates the connection, which satisfies the firewall rules.

1. On the Gateways page, click one of the Red Hat Service Interconnect gateways that you want to connect.
2. In the Remote connections section, click Create connection.
3. Choose a direction from the Creation direction list and click Select gateway.
4. On the Select connecting gateway page, click the gateway that you want to connect and click Select gateway.
5. Choose a link metric value and click Create.

What to do next

Create a connection policy so that service requests can flow over your Red Hat Service Interconnect gateways. See Connecting applications by using policies in the Mesh console.