Deploying Gate in Kubernetes as Sidecar
In this scenario, Gate is deployed as a sidecar to a Pod and all the traffic to the Pod pass through Gate.
info
This is just an example of deployment. You should adjust it to your infrastructure.
Prerequisites
This tutorial uses Gate's Docker image.
Architecture
Example configuration
gate-sidecar.yaml
---
apiVersion: v1
kind: Service
metadata:
labels:
app: example
name: example
spec:
externalTrafficPolicy: Local
ports:
- port: 8080
targetPort: 8080
selector:
app: example
sessionAffinity: None
type: LoadBalancer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: example
spec:
replicas: 2
selector:
matchLabels:
app: example
template:
metadata:
labels:
app: example
spec:
containers:
- name: gate
image: slashid/gate
command: [gate, --env]
ports:
- containerPort: 8080
env:
- name: GATE_PORT
value: "8080"
# entire traffic will go to example service listening on port 80
- name: GATE_DEFAULT_TARGET
value: http://localhost:80
- name: example
image: slashid/example-service
command: [gate, --env]
env:
# this service is not exposed: it's only possible to access it through Gate
- name: PORT
value: "80"
- name: SERVICE_NAME
value: example
Testing locally
You can test this setup locally (for example, with Docker Desktop Kubernetes).
kubectl apply -f gate-sidecar.yaml
Once the deployment is ready, you can check if requests go through Gate.
curl -v http://localhost:8080/
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.79.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Length: 79
< Content-Type: application/json
< Servicehostname: example-868dc88f75-gmpx2
< Servicename: example
< Via: 1.0 gate
<
{
"service_hostname": "example-868dc88f75-gmpx2",
"service_name": "example"
}
if the Via: 1.0 gate header is present it means that everything works properly and Gate is up and running.