This page will give an overview of the installation process for Spring Cloud Gateway for Kubernetes using the Tanzu cli.
Prerequisites
Before beginning the installation or upgrade process, ensure that you have installed the following tools on your local machine:
- The
tanzucommand-line interface (CLI) andpackageplugin. Installation instructions can be found in the VMware Tanzu Application Platform.
You will also need sufficiently recent versions of the Carvel controllers running on your Kubernetes cluster:
kapp-controllerversion >=0.43.1. See installation instructions.secretgen-controllerversion >=0.12.0. See installation instructions.
Creating the target namespace
First, create the destination namespace for the Spring Cloud Gateway for Kubernetes installation. For package repository the namespace is tap-install, image pull secret and actual SCG can be customized via CLI.
kubectl create namespace tap-install
Adding the image pull secret
For the tanzu cli to install the Spring Cloud Gateway images, it requires the credentials for the Tanzu image registry, which is hosted on the VMware Tanzu Network. To create this secret, run:
tanzu secret registry add tap-registry \
--namespace tap-install \
--server "registry.tanzu.vmware.com" \
--username "{registry username}" \
--password "{registry password}" \
--export-to-all-namespaces
Replace {registry username} and {registry password} with your Tanzu Network credentials.
The --export-to-all-namespaces option instructs the secretgen-controller to make this image pull secret available to managed packages in any namespace. This is to support pulling the image when Spring Cloud Gateway instances are created in arbitrary namespaces.
You can check that this step has been successful with the following command:
tanzu secret registry list --namespace tap-install
You should see output similar to the following:
NAME REGISTRY EXPORTED AGE
tap-registry registry.tanzu.vmware.com to all namespaces 6s
The EXPORTED column should show to all namespaces.
Install the Spring Cloud Gateway for Kubernetes package repository
Next, install the Spring Cloud Gateway for Kubernetes package repository:
tanzu package repository add scg-package-repository \
--namespace tap-install \
--url registry.tanzu.vmware.com/spring-cloud-gateway-for-kubernetes/scg-package-repository:{version}
where {version} is the version you wish to install, e.g. 1.1.0.
Once the repository is successfully installed, the tanzu CLI should respond with:
Added package repository 'scg-package-repository' in namespace 'tap-install'
You can then check the packages available for installation with:
tanzu package available list --namespace tap-install
The list of available packages should now contain Spring Cloud Gateway:
NAME DISPLAY-NAME SHORT-DESCRIPTION LATEST-VERSION
...
spring-cloud-gateway.tanzu.vmware.com Spring Cloud Gateway Spring Cloud Gateway {version}
Install the Spring Cloud Gateway for Kubernetes package
You are now ready to install Spring Cloud Gateway for Kubernetes.
tanzu package install spring-cloud-gateway \
--namespace tap-install \
--package-name spring-cloud-gateway.tanzu.vmware.com \
--version {version}
Once successful, the tanzu CLI will report Added installed package 'spring-cloud-gateway'.
Security Considerations
As described above in the image pull secret installation step, the --export-to-all-namespaces option to the tanzu CLI instructs the secretgen-controller to make the image pull secret available to packages in any namespace.
Additionally, a ClusterRole named scg-operator-resources-role is created with permissions to manage specific Spring Cloud Gateway resources deployed in any namespace in the cluster. To see the specific resources and permissions managed by the cluster role, run:
kubectl describe ClusterRole scg-operator-resources-role
Installing the operator with multiple replicas
The Spring Cloud Gateway Operator defaults to a single replica. This should be suitable for most environments as the operator is resilient to downtime as it's data is stored in the Kubernetes clusters Etcd data store. Customers can opt to configure multiple replicas of the operator using the flag --replica_count with the installation script. Increasing the number of replicas will enable leadership election between the operator Pods. The leadership election mechanism is built into Kubernetes and is described in this blog post from the Kubernetes team
To enable multiple operator replicas with leadership election, install the product as follows;
Create a file containing the configuration for multiple replicas
scgOperator:
replicaCount: 2
Then install the product using the tanzu CLI
tanzu package install spring-cloud-gateway \
--namespace tap-install \
--package-name spring-cloud-gateway.tanzu.vmware.com \
--values-file config-with-multiple-replicas.yaml \
--version {version}
Update Spring Cloud Gateway for Kubernetes
To update Spring Cloud Gateway, you just need to first update the package repository with the new version:
tanzu package repository update scg-package-repository \
--url registry.tanzu.vmware.com/spring-cloud-gateway-for-kubernetes/scg-package-repository:{version} \
--namespace tap-install
And once this is done you can update the Spring Cloud Gateway for Kubernetes installed package using:
tanzu package installed update spring-cloud-gateway --namespace tap-install --version {version}
Uninstall Steps
To uninstall Spring Cloud Gateway, run:
tanzu package installed delete spring-cloud-gateway --namespace tap-install
Once this is done you can remove the Spring Cloud Gateway package repository using:
tanzu package repository delete scg-package-repository --namespace tap-install
