Here you will find instructions for installing Spring Cloud Gateway for Kubernetes using the Tanzu command-line interface (CLI). Uninstall instructions are also included in this topic.

Prerequisites

Before beginning the installation or upgrade, verify that you have installed the tanzu CLI and package plug-in. You will find installation instructions in the VMware Tanzu Application Platform documentation.

More prerequisites follow, based on whether you are using Tanzu Application Platform or not.

Prerequisites: Using Tanzu Application Platform

If you are installing Spring Cloud Gateway for Kubernetes using Tanzu Application Platform, and you already have Tanzu Application Platform installed, then your cluster is already prepared for the installation of Spring Cloud Gateway for Kubernetes from the Tanzu Application Platform package repository. You can proceed to Checking packages available for installation.

Prerequisites: Not using Tanzu Application Platform

The steps in this section are required if you are not using Tanzu Application Platform.

Spring Cloud Gateway for Kubernetes can be installed from a kapp-controller package using the tanzu cli. The tanzu cli allows you to install, manage, and upgrade packages on a Kubernetes cluster.

  1. Set up Carvel

    You must have sufficiently recent versions of the Carvel controllers running on your Kubernetes cluster:

  2. Add the image pull secret

    For the tanzu CLI to install the Spring Cloud Gateway images, it requires a Secret containing the credentials for the Broadcom Packages image registry. You can generate a set of credentials for the secret from https://support.broadcom.com. Select Tanzu from the top menu, and then select Spring Enterprise Subscription from the My Downloads section on the right. Then, run:

    tanzu secret registry add spring-cloud-gateway-registry \
    --namespace ${package_namespace} \
    --server "registry.packages.broadcom.com" \
    --username "${registry_username}" \
    --password "${registry_password}" \
    --export-to-all-namespaces

    Important In this topic, ${package_namespace} refers to the package installation namespace, from which the tanzu cli can install, manage, and upgrade Spring Cloud Gateway packages. This must be different from where the Spring Cloud Gateway for Kubernetes operator is installed to (see deployment.namespace in the table below).

    When using Tanzu Application Platform, the default ${package_namespace} is tap-install.

    Where:

    • ${package_namespace} is your desired package installation namespace name.

    • ${registry_username} and ${registry_password} are your Tanzu Network credentials.

    • --export-to-all-namespaces instructs the secretgen-controller to make this image pull secret available to managed packages in any namespace. This is to support pulling the Gateway image when Spring Cloud Gateway instances are created in arbitrary namespaces.

    You can check that this step has been successful with the following command:

    tanzu secret registry list --namespace ${package_namespace}

    You should see an output similar to the following:

    NAME                           REGISTRY                         EXPORTED           AGE
spring-cloud-gateway-registry  registry.packages.broadcom.com   to all namespaces  6s

    The EXPORTED column should show to all namespaces.

  3. Installing the Spring Cloud Gateway for Kubernetes package repository

    Next, install the Spring Cloud Gateway for Kubernetes package repository:

    tanzu package repository add scg-package-repository \
    --namespace ${package_namespace} \
    --url registry.packages.broadcom.com/spring-cloud-gateway-for-kubernetes/scg-package-repository:${version}

    Where ${version} is the version of the package repository you wish to install, e.g. 2.2.5.

    Once the package repository is successfully installed, the tanzu CLI should respond with output similar to:

    Added package repository 'scg-package-repository' in namespace 'scg-install'

    Where scg-install would be the value assigned to ${package_namespace}.

Checking packages available for installation

You can now check the packages available for installation using the tanzu CLI. Run:

tanzu package available list --namespace ${package_namespace}

The list of available packages should now contain Spring Cloud Gateway.

NAME                                   DISPLAY-NAME          SHORT-DESCRIPTION      LATEST-VERSION
...
spring-cloud-gateway.tanzu.vmware.com  Spring Cloud Gateway  Spring Cloud Gateway   2.2.5

The value shown in the LATEST-VERSION column is the version of the Spring Cloud Gateway for Kubernetes package available to install in the next step.

Install the Spring Cloud Gateway for Kubernetes package

You are now ready to install the Spring Cloud Gateway for Kubernetes package. The default installation namespace for the SCG resources is spring-cloud-gateway.

Install the package using the tanzu CLI. Run:

tanzu package install spring-cloud-gateway \
    --namespace ${package_namespace} \
    --package spring-cloud-gateway.tanzu.vmware.com \
    --version ${version}

The tanzu CLI will report the progress of the installation:

Installing package 'spring-cloud-gateway.tanzu.vmware.com'
Getting package metadata for 'spring-cloud-gateway.tanzu.vmware.com'
Creating service account 'spring-cloud-gateway-spring-cloud-gateway-sa'
Creating cluster admin role 'spring-cloud-gateway-spring-cloud-gateway-cluster-role'
Creating cluster role binding 'spring-cloud-gateway-spring-cloud-gateway-cluster-rolebinding'
Creating package resource
Waiting for 'PackageInstall' reconciliation for 'spring-cloud-gateway'
'PackageInstall' resource install status: Reconciling
'PackageInstall' resource install status: ReconcileSucceeded
'PackageInstall' resource successfully reconciled

Added installed package 'spring-cloud-gateway'

You can also check the package status by running:

tanzu package installed list --namespace ${package_namespace}

Upon a successful installation, the status of the spring-cloud-gateway package should be Reconcile succeeded:

NAME                  PACKAGE-NAME                           PACKAGE-VERSION  STATUS
spring-cloud-gateway  spring-cloud-gateway.tanzu.vmware.com  2.2.5            Reconcile succeeded

By default Spring Cloud Gateway Operator and its components will be placed in the spring-cloud-gateway namespace.

Security considerations

As described earlier in image pull secret installation, the --export-to-all-namespaces option to the tanzu CLI instructs the secretgen-controller to make the image pull secret available to packages in any namespace.

Additionally, a ClusterRole and ClusterRoleBinding, named scg-operator-resources-role and scg-operator-resources-role-binding respectively, are created. These grant the Spring Cloud Gateway Operator permissions to manage Spring Cloud Gateway resources deployed in any namespace in the cluster. To see the specific resources and permissions managed by the ClusterRole, run:

kubectl describe ClusterRole scg-operator-resources-role

Installing the Operator with multiple replicas

The Spring Cloud Gateway Operator defaults to a single replica. This may be suitable for many environments, because the Operator is resilient to downtime due to its data being stored in the Kubernetes cluster's etcd data store.

Customers can opt to configure multiple replicas of the Operator using the replicaCount value override. Increasing the number of replicas activates leadership election between the Operator Pods. The leadership election mechanism is built into Kubernetes and is described in this blog post from the Kubernetes team.

To activate multiple Operator replicas with leadership election, install the product as follows:

  1. Create a YAML file containing the configuration for multiple replicas. For example, create a file named config-with-multiple-replicas.yaml with the following contents:

    deployment:
  namespace: spring-cloud-gateway
scgOperator:
  replicaCount: 2

  2. Install the product using the tanzu CLI, passing the path to your YAML file in the --values-file argument:

    tanzu package install spring-cloud-gateway \
    --namespace ${package_namespace} \
    --package spring-cloud-gateway.tanzu.vmware.com \
    --values-file config-with-multiple-replicas.yaml \
    --version ${version}

Updating Spring Cloud Gateway for Kubernetes

  • For Tanzu Application Platform users:

    • New versions of the Spring Cloud Gateway for Kubernetes package are made available through new versions of the Tanzu Application Platform package repository.

  • For users who are not using Tanzu Application Platform:

    • Update the Spring Cloud Gateway package repository to the new version. Run:

      tanzu package repository update scg-package-repository \
    --url registry.packages.broadcom.com/spring-cloud-gateway-for-kubernetes/scg-package-repository:${version} \
    --namespace ${package_namespace}

      After this is done, you can update the Spring Cloud Gateway for Kubernetes installed package by running:

      tanzu package installed update spring-cloud-gateway --namespace ${package_namespace} --version ${version}

      Where spring-cloud-gateway is the name of the installation used.

      You can use tanzu package installed list -n ${package_namespace} to confirm successful completion.

Uninstall steps

To uninstall Spring Cloud Gateway, run:

tanzu package installed delete spring-cloud-gateway --namespace ${package_namespace}

If you are not using Tanzu Application Platform, after the Spring Cloud Gateway package is removed, you can then remove the Spring Cloud Gateway package repository by running:

tanzu package repository delete scg-package-repository --namespace ${package_namespace}

Available parameters for the installation

There are other parameters that can be configured in the --values-file file specified during installation.

For example, custom-config.yaml is specified in the following installation.

scgOperator:
   image: my-scg-operator-image
gateway:
   image: my-gateway-image
logs:
   format: json

    tanzu package install spring-cloud-gateway \
        --namespace ${package_namespace} \
        --package-name spring-cloud-gateway.tanzu.vmware.com \
        --values-file custom-config.yaml \
        --version ${version}
Parameter Description Default
deployment.namespace Namespace used for deploying the SCG package spring-cloud-gateway
scgOperator.replicaCount Number of replicas of SCG Operator server 1
scgOperator.serviceType Type of Service to create for accessing SCG Operator server (See https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) ClusterIP
scgOperator.openApiServiceName Service name of the OpenAPI generation and route converter services scg-openapi-service
scgOperator.image Image for SCG Operator server <provided by relocate-images.sh>
scgOperator.imagePullPolicy Image Pull Policy for SCG Operator server (See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) IfNotPresent
scgOperator.registryCredentialsSecret Secret name in the same namespace that contains credentials for pulling the image from the registry spring-cloud-gateway-image-pull-secret
scgOperator.reconcilerTimeout Timeout limit for SCG Operator server to update routes. By default, 30s works fine for route configuration whose size is 1000 routes 30s
scgOperator.healthInitialDelay Number of seconds before the first execution of the Controllers Health Check 30s
scgOperator.healthFixedRate Number of seconds between invocations for Controllers Health Check 30s
scgOperator.startupProbe.initialDelaySeconds Number of seconds before the startup probe runs 15s
scgOperator.startupProbe.periodSeconds Interval in seconds between consecutive startup probe runs 3s
scgOperator.startupProbe.failureThreshold Number of consecutive startup probe failures allowed before the pod is restarted 40
scgOperator.livenessProbe.initialDelaySeconds Number of seconds after startup probe success before the liveness probe runs 3s
scgOperator.livenessProbe.periodSeconds Interval in seconds between consecutive liveness probe runs 5s
scgOperator.livenessProbe.failureThreshold Number of consecutive liveness probe failures allowed before the pod is restarted 6
gateway.image Image for Gateway servers <provided by relocate-images.sh>
gateway.minReadySeconds Number of seconds the StatefulSet controller will delay the next rollout after having a Gateway POD Ready. There is a period of time a POD is Ready without the proper Endpoint created which may cause a downtime 30s
gateway.enableExtensions Enable Extensions feature in Spring Cloud Gateway true
serviceAccount.create If the Service Account should be created automatically by the installer true
serviceAccount.name Name of the Service Account for Spring Cloud Gateway components spring-cloud-gateway
rbacs.create If the Role-based Access control rules should be created by the installer true
resources.requests.memory Memory requested for each SCG Operator server instance 1Gi
resources.requests.cpu CPU requested for each SCG Operator server instance 0.5
resources.limits.memory Memory limit on each SCG Operator server instance 1Gi
resources.limits.cpu CPU limit on each SCG Operator server instance <empty>
kubectlImage.repository Repository of the image used for cleaning up installation rancher/hyperkube
kubectlImage.tag Tag of the image used for cleaning up installation v1.20.10-rancher1
kubectlImage.pullPolicy Image pull policy (See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) IfNotPresent
cleanupCustomResources.forceDeletion If the clean-up process should force the deletion of Spring Cloud Gateway's Custom resources false
logs.format Logs format used by SCG Operator server and Gateway instances. Values: 'json' or 'default' json
caCertData Custom Certification Authority (CA) certificate in PEM format. See Adding your self-signed cert with caCertData. <empty>
certManager.clusterIssuer The cert-manager ClusterIssuer to use as the Certification Authority (CA). See Using the cert-manager ClusterIssuer. <empty>
check-circle-line exclamation-circle-line close-line
Scroll to top icon