Deploy the Client Gateway

The information below assumes, as an example, that the user has selected the Azure Kubernetes service.

The Helm repository is available at: https://aemocontainerregistry.azurecr.io/helm/v1/repo

Add ewf helm repo

helm repo add ewf https://aemocontainerregistry.azurecr.io/helm/v1/repo

In case you have run the command before, simply run helm repo update for the latest chart version (ddhub-client-gateway-api chart version 1.3.0 or 1.4.0 are recommended).

Create a namespace in the cluster

As an example, you might select ddhub-demo as the namespace in the cluster for this release. This namespace will be used throughout this document.

kubectl create namespace ddhub-demo

Create a Kubernetes secret

Depending on your secret engine choice, please run below command to create a secret, Replace the placeholder with your values or set them in your terminal environment.

Make sure the secret name matches the ‘nameOverride' in your helm overwrite-values.yaml, '-secret' is expected suffix.

AWS Secrets Manager - Secret Creation Command

/kubectl create secret generic ddhub-client-gateway-demo-secret --from-literal=AWS_REGION=$AWS_REGION --from-literal=AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID --from-literal=AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY --from-literal=DB_NAME=$DB_NAME -n $namespace

Azure Key Vault - Secret Creation Command

kubectl create secret generic ddhub-client-gateway-demo-secret --from-literal=AZURE_VAULT_URL=$AZURE_VAULT_URL --from-literal=AZURE_CLIENT_ID=$AZURE_CLIENT_ID --from-literal=AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET --from-literal=AZURE_TENANT_ID=$AZURE_TENANT_ID --from-literal=DB_NAME=$DB_NAME -n $namespace

HashiCorp Vault Engine - Secret Creation Command

kubectl create secret generic ddhub-client-gateway-demo-secret --from-literal=VAULT_TOKEN=$VAULT_TOKEN --from-literal=DB_NAME=$DB_NAME -n $namespace

Overwrite default helm values

Before running the installation command, please overwrite some default helm values accordingly.

In order to do so, create overwrite-values.yaml file. Copy and paste below snippet in to overwrite-values.yaml.

Please refer to GitHub - energywebfoundation/ddhub-client-gateway-helm for more helm chart values

clientgateway:
  config:
    websocket: NONE # Options: SERVER, CLIENT, NONE
    secret_engine: vault
    secret_engine_endpoint: http://demo-vault.ddhub-demo.svc:8200
    mtls_enabled: false
    dsb_base_url: https://ddhub-demo.energyweb.org
    parent_namespace: wem.apps.aemo.iam.ewc
  scheduler:
    enabled: true
    image:
      tag: latest
    appConfig:
      USER_AUTH_ENABLED: "true"
      FETCH_MESSAGES_CRON_ENABLED: "true"
      CLEANUP_MESSAGES_CRON_ENABLED: "true"
      FETCH_MESSAGES_CRON_SCHEDULE: "* * * * *"
      CLEANUP_MESSAGES_CRON_SCHEDULE: "*/15 * * * *"
  ui:
    image:
      tag: latest
    
image:
  tag: latest
    
nameOverride: "ddhub-client-gateway-demo"
fullnameOverride: "ddhub-client-gateway-demo"
  
ingress:
  enabled: true
  annotations:
      kubernetes.io/ingress.class: azure/application-gateway
      appgw.ingress.kubernetes.io/ssl-redirect: "true"
  hosts:
    - host: ddhub-gateway-demo.YOURS.org
      paths:
      - path: /docs
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo
          servicePort: 80
      - path: /api
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo
          servicePort: 80
      - path: /docs-json
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo
          servicePort: 80
      - path: /events
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo
          servicePort: 80
      - path: /
        pathType: Prefix
        backend:
          serviceName: ddhub-client-gateway-demo-ui
          servicePort: 80
  tls:
    - secretName: your-tls-secret
      hosts:
        - ddhub-gateway-demo.YOURS.org

Before changing other values below, please note that, on line 32 in the sample above, azure/application-gateway is chosen ingress.class. This can be any equivalent ingress controller class (example: alb); simply update the ingress annotation accordingly.

If you want to run websocket mode, change Line 3 to [SERVER | CLIENT] read more

Change the values as described below:

Line 4 (secret_engine) - Update to the secret engine of choice: [vault | aws | azure]
Line 5 (secret_engine_endpoint)- If secret of choice is vault, update this value to your vault server address. Otherwise, skip this.
Line 6 (skip for this demo) change to true, only if you deploy for connecting to AEMO QA/Trial environments
Line 13, the extra environment variables you can set for the API and Scheduler containers. `FETCH_MESSAGES_CRON_ENABLED` needs to be true (The appConfig will be merged with app’s Secret)
Line 7, skip if default value is expected, otherwise change to AEMO QA/Trial ddhub-messagebroker
Line 8(parent_namespace), unique name for the project , should be provided by AEMO / EWF
Line 35(host) and 59 - Replace these values with the hostname you have for this application.
Line 63 - (Optional for this demo) Create a TLS secret in the ddhub-demo namespace and replace this with the TLS secret name.

Install ddhub-client-gateway (based on gateway helm chart version 1.3.0)

After updating overwrite-values.yaml, simply run the below command at the same directory where the yaml file is located.

helm install ddhub-gateway-demo -f ./overwrite-values.yaml ewf/ddhub-client-gateway-api --version 1.3.0 -n ddhub-demo

After executing the command, please check the deployed pods by running the command below.

kubectl get all -n ddhub-demo

Configure Ingress (IP) address on the DNS provider

Run the below command to get the ingress (IP) address and set it accordingly on your DNS provider.

kubectl get ingress -n ddhub-demo

PreviousUnderstand and prepare the prerequisites NextVisit the Client Gateway

Last updated 6 hours ago