At the time this article being written on 14th of July 2020 there are two known issues in the instructions given on the documentation for installing Apigee Microgateway on Kubernetes:
You could follow below steps for resolving above two problems and installing the latest version of Apigee Microgateway on Kubernetes.
Apigee Microgateway installation process on Kubernetes uses three packages:
Apigee Microgateway v3.1.5, or any other version
Apigee Microgateway Installer for Kubernetes v3.0.2 (
edgemicroctl)
Apigee Microgateway Docker Image v3.1.5, or any other version
1. First install and configure Apigee Microgateway on the local machine:
organization=# Apigee Cloud organization name environment=# Apigee Cloud environment name username=# Apigee Cloud username
npm install -g edgemicro edgemicro configure -o ${organization} -e ${environment} -u ${username}
2. Find following values once the installation is completed:
config_file_path=# The path of the Microgateway {org}-{env}-config.yaml file key=# The key generated at the end of the Microgateway installation secret=# The secret generated at the end of the Microgateway installation
3. Download Apigee Microgateway Installer for Kubernetes v3.0.2:
curl -L https://raw.githubusercontent.com/apigee-internal/microgateway/master/kubernetes/release/downloadEdg... | sh -s v3.0.2
4. Add `edgemicroctl` client to your PATH. For example, run the following command on a MacOS or Linux system:
cd microgateway_v3.0.2__{OS_ARCH}/ export PATH=$PWD/bin:$PATH
5. Generate Kubernetes resources for Microgateway (Microgateway Deployment, Service and Secret) using Microgateway v3.0.2 installer:
edgemicroctl -org=${organization} -env=${environment} -key=${key} -sec=${secret} -conf=${config_file_path} > microgateway-k8s.yaml
If you are using a Kubernetes release greater than or equal to v1.16.0, please update following two configurations of the Microgateway Deployment definition in the microgateway-k8s.yaml file:
5.1. Change "apiVersion: extensions/v1beta1" of the Deployment to "apiVersion: apps/v1" in the microgateway-k8s.yaml file generated by edgemicoctl.
5.2. Add following label selector for the Deployment under spec/selector section in the microgateway-k8s.yaml file generated by edgemicoctl:
... apiVersion: apps/v1 kind: Deployment metadata: name: edge-microgateway namespace: default spec: replicas: 1 selector: matchLabels: app: edge-microgateway ...
6. Deploy Apigee Microgateway latest release on Kubernetes:
kubectl apply -f microgateway-k8s.yaml
7. Check the status of the Microgateway pod and service:
kubectl get pods -l app=edge-microgateway
If everything goes well, Microgateway pod status should be in Running state:
NAME READY STATUS RESTARTS AGE edge-microgateway-768747d877-nz9hv 1/1 Running 0 18m
Check the status of the service:
kubectl get services -l app=edge-microgateway
If the service is correctly deployed, something similar to following should be shown:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE edge-microgateway NodePort 10.83.247.42 <none> 8000:32134/TCP 19m
8. Either use the NodePort of the above Microgateway service or expose it using a Load Balancer/Ingress to be able to access it from an external network.
Note, the default runAsUser is 101 in the edgemicro:latest image as per edgemicro-sidecar-injector-configmap-release.yaml , however the k8s manifest generated by:
edgemicroctl -org=${ORG} -env=${ENV} -key=${EDGEMICRO_KEY} -sec=${EDGEMICRO_SECRET} -conf=${EDGEMICRO_CONF}
Still uses runUser: 100:
securityContext:
runAsNonRoot: true
runAsUser: 100
In order to use the microgateway-k8s.yaml manifest generated by edgemicroctl with the current edgemicro image, please update the generated manifest as follows:
securityContext:
runAsNonRoot: true
runAsUser: 101
In addition to the changes mentioned in the original post.
For convenience, following is a full example microgateway-k8s.yaml manifest which includes:
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: edge-microgateway
name: edge-microgateway
namespace: default
spec:
ports:
- name: http
port: 8000
protocol: TCP
targetPort: 8000
selector:
app: edge-microgateway
type: NodePort
status:
loadBalancer: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
name: edge-microgateway
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: edge-microgateway
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: edge-microgateway
spec:
containers:
- env:
- name: EDGEMICRO_ORG
valueFrom:
secretKeyRef:
key: mgorg
name: mgwsecret
- name: EDGEMICRO_ENV
valueFrom:
secretKeyRef:
key: mgenv
name: mgwsecret
- name: EDGEMICRO_KEY
valueFrom:
secretKeyRef:
key: mgkey
name: mgwsecret
- name: EDGEMICRO_SECRET
valueFrom:
secretKeyRef:
key: mgsecret
name: mgwsecret
- name: EDGEMICRO_CONFIG
valueFrom:
secretKeyRef:
key: mgconfig
name: mgwsecret
- name: EDGEMICRO_CONFIG_DIR
value: /opt/apigee/.edgemicro
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: gcr.io/apigee-microgateway/edgemicro:latest
imagePullPolicy: Always
name: edge-microgateway
ports:
- containerPort: 8000
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: "1"
memory: 1Gi
securityContext:
runAsNonRoot: true
runAsUser: 101
status: {}
---
apiVersion: v1
data:
mgconfig: {base64Encoded_mgconfig}
mgenv: {base64Encoded_mgenv}
mgkey: {base64Encoded_mgkey}
mgorg: {base64Encoded_mgorg}
mgsecret: {base64Encoded_mgsecret}
kind: Secret
metadata:
creationTimestamp: null
name: mgwsecret
type: Opaque
kind: Secret
metadata:
creationTimestamp: null
name: mgwsecret
type: Opaque