Skip to content

Instantly share code, notes, and snippets.

@rvennam

rvennam/GlooMeshExternalCertsInstall.md

Last active June 9, 2021 18:23
Show Gist options
  • Save rvennam/065c4df9917ed136ebbda188bf055cbe to your computer and use it in GitHub Desktop.
Save rvennam/065c4df9917ed136ebbda188bf055cbe to your computer and use it in GitHub Desktop.
Download ZIP
Raw
GlooMeshExternalCertsInstall.md

Install Gloo Mesh using External Certs

MGMT CLUSTER

kubectl config use-context mgmt
kubectl create namespace gloo-mesh

Create the root, server and signing secrets

  kubectl create secret generic relay-root-tls-secret \
  --from-file=ca.crt=relay-root.crt \
  --dry-run=client -oyaml | kubectl apply -f- \
  --namespace gloo-mesh

kubectl create secret generic relay-server-tls-secret \
  --from-file=tls.key=relay-server-tls.key \
  --from-file=tls.crt=relay-server-tls.crt \
  --from-file=ca.crt=relay-root.crt \
  --dry-run=client -oyaml | kubectl apply -f- \
  --namespace gloo-mesh

# Not used, but needed for GM to start. Copy of relay-server-tls-secret
kubectl create secret generic relay-tls-signing-secret \
  --from-file=tls.key=relay-server-tls.key \
  --from-file=tls.crt=relay-server-tls.crt \
  --from-file=ca.crt=relay-root.crt \
  --dry-run=client -oyaml | kubectl apply -f- \
  --namespace gloo-mesh

# Not used, but needed for GM to start.
kubectl create secret generic relay-identity-token-secret --from-literal=token=dummy -n gloo-mesh

Install Gloo Mesh

helm repo add gloo-mesh-enterprise https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-enterprise
helm repo update
helm install gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise \
--namespace gloo-mesh \
--set licenseKey=${GLOO_MESH_LICENSE_KEY}  \
--set gloo-mesh-ui.GlooMeshDashboard.apiserver.floatingUserId=true \
--set enterprise-networking.selfSigned=false

Expose enterprise-networking service using OpenShift Route:

oc create route passthrough enterprise-networking-route --service enterprise-networking --port 9900 -n gloo-mesh

RELAY_HOST=$(oc get routes -n gloo-mesh enterprise-networking-route  -o=jsonpath='{.spec.host}')
echo "RELAY_HOST: ${RELAY_HOST}"

Note the RELAY_HOST above. We need it in the next section

REMOTE CLUSTER

kubectl config use-context remotecluster1
kubectl create namespace gloo-mesh

Create the root and client secret

kubectl create secret generic relay-root-tls-secret \
 --from-file=ca.crt=relay-root.crt \
 --dry-run=client -oyaml | kubectl apply -f- \
 --namespace gloo-mesh

kubectl create secret generic relay-client-tls-secret \
   --from-file=tls.key=relay-client-tls.key \
   --from-file=tls.crt=relay-client-tls.crt \
   --from-file=ca.crt=relay-root.crt \
   --dry-run=client -oyaml | kubectl apply -f- \
   --namespace gloo-mesh

Install the Agent on the remote cluster

helm install enterprise-agent enterprise-agent/enterprise-agent \
  --namespace gloo-mesh \
  --set relay.serverAddress=${RELAY_HOST}:443 \
  --set relay.authority=${RELAY_HOST} \
  --set relay.cluster=remotecluster1 \
  --version 1.0.12

Create Kubernetes Cluster object on the MGMT cluster

Switch back to the mgmt cluster and apply the KubernetesCluster object representing the remote cluster

kubectl config use-context mgmt

kubectl apply -f- <<EOF
apiVersion: multicluster.solo.io/v1alpha1
kind: KubernetesCluster
metadata:
  name: remotecluster1
  namespace: gloo-mesh
spec:
  clusterDomain: cluster.local
EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment