Skip to content

Deploying Gangway

Deploying Gangway consists of writing a config file and then deploying the service. The service is stateless so it is relatively easy to manage on Kubernetes. How you provide access to the service is going to be dependent on your specific configuration.

Gangway is now aware of a multi-cluster configuration, we have developped a helm chart that will made deployment easily.

Here is a configration example :

host: 0.0.0.0
port: 8080
serveTLS: false
clusters:
  Production:
  - EnvPrefix: kube01
    apiServerURL: https://kube01-api-url:443
    audience: xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
    providerURL: https://accounts.google.com
    clientID: xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
    clientSecret: GXXXX-XXXXXXXXXXXXXXXXXXX
    clusterName: kube01
    emailClaim: email
    redirectURL: https://gangway.local/callback
    scopes:
    - openid
    - profile
    - email
    tokenURL: https://www.googleapis.com/oauth2/v4/token
    usernameClaim: email
  Development:
  - EnvPrefix: kube02
    apiServerURL: https://kube02-api-url:443
    audience: xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
    providerURL: https://accounts.google.com
    clientID: xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
    clientSecret: GXXXX-XXXXXXXXXXXXXXXXXXX
    clusterName: kube02
    emailClaim: email
    redirectURL: https://gangway.local/callback
    scopes:
    - openid
    - profile
    - email
    tokenURL: https://www.googleapis.com/oauth2/v4/token
    usernameClaim: email
  - EnvPrefix: kube03
    apiServerURL: https://kube03-api-url:443
    audience: xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
    providerURL: https://accounts.google.com
    clientID: xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
    clientSecret: GXXXX-XXXXXXXXXXXXXXXXXXX
    clusterName: kube03
    emailClaim: email
    redirectURL: https://gangway.local/callback
    clusterCAPath: /etc/gangly/pki/kube03/ca.crt
    scopes:
    - openid
    - profile
    - email
    tokenURL: https://www.googleapis.com/oauth2/v4/token
    usernameClaim: email