:orphan:

.. _gatewayapi_install:

Install Gateway API
-------------------

1. Install gateway api CRDs and install nginx gateway fabric

.. code-block::

    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/standard-install.yaml
    helm install ngf oci://ghcr.io/nginx/charts/nginx-gateway-fabric \
    --namespace nginx-gateway \
    --create-namespace \
    --version 2.4.2 \
    --wait

2. Verify the gateway pods

.. code-block::

    kubectl -n nginx-gateway get all

3. Generate a gateway.yaml file with below contents and install gateway 

      * For non-secure connection you can exclude the https section
      * For secure connection, include the https section and complete steps 5-10  before apply the the change (Step 4) to gateway

.. code-block::

    apiVersion: gateway.networking.k8s.io/v1
    kind: Gateway
    metadata:
        name: aizen-nginx-gateway
        namespace: nginx-gateway
    spec:
        gatewayClassName: nginx
        listeners:
        - name: http
          protocol: HTTP
          port: 80
          allowedRoutes:
            namespaces:
                from: All

        ##Include the below section if you are using secure connections               
        - name: https
          protocol: HTTPS
          port: 443
          allowedRoutes:
            namespaces:
                from: All
          tls:
            mode: Terminate
            certificateRefs:
            - name: aizen-tls

4. Install the gateway

.. code-block::

    kubectl apply -f gateway.yaml

5. Install certificate manager

.. code-block::

    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml

6. Generate certificate issuer (ss-certissuer.yaml)

.. code-block::

    apiVersion: cert-manager.io/v1
    kind: ClusterIssuer
    metadata:
        name: selfsigned-issuer
    spec:
        selfSigned: {}

7. Apply  certificate issuer 

.. code-block::

    kubectl apply -f ss-certissuer.yaml

8. Generate self-signed certificate for Aizen platform(ss-aizencert.yaml)

.. code-block::

    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
        name: aizen-sscert
        namespace: nginx-gateway
    spec:
        secretName: aizen-tls
        issuerRef:
            name: selfsigned-issuer
            kind: ClusterIssuer
        dnsNames:
            - a.b.c.com   <-- Provide you unique dns name associated with the external IP

9. Apply self signed certificate

.. code-block::

    kubectl apply -f ss-aizencert.yaml

.. note::

        Execute step 4 to create the gateway


10. Verify the certificates

.. code-block::

    kubectl get certificate -n nginx-gateway
    kubectl get secret aizen-tls -n nginx-gateway
    kubectl -n nginx-gateway get gateway
    kubectl -n nginx-gateway describe gateway aizen-nginx-gateway