Skip to main content
All CollectionsCloudGen Access Docs
How to Deploy a Proxy in Kubernetes
How to Deploy a Proxy in Kubernetes
Barracuda Admin avatar
Written by Barracuda Admin
Updated over 2 years ago

Before You Begin

Prerequisites:

The steps described assume familiarity with kubernetes. The required images are available in the Dockerhub registry under the organization FydeInc.

Helm Chart

The helm chart is available at Artifactory and includes:

  • Orchestrator

  • Envoy

Check the Artifactory link or values.yaml file for all the configuration parameters.

Deployment

Create a custom-values.yaml file with the desired values.

Minimum required configuration for a successful deployment:

  • 'orchestrator.enrollmentToken.existingSecret.*’ or ‘orchestrator.enrollmentToken.newSecret’

Minimum required configuration to allow external access:

  • ‘envoy.loadBalancer.enabled’

  • ‘envoy.loadBalancer.annotations’

Add the helm repo and install the chart:

<code sh> 
helm repo add barracuda-cloudgen-access https://barracuda-cloudgen-access.github.io/helm-charts 
helm install my-release barracuda-cloudgen-access/cga-proxy --namespace  my-namespace --values custom-values.yaml 
</code sh>

Optionally, instead of using “helm install”, export the yaml files and deploy using your preferred method:

<code sh> 
helm template barracuda-cloudgen-access/cga-proxy --values custom-values.yaml 
</code sh>

Example

This extended example for a high availability deployment uses AWS NLB and Prometheus service monitors:

<code yaml> 
nameOverride: cga-proxy-my-deploy 
serviceMonitor: true 
priorityClassName: high-priority orchestrator: 
  enrollmentToken: 
    existingSecret: 
      name: cga-orchestrator-secret 
      key: enrollment-token 
  highAvailability: 
    enabled: true 
  resources: 
    limits: 
      cpu: 500m 
      memory: 512Mi 
    requests: 
      cpu: 100m 
      memory: 128Mi envoy:  
  replicaCount: 3 
  loadBalancer: 
    enabled: true 
    annotations: 
      service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: 
        app=cga-proxy,service=envoy-proxy-external,namespace=cga-proxy-my-deploy 
      service.beta.kubernetes.io/aws-load-balancer-type: nlb 
    externalTrafficPolicy: Local 
    port: 443   resources: 
    limits: 
      cpu: 500m 
      memory: 512Mi 
    requests: 
      cpu: 100m 
      memory: 128Mi redis-ha:  
  nameOverride: redis 
  priorityClassName: high-priority 
  redis: 
    resources: 
      requests: 
        cpu: 100m 
        memory: 200Mi 
      limits: 
        cpu: 100m 
        memory: 200Mi 
  sentinel: 
    resources: 
      requests: 
        cpu: 100m 
        memory: 200Mi 
      limits: 
        cpu: 100m 
        memory: 200Mi 
  hardAntiAffinity: true 
  exporter: 
    enabled: true 
    resources: 
      requests: 
        cpu: 100m 
        memory: 200Mi 
      limits: 
        cpu: 100m 
        memory: 200Mi 
    serviceMonitor: 
      enabled: true 
  podDisruptionBudget: 
    minAvailable: 2 
  persistentVolume: 
    enabled: false 
http-test: 
  enabled: true 
</code yaml>
Did this answer your question?