Akeyless Gateway on K8s

Prerequisites

Please review the Akeyless GW prerequisites for a list of needed prerequisites.

Please ensure that the following prerequisites are met:

1.Kubectl Installed.

2.Helm Installed.

3.Kubernetes metrics server installed on your cluster

Introduction

Akeyless GW can be deployed using Helm. This chart bootstraps Akeyless GW deployment on a K8s cluster using the Helm package manager. This chart has been tested to work with NGINX Ingress and cert-manager.

More Information can be found at: https://github.com/akeylesslabs/helm-charts/tree/main/charts/akeyless-api-gateway

Deploy Akeyless GW via Helm

Add the following repository to your Helm repository list:

helm repo add akeyless https://akeylesslabs.github.io/helm-charts
helm repo update
helm show values akeyless/akeyless-api-gateway

Preparation

The following information must be provided:

  • Admin Access ID.

  • Admin Access Key or Admin Password in case you are using email authentication.

  • Cluster name (default value is: “defaultCluster”).

  • Encryption key name that will be used to encrypt configuration (if not provided default account key will be used).

  • Customer Fragments - In case you are working with Zero Knowledge

👍

Info

Make sure your GW authentication method has the right access permissions using a dedicated access role.

Helm Chart

Edit the values.yaml file locally:

Parameter

Description

akeylessUserAuth.adminAccessId

Akeyless Access ID (can used as email address)

akeylessUserAuth.adminAccessKey

Akeyless Access Key

akeylessUserAuth.adminPassword

Akeyless Access Password (should be used only when akeylessUserAuth.adminAccessId is email)

akeylessUserAuth.clusterName

Akeyless Gateway cluster name

akeylessUserAuth.configProtectionKeyName

Akeyless Protection key name

customerFragments

Akeyless Gateway customer fragment

allowedAccessIDs

List of allowed Access ID's to enable multiple users to be able to login and manage Akeyless GW.

Default is set to none- i.e. 1 admin user.

Note: While using a shared Authentication method, please make sure to provide the relevant sub claims as well.

initialClusterDisplayName

Unique display name to be shown inside Akeyless gateways monitor screen.

To add your own Fragment please insert this to the values.yaml file

# Customer Fragment is a critical component that allow customers to use a Zero-Knowledge Encryption.
# For more information: https://akeyless.readme.io/docs/implement-zero-trust
customerFragments: |
  {
      "customer_fragments": [
          {
              "id": "cf-xxxxxxxxxxxxx",
              "value": "xxxxxxxxxxxxxxxxxxxxxx"
          }
      ]
  }

Deploy the Akeyless Gateway

Deploy the Helm chart.

helm install <RELEASE_NAME>  akeyless/akeyless-api-gateway -f values.yaml 

Validate the Akeyless Gateway

Once your pods are up and running you verify the deployment:

kubectl logs <Your Pod name>

Access the Akeyless Gateway

On your browser: http:// Your server IP:8000

❗️

Configure TLS

Please configure TLS on your first login which can be found on the General menu.

Login using your Akeyless admin credentials and start configuring the Akeyless Gateway.


Did this page help you?