[en] Add egressgateway pages (#6237)

DaoCloud · Feb 24, 2025 · 10cd891 · 10cd891
1 parent 0dfe9fa
commit 10cd891
Show file tree

Hide file tree

Showing 21 changed files with 1,194 additions and 21 deletions.
diff --git a/docs/en/docs/network/modules/egressgateway/aws/marketplace-install.md b/docs/en/docs/network/modules/egressgateway/aws/marketplace-install.md
@@ -0,0 +1,146 @@
+# Installing EgressGateway from AWS Marketplace
+
+EgressGateway provides a cost-effective, scalable egress traffic management solution that meets enterprise requirements for fixed public IP functionality. It serves as an ideal alternative to NAT Gateway, enabling lower-cost and more fine-grained egress connection control.
+
+This guide explains how to install EgressGateway from AWS Marketplace.
+
+## Prerequisites
+
+Before installation, ensure you meet the following prerequisites:
+
+- Subscribe to EgressGateway.
+- Create a Kubernetes cluster.
+
+## Installing with Helm
+
+After subscribing to EgressGateway, install it on your Kubernetes cluster using the Helm Chart.
+
+!!! note
+
+    The `username` and `password-stdin` correspond to your AWS login credentials.
+
+```shell
+export HELM_EXPERIMENTAL_OCI=1
+aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
+mkdir awsmp-chart && cd awsmp-chart
+helm pull oci://709825985650.dkr.ecr.us-east-1.amazonaws.com/daocloud-hong-kong/egressgateway --version 0.0.2
+tar xf $(pwd)/* && find $(pwd) -maxdepth 1 -type f -delete
+helm install --generate-name --namespace <ENTER_NAMESPACE_HERE> ./*
+```
+
+## Getting Started
+
+Once the installation is complete, follow these steps to start using EgressGateway.
+
+### Creating a Gateway Instance
+
+1. Select gateway nodes and label them.
+
+    ```shell
+    ~ kubectl get nodes -A -o wide
+    NAME                             STATUS   ROLES    AGE   VERSION               INTERNAL-IP      EXTERNAL-IP                         
+    ip-172-16-103-117.ec2.internal   Ready    <none>   25m   v1.30.0-eks-036c24b   172.16.103.117   34.239.162.85  
+    ip-172-16-61-234.ec2.internal    Ready    <none>   25m   v1.30.0-eks-036c24b   172.16.61.234    54.147.15.230
+    ip-172-16-62-200.ec2.internal    Ready    <none>   25m   v1.30.0-eks-036c24b   172.16.62.200    54.147.16.130  
+    ```
+
+    In this demo, we select `ip-172-16-103-117.ec2.internal` and `ip-172-16-62-200.ec2.internal` as gateway nodes and label them with `role: gateway`.
+
+    ```shell
+    kubectl label node ip-172-16-103-117.ec2.internal role=gateway
+    kubectl label node ip-172-16-62-200.ec2.internal role=gateway
+    ```
+
+2. Create a gateway instance and use labels to match the gateway nodes. Example YAML:
+
+    ```yaml
+    apiVersion: egressgateway.spidernet.io/v1beta1
+    kind: EgressGateway
+    metadata:
+      name: "egressgateway"
+    spec:
+      nodeSelector:
+        selector:
+          matchLabels:
+            role: gateway
+    ```
+
+### Deploying a Test Pod
+
+After creating the gateway instance, deploy a Pod to validate the setup. In this demo, we run the Pod on the `ip-172-16-61-234.ec2.internal` node. Example YAML:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mock-app
+  labels:
+    app: mock-app
+spec:
+  nodeName: ip-172-16-61-234.ec2.internal
+  containers:
+  - name: nginx
+    image: nginx
+```
+
+Verify that the Pod is in the `Running` state.
+
+```shell
+~ kubectl get pods -o wide
+NAME                                        READY   STATUS    RESTARTS   AGE   IP               NODE                             NOMINATED NODE   READINESS GATES
+egressgateway-agent-zw426                   1/1     Running   0          15m   172.16.103.117   ip-172-16-103-117.ec2.internal   <none>           <none>
+egressgateway-agent-zw728                   1/1     Running   0          15m   172.16.61.234    ip-172-16-61-234.ec2.internal    <none>           <none>
+egressgateway-controller-6cc84c6985-9gbgd   1/1     Running   0          15m   172.16.51.178    ip-172-16-61-234.ec2.internal    <none>           <none>
+mock-app                                    1/1     Running   0          12m   172.16.51.74     ip-172-16-61-234.ec2.internal    <none>           <none>
+```
+
+### Configuring a Gateway Policy for Pods
+
+An EgressGateway policy defines which Pods' egress traffic should be forwarded through EgressGateway nodes and specifies additional configuration details. Any Pod matching the policy that attempts to access an external address (outside Node IPs, CNI Pod CIDR, or ClusterIP) will be forwarded through the EgressGateway node.
+
+Example YAML:
+
+```yaml
+apiVersion: egressgateway.spidernet.io/v1beta1
+kind: EgressPolicy
+metadata:
+  name: test-egw-policy
+  namespace: default
+spec:
+  egressIP:
+    useNodeIP: true
+  appliedTo:
+    podSelector:
+      matchLabels:
+        app: mock-app
+  egressGatewayName: egressgateway
+```
+
+### Testing the Egress IP Address
+
+Exec into the container and run `curl ipinfo.io` to verify that the Pod is using the gateway node's IP to access the internet. `ipinfo.io` will return the public IP.
+
+!!! note
+
+    Since EgressGateway implements high availability (HA) with an active-standby mechanism, the egress IP will change automatically if a failover occurs.
+
+```shell
+kubectl exec -it -n default mock-app bash
+curl ipinfo.io
+{
+  "ip": "34.239.162.85",
+  "hostname": "ec2-34-239-162-85.compute-1.amazonaws.com",
+  "city": "Ashburn",
+  "region": "Virginia",
+  "country": "US",
+  "loc": "39.0437,-77.4875",
+  "org": "AS14618 Amazon.com, Inc.",
+  "postal": "20147",
+  "timezone": "America/New_York",
+  "readme": "https://ipinfo.io/missingauth"
+}
+```
+
+## Getting Help
+
+For more information, refer to the detailed [EgressGateway documentation](../index.md).
diff --git a/docs/en/docs/network/modules/egressgateway/aws/uninstall-k8s.md b/docs/en/docs/network/modules/egressgateway/aws/uninstall-k8s.md
@@ -0,0 +1,104 @@
+---
+hide:
+  - toc
+---
+
+# Uninstalling EgressGateway
+
+To ensure the uninstallation of `EgressGateway` does not disrupt active business applications, follow these steps carefully:
+
+## Step 1: Check for Active EgressGateway Resources
+
+Before uninstalling, verify that no active `EgressGateway` resources remain in the cluster.
+
+Run the following commands to check if any `EgressClusterPolicy`, `EgressPolicy`, or `EgressGateway` objects exist:
+
+```shell
+kubectl get egressclusterpolicies.egressgateway.spidernet.io -o name | wc -l
+kubectl get egresspolicies.egressgateway.spidernet.io -o name | wc -l
+kubectl get egressgateways.egressgateway.spidernet.io -o name | wc -l
+```
+
+- If **all outputs are `0`**, there are no remaining resources, and you can proceed to **Step 2**.
+- If any output is **greater than `0`**, continue checking the details of the remaining resources using:
+
+```shell
+kubectl get egressclusterpolicies.egressgateway.spidernet.io
+kubectl get egresspolicies.egressgateway.spidernet.io -o wide
+kubectl get egressgateways.egressgateway.spidernet.io
+```
+
+If you find any `EgressPolicy` resources still present, check their details:
+
+```shell
+kubectl get egresspolicies <resource-name> --namespace <resource-namespace> -o yaml
+```
+
+Example output:
+
+```yaml
+apiVersion: egressgateway.spidernet.io/v1beta1
+kind: EgressPolicy
+metadata:
+  name: ns-policy
+  namespace: default
+spec:
+  appliedTo:
+    podSelector:
+      matchLabels:
+        app: mock-app
+  egressGatewayName: egressgateway
+status:
+  eip:
+    ipv4: 10.6.1.55
+    ipv6: fd00::55
+  node: workstation2
+```
+
+- Review the `appliedTo.podSelector` field to determine which Pods are using this policy.
+- Ensure deleting the policy **will not disrupt active workloads**
+- If safe, delete the policy:
+
+```shell
+kubectl delete egresspolicies <resource-name> --namespace <resource-namespace>
+```
+
+## Step 2: Locate Installed EgressGateway Instances
+
+Run the following command to check installed `EgressGateway` Helm releases:
+
+```shell
+helm ls -A | grep -i egress
+```
+
+This will display the installed `EgressGateway` name, namespace, and version.
+
+## Step 3: Uninstall EgressGateway
+
+Once all dependent resources are deleted, uninstall `EgressGateway` using:
+
+```shell
+helm uninstall <egressgateway-name> --namespace <egressgateway-namespace>
+```
+
+Replace `<egressgateway-name>` and `<egressgateway-namespace>` with actual values.
+
+💡 **Note**: Before proceeding with uninstallation, **ensure all related data is backed up** and confirm **no business impact**.
+
+## Step 4: Resolve Stuck CRDs (if necessary)
+
+In some cases, `EgressGateway` **Custom Resource Definitions (CRDs)**, such as `EgressTunnels`, might remain stuck in deletion.
+
+If you experience this issue, run:
+
+```shell
+kubectl patch crd egresstunnels.egressgateway.spidernet.io -p '{"metadata":{"finalizers": []}}' --type=merge
+```
+
+This command **removes finalizers** from the CRD, allowing Kubernetes to delete it.
+
+**⚠️ Warning**: This issue is related to the `controller-manager` behavior. The Kubernetes community is actively working on fixes.
+
+## Conclusion
+
+By following these steps, you can safely **uninstall EgressGateway** while ensuring minimal business disruption.
diff --git a/docs/en/docs/network/modules/egressgateway/aws/upgrade-k8s.md b/docs/en/docs/network/modules/egressgateway/aws/upgrade-k8s.md
@@ -0,0 +1,78 @@
+# Upgrading EgressGateway
+
+This guide walks you through upgrading `EgressGateway` using the `helm upgrade` command.
+
+## Basic Command Format
+
+```shell
+helm upgrade [RELEASE] [CHART] [flags]
+```
+
+- `[RELEASE]` → The name of the installed release.
+- `[CHART]` → The Helm chart reference.
+- `[flags]` → Additional options.
+
+For a full list of options, refer to the [Helm upgrade documentation](https://helm.sh/docs/helm/helm_upgrade/).
+
+## Version Upgrade
+
+Follow these steps to upgrade `EgressGateway` to a newer version:
+
+### Step 1: Update Local Helm Chart Repository
+
+Ensure you have the latest Helm chart version:
+
+```shell
+helm repo update
+```
+
+### Step 2: Check Available Versions
+
+List the available `EgressGateway` chart versions:
+
+```shell
+helm search repo egressgateway
+```
+
+### Step 3: Upgrade to a Specific Version
+
+Use the following command to upgrade:
+
+```shell
+helm upgrade \
+  egress \
+  egressgateway/egressgateway \
+  --reuse-values \
+  --version [version]
+```
+
+Replace `[version]` with the desired version number.
+
+💡 **Tip**: The `--reuse-values` flag ensures that your existing configuration is retained.
+
+## Configuration Upgrade
+
+If you need to update configuration values during the upgrade, follow these steps:
+
+### Step 1: Check Available Configuration Options
+
+Refer to the [EgressGateway values documentation](https://github.com/spidernet-io/egressgateway/tree/main/charts) for all configurable parameters.
+
+### Step 2: Apply Configuration Changes
+
+To change specific parameters, use the `--set` flag. For example, to update the **Egress Agent log level to `debug`**, run:
+
+```shell
+helm upgrade \
+  egress \
+  egressgateway/egressgateway \
+  --set agent.debug.logLevel=debug \
+  --reuse-values
+```
+
+This command:
+
+- Retains existing values (`--reuse-values`).
+- Overrides only the specified field (`agent.debug.logLevel`).
+
+By following these steps, you can safely upgrade `EgressGateway` while preserving your existing configuration. 🚀