Article
· Nov 10 3m read

IKO & IAM - remember to include a sidecar

IAM - InterSystems API Manager is a great tool for monitoring your traffic. If you are trying to use it in your Kubernetes cluster you may have tried doing a deployment similar to this one:

apiVersion: intersystems.com/v1alpha1
kind: IrisCluster
metadata:
  name: iris
spec:
  licenseKeySecret:
    name: iris-key-secret
  configSource:
    name: iris-cpf
  imagePullSecrets:
    - name: intersystems-pull-secret
  topology:
    data:
      image: containers.intersystems.com/intersystems/iris-arm64:2024.1
      compatibilityVersion: "2024.1.2"
      mirrored: false

    webgateway:
      replicas: 1
      image: containers.intersystems.com/intersystems/webgateway-nginx-arm64:2024.1
      type: nginx
      applicationPaths:
        - /csp/sys
        - /csp/broker
        - /api
        - /isc
        - /oauth2
        - /ui
        - /csp/healthshare
      alternativeServers: LoadBalancing
      loginSecret:
        name: iris-webgateway-secret

    iam: 
      image: containers.intersystems.com/intersystems/iam-arm64:3.4
      replicas: 1
  serviceTemplate:
    spec:
      type: LoadBalancer

However, upon going to the IAM Dashboard you'll see:

 

You're in free mode. The IRIS License did not get passed on to Kong. In order to do that you need to make sure you have a sidecar in place. You can add a sidecar:

apiVersion: intersystems.com/v1alpha1
kind: IrisCluster
metadata:
  name: iris
spec:
  licenseKeySecret:
    name: iris-key-secret
  configSource:
    name: iris-cpf
  imagePullSecrets:
    - name: intersystems-pull-secret
  topology:
    data:
      image: containers.intersystems.com/intersystems/iris-arm64:2024.1
      compatibilityVersion: "2024.1.2"
      mirrored: false

      webgateway:
        image: containers.intersystems.com/intersystems/webgateway-nginx-arm64:2024.1
        type: nginx
        applicationPaths:
          - /csp/sys
          - /csp/broker
          - /api
          - /isc
          - /oauth2
          - /ui
          - /csp/healthshare
        loginSecret:
          name: iris-webgateway-secret

    webgateway:
      replicas: 1
      image: irepo.intersystems.com/intersystems/webgateway-nginx-arm64:2024.1
      type: nginx
      applicationPaths:
        - /csp/sys
        - /csp/broker
        - /api
        - /isc
        - /oauth2
        - /ui
        - /csp/healthshare
      alternativeServers: LoadBalancing
      loginSecret:
        name: iris-webgateway-secret
        
    iam: 
      image: irepo.intersystems.com/intersystems/iam-arm64:3.4
      replicas: 1
  serviceTemplate:
    spec:
      type: LoadBalancer

or you can even decide that your stand-alone Web Gateway is not necessary, and that all work can be carried out by the sidecar:

apiVersion: intersystems.com/v1alpha1
kind: IrisCluster
metadata:
  name: iris
spec:
  licenseKeySecret:
    name: iris-key-secret
  configSource:
    name: iris-cpf
  imagePullSecrets:
    - name: intersystems-pull-secret
  topology:
    data:
      image: containers.intersystems.com/intersystems/iris-arm64:2024.1
      compatibilityVersion: "2024.1.2"
      mirrored: false

      webgateway:
        image: containers.intersystems.com/intersystems/webgateway-nginx-arm64:2024.1
        type: nginx
        applicationPaths:
          - /csp/sys
          - /csp/broker
          - /api
          - /isc
          - /oauth2
          - /ui
          - /csp/healthshare
        loginSecret:
          name: iris-webgateway-secret
        
    iam: 
      image: irepo.intersystems.com/intersystems/iam-arm64:3.4
      replicas: 1
  serviceTemplate:
    spec:
      type: LoadBalancer

The result in terms of IAM is the same, though note that there are advantages and disadvantages to each approach. Whichever approach you choose, you should now see a working license in IAM:

Discussion (1)2
Log in or sign up to continue