Self-Hosted Neurelo Gateways

Introduction

This guide shows you how to install the Neurelo Gateway within your existing network & compute infrastructure. If you are new to Neurelo, we recommend to follow the for an introduction to the Neurelo platform and core concepts.

Requirements

1. Neurelo Enterprise Subscription

Self-Hosting a Neurelo Gateway is currently an enterprise-only feature, so before proceeding please ensure that your organization’s subscription tier is up-to-date. For new customers wishing to self-host Neurelo, please contact us for details.

2. Create a “Gateway” and generate client credentials for the Gateway

Neurelo’s Gateways use the client-registration pattern to make the` installation & maintenance process of Neurelo Gateways simple for cluster administrators. This means that only two fields, an “id” and “secret” are necessary to configure a Neurelo Gateway.

The values for the Gateway client id & secret fields can be generated from the Neurelo Dashboard via the following process:

• Navigate to the "Gateways" option by clicking the Org Selector at bottom left of your dashboard

• Register a new Gateway

• Complete the “Create Gateway” form. The Gateway Domain should be the domain which you would like to expose your Neurelo Gateway to listen for HTTPS API requests on.

3. Helm - Cluster Dependencies (Cert Manager)

The Neurelo Gateway Kubernetes Operator uses webhooks to inject implicit default values during mutations on Runner Custom Resource Definitions. The webhook protocol is HTTPS and Neurelo depends on Cert Manager to issue self-signed certificates. A default cert-manager installation in the cert-manager namespace is sufficient.

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.2/cert-manager.yaml

Recommended installation steps (TAR archives)

For self-hosted deployments, Neurelo maintains TAR archives for Helm via download from the Neurelo UI. This section explains the Neurelo TAR archives and how to use them. Neurelo Helm charts are not distributed through a chart repo or chart museum at the moment.

1. Download the chart from the Neurelo UI

1. Extract the values.yaml file from the archive for modification

tar -xOf ./neurelo-0.1.0.tgz neurelo/values.yaml > values.yaml

# Default values for neurelo.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# Client ID and Secret provided by the Neurelo control plane 
# during Gateway registration 
config:
  controlPlane:
    oidc:
      client:
        id: "<configure me>"
        secret: "<configure me>"

# Overrides the default image versions of managed applications
versions:
  dispatcher: "d8e3e7c"
  authn: "60d47a6"
  registry: "ea33202"

1. Install the Neurelo Gateway helm chart into your desired namespace, neurelo in the example below

helm install test ./neurelo-0.1.0.tgz -f ./values.yaml --namespace neurelo --create-namespace

Troubleshooting

INSTALLATION FAILED: Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook during Helm installation

This error is caused because the self-signed certificate requested by the Custom Resource operator of the Neurelo Gateway was unable to be requested. Typically this suggests that the Cert Manager dependency is not installed or is not accessible to the Neurelo Gateway.

If Cert Manager is installed in the cert-manager namespace, please check the RBAC policy that Cert Manager is deployed with to ensure that self-signed cluster-internal certificates are able to be requested from within the namespace which you are attempting to deploy your Neurelo Gateway into.