Deploy container image

Containerized deployment provides a flexible, isolated environment for IAG using Docker containers, enabling consistent deployments across different infrastructure environments.

Additional prerequisites

For containerized deployment, you also need:

• Docker and Docker Compose installed
• AWS CLI for repository access
• Container orchestration knowledge

Repository access configuration

Itential container images are compliant with Open Container Initiative (OCI) specifications; however, this guide assumes the use of Docker. Specific instruction for using technologies that manage OCI containers, such as Kubernetes, falls outside the scope of this guide.

Step 1: Configure AWS credentials

Set up access to the Itential Docker repository using credentials provided by your Itential Account Manager:

$
export AWS_ACCESS_KEY_ID=<access_key_id>
$
export AWS_SECRET_ACCESS_KEY=<secret_access_key>

Step 2: Authenticate with Docker repository

Log in to the Itential Docker repository:

$
aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin 497639811223.dkr.ecr.us-east-2.amazonaws.com

Container deployment

Step 1: Download container image

Pull the IAG container image:

$
docker pull 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway5:5.1.0-amd64

Step 2: Create Docker Compose configuration

Create a Docker Compose file named docker-compose.yml to configure your gateway server.

Before copying the example configuration below, update the following placeholder values:

• Container image: Update <version> to reflect the container image version you downloaded
• Gateway Manager host: Update the GATEWAY_CONNECT_HOSTS value based on your Itential Platform deployment type:

Example configuration file: For more information about the configuration parameters below, see Initial configuration.

services:
  gateway5-server:
    container_name: gateway5-server
    image: 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway5:<version>-amd64
    entrypoint:
      - iagctl
      - server
    volumes:
      - type: bind
        source: "./certificates"
        target: "/etc/gateway/certificates"
    environment:
      GATEWAY_CONNECT_HOSTS: "<gateway-manager-host:8080>"
      GATEWAY_APPLICATION_CLUSTER_ID: "cluster_1"
      GATEWAY_APPLICATION_MODE: "server"
      GATEWAY_CONNECT_CERTIFICATE_FILE: "/etc/gateway/certificates/gw-manager.pem"
      GATEWAY_CONNECT_PRIVATE_KEY_FILE: "/etc/gateway/certificates/gw-manager-key.pem"
      GATEWAY_CONNECT_INSECURE_TLS: true
      GATEWAY_SERVER_USE_TLS: "false"
      GATEWAY_SERVER_LISTEN_ADDRESS: "0.0.0.0"
      GATEWAY_LOG_LEVEL: "DEBUG"
    ports:
      - "50051:50051"

Step 3: Connect to Gateway Manager

Before you can connect your gateway deployment to Gateway Manager, you must create and upload a certificate to enable mutual TLS authentication between IAG and Gateway Manager. This certificate ensures secure platform connectivity.

To connect to Gateway Manager, create and upload a Gateway Manager certificate.

Step 4: Deploy the container

Start the gateway server container:

$
# Run in background
$
docker compose up --detach
$
$
# Or run in foreground for initial testing
$
docker compose up

Step 5: Verify deployment

Check for successful connection logs:

INF connected to gateway manager at some-server:8080
INF negotiated protocol: "json-rpc"
INF received initial message from gateway manager: {init_message:cf692e6c-37c0-45d5-a56f-fef95cd84a43 2.0 GetClusterInfo [ping ack]}

Container management

Stop the container:

$
docker compose down

View logs:

$
docker compose logs gateway5-server

Update Configuration:

1. To update the configuration, modify the docker-compose.yml file
2. Restart the container: docker compose up --detatch

Next steps

1. Install and configure gateway clients
2. Register your gateway cluster in Gateway Manager