Add CA and PVA gateways service

ggayDiamond · ggayDiamond · commit a92de2aa3157 · 2026-02-07T18:27:49.000Z
diff --git a/.copier-answers.yml b/.copier-answers.yml
@@ -6,7 +6,7 @@ cluster_name: argus
 cluster_namespace: can51182
 description: t01 IOC Instances and Services
 domain: t01
-gateway: false
+gateway: true
 git_platform: github.com
 location: bl01t
 logging_url: https://graylog2.diamond.ac.uk/search?rangetype=relative&fields=message%2Csource&width=1489&highlightMessage=&relative=172800&q=pod_name%3A{service_name}*
diff --git a/services/t01-epics-gateways/Chart.yaml b/services/t01-epics-gateways/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+name: ec-gateways
+version: 1.0.0
+
+type: application
+
+dependencies:
+  - name: epics-gateways
+    version: 2025.11.1
+    repository: "oci://ghcr.io/epics-containers"
diff --git a/services/t01-epics-gateways/README.md b/services/t01-epics-gateways/README.md
@@ -0,0 +1,37 @@
+# Gateway setup
+
+Deploys an EPICS gateway to route traffic from services to IOCs. Includes containerised IOCs in the namespace, and others in the beamline network. Exposed as a LoadBalancer to allow services outside of the cluster to communicate with containerised IOCs.
+
+## Configuring services in the cluster
+
+Add the following environment variables to any container(s) that communicate with the appropriate EPICS protocol(s):
+
+```yaml
+- name: EPICS_PVA_NAME_SERVERS
+  value: t01-epics-gateways
+- name: EPICS_PVA_AUTO_ADDR_LIST
+  value: "NO"
+- name: EPICS_CA_NAME_SERVERS
+  value: t01-epics-gateways
+- name: EPICS_CA_AUTO_ADDR_LIST
+  value: "NO"
+```
+
+## Configuring external services with the LoadBalancer
+
+Get the external IP of the created LoadBalancer, noting that the external IP can change, especially when nodes are drained for upgrades. If the service is required longer than a single interactive session and the service cannot be deployed into the cluster, consider requesting a static IP and DNS entry.
+Ingresses do not support non-HTTP traffic, so UDP/TCP support will require either a static LoadBalancer or Gateway API support.
+
+```sh
+$ module load k8s-t01
+$ kubectl get svc -n t01-beamline t01-epics-gateways
+NAME             ...    EXTERNAL-IP ...
+t01-epics-gateways   ... 172.23.XX.XX   ...
+$ export GATEWAY_IP=172.23.XX.XX
+```
+
+Launch your service with the LoadBalancer as the name server for the appropriate EPICS protocol(s):
+
+```sh
+$ EPICS_PVA_AUTO_ADDR_LIST=NO EPICS_PVA_NAME_SERVERS=${GATEWAY_IP} EPICS_CA_AUTO_ADDR_LIST=NO EPICS_CA_NAME_SERVERS=${GATEWAY_IP} my_service
+```
diff --git a/services/t01-epics-gateways/values.yaml b/services/t01-epics-gateways/values.yaml
@@ -0,0 +1,5 @@
+epics-gateways:
+  # for personal namespaces we don't have host network permission
+  hostNetwork: false
+  # for the tutorials use the developer image - good for debugging
+  image: ghcr.io/epics-containers/epics-gateways-developer:2025.11.1
