Install Banyan Connector using Docker

Install the Connector on a server running Docker

Network Reachability Checklist

  1. The Connector needs to be able to connect outbound to the Internet; it does not need any inbound open ports to operate correctly.

  2. Ensure that the Connector server can make an outbound HTTPS connection via port 443 to the Command Center. The Connector does this to register itself and receive its configuration parameters, by making API calls to https://{ccname}.console.banyanops.com/api/v1/….

  3. Ensure that the Connector can make an outbound UDP connection to the Banyan Global Edge Network. The Connector will pick a port(s) in the range 30000 - 32767 to set up a Wireguard tunnel(s) with the Edge Network.

  4. Ensure your networking policies allow traffic to flow from the Connector server to backend machines running the applications and services you need to secure access to.

Register Connector

In the Banyan Command Center, navigate to Settings > API Keys and make sure you have created an API Key that can be used to register your Connector.

Create API Key

Then, navigate to the Infrastructure > Connectors section, and click on Add Connector to create your Connector.

Create Connector

Specify the API Key to use, the Cluster and Access Tier(s) you want your Connector to connect to. You can leave all the other fields at their default / empty values.

Once your Connector has been created in the UI, you can proceed to your Linux server to install the connector binary.

Connectivity Parameters

Before you start the Connector docker container, set the environment variables that specify how it should connect to the Command Center so it can register itself and receive its configuration.

export COMMAND_CENTER_URL=					# Banyan Command Center, such as https://net.banyanops.com
export API_KEY_SECRET=						# secret API Key associated with your Connector
export CONNECTOR_NAME=						# name of your Connector

Install

# run the container
docker run --privileged --cap-add=NET_ADMIN \
    -e COMMAND_CENTER_URL -e API_KEY_SECRET -e CONNECTOR_NAME \
    -d gcr.io/banyan-pub/connector:1.2.0

If your machine needs root privilege to run docker via the sudo command, remember to add -E so your environment variables get passed through. Your command will then look like sudo -E docker run ...

Banyan’s Connector leverages Wireguard to set up secure tunnels. The Docker container needs to be run in privileged mode with the NET_ADMIN capability to configure networking correctly.

Verify Installation

Once the Connector is running, you can check its logs using docker logs to ensure it is functioning as expected.

In the Infrastructure > Connectors section of the Banyan Command Center to see the list of all the registered Connectors. Verify the status of your Connector there.

Connector Status



Last modified: Aug 02, 2021