Install on K8s
- 24 Apr 2024
- 3 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Install on K8s
- Updated on 24 Apr 2024
- 3 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The operator orchestrates deploying a mesh across multiple workloads and namespaces. As a result it requires a fair number of role-based access permissions to be shared with its service account. These are required for installing Greymatter core services and configuring mesh capabilities.
Prerequisites
Administrative access to a Kubernetes cluster.
Access to your Greymatter Core Git Repository.
SSH Key Pair or HTTPS username and password
kubectl command-line tool installed.
Access to Greymatter JFrog or repository where Greymatter images are stored
ElasticSearch Username and Password
Create the operator namespace
Run the command:
kubectl create namespace gm-operatorCreate secrets
To securely manage access and authentication, creating Kubernetes secrets is necessary. These secrets will store sensitive data such as credentials for accessing the Git repository, Docker registry, and Elasticsearch audit data.
Ensure these secrets are configured before deploying the operator.
Git Repository Authentication
Select one of the following authentication methods for Git repository access. Use the method that aligns with your Git repository's configuration. Only one method is needed.
If you are using SSH
kubectl create secret generic greymatter-core-repo \
--from-literal=auth_type=ssh \
--from-file=ssh-private-key=<path to private key> \
--from-file=known_hosts=<path to known hosts file> \
--from-literal=ssh_private_key_passphrase=<passphrase> \
-n gm-operatorIf your key does not require a password you can remove that line from above. We recommend using a Git deployment key.
If you are using HTTP
kubectl create secret generic greymatter-core-repo \
--from-literal=auth_type=http \
--from-literal=http_username=<username> \
--from-literal=http_password=<password or api token> \
-n gm-operatorI you require a custom CA and self signed certificates, you can pass in optional parameters for HTTP:
--from-literal=tls_insecure_verify=<true or false>
--from-file=tls_remote_ca=<path to a ca bundle>
Docker Registry Authentication
This secret contains the credentials that are used to pull images from your OCI repository that hosts the Greymatter Service Connectivity Platform images.
kubectl create secret docker-registry greymatter-image-pull \
--docker-server=<your registry URL> \
--docker-username=<your registry username> \
--docker-password=<your registry password> \
--docker-email=<your registry email> \
-n gm-operatorIf you are referencing the Greymatter.io OCI repository the docker-server is https://greymatter.jfrog.io. Please use your username/password you received and the email address you used to sign up for the other parameters.
Add Git repository information
Greymatter comes packaged with manifests used to deploy the Operator. These can be found in greymatter-core/generated-manifests.
From the root directory of your greymatter-core project, open operator-spire.yaml.
code generated-manifests/operator-spire.yamlSearch for and modify the Greymatter bootstrap ConfigMap and update the values as appropriate for your environment.
If you are using SSH
---
apiVersion: v1
data:
GREYMATTER_GITOPS_BRANCH: main
GREYMATTER_GITOPS_REPO: git@github.com:<your-org>/<your-repo-name>.git
GREYMATTER_OPERATOR_NAMESPACE: gm-operator
kind: ConfigMap
metadata:
name: bootstrap
namespace: gm-operator
---If you are using HTTP
---
apiVersion: v1
data:
GREYMATTER_GITOPS_BRANCH: main
GREYMATTER_GITOPS_REPO: https://github.com/<your-org>/<your-repo-name>.git
GREYMATTER_OPERATOR_NAMESPACE: gm-operator
kind: ConfigMap
metadata:
name: bootstrap
namespace: gm-operator
---Push the changes to the Git repository.
Apply SPIRE CRDs
Before we deploy the Operator, we need to ensure that the SPIRE CRD’s are applied to your k8s cluster. Greymatter has supplied the needed CRD’s in the generated-manifests folder in a file called spire_crds.yaml.
Run the following command from the root of your core folder to apply the Custom Resource Definitions needed for SPIRE:
kubectl apply -f generated-manifests/spire_crds.yamlInstall the Operator
kubectl apply -f generated-manifests/<your-updated-operator.yaml>If this is your first time you should use operator-spire.yaml file located in the greymatter-core/generated-manifests folder.
Verify Installation
The operator should be deployed. It will take less than a minute to configure the mesh. Once completed, the operator constructs the core mesh components including an edge gateway, the Catalog service, the Dashboard, and Overwatch.
You can run the below command to ensure that pods deploy successfully. This process will take a moment, so no output is expected until the operator deploys the Kubernetes resources.
kubectl get pods -n greymatter -wThis will watch for pods in the greymatter namespace. When you see the following in your console, you are ready to move on to the next step.
NAME READY STATUS RESTARTS AGE
...
catalog-[random-pod-id] 2/2 Running 0 ...
controlensemble-0 3/3 Running 0 ...
dashboard-[random-pod-id] 2/2 Running 0 ...
edge-[random-pod-id] 1/1 Running 0 ...
greymatter-datastore-0 2/2 Running 0 ...Once you see the above in your terminal, you need to run the below command to get the external IP exposed from the edge service.
kubectl get svc edge -n greymatterYou should see an output like:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
edge LoadBalancer x.x.x.x {EXTERNAL-IP} 10908:32021/TCP 48mNavigate to http://{EXTERNAL-IP}:10908 in your web browser.
Congratulations! You now have a fully operational Greymatter Service Connectivity platform!
Was this article helpful?
