Install on K8s

Our operator does not run as root, but does require some elevated privileges to read and mutate cluster state. The operator orchestrates deploying a mesh across multiple pods and namespaces. As a result it requires a fair number of role-based access permissions to be shared with its service account. These are required for installing Greymatter core services and configuring mesh capabilities.

Create the operator namespace

Run the command:

kubectl create namespace gm-operator

Create operator secrets

Credentials can be one of SSH or HTTP.

SSH

kubectl create secret generic greymatter-core-repo \
  --from-literal=auth_type=ssh \
  --from-file=ssh-private-key=<path to private key> \
  --from-file=known_hosts=<path to known hosts file> \
  -n gm-operator

If your chosen SSH private key is password-protected, you can include the password in the secret by adding this line to the kubectl command:

--from-literal=ssh_private_key_passphrase=<passphrase> \

HTTP

kubectl create secret generic greymatter-core-repo \
  --from-literal=auth_type=http \
  --from-literal=http_username=<username> \
  --from-literal=http_password=<password or api token> \
  -n gm-operator

Additionally, you can pass in optional parameters for HTTP:

--from-literal=tls_insecure_verify=<true or false>
--from-file=tls_remote_ca=<path to a ca bundle>

kubectl create secret docker-registry greymatter-image-pull \
  --docker-server=<your registry URL> \
  --docker-username=<your registry username> \
  --docker-password=<your registry password> \
  --docker-email=<your registry email> \
  -n gm-operator

kubectl create secret generic greymatter-audits \
  --from-literal=elasticsearch_username=<your elastic-account username> \
  --from-literal=elasticsearch_password=<your elastic account password> \
  -n gm-operator

Add Git repository information

Greymatter comes packaged with manifests used to deploy the Operator. These can be found in greymatter-core/generated-manifests.

Open the manifest relevant to your environment. Change the GREYMATTER_GITOPS_REPO value to the URL of your Greymatter core repository.

The URL format must match the auth_type protocol declared in the greymatter-core-repo secret.

The Operator exposes many other bootstrap options. To view them all, view this page. 

Install the Operator

kubectl apply -f generated-manifests/<your-updated-operator.yaml>

By default the operator will automatically copy the greymatter-image-pull secret across all watched namespaces. If your organization's security posture does not allow for that disable it in inputs.cue.

config: {
...
  auto_copy_image_pull_secret: bool | *false
...
}

Verify Installation

The operator should be deployed. It will take less than a minute to configure the mesh. Once completed, the operator constructs the core mesh components including an edge gateway, the Catalog service, the Dashboard, and Overwatch.

You can run the below command to ensure that pods deploy successfully. This process will take a moment, so no output is expected until the operator deploys the Kubernetes resources.

kubectl get pods -n greymatter -w

This will watch for pods in the greymatter namespace. When you see the following in your console, you are ready to move on to the next step.

NAME                         READY   STATUS    RESTARTS   AGE
```
catalog-[random-pod-id]      2/2     Running   0          ...
controlensemble-0            3/3     Running   0          ...
dashboard-[random-pod-id]    2/2     Running   0          ...
edge-[random-pod-id]         1/1     Running   0          ...
greymatter-datastore-0       2/2     Running   0          ...

Once you see the above in your terminal, you need to run the below command to get the external IP exposed from the edge service.

kubectl get svc edge -n greymatter

You should see an output like:

NAME   TYPE           CLUSTER-IP   EXTERNAL-IP     PORT(S)           AGE
edge   LoadBalancer   x.x.x.x      {EXTERNAL-IP}   10908:32021/TCP   48m

Navigate to http://{EXTERNAL-IP}:10908 in your web browser.

Congratulations! You now have a fully operational Greymatter Application Networking platform!