Skip to content

Commit 758e3c6

Browse files
maddoxmariusmaddoxmarius
committed
EN-274: Helm chart for gremlin integrations agent
1 parent 2391e30 commit 758e3c6

10 files changed

+658
-3
lines changed

README.md

+34-3
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
# Gremlin Helm Charts
22

3-
This repository hosts the official **Gremlin Helm Charts** to deploy **Gremlin** products to [Kubernetes](https://kubernetes.io/)
3+
This repository hosts the official **Gremlin Helm Charts** to deploy **Gremlin** products
4+
to [Kubernetes](https://kubernetes.io/)
45

56
## Install Helm
67

@@ -10,8 +11,13 @@ Get the latest [Helm release](https://github.com/kubernetes/helm#install).
1011

1112
Add this Chart repo to Helm, and install:
1213

13-
```console
14+
```shell
1415
helm repo add gremlin https://helm.gremlin.com/
16+
````
17+
18+
### Gremlin
19+
20+
```console
1521
helm install gremlin gremlin/gremlin \
1622
--namespace gremlin \
1723
--set gremlin.secret.managed=true \
@@ -21,7 +27,32 @@ helm install gremlin gremlin/gremlin \
2127
--set gremlin.secret.teamSecret=YOUR-TEAM-SECRET
2228
```
2329

24-
For more detailed instructions, see the chart's documentation [here](https://github.com/gremlin/helm/blob/master/gremlin/README.md).
30+
### Gremlin Integration
31+
32+
#### Secret Auth
33+
34+
```shell
35+
helm install gremlin gremlin/gremlin-integrations \
36+
--namespace gremlin \
37+
--set gremlin.secret.managed=true \
38+
--set gremlin.secret.type=secret \
39+
--set gremlin.secret.teamID=YOUR-TEAM-ID \
40+
--set gremlin.secret.teamSecret=YOUR-TEAM-SECRET
41+
```
42+
43+
#### Certificate Auth
44+
45+
```shell
46+
helm install gremlin gremlin/gremlin-integrations \
47+
--namespace gremlin \
48+
--set gremlin.secret.managed=true \
49+
--set gremlin.secret.teamID=YOUR-TEAM-ID \
50+
--set-file gremlin.secret.certificate=PATH_TO_CERTIFICATE \
51+
--set-file gremlin.secret.key=PATH_TO_PRIVATE_KEY
52+
```
53+
54+
For more detailed instructions, see the chart's
55+
documentation [here](https://github.com/gremlin/helm/blob/master/gremlin/README.md).
2556
2657
## Reporting Issues
2758

gremlin-integrations/.helmignore

+23
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
# Patterns to ignore when building packages.
2+
# This supports shell glob matching, relative path matching, and
3+
# negation (prefixed with !). Only one pattern per line.
4+
.DS_Store
5+
# Common VCS dirs
6+
.git/
7+
.gitignore
8+
.bzr/
9+
.bzrignore
10+
.hg/
11+
.hgignore
12+
.svn/
13+
# Common backup files
14+
*.swp
15+
*.bak
16+
*.tmp
17+
*.orig
18+
*~
19+
# Various IDEs
20+
.project
21+
.idea/
22+
*.tmproj
23+
.vscode/

gremlin-integrations/Chart.yaml

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
apiVersion: v2
2+
name: gremlin-integrations
3+
description: A Helm chart for Kubernetes
4+
5+
# A chart can be either an 'application' or a 'library' chart.
6+
#
7+
# Application charts are a collection of templates that can be packaged into versioned archives
8+
# to be deployed.
9+
#
10+
# Library charts provide useful utilities or functions for the chart developer. They're included as
11+
# a dependency of application charts to inject those utilities and functions into the rendering
12+
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
13+
type: application
14+
15+
# This is the chart version. This version number should be incremented each time you make changes
16+
# to the chart and its templates, including the app version.
17+
# Versions are expected to follow Semantic Versioning (https://semver.org/)
18+
version: 0.1.0
19+
20+
# This is the version number of the application being deployed. This version number should be
21+
# incremented each time you make changes to the application. Versions are not expected to
22+
# follow Semantic Versioning. They should reflect the version the application is using.
23+
# It is recommended to use it with quotes.
24+
appVersion: "1.16.0"

gremlin-integrations/README.md

+196
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,196 @@
1+
# Gremlin Integrations Client Helm Chart
2+
3+
## Prerequisites
4+
5+
* Kubernetes with apps/v1 available
6+
7+
## Configuration
8+
9+
This chart will install the gremlin integrations client on the specified namespace.
10+
11+
The following table lists common configurable parameters of the chart and their default values. See
12+
values.yaml for all available options.
13+
14+
| Parameter | Description | Default |
15+
|----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|
16+
| `image.pullPolicy` | Container pull policy | `Always` |
17+
| `image.pullSecret` | Pull secret for a private registry | `""` (When empty, no authentication is used) |
18+
| `image.repository` | Container image to use | `gremlin/gremlin-integrations` |
19+
| `image.tag` | Container image tag to deploy | `latest` |
20+
| `nodeSelector` | Map of node labels for pod assignment for the `gremlin-integrations` container | `{}` |
21+
| `tolerations` | List of node taints to tolerate for the `gremlin-integrations` container | `[]` |
22+
| `affinity` | Map of node/pod affinities for the `gremlin-integrations` container | `{}` |
23+
| `gremlin.serviceAccount.create` | Specifies whether Gremlin's kubernetes service account should be created by this helm chart | `true` |
24+
| `gremlin.serviceUrl` | Specifies the Control Plane endpoint URL | `https://api.gremlin.com/v1` |
25+
| `gremlin.allowList` | Whitelist URLs in order to allow access only to specific set of endpoints | `""` |
26+
| `gremlin.secret.managed` | Specifies whether Gremlin should manage its secrets with Helm | `false` |
27+
| `gremlin.secret.type` | The type of certificate to use, can be either `certificate` or `secret` | `certificate` |
28+
| `gremlin.secret.name` | The name of certificate to use, like in the case of pointing to an eternally managed secret | `gremlin-team-cert` |
29+
| `gremlin.secret.teamID` | Gremlin Team ID to authenticate with | `""` |
30+
| `gremlin.secret.certificate` | Contents of the certificate. Required if using managed secrets of `type=certificate` | `""` |
31+
| `gremlin.secret.key` | Contents of the private key. Required if using managed secrets of `type=certificate` | `""` |
32+
| `gremlin.secret.teamSecret` | Gremlin's team secret. Required if using managed secrets of `type=secret` | `""` |
33+
| `gremlin.resources` | Set resource requests and limits | `{}`
34+
| `gremlin.client.tags` | Comma-separated list of custom tags to assign to this client | `""` |
35+
| `gremlin.proxy.url` | Specifies the http proxy the agent should use to communicate with api.gremlin.com. | `""` (ignored) | |
36+
| `ssl.certFile` | Add a certificate file to Gremlin's set of certificate authorities. This argument expects a file containing the certificate(s) you wish to add. When set, this chart creates secret (`ssl-cert-file`) with the contents and passes it to both agents. This value is ignored when blank or absent. | `""` (ignored) |
37+
| `ssl.certDir` | sets the SSL_CERT_DIR environment variable on the both agents. Unlike ssl.certFile, this value accepts only a path to an existing directory on the Kubernetes nodes. This value is ignored when blank or absent. | `""` (ignored) |
38+
39+
Specify each parameter using the `--set[-file] key=value[,key=value]` argument to `helm install`.
40+
41+
**Example Usage**
42+
43+
```shell
44+
$ helm install gremlin gremlin/gremlin-integrations \
45+
--set gremlin.secret.managed=true \
46+
--set gremlin.secret.type=certificate \
47+
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
48+
--set-file gremlin.secret.certificate=/path/to/gremlin.cert \
49+
--set-file gremlin.secret.key=/path/to/gremlin.key \
50+
--set 'tolerations[0].effect=NoSchedule' \
51+
--set 'tolerations[0].key=node-role.kubernetes.io/master' \
52+
--set 'tolerations[0].operator=Exists'
53+
```
54+
55+
_note_: Depending on your shell you may need different quoting around `tolerations[0]`
56+
57+
## Installation
58+
59+
All Gremlin Integrations installations require authentication with our Gremlin control plane. There
60+
are two types of authentication available to Gremlin and Helm: `certificate`, and `secret`. You can
61+
find out more about these authentication
62+
types [here](https://www.gremlin.com/docs/infrastructure-layer/authentication/).
63+
64+
For this Helm chart, you'll need to download your team certificate or team secret from the Gremlin
65+
app.
66+
67+
**Certificate**
68+
69+
1. go to [Company Settings](https://app.gremlin.com/settings/teams), and select your team, and
70+
then `Configuration`
71+
2. Click on the button labeled `Download` next to `Certificates` (If you don't see a button
72+
labelled `Download`, click on `Create New` to generate a new certificate)
73+
3. When you unzip the downloaded file, you will see two files named `TEAM_NAME-client.priv_key.pem`
74+
and `TEAM_NAME-client.pub_cert.pem`. Rename these to `gremlin.key` and `gremlin.cert`
75+
respectively. These will be refered to as `/path/to/gremlin.cert` and `/path/to/gremlin.key` in
76+
later instructions.
77+
78+
**Secret**
79+
80+
1. go to [Company Settings](https://app.gremlin.com/settings/teams), and select your team, and
81+
then `Configuration`
82+
2. Click on the button labeled `New` next to `Secret Key` (If you don't see a button labeled `New`,
83+
it's already been created. Talk to your administrator who should have the key or click
84+
the `Reset` button to create a new one)
85+
3. You should see a value named `GREMLIN_TEAM_SECRET`, this will be refered to
86+
as `$GREMLIN_TEAM_SECRET` in later instructions
87+
88+
### With Managed Secrets
89+
90+
Some find it preferable to have this chart manage Gremlin's secret values instead of administrating
91+
them outside of Helm.
92+
93+
#### For certificate auth
94+
95+
```shell
96+
helm install gremlin gremlin/gremlin-integrations \
97+
--namespace gremlin \
98+
--set gremlin.secret.managed=true \
99+
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
100+
--set-file gremlin.secret.certificate=/path/to/gremlin.cert \
101+
--set-file gremlin.secret.key=/path/to/gremlin.key
102+
```
103+
104+
#### For secret auth
105+
106+
```shell
107+
helm install gremlin gremlin/gremlin-integrations \
108+
--namespace gremlin \
109+
--set gremlin.secret.managed=true \
110+
--set gremlin.secret.type=secret \
111+
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
112+
--set gremlin.secret.teamSecret=$GREMLIN_TEAM_SECRET
113+
```
114+
115+
### Without Managed Secrets
116+
117+
If you do not want this Chart to manage the kubernetes secrets for Gremlin, point this chart to your
118+
external secret with `gremlin.secret.name` and `gremlin.secret.type`
119+
120+
##### For secret auth
121+
122+
Create the external secret
123+
124+
```shell
125+
kubectl create secret generic gremlin-team-secret \
126+
--namespace gremlin \
127+
--from-literal=GREMLIN_TEAM_ID=$GREMLIN_TEAM_ID \
128+
--from-literal=GREMLIN_TEAM_SECRET=$GREMLIN_TEAM_SECRET \
129+
```
130+
131+
Install the Helm chart
132+
133+
```shell
134+
helm install gremlin gremlin/gremlin-integrations \
135+
--namespace gremlin \
136+
--set gremlin.secret.name=gremlin-team-secret \
137+
--set gremlin.secret.type=secret # Default is gremlin.secret.type=certificate
138+
```
139+
140+
#### For certificate auth
141+
142+
Create the external secret
143+
144+
```shell
145+
kubectl create secret generic gremlin-team-cert \
146+
--namespace gremlin \
147+
--from-literal=GREMLIN_TEAM_ID=$GREMLIN_TEAM_ID \
148+
--from-file=gremlin.cert=/path/to/gremlin.cert \
149+
--from-file=gremlin.key=/path/to/gremlin.key
150+
```
151+
152+
```shell
153+
helm install gremlin gremlin/gremlin-integrations \
154+
--namespace gremlin \
155+
--set gremlin.secret.name=gremlin-team-cert
156+
```
157+
158+
### With an HTTP_PROXY
159+
160+
Gremlin can be configured to communicate with api.gremlin.com through an http_proxy. You can set
161+
this proxy with `gremlin.proxy.url`.
162+
163+
```shell
164+
helm install gremlin gremlin/gremlin-integrations \
165+
--namespace gremlin \
166+
--set gremlin.secret.managed=true \
167+
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
168+
--set-file gremlin.secret.certificate=/path/to/gremlin.cert \
169+
--set-file gremlin.secret.key=/path/to/gremlin.key \
170+
--set gremlin.proxy.url=http://proxy.net:3128
171+
```
172+
173+
#### HTTPS_PROXY with custom certificate authority
174+
175+
```shell
176+
helm install gremlin gremlin/gremlin \
177+
--namespace gremlin \
178+
--set gremlin.secret.managed=true \
179+
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
180+
--set-file gremlin.secret.certificate=/path/to/gremlin.cert \
181+
--set-file gremlin.secret.key=/path/to/gremlin.key \
182+
--set gremlin.proxy.url=https://proxy.net:3128 \
183+
--set-file ssl.certFile=$HOME/Workspace/proxy/ca.pem
184+
```
185+
186+
## Uninstallation
187+
188+
```shell
189+
helm delete gremlin-integrations
190+
```
191+
192+
To delete the deployment and its history:
193+
194+
```shell
195+
helm delete --purge gremlin
196+
```

0 commit comments

Comments
 (0)