Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EN-274: Helm chart for gremlin integrations agent #61

Merged
merged 11 commits into from
Jan 26, 2022
Merged

EN-274: Helm chart for gremlin integrations agent #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
6acfd52
EN-274: Helm chart for gremlin integrations agent
maddoxmarius Dec 21, 2021
7aa8387
EN-274: Helm chart for gremlin integrations agent
maddoxmarius Jan 4, 2022
fbd640a
EN-274: Helm chart for gremlin integrations agent
maddoxmarius Jan 5, 2022
c74e3ad
EN-274: Helm chart for gremlin integrations agent
maddoxmarius Jan 5, 2022
78799f2
EN-274: Helm chart for gremlin integrations agent
maddoxmarius Jan 6, 2022
0e80465
Update gremlin-integrations/values.yaml
maddoxmarius Jan 20, 2022
b2f58bf
Update gremlin-integrations/values.yaml
maddoxmarius Jan 20, 2022
38f8813
Update gremlin-integrations/templates/_helpers.tpl
maddoxmarius Jan 20, 2022
5a7335d
Update gremlin-integrations/README.md
maddoxmarius Jan 20, 2022
65a7c00
Update gremlin-integrations/Chart.yaml
maddoxmarius Jan 20, 2022
f234876
Update README.md
maddoxmarius Jan 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 36 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Gremlin Helm Charts

This repository hosts the official **Gremlin Helm Charts** to deploy **Gremlin** products to [Kubernetes](https://kubernetes.io/)
This repository hosts the official **Gremlin Helm Charts** to deploy **Gremlin** products
to [Kubernetes](https://kubernetes.io/)

## Install Helm

Expand All @@ -10,8 +11,13 @@ Get the latest [Helm release](https://github.com/kubernetes/helm#install).

Add this Chart repo to Helm, and install:

```console
```shell
helm repo add gremlin https://helm.gremlin.com/
````

### Gremlin

```shell
helm install gremlin gremlin/gremlin \
--namespace gremlin \
--set gremlin.secret.managed=true \
Expand All @@ -21,7 +27,34 @@ helm install gremlin gremlin/gremlin \
--set gremlin.secret.teamSecret=YOUR-TEAM-SECRET
```

For more detailed instructions, see the chart's documentation [here](https://github.com/gremlin/helm/blob/master/gremlin/README.md).
For more detailed instructions, see the chart's
documentation [here](https://github.com/gremlin/helm/blob/master/gremlin/README.md).

### Gremlin Integration

#### Secret Auth

```shell
helm install gremlin-integrations gremlin/gremlin-integrations \
--namespace gremlin \
--set gremlin.secret.managed=true \
--set gremlin.secret.type=secret \
--set gremlin.secret.teamID=YOUR-TEAM-ID \
--set gremlin.secret.teamSecret=YOUR-TEAM-SECRET
```

#### Certificate Auth

```shell
helm install gremlin-integrations gremlin/gremlin-integrations \
--namespace gremlin \
--set gremlin.secret.teamID=YOUR-TEAM-ID \
--set-file gremlin.secret.certificate=PATH_TO_CERTIFICATE \
--set-file gremlin.secret.key=PATH_TO_PRIVATE_KEY
```

For more detailed instructions, see the chart's
documentation [here](https://github.com/gremlin/helm/blob/master/gremlin-integrations/README.md).

## Reporting Issues

Expand Down
23 changes: 23 additions & 0 deletions gremlin-integrations/.helmignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
28 changes: 28 additions & 0 deletions gremlin-integrations/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
apiVersion: v2
name: gremlin-integrations
description: The Gremlin Inc integration agent application

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.0.2"
home: https://www.gremlin.com
maintainers:
- name: Gremlin Development
email: [email protected]
194 changes: 194 additions & 0 deletions gremlin-integrations/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@
# Gremlin Integrations Client Helm Chart

## Prerequisites

* Kubernetes with apps/v1 available

## Configuration

This chart will install the gremlin integrations client on the specified namespace.

The following table lists common configurable parameters of the chart and their default values. See
values.yaml for all available options.

| Parameter | Description | Default |
|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|
| `image.pullPolicy` | Container pull policy | `Always` |
| `image.pullSecret` | Pull secret for a private registry | `""` (When empty, no authentication is used) |
| `image.repository` | Container image to use | `gremlin/gremlin-integrations` |
| `image.tag` | Container image tag to deploy | `latest` |
| `nodeSelector` | Map of node labels for pod assignment for the `gremlin-integrations` container | `{}` |
| `tolerations` | List of node taints to tolerate for the `gremlin-integrations` container | `[]` |
| `affinity` | Map of node/pod affinities for the `gremlin-integrations` container | `{}` |
| `gremlin.serviceAccount.create` | Specifies whether Gremlin's kubernetes service account should be created by this helm chart | `true` |
| `gremlin.serviceUrl` | Specifies the Control Plane endpoint URL | `https://api.gremlin.com/v1` |
| `gremlin.allowList` | Whitelist URLs in order to allow access only to specific set of endpoints | `""` |
| `gremlin.secret.managed` | Specifies whether Gremlin should manage its secrets with Helm | `false` |
| `gremlin.secret.type` | The type of certificate to use, can be either `certificate` or `secret` | `certificate` |
| `gremlin.secret.name` | The name of certificate to use, like in the case of pointing to an eternally managed secret | `gremlin-team-cert` |
| `gremlin.secret.teamID` | Gremlin Team ID to authenticate with | `""` |
| `gremlin.secret.certificate` | Contents of the certificate. Required if using managed secrets of `type=certificate` | `""` |
| `gremlin.secret.key` | Contents of the private key. Required if using managed secrets of `type=certificate` | `""` |
| `gremlin.secret.teamSecret` | Gremlin's team secret. Required if using managed secrets of `type=secret` | `""` |
| `gremlin.resources` | Set resource requests and limits | `{}`
| `gremlin.proxy.url` | Specifies the http proxy the agent should use to communicate with api.gremlin.com. | `""` (ignored) | |
| `ssl.certFile` | Add a certificate file to Gremlin's set of certificate authorities. This argument expects a file containing the certificate(s) you wish to add. When set, this chart creates secret (`integrations-ssl-cert-file`) with the file contents. This value is ignored when blank or absent. | `""` (ignored) |
| `ssl.certDir` | sets the SSL_CERT_DIR environment variable on the both agents. Unlike ssl.certFile, this value accepts only a path to an existing directory on the Kubernetes nodes. This value is ignored when blank or absent. | `""` (ignored) |

Specify each parameter using the `--set[-file] key=value[,key=value]` argument to `helm install`.

**Example Usage**

```shell
$ helm install gremlin-integrations gremlin/gremlin-integrations \
--set gremlin.secret.managed=true \
--set gremlin.secret.type=certificate \
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
--set-file gremlin.secret.certificate=/path/to/gremlin.cert \
--set-file gremlin.secret.key=/path/to/gremlin.key \
--set 'tolerations[0].effect=NoSchedule' \
--set 'tolerations[0].key=node-role.kubernetes.io/master' \
--set 'tolerations[0].operator=Exists'
```

_note_: Depending on your shell you may need different quoting around `tolerations[0]`

## Installation

All Gremlin Integrations installations require authentication with our Gremlin control plane. There
are two types of authentication available to Gremlin and Helm: `certificate`, and `secret`. You can
find out more about these authentication
types [here](https://www.gremlin.com/docs/infrastructure-layer/authentication/).

For this Helm chart, you'll need to download your team certificate or team secret from the Gremlin
app.

**Certificate**

1. go to [Company Settings](https://app.gremlin.com/settings/teams), and select your team, and
then `Configuration`
2. Click on the button labeled `Download` next to `Certificates` (If you don't see a button
labelled `Download`, click on `Create New` to generate a new certificate)
3. When you unzip the downloaded file, you will see two files named `TEAM_NAME-client.priv_key.pem`
and `TEAM_NAME-client.pub_cert.pem`. Rename these to `gremlin.key` and `gremlin.cert`
respectively. These will be refered to as `/path/to/gremlin.cert` and `/path/to/gremlin.key` in
later instructions.

**Secret**

1. go to [Company Settings](https://app.gremlin.com/settings/teams), and select your team, and
then `Configuration`
2. Click on the button labeled `New` next to `Secret Key` (If you don't see a button labeled `New`,
it's already been created. Talk to your administrator who should have the key or click
the `Reset` button to create a new one)
3. You should see a value named `GREMLIN_TEAM_SECRET`, this will be refered to
as `$GREMLIN_TEAM_SECRET` in later instructions

### With Managed Secrets

Some find it preferable to have this chart manage Gremlin's secret values instead of administrating
them outside of Helm.

#### For certificate auth

```shell
helm install gremlin-integrations gremlin/gremlin-integrations \
--namespace gremlin \
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
--set-file gremlin.secret.certificate=/path/to/gremlin.cert \
--set-file gremlin.secret.key=/path/to/gremlin.key
```

#### For secret auth

```shell
helm install gremlin-integrations gremlin/gremlin-integrations \
--namespace gremlin \
--set gremlin.secret.managed=true \
--set gremlin.secret.type=secret \
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
--set gremlin.secret.teamSecret=$GREMLIN_TEAM_SECRET
```

### Without Managed Secrets

If you do not want this Chart to manage the kubernetes secrets for Gremlin, point this chart to your
external secret with `gremlin.secret.name` and `gremlin.secret.type`

##### For secret auth

Create the external secret

```shell
kubectl create secret generic gremlin-team-secret \
--namespace gremlin \
--from-literal=GREMLIN_TEAM_ID=$GREMLIN_TEAM_ID \
--from-literal=GREMLIN_TEAM_SECRET=$GREMLIN_TEAM_SECRET \
```

Install the Helm chart

```shell
helm install gremlin-integrations gremlin/gremlin-integrations \
--namespace gremlin \
--set gremlin.secret.name=gremlin-team-secret \
--set gremlin.secret.type=secret # Default is gremlin.secret.type=certificate
```

#### For certificate auth

Create the external secret

```shell
kubectl create secret generic gremlin-team-cert \
--namespace gremlin \
--from-literal=GREMLIN_TEAM_ID=$GREMLIN_TEAM_ID \
--from-file=gremlin.cert=/path/to/gremlin.cert \
--from-file=gremlin.key=/path/to/gremlin.key
```

```shell
helm install gremlin-integrations gremlin/gremlin-integrations \
--namespace gremlin \
--set gremlin.secret.name=gremlin-team-cert
```

### With an HTTP_PROXY

Gremlin can be configured to communicate with api.gremlin.com through an http_proxy. You can set
this proxy with `gremlin.proxy.url`.

```shell
helm install gremlin-integrations gremlin/gremlin-integrations \
--namespace gremlin \
--set gremlin.secret.managed=true \
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
--set-file gremlin.secret.certificate=/path/to/gremlin.cert \
--set-file gremlin.secret.key=/path/to/gremlin.key \
--set gremlin.proxy.url=http://proxy.net:3128
```

#### HTTPS_PROXY with custom certificate authority

```shell
helm install gremlin-integrations gremlin/gremlin \
--namespace gremlin \
--set gremlin.secret.managed=true \
--set gremlin.secret.teamID=$GREMLIN_TEAM_ID \
--set-file gremlin.secret.certificate=/path/to/gremlin.cert \
--set-file gremlin.secret.key=/path/to/gremlin.key \
--set gremlin.proxy.url=https://proxy.net:3128 \
--set-file ssl.certFile=$HOME/Workspace/proxy/ca.pem
```

## Uninstallation

```shell
helm delete gremlin-integrations
```

To delete the deployment and its history:

```shell
helm delete --purge gremlin-integrations
```
Loading