Pipekit Docs
Search
⌃K

Helm Install

Installation

Helm Install

When you choose to connect a cluster in Pipekit, you will be asked to choose a namespace in which to install the Pipekit Agent.
Once chosen, you will be provided with a pipekitSecretAccessKey and a pipekitClusterId. These need to be passed to the helm chart when installing the Pipekit Agent.
kubectl create ns [namespace]
helm repo add pipekit https://helm.pipekit.io
helm install pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]" -n [namespace]

Argo CD

If you are using Argo CD, you can install the Pipekit Agent using the following steps:
  1. 1.
    Create and push a secret to your cluster containing your pipekitSecretAccessKey and pipekitClusterId
  2. 2.
    Create a new Argo CD Application Manifest, referencing that secret:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: pipekit-agent
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: pipekit
server: 'https://kubernetes.default.svc'
source:
repoURL: 'https://helm.pipekit.io'
chart: pipekit-agent
targetRevision: HEAD
helm:
parameters:
- name: secrets.existingSecret
value: "pipekit-agent"
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- PrunePropagationPolicy=background
- CreateNamespace=true
Argo CD offers other secrets management alternatives to ensure that your secrets are not stored in plaintext in your git repository. You can read more about them here.

Pipekit Agent Helm Chart Values

There are other optional, configurable options within the Helm Chart. These are listed below.
Key
Type
Default
Description
configMap.additionalConfig
object
{}
Add any additional configMap entries to the Pipekit Agent ConfigMap.
configMap.annotations
object
{}
Add any additional annotations to the Pipekit Agent ConfigMap.
configMap.logLevel
string
"INFO"
Set the logLevel for the Pipekit Agent.
configMap.name
string
""
Specifies the name of the ConfigMap to create. Leave blank to auto-generate a name.
deployment.image.pullPolicy
string
"IfNotPresent"
The imagePullPolicy for the Pipekit Agent image.
deployment.image.repository
string
"pipekit13/pipekit-agent"
The Pipekit Agent image name and repository. Change this if you wish to host the container yourself.
deployment.image.tag
string
""
Allows you to pin to a specific image tag. The Chart.yaml contains a default value.
deployment.podAnnotations
object
{}
Add any additional annotations to the Pipekit Agent pod.
deployment.podLabels
object
{}
Add any additional labels to the Pipekit Agent pod.
deployment.resources.limits
object
{"cpu":"200m","memory":"64Mi"}
Set the Pipekit Agent pod's resource limits. We default to a minimal amount of resources, but you can increase these if needed.
deployment.resources.requests
object
{"cpu":"200m","memory":"64Mi"}
Set the Pipekit Agent pod's resource requests. We default to a minimal amount of resources, but you can increase these if needed.
fullnameOverride
string
""
Completely replace the generated name with the provided name.
nameOverride
string
""
Replaces the name of the chart in Chart.yaml.
secrets.annotations
object
{}
Add any additional annotations to the Pipekit Agent Secret. Requires secrets.existingSecret to be blank.
secrets.existingSecret
string
""
The name of an existing secret containing your pipekitSecretAccessKey and pipekitClusterId.
secrets.name
string
""
Specifies the name of the Secret to create. Leave blank to auto-generate a name. Requires secrets.existingSecret to be blank.
secrets.pipekitClusterId
string
""
Enter the pipekitClusterId provided by Pipekit when you added the cluster. Requires secrets.existingSecret to be blank.
secrets.pipekitSecretAccessKey
string
""
Enter the pipekitSecretAccessKey provided by Pipekit when you added the cluster. Requires secrets.existingSecret to be blank.
serviceAccount.annotations
object
{}
Add any additional annotations to the Pipekit Agent ServiceAccount and ServiceAccount Token Secret.
serviceAccount.create
bool
true
Specifies whether a ServiceAccount should be created. If false, you must provide an existing ServiceAccount name.
serviceAccount.name
string
""
Specifies the name of the ServiceAccount to create if serviceAccount.create is true. Otherwise, specifies the name of an existing ServiceAccount to use.

Secrets

If you wish to provide your own secret you need to populate it with the pipekitSecretAccessKey and pipekitClusterId values, using the defined data keys below:
Chart var
.data. in Secret
secrets.pipekitSecretAccessKey
PIPEKIT_SECRET_ACCESS_KEY
secrets.pipekitClusterId
PIPEKIT_CLUSTER_ID
eg:
kubectl -n pipekit create secret generic pipekit-agent \
--from-literal=PIPEKIT_SECRET_ACCESS_KEY='abc123' \
--from-literal=PIPEKIT_CLUSTER_ID='123abc'
You must use single quotes '' to escape special characters such as $, , *, =, and ! in your strings. If you don't, your shell will interpret these characters.

Pipekit Agent Cluster Permissions

The Pipekit Agent needs to interact with Argo Workflows on your cluster. In order to do this, we create a ServiceAccount and ClusterRole for the Pipekit Agent. If you wish to manually manage this ServiceAccount and ClusterRole, you can set serviceAccount.create to false and provide the name of an existing ServiceAccount to use.
The required minimum permissions are:
- apiGroups:
- argoproj.io
resources:
- clusterworkflowtemplates
- workflows
- cronworkflows
- workflowtemplates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
Last modified 15d ago