Helm Install
When you choose to connect a cluster in Pipekit, you will be asked to choose a namespace in which to install the Pipekit Agent.
Once chosen, you will be provided with a pipekitSecretAccessKey and a pipekitClusterId. These need to be passed to the helm chart when installing the Pipekit Agent.
kubectl create ns [namespace]
helm repo add pipekit https://helm.pipekit.io
helm install pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]" -n [namespace]
If you are using Argo CD, you can install the Pipekit Agent using the following steps:
- 1.Create and push a secret to your cluster containing your pipekitSecretAccessKey and pipekitClusterId
- 2.Create a new Argo CD Application Manifest, referencing that secret:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: pipekit-agent
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: pipekit
server: 'https://kubernetes.default.svc'
source:
repoURL: 'https://helm.pipekit.io'
chart: pipekit-agent
targetRevision: HEAD
helm:
parameters:
- name: secrets.existingSecret
value: "pipekit-agent"
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- PrunePropagationPolicy=background
- CreateNamespace=true
Argo CD offers other secrets management alternatives to ensure that your secrets are not stored in plaintext in your git repository. You can read more about them here.
There are other optional, configurable options within the Helm Chart. These are listed below.
Key | Type | Default | Description |
|---|---|---|---|
configMap.additionalConfig | object | {} | Add any additional configMap entries to the Pipekit Agent ConfigMap. |
configMap.annotations | object | {} | Add any additional annotations to the Pipekit Agent ConfigMap. |
configMap.logLevel | string | "INFO" | Set the logLevel for the Pipekit Agent. |
configMap.name | string | "" | Specifies the name of the ConfigMap to create. Leave blank to auto-generate a name. |
deployment.image.pullPolicy | string | "IfNotPresent" | The imagePullPolicy for the Pipekit Agent image. |
deployment.image.repository | string | "pipekit13/pipekit-agent" | The Pipekit Agent image name and repository. Change this if you wish to host the container yourself. |
deployment.image.tag | string | "" | Allows you to pin to a specific image tag. The Chart.yaml contains a default value. |
deployment.podAnnotations | object | {} | Add any additional annotations to the Pipekit Agent pod. |
deployment.podLabels | object | {} | Add any additional labels to the Pipekit Agent pod. |
deployment.resources.limits | object | {"cpu":"200m","memory":"64Mi"} | Set the Pipekit Agent pod's resource limits. We default to a minimal amount of resources, but you can increase these if needed. |
deployment.resources.requests | object | {"cpu":"200m","memory":"64Mi"} | Set the Pipekit Agent pod's resource requests. We default to a minimal amount of resources, but you can increase these if needed. |
fullnameOverride | string | "" | Completely replace the generated name with the provided name. |
nameOverride | string | "" | Replaces the name of the chart in Chart.yaml. |
secrets.annotations | object | {} | Add any additional annotations to the Pipekit Agent Secret. Requires secrets.existingSecret to be blank. |
secrets.existingSecret | string | "" | |
secrets.name | string | "" | Specifies the name of the Secret to create. Leave blank to auto-generate a name. Requires secrets.existingSecret to be blank. |
secrets.pipekitClusterId | string | "" | Enter the pipekitClusterId provided by Pipekit when you added the cluster. Requires secrets.existingSecret to be blank. |
secrets.pipekitSecretAccessKey | string | "" | Enter the pipekitSecretAccessKey provided by Pipekit when you added the cluster. Requires secrets.existingSecret to be blank. |
serviceAccount.annotations | object | {} | Add any additional annotations to the Pipekit Agent ServiceAccount and ServiceAccount Token Secret. |
serviceAccount.create | bool | true | Specifies whether a ServiceAccount should be created. If false, you must provide an existing ServiceAccount name. |
serviceAccount.name | string | "" | Specifies the name of the ServiceAccount to create if serviceAccount.create is true. Otherwise, specifies the name of an existing ServiceAccount to use. |
If you wish to provide your own secret you need to populate it with the pipekitSecretAccessKey and pipekitClusterId values, using the defined data keys below:
Chart var | .data. in Secret |
secrets.pipekitSecretAccessKey | PIPEKIT_SECRET_ACCESS_KEY |
secrets.pipekitClusterId | PIPEKIT_CLUSTER_ID |
eg:
kubectl -n pipekit create secret generic pipekit-agent \
--from-literal=PIPEKIT_SECRET_ACCESS_KEY='abc123' \
--from-literal=PIPEKIT_CLUSTER_ID='123abc'
You must use single quotes '' to escape special characters such as $, , *, =, and ! in your strings. If you don't, your shell will interpret these characters.
The Pipekit Agent needs to interact with Argo Workflows on your cluster. In order to do this, we create a ServiceAccount and ClusterRole for the Pipekit Agent. If you wish to manually manage this ServiceAccount and ClusterRole, you can set serviceAccount.create to false and provide the name of an existing ServiceAccount to use.
The required minimum permissions are:
- apiGroups:
- argoproj.io
resources:
- clusterworkflowtemplates
- workflows
- cronworkflows
- workflowtemplates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
Last modified 15d ago