Links

Helm Install

Installation

Helm Install

When you choose to connect a cluster in Pipekit, you will be provided with a Secret Access Key for the cluster and a unique Cluster ID. These need to be passed to the helm chart when installing the Pipekit Agent. You should store the Secret Access Key securely in a password manager or similar.
kubectl create ns argo
helm repo add pipekit https://helm.pipekit.io
helm install -n argo \
pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]"

Argo CD

If you are using Argo CD, you can install the Pipekit Agent using the following steps:
  1. 1.
    Create and push a secret to your cluster containing your pipekitSecretAccessKey and pipekitClusterId
  2. 2.
    Create a new Argo CD Application Manifest, referencing that secret:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: pipekit-agent
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: argo
server: 'https://kubernetes.default.svc'
source:
repoURL: 'https://helm.pipekit.io'
chart: pipekit-agent
targetRevision: HEAD
helm:
parameters:
- name: secrets.existingSecret
value: "pipekit-agent"
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- PrunePropagationPolicy=background
- CreateNamespace=true
Argo CD offers other secrets management alternatives to ensure that your secrets are not stored in plaintext in your git repository. You can read more about them here.

Installing Argo Workflows

You can use the Pipekit Agent helm chart to optionally install Argo Workflows too. To do this, you need to set the following values:
helm install -n argo \
pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]" \
--set argo-workflows.enabled=true
You can pass in any values you wish to override from the Argo Workflows Helm Chart, you just nest them under argo-workflows. For example:
helm install -n argo \
pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]"\
--set argo-workflows.enabled=true \
--set argo-workflows.controller.images.pullPolicy=ifNotPresent

Pipekit Agent Helm Chart Values

There are other optional, configurable options within the Helm Chart. These are listed below.
Key
Type
Default
Description
argo-workflows
object
{"enabled":false,"workflow":{"serviceAccount":{"create":true,"name":"argo-workflow"}}}
You can use any values supported by the Argo Workflows Helm chart, just add them under the argo-workflows section.
configMap.additionalConfig
object
{}
Add any additional configMap entries to the Pipekit Agent ConfigMap.
configMap.annotations
object
{}
Add any additional annotations to the Pipekit Agent ConfigMap.
configMap.logLevel
string
"INFO"
Set the logLevel for the Pipekit Agent.
configMap.name
string
""
Specifies the name of the ConfigMap to create. Leave blank to auto-generate a name.
configMap.sendLogsToPipekit
bool
true
Send Workflow logs to Pipekit. Pipekit will store and index logs for you to view at pipekit.io
configMap.telemetryProtocols
string
"prometheus"
set to 'none' to disable all telemetry
deployment.image.imagePullSecrets
list
[]
Allows you to define the name of existing imagePullSecrets to use for pulling the Pipekit Agent image.
deployment.image.pullPolicy
string
"IfNotPresent"
The imagePullPolicy for the Pipekit Agent image.
deployment.image.repository
string
"pipekit13/pipekit-agent"
The Pipekit Agent image name and repository. Change this if you wish to host the container yourself.
deployment.image.tag
string
""
Allows you to pin to a specific image tag. The Chart.yaml contains a default value.
deployment.nodeSelector
object
{"kubernetes.io/os":"linux"}
The Pipekit Agent pod's node selector.
deployment.podAnnotations
object
{}
Add any additional annotations to the Pipekit Agent pod.
deployment.podLabels
object
{}
Add any additional labels to the Pipekit Agent pod.
deployment.resources
object
{}
Set the Pipekit Agent pod's resource requests and limits. We suggest a minimal amount of resources below, but you should increase these if needed as actual resource usage will depend on usage.
fullnameOverride
string
""
Completely replace the generated name with the provided name.
metrics.enabled
bool
false
Enables a Service and ServiceMonitor for Prometheus metrics.
nameOverride
string
""
Replaces the name of the chart in Chart.yaml.
secrets.annotations
object
{}
Add any additional annotations to the Pipekit Agent Secret. Requires secrets.existingSecret to be blank.
secrets.existingSecret
string
""
The name of an existing secret containing your pipekitSecretAccessKey and pipekitClusterId.
secrets.name
string
""
Specifies the name of the Secret to create. Leave blank to auto-generate a name. Requires secrets.existingSecret to be blank.
secrets.pipekitClusterId
string
""
Enter the pipekitClusterId provided by Pipekit when you added the cluster. Requires secrets.existingSecret to be blank.
secrets.pipekitSecretAccessKey
string
""
Enter the pipekitSecretAccessKey provided by Pipekit when you added the cluster. Requires secrets.existingSecret to be blank.
serviceAccount.annotations
object
{}
Add any additional annotations to the Pipekit Agent ServiceAccount and ServiceAccount Token Secret.
serviceAccount.create
bool
true
Specifies whether a ServiceAccount should be created. If false, you must provide an existing ServiceAccount name.
serviceAccount.name
string
""
Specifies the name of the ServiceAccount to create if serviceAccount.create is true. Otherwise, specifies the name of an existing ServiceAccount to use.

Secrets

If you wish to provide your own secret you need to populate it with the pipekitSecretAccessKey and pipekitClusterId values, using the defined data keys below:
Chart var
.data. in Secret
secrets.pipekitSecretAccessKey
PIPEKIT_SECRET_ACCESS_KEY
secrets.pipekitClusterId
PIPEKIT_CLUSTER_ID
eg:
kubectl -n argo create secret generic pipekit-agent \
--from-literal=PIPEKIT_SECRET_ACCESS_KEY='abc123' \
--from-literal=PIPEKIT_CLUSTER_ID='123abc'
You must use single quotes '' to escape special characters such as $, , *, =, and ! in your strings. If you don't, your shell will interpret these characters.

Pipekit Agent Cluster Permissions

The Pipekit Agent needs to interact with Argo Workflows on your cluster. In order to do this, we create a ServiceAccount and ClusterRole for the Pipekit Agent. If you wish to manually manage this ServiceAccount and ClusterRole, you can set serviceAccount.create to false and provide the name of an existing ServiceAccount to use.
The required minimum permissions are:
- apiGroups:
- argoproj.io
resources:
- clusterworkflowtemplates
- workflows
- cronworkflows
- workflowtemplates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

Upgrading Pipekit Agent

Checking the latest version

Pipekit Agent is automatically published to Artifact Hub. You can use this service to configure automatic notifications of new versions, either via an RSS feed or a webhook.
Alternatively, you can search the helm repo for the latest version of the Pipekit Agent using the following command:
# Add the repo if you don't already have it.
helm repo add pipekit https://helm.pipekit.io
helm repo update
helm search repo pipekit/pipekit-agent --versions
For further information on the helm search repo command, please refer to the official Helm documentation.

Changes to the default values.yaml

Prior to upgrading, you should ensure that you understand any changes to the default values.yaml and the impact those changes may have on your installation. This page is always updated with the latest available helm chart values for the Pipekit Agent.
If you wish to upgrade to an older version of the Pipekit Agent helm chart, you can extract the default values for that version using the following command:
helm show values pipekit/pipekit-agent --version [version]
The Pipekit-Agent values file is commented so you can see what each value does.
You can extract your existing values from your current installation using the following command:
helm get values pipekit-agent -n argo
For further information the helm commands used above, please refer to the official Helm documentation.

Upgrading the Pipekit Agent

To upgrade the Pipekit Agent, you can use the following command:
helm upgrade pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]" \
-n argo
For more information on using Helm to perform upgrades, please check the official Helm documentation.

Automating the upgrades using Gitops

If you use a Gitops tool such as Argo CD, you can simply commit your changes to your git repository and the tool will handle the Helm upgrade for you.
If you wish to automate the upgrade process, we recommend a third party tool called Renovate Bot that can be configured to automatically raise pull requests for you when a new version of the Pipekit Agent is released.

Upgrade Support

If you have an issue upgrading your Pipekit Agent that isn't addressed here, please contact us over Slack, or by email at [email protected].
Last modified 2mo ago