Pipekit Pricing Blog Pipekit Status Release Notes

Helm Install

Installation

Helm Install

When you choose to connect a cluster in Pipekit, you will be provided with a Secret Access Key for the cluster and a unique Cluster ID. These need to be passed to the helm chart when installing the Pipekit Agent. You should store the Secret Access Key securely in a password manager or similar.

kubectl create ns argo
helm repo add pipekit https://helm.pipekit.io

helm install -n argo \
pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]"

Argo CD

If you are using Argo CD, you can install the Pipekit Agent using the following steps:

  1. Create and push a secret to your cluster containing your pipekitSecretAccessKey and pipekitClusterId

  2. Create a new Argo CD Application Manifest, referencing that secret:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: pipekit-agent
namespace: argocd
finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
destination:
    namespace: argo
    server: 'https://kubernetes.default.svc'
  source:
    repoURL: 'https://helm.pipekit.io'
    chart: pipekit-agent
    targetRevision: HEAD
    helm:
      parameters:
        - name: secrets.existingSecret
          value: "pipekit-agent"
project: default
syncPolicy:
    automated:
    prune: true
    selfHeal: true
    syncOptions:
    - PrunePropagationPolicy=background
    - CreateNamespace=true

Argo CD offers other secrets management alternatives to ensure that your secrets are not stored in plaintext in your git repository. You can read more about them here.

Installing Argo Workflows

You can use the Pipekit Agent helm chart to optionally install Argo Workflows too. To do this, you need to set the following values:

helm install -n argo \
pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]" \
--set argo-workflows.enabled=true

You can pass in any values you wish to override from the Argo Workflows Helm Chart, you just nest them under argo-workflows. For example:

helm install -n argo \
pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]"\
--set argo-workflows.enabled=true \
--set argo-workflows.controller.images.pullPolicy=ifNotPresent

Release Notes

Release notes are published on the Pipekit Releases site.

Pipekit Agent Helm Chart Values

There are other optional, configurable options within the Helm Chart. These are listed below.

KeyTypeDefaultDescription

argo-workflows

object

{"enabled":false,"workflow":{"serviceAccount":{"create":true,"name":"argo-workflow"}}}

You can use any values supported by the Argo Workflows Helm chart, just add them under the argo-workflows section.

configMap.additionalConfig

object

{}

Add any additional configMap entries to the Pipekit Agent ConfigMap.

configMap.annotations

object

{}

Add any additional annotations to the Pipekit Agent ConfigMap.

configMap.logLevel

string

"INFO"

Set the logLevel for the Pipekit Agent.

configMap.name

string

""

Specifies the name of the ConfigMap to create. Leave blank to auto-generate a name.

configMap.sendLogsToPipekit

bool

true

Send Workflow logs to Pipekit. Pipekit will store and index logs for you to view at pipekit.io

configMap.telemetryProtocols

string

"prometheus"

set to 'none' to disable all telemetry

deployment.image.imagePullSecrets

list

[]

Allows you to define the name of existing imagePullSecrets to use for pulling the Pipekit Agent image.

deployment.image.pullPolicy

string

"IfNotPresent"

The imagePullPolicy for the Pipekit Agent image.

deployment.image.repository

string

"pipekit13/pipekit-agent"

The Pipekit Agent image name and repository. Change this if you wish to host the container yourself.

deployment.image.tag

string

""

Allows you to pin to a specific image tag. The Chart.yaml contains a default value.

deployment.nodeSelector

object

{"kubernetes.io/os":"linux"}

The Pipekit Agent pod's node selector.

deployment.podAnnotations

object

{}

Add any additional annotations to the Pipekit Agent pod.

deployment.podLabels

object

{}

Add any additional labels to the Pipekit Agent pod.

deployment.resources

object

{}

Set the Pipekit Agent pod's resource requests and limits. We suggest a minimal amount of resources below, but you should increase these if needed as actual resource usage will depend on usage.

fullnameOverride

string

""

Completely replace the generated name with the provided name.

metrics.enabled

bool

false

Enables a Service and ServiceMonitor for Prometheus metrics.

nameOverride

string

""

Replaces the name of the chart in Chart.yaml.

secrets.annotations

object

{}

Add any additional annotations to the Pipekit Agent Secret. Requires secrets.existingSecret to be blank.

secrets.existingSecret

string

""

The name of an existing secret containing your pipekitSecretAccessKey and pipekitClusterId.

secrets.name

string

""

Specifies the name of the Secret to create. Leave blank to auto-generate a name. Requires secrets.existingSecret to be blank.

secrets.pipekitClusterId

string

""

Enter the pipekitClusterId provided by Pipekit when you added the cluster. Requires secrets.existingSecret to be blank.

secrets.pipekitSecretAccessKey

string

""

Enter the pipekitSecretAccessKey provided by Pipekit when you added the cluster. Requires secrets.existingSecret to be blank.

serviceAccount.annotations

object

{}

Add any additional annotations to the Pipekit Agent ServiceAccount and ServiceAccount Token Secret.

serviceAccount.create

bool

true

Specifies whether a ServiceAccount should be created. If false, you must provide an existing ServiceAccount name.

serviceAccount.name

string

""

Specifies the name of the ServiceAccount to create if serviceAccount.create is true. Otherwise, specifies the name of an existing ServiceAccount to use.

Secrets

If you wish to provide your own secret you need to populate it with the pipekitSecretAccessKey and pipekitClusterId values, using the defined data keys below:

Chart var

.data. in Secret

secrets.pipekitSecretAccessKey

PIPEKIT_SECRET_ACCESS_KEY

secrets.pipekitClusterId

PIPEKIT_CLUSTER_ID

eg:

kubectl -n argo create secret generic pipekit-agent \
    --from-literal=PIPEKIT_SECRET_ACCESS_KEY='abc123' \
    --from-literal=PIPEKIT_CLUSTER_ID='123abc'

You must use single quotes '' to escape special characters such as $, , *, =, and ! in your strings. If you don't, your shell will interpret these characters.

Pipekit Agent Cluster Permissions

The Pipekit Agent needs to interact with Argo Workflows on your cluster. In order to do this, we create a ServiceAccount and ClusterRole for the Pipekit Agent. If you wish to manually manage this ServiceAccount and ClusterRole, you can set serviceAccount.create to false and provide the name of an existing ServiceAccount to use.

The required minimum permissions are:

  - apiGroups:
      - argoproj.io
    resources:
      - clusterworkflowtemplates
      - workflows
      - cronworkflows
      - workflowtemplates
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch

Upgrading Pipekit Agent

Checking the latest version

Pipekit Agent is automatically published to Artifact Hub. You can use this service to configure automatic notifications of new versions, either via an RSS feed or a webhook.

Alternatively, you can search the helm repo for the latest version of the Pipekit Agent using the following command:

# Add the repo if you don't already have it.
helm repo add pipekit https://helm.pipekit.io
helm repo update
helm search repo pipekit/pipekit-agent --versions

For further information on the helm search repo command, please refer to the official Helm documentation.

Changes to the default values.yaml

Prior to upgrading, you should ensure that you understand any changes to the default values.yaml and the impact those changes may have on your installation. This page is always updated with the latest available helm chart values for the Pipekit Agent.

If you wish to upgrade to an older version of the Pipekit Agent helm chart, you can extract the default values for that version using the following command:

helm show values pipekit/pipekit-agent --version [version]

The Pipekit-Agent values file is commented so you can see what each value does.

You can extract your existing values from your current installation using the following command:

helm get values pipekit-agent -n argo

For further information the helm commands used above, please refer to the official Helm documentation.

Upgrading the Pipekit Agent

To upgrade the Pipekit Agent, you can use the following command:

helm upgrade pipekit-agent pipekit/pipekit-agent \
--set secrets.pipekitSecretAccessKey="[provided Secret Access Key]" \
--set secrets.pipekitClusterId="[provided Cluster ID]" \
-n argo

For more information on using Helm to perform upgrades, please check the official Helm documentation.

Automating the upgrades using Gitops

If you use a Gitops tool such as Argo CD, you can simply commit your changes to your git repository and the tool will handle the Helm upgrade for you.

If you wish to automate the upgrade process, we recommend a third party tool called Renovate Bot that can be configured to automatically raise pull requests for you when a new version of the Pipekit Agent is released.

Upgrade Support

If you have an issue upgrading your Pipekit Agent that isn't addressed here, please contact us over Slack, or by email at support@pipekit.io.

Last updated