Kubernetes

Below are the instructions to install the Aperture Controller on Kubernetes.

Prerequisites

You can do the installation using the aperturectl CLI tool or using Helm. Install the tool of your choice using the following links:

1. Helm

   1. Once the Helm CLI is installed, add the Aperture Controller Helm chart repository in your environment for install or upgrade:

      helm repo add aperture https://fluxninja.github.io/aperture/
      helm repo update

2. Aperturectl

   Refer

   Aperturectl install controller to see all the available command line arguments.

Configuring the packaged etcd and Prometheus

If the Aperture Controller will be installed with the packaged etcd and Prometheus, the following steps can be used to customize the installation of them:

1. The packaged etcd is installed using the Bitnami Helm Chart, and it can be customized using all the available options in the chart.

   All the available options can be found here, and the values can be overridden by creating a values.yaml file under the etcd key.

   For example, to change the default image used for etcd, create a file named values.yaml with the following content:

   etcd:
     image:
       registry: YOUR_REGISTRY
       repository: YOUR_REPOSITORY
       tag: ETCD_IMAGE_TAG

2. The packaged Prometheus is installed using the Prometheus Community Helm Chart, and it can be customized using all the available options in the chart.

   All the available options can be found here, and the values can be overridden by creating a values.yaml file under the prometheus key.

   For example, to change the default images used for Prometheus server, create a file named values.yaml with the following content:

   prometheus:
     server:
       image:
         registry: YOUR_REGISTRY
         repository: YOUR_REPOSITORY
         tag: PROMETHEUS_IMAGE_TAG
     configmapReload:
       prometheus:
         image:
           registry: YOUR_REGISTRY
           repository: YOUR_REPOSITORY
           tag: CONFIG_RELOAD_IMAGE_TAG

The values.yaml file created above can be used with the Installation steps below.

Installation

The Aperture Controller can be installed on Kubernetes using the below options:

warning

Upgrading from one of the installation modes below to the other is discouraged and can result in unpredictable behavior.

1. Namespace-scoped Installation

   The Aperture Controller can also be installed with only namespace-scoped resources.

2. Install with Operator

   The Aperture Controller can be installed using the Kubernetes Operator available for it.

   info

   This method requires access to create cluster level resources such as ClusterRole, ClusterRoleBinding, CustomResourceDefinition and so on.

   Use the Namespace-scoped Installation if you do not want to assign the cluster level permissions.

Exposing etcd and Prometheus services

If the Aperture Controller is installed with the packaged etcd and Prometheus, follow the following steps to expose them outside the Kubernetes cluster so that the Aperture Agent running on Linux can access them.

info

Contour is used as a Kubernetes Ingress Controller in the following steps to expose the etcd and Prometheus services out of Kubernetes cluster using Load Balancer.

Any other tools can also be used to expose the etcd and Prometheus services out of the Kubernetes cluster based on your infrastructure.

1. Add the Helm chart repository for Contour in your environment:

   helm repo add bitnami https://charts.bitnami.com/bitnami

2. Install the Contour chart by running the following command:

   helm install aperture bitnami/contour --namespace projectcontour --create-namespace

3. It might take a few minutes for the Contour Load Balancer IP to become available. You can watch the status by running:

   kubectl get svc aperture-contour-envoy --namespace projectcontour -w

4. Once EXTERNAL-IP is no longer <pending>, run the following command to get the External IP for the Load Balancer:

   kubectl describe svc aperture-contour-envoy --namespace projectcontour | grep Ingress | awk '{print $3}'

5. Add an entry for the above IP in the cloud provider's DNS configuration. For example, follow steps on Cloud DNS on GKE for Google Kubernetes Engine.

6. Configure the below parameters to install the Kubernetes Ingress with the Aperture Controller by updating the values.yaml created during installation and passing it with install command:

   ingress:
     enabled: true
     domain_name: YOUR_DOMAIN_HERE
   
   etcd:
     service:
       annotations:
         projectcontour.io/upstream-protocol.h2c: "2379"

   Replace the values of YOUR_DOMAIN_HERE with the actual value the domain name under with the External IP is exposed.

   aperturectl

   aperturectl install controller --version v2.32.2 --values-file values.yaml

   Helm

   helm upgrade --install controller aperture/aperture-controller -f values.yaml

7. It might take a few minutes for the Ingress resource to get the ADDRESS. You can watch the status by running:

   kubectl get ingress controller-ingress -w

8. Once the ADDRESS matches the External IP, the etcd will be accessible on http://etcd.YOUR_DOMAIN_HERE:80 and the Prometheus will be accessible on http://prometheus.YOUR_DOMAIN_HERE:80.