This guide covers how to configure a Grey Matter mesh using the operator.
- kubectl v1.21+ with cluster administrator privileges
- CUE CLI
- An existing Kubernetes v1.19+ cluster
- A Grey Matter operator running in your cluster
kubectl edit mesh -n greymatter
Refer to the CRD overview for a detailed explanation of the fields.
Common changes you may want to make are:
- Changing the default
metadata.name, this display name will appear in the Grey Matter application
- Changing the image tag of a core Grey Matter service in
- Adding namespaces to
watch_namespaces, Grey Matter will watch for pods in these namespaces and automatically inject sidecars into them
The operator does not automcatically set up TLS for the Grey Matter edge proxy. If you'd like to do that, follow these steps.
- Generate certificates in
- Create a secret
kubectl -n greymatter create secret generic edge.certs --from-file=/tmp/certs
- Edit the edge deployment to mount certs into the edge proxy
kubectl edit deployment/edge -n greymatter
The edge deployment YAML will open in your editor. Add the secret as a volume in the pod.
volumes: - name: certs secret: defaultMode: 420 secretName: edge.certs
Add a volume mount to the pod's container spec.
volumeMounts: - mountPath: /etc/proxy/tls/sidecar name: certs
Update the domain configuration with TLS. Please ensure that the filenames match the paths in the configuration.
If all was successful you should be able to access your mesh at the edge with TLS from
If your Kubernetes cluster has an ingress controller, the operator will have created an Ingress resource that will be registered with the ingress controller for exposing the edge service's port 10808.
kubectl get ingress -n greymatter
You may manually configure ingress rules on the ingress resource as needed, refer to the Kubernetes documentation on how to do this.