Light Dark Auto

Configure a Mesh

Configure a Grey Matter mesh using the operator

This guide covers how to configure a Grey Matter mesh using the operator.

Prerequisites

  • kubectl v1.21+ with cluster administrator privileges
  • CUE CLI
  • An existing Kubernetes v1.19+ cluster
  • A Grey Matter operator running in your cluster

Edit the Mesh CRD

kubectl edit mesh -n greymatter

Refer to the CRD overview for a detailed explanation of the fields.

Common changes you may want to make are:

  • Changing the default metadata.name, this display name will appear in the Grey Matter application
  • Changing the image tag of a core Grey Matter service in spec.images
  • Adding namespaces to watch_namespaces, Grey Matter will watch for pods in these namespaces and automatically inject sidecars into them

Set up TLS for the edge proxy

The operator does not automcatically set up TLS for the Grey Matter edge proxy. If you'd like to do that, follow these steps.

  1. Generate certificates in /tmp/certs
  2. Create a secret
kubectl -n greymatter create secret generic edge.certs --from-file=/tmp/certs
  1. Edit the edge deployment to mount certs into the edge proxy
kubectl edit deployment/edge -n greymatter
The edge deployment YAML will open in your editor. Add the secret as a volume in the pod.
volumes:
  - name: certs
    secret:
      defaultMode: 420
      secretName: edge.certs
Add a volume mount to the pod's container spec.
volumeMounts:
  - mountPath: /etc/proxy/tls/sidecar
    name: certs
  1. Update the domain configuration with TLS. Please ensure that the filenames match the paths in the configuration.

    If all was successful you should be able to access your mesh at the edge with TLS from https://{external-ip}:10808.

Set up an Ingress Controller

If your Kubernetes cluster has an ingress controller, the operator will have created an Ingress resource that will be registered with the ingress controller for exposing the edge service's port 10808.

kubectl get ingress -n greymatter

You may manually configure ingress rules on the ingress resource as needed, refer to the Kubernetes documentation on how to do this.