Light Dark Auto

Overview

The greymatter.io operator is a Kubernetes extension that makes launching a mesh on Kubernetes quick and easy. You can use the operator to do the following:

  • Install the entire greymatter.io mesh in a single step
  • Perform updates of core greymatter.io mesh services
  • Automatically network pods in a list of namespaces into a service mesh
  • Bootstrap mesh configurations from Deployments and StatefulSets
  • Customize bootstrap mesh configuration templates via CUE definitions

Definition

  • name(String) - mesh display name
  • install_namespace(String) - namespace where greymatter.io core services will be installed
  • watch_namespaces(Array[String]) - namespaces that greymatter.io will discover services from
  • zone(String) - zone label for organizing mesh configurations
  • images(Object) - A map of OCI image strings for greymatter.io coreservices. Introduced in version v0.3.2
  • image_pull_secrets(Array[String]) - A list of secrets containing credentials to pull OCI compliant images. Introduced in version v0.3.2.
  • user_tokens(Array[Object]) - additional user tokens applied to the greymatter.io JWT Security service

Permissions

The operator orchestrates deploying a mesh across multiple pods and namespaces. As a result it requires a fair number of Role-based access control (RBAC) permissions to be shared with its service account. These are required for installing greymatter.io core services and configuring mesh capabilities.

ResourcePermission
apps.deployments

list, get, create, update

apps.statefulsets

list, get, create, update

core.pods

list

core.configmaps

get, create, update

core.secrets

get, create, patch

core.serviceaccounts

get, create, update

core.services

get, create, update

rbac.clusterroles

get, create, update

rbac.clusterrolebindings

get, create, update

networking.ingresses

get, create, update

admissionregistration.mutatingwebhookconfigurations

get, patch

admissionregistration.validatingwebhookconfigurations

get, patch

Next Steps