Light Dark Auto

Overview

The Grey Matter operator is the quickest way to launch a mesh on Kubernetes. You can use the operator to do the following:

  • Install the entire Grey Matter mesh in a single step
  • Perform updates of core Grey Matter mesh services
  • Automatically network pods in a list of namespaces into a service mesh
  • Bootstrap mesh configurations from Deployments and StatefulSets
  • Customize bootstrap mesh configuration templates via CUE definitions

Compatibility

  • Kubernetes v1.19+
  • kubectl v1.21+
  • Grey Matter CLI v4.0.4+

Custom Resource Definition

The operator reconciles the state of a Kubernetes cluster to match configuration defined in a mesh Custom Resource Definition registered with the Kubernetes API server. The mesh CRD is a cluster-scoped resource and describes how the operator should network a mesh across multiple namespaces in a Kubernetes cluster.

Definition

  • metadata.name(String) - mesh display name
  • spec.install_namespace(String) - namespace where Grey Matter core services will be installed
  • spec.watch_namespaces(Array[String]) - namespaces that Grey Matter will discover services from
  • spec.zone(String) - zone label for organizing mesh configurations
  • spec.images(Object) - A map of OCI image strings for Grey Matter coreservices. Introduced in version v0.3.2
  • spec.image_pull_secrets(Array[String]) - A list of secrets containing credentials to pull OCI compliant images. Introduced in version v0.3.2.
  • spec.user_tokens(Array[Object]) - additional user tokens applied to the Grey Matter JWT Security service

Example

apiVersion: greymatter.io/v1alpha1
kind: Mesh
metadata:
  name: Grey Matter Core
spec:
  install_namespace: greymatter
  watch_namespaces:
  - default
  zone: default-zone
  images:
    proxy: "123456789012.dkr.ecr.us-west-2.amazonaws.com/gm-proxy:1.7.0"
    catalog: "gitlab.mydomain.com/greymatter/gm-catalog:3.0.0"
    dashboard: "docker.greymatter.io/release/gm-dashboard:6.0.0"
    control: "docker.greymatter.io/release/gm-control:1.7.1"
    control_api: "docker.greymatter.io/release/gm-control-api:1.7.1"
    redis: "quay.mydomain.com/builds/redis"
  image_pull_secrets:
  - amazon-ecr-secret
  - gitlab-registry-secret
  - redhat-quay-secret

Permissions

The operator orchestrates deploying a mesh across multiple pods and namespaces. As a result it requires a fair number of RBAC permissions to be shared with its service account. These are required for installing Grey Matter core services and configuring mesh capabilities.

ResourcePermission
apps.deployments

list, get, create, update

apps.statefulsets

list, get, create, update

core.pods

list

core.configmaps

get, create, update

core.secrets

get, create, patch

core.serviceaccounts

get, create, update

core.services

get, create, update

rbac.clusterroles

get, create, update

rbac.clusterrolebindings

get, create, update

networking.ingresses

get, create, update

admissionregistration.mutatingwebhookconfigurations

get, patch

admissionregistration.validatingwebhookconfigurations

get, patch

Next Steps