Install SMM with the SMM Operator chart

SMM Operator is a Kubernetes operator to deploy and manage Service Mesh Manager. In this chart the CRD is not managed by the operator, and we expect CI/CD tools to take care of updating CRD.

In case you have your own cluster deployed and are authorized to fetch images from the Cisco provided repositories, then you can rely on BasicAuth(url, username, password) for authentication required to pull images.

You can get a Username and Password by signing up for the Free tier version of Service Mesh Manager.

Prerequisites

Helm version 3.7 or newer.

Steps

Create two namespaces, one for smm-operator (called smm-registry-access), and one for cert-manager:
```
kubectl create ns smm-registry-access
kubectl create ns cert-manager
```
(The smm-registry-access namespace is used because smm-operator should be in the same namespace as the imagepullsecrets-controller.)

Run the following helm commands. Replace <your-username> and <your-password> with the ones shown on your Service Mesh Manager download page.

export HELM_EXPERIMENTAL_OCI=1
echo <your-password> | helm registry login registry.eticloud.io -u '<your-username>' --password-stdin

helm pull oci://registry.eticloud.io/smm-charts/smm-operator --version 1.11.0

helm install \
  --namespace=smm-registry-access \
  --set "global.ecr.enabled=false" \
  --set "global.basicAuth.username=<your-username>" \
  --set "global.basicAuth.password=<your-password>" \
  smm-operator \
  oci://registry.eticloud.io/smm-charts/smm-operator --version 1.11.0

Install Service Mesh Manager by creating a ControlPlane resource. We recommend that you start with the following ControlPlane resource. This CR assumes that you are using docker-registry authentication, and the secrets referenced in the .spec.registryAccess is used to pull smm-operator image and sync across other namespaces created by the smm-operator chart.

Replace <cluster-name> with the name of your cluster. The cluster name format must comply with the RFC 1123 DNS subdomain/label format (alphanumeric string without “_” or “.” characters). Otherwise, you get an error message starting with: Reconciler error: cannot determine cluster name controller=controlplane, controllerGroup=smm.cisco.com, controllerKind=ControlPlane

kubectl apply -f - << EOF
apiVersion: smm.cisco.com/v1alpha1
kind: ControlPlane
metadata:
  name: smm
spec:
  clusterName: <cluster-name>
  certManager:
    enabled: true
    namespace: cert-manager
  clusterRegistry:
    enabled: true
    namespace: cluster-registry
  log: {}
  meshManager:
    enabled: true
    istio:
      enabled: true
      istioCRRef:
        name: cp-v115x
        namespace: istio-system
      operators:
        namespace: smm-system
    namespace: smm-system
  nodeExporter:
    enabled: true
    namespace: smm-system
    psp:
      enabled: false
    rbac:
      enabled: true
  oneEye: {}
  registryAccess:
    enabled: true
    imagePullSecretsController: {}
    namespace: smm-registry-access
    pullSecrets:
      - name: smm-registry.eticloud.io-pull-secret
        namespace: smm-registry-access
  repositoryOverride:
    host: registry.eticloud.io
    prefix: smm
  role: active
  smm:
    als:
      enabled: true
      log: {}
    application:
      enabled: true
      log: {}
    auth:
      mode: impersonation
    certManager:
      enabled: true
    enabled: true
    federationGateway:
      enabled: true
      name: smm
      service:
        enabled: true
        name: smm-federation-gateway
        port: 80
    federationGatewayOperator:
      enabled: true
    impersonation:
      enabled: true
    istio:
      revision: cp-v115x.istio-system
    leo:
      enabled: true
      log: {}
    log: {}
    namespace: smm-system
    prometheus:
      enabled: true
      replicas: 1
    prometheusOperator: {}
    releaseName: smm
    role: active
    sre:
      enabled: true
    useIstioResources: true
EOF

Uninstalling the chart

To uninstall/delete the ControlPlane resource and smm-operator release, run:

kubectl delete controlplanes.smm.cisco.com smm
helm uninstall --namespace=smm-registry-access smm-operator

Chart configuration

The following table lists the configurable parameters of the Service Mesh Manager chart and their default values.

Parameter	Description	Default
`operator.image.repository`	Operator container image repository	`registry.eticloud.io/smm/smm-operator`
`operator.image.tag`	Operator container image tag	Same as chart version
`operator.image.pullPolicy`	Operator container image pull policy	`IfNotPresent`
`operator.resources`	CPU/Memory resource requests/limits (YAML)	Memory: `256Mi`, CPU: `200m`
`prometheusMetrics.enabled`	If true, use direct access for Prometheus metrics	`false`
`prometheusMetrics.authProxy.enabled`	If true, use auth proxy for Prometheus metrics	`true`
`prometheusMetrics.authProxy.image.repository`	Auth proxy container image repository	`gcr.io/kubebuilder/kube-rbac-proxy`
`prometheusMetrics.authProxy.image.tag`	Auth proxy container image tag	`v0.5.0`
`prometheusMetrics.authProxy.image.pullPolicy`	Auth proxy container image pull policy	`IfNotPresent`
`rbac.enabled`	Create rbac service account and roles	`true`
`rbac.psp.enabled`	Create pod security policy and binding	`false`
`ecr.enabled`	Should SMM Operator Chart handle the ECR login procedure	`true`
`ecr.accessKeyID`	Access Key ID to be used for ECR logins	Empty
`ecr.secretAccessKey`	Secret Access Key to be used for ECR logins	Empty