Install SMM with the SMM Operator chart
SMM Operator is a Kubernetes operator to deploy and manage Service Mesh Manager. In this chart the CRD is not managed by the operator, and we expect CI/CD tools to take care of updating CRD.
In case you have your own cluster deployed and are authorized to fetch images from the Cisco provided repositories, then you can rely on BasicAuth(url, username, password) for authentication required to pull images.
You can get a Username and Password by signing up for the Free tier version of Service Mesh Manager.
Prerequisites
Helm version 3.7 or newer.
Steps
-
Create two namespaces, one for smm-operator (called
smm-registry-access
), and one for cert-manager:kubectl create ns smm-registry-access kubectl create ns cert-manager
(The
smm-registry-access
namespace is used because smm-operator should be in the same namespace as the imagepullsecrets-controller.) -
Run the following helm commands. Replace
<your-username>
and<your-password>
with the ones shown on your Service Mesh Manager download page.export HELM_EXPERIMENTAL_OCI=1 echo <your-password> | helm registry login registry.eticloud.io -u '<your-username>' --password-stdin helm pull oci://registry.eticloud.io/smm-charts/smm-operator --version 1.11.0 helm install \ --namespace=smm-registry-access \ --set "global.ecr.enabled=false" \ --set "global.basicAuth.username=<your-username>" \ --set "global.basicAuth.password=<your-password>" \ smm-operator \ oci://registry.eticloud.io/smm-charts/smm-operator --version 1.11.0
-
Install Service Mesh Manager by creating a ControlPlane resource. We recommend that you start with the following ControlPlane resource. This CR assumes that you are using docker-registry authentication, and the secrets referenced in the
.spec.registryAccess
is used to pull smm-operator image and sync across other namespaces created by the smm-operator chart.Replace
<cluster-name>
with the name of your cluster. The cluster name format must comply with the RFC 1123 DNS subdomain/label format (alphanumeric string without “_” or “.” characters). Otherwise, you get an error message starting with:Reconciler error: cannot determine cluster name controller=controlplane, controllerGroup=smm.cisco.com, controllerKind=ControlPlane
kubectl apply -f - << EOF apiVersion: smm.cisco.com/v1alpha1 kind: ControlPlane metadata: name: smm spec: clusterName: <cluster-name> certManager: enabled: true namespace: cert-manager clusterRegistry: enabled: true namespace: cluster-registry log: {} meshManager: enabled: true istio: enabled: true istioCRRef: name: cp-v115x namespace: istio-system operators: namespace: smm-system namespace: smm-system nodeExporter: enabled: true namespace: smm-system psp: enabled: false rbac: enabled: true oneEye: {} registryAccess: enabled: true imagePullSecretsController: {} namespace: smm-registry-access pullSecrets: - name: smm-registry.eticloud.io-pull-secret namespace: smm-registry-access repositoryOverride: host: registry.eticloud.io prefix: smm role: active smm: als: enabled: true log: {} application: enabled: true log: {} auth: mode: impersonation certManager: enabled: true enabled: true federationGateway: enabled: true name: smm service: enabled: true name: smm-federation-gateway port: 80 federationGatewayOperator: enabled: true impersonation: enabled: true istio: revision: cp-v115x.istio-system leo: enabled: true log: {} log: {} namespace: smm-system prometheus: enabled: true replicas: 1 prometheusOperator: {} releaseName: smm role: active sre: enabled: true useIstioResources: true EOF
Uninstalling the chart
To uninstall/delete the ControlPlane
resource and smm-operator
release, run:
kubectl delete controlplanes.smm.cisco.com smm
helm uninstall --namespace=smm-registry-access smm-operator
Chart configuration
The following table lists the configurable parameters of the Service Mesh Manager chart and their default values.
Parameter | Description | Default |
---|---|---|
operator.image.repository |
Operator container image repository | registry.eticloud.io/smm/smm-operator |
operator.image.tag |
Operator container image tag | Same as chart version |
operator.image.pullPolicy |
Operator container image pull policy | IfNotPresent |
operator.resources |
CPU/Memory resource requests/limits (YAML) | Memory: 256Mi , CPU: 200m |
prometheusMetrics.enabled |
If true, use direct access for Prometheus metrics | false |
prometheusMetrics.authProxy.enabled |
If true, use auth proxy for Prometheus metrics | true |
prometheusMetrics.authProxy.image.repository |
Auth proxy container image repository | gcr.io/kubebuilder/kube-rbac-proxy |
prometheusMetrics.authProxy.image.tag |
Auth proxy container image tag | v0.5.0 |
prometheusMetrics.authProxy.image.pullPolicy |
Auth proxy container image pull policy | IfNotPresent |
rbac.enabled |
Create rbac service account and roles | true |
rbac.psp.enabled |
Create pod security policy and binding | false |
ecr.enabled |
Should SMM Operator Chart handle the ECR login procedure | true |
ecr.accessKeyID |
Access Key ID to be used for ECR logins | Empty |
ecr.secretAccessKey |
Secret Access Key to be used for ECR logins | Empty |