This is a bash script which performs the following:
- Discovers the latest stable version for Satori DAC.
- Downloads the package to a temprorary directory and extracts it from the tarball.
- Push the installation package to a git repo to a current branch.
-
Make sure that the ArgoCD apply the helm chart with the following value files and in exact order:
Option A, providing the
<SATORI_SERVICE_ID>
and<SATORI_SERVICE_KEY>
as parameters to the helm command:--values version-values.yaml --values customer-values.yaml --values customer-override.yaml --set service_accountid=<SATORI_SERVICE_ID> --set service_account_key=<SATORI_SERVICE_KEY>
Option B, storing the
<SATORI_SERVICE_ID>
and<SATORI_SERVICE_KEY>
as a kubernetes secret, e.g.:"service_account.json" : "{"id": "<service-account-id>", "key": "<service-account-key>"}"
To use the secret by helm chart specify the following helm parameters:
--values version-values.yaml --values customer-values.yaml --values customer-override.yaml --set service_account_secret=<SERVICE_ACCOUNT_SECRET_NAME>
. See here on how to integrate the external-secret operator with Satori helm chart to create service_account_secret dynamically. -
The
<SATORI_SERVICE_ID>
and<SATORI_SERVICE_KEY>
should be obtained from the Satori management console. Since these parameters are sensitive, you must store them in a secured store and provide them to the ArgoCD dynamically.
Note: The assumption that the git repo is tracked by ArgoCD, so the git push
will trigger the ArgoCD helm reconciliation with the actual deployment.
The script performs git push to a current branch. Consider changing it according to your company policy.
A sample for the ArgoCD application definition for Satori DAC deployment:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: satori-runtime
namespace: satori-runtime
spec:
project: satori-runtime
source:
chart: satori-runtime
repoURL: https://my-github-repo.github.io/satori-runtime
targetRevision: 1.2415
helm:
releaseName: runtime
destination:
server: "https://kubernetes.default.svc"
namespace: satori-runtime
- Obtain the Satori service key and export it accordingly for using it by the bash script and the ArgoCD.
export SATORI_SERVICE_ID=<SATORI_SERVICE_ID>
export SATORI_SERVICE_KEY=<SATORI_SERVICE_KEY>
- Export the DAC_ID for using it by the bash script
export DAC_ID=<DAC_ID>
3 .Export the path to the cloned git repo. The package will be copied to that repo and pushed to master.
export REPO_PATH=<REPO_PATH>
-
The kube .config file is configured. The cluster context is set to the desired kubernetes cluster.
-
Make sure with Satori suport that you have thse values in your Helm chart.
runtimeConf:
dacInstaller:
# When helm runs it won't create the bootstrap access key in kubernetes, kubernetes secret store should be populate with the secret in another manner
installSecret: false
dacManager:
# For argoCD, dac-manager reports version based on static value in the helm chart and not dynamic
versionReporter:
static:
enabled: true
- Make sure you are authenticated to the kubernetes cluster and .kubecofnig is set to the right cluster contex.
- Run the script
./get_satori_installation_package.sh
- If you have the external secret operator running on your K8S cluster, you can leverage it to dynamically create the kubernetes secret with the service key required for Satori DAC deployment.
- Create a secret in your preferred secret manager (HasiCorp Vault, AWS secret manager, etc.). The secret could have any name, lets supposed
satori-dac-service-key
- Store the
<SATORI_SERVICE_ID>
and<SATORI_SERVICE_KEY>
in a json format {"id": "<SATORI_SERVICE_ID>", "key": "<SATORI_SERVICE_KEY>"} - The helm values file should contains the following (the values might be different, depending on your external-secrets operator implementation):
runtimeConf:
dacInstaller:
externalSecretOperator:
dacServiceAccountSecret:
create: true
remoteRef:
key: `satori-dac-service-key`
property: ""
secretStoreRef:
name: "default-secret-store"
kind: "ClusterSecretStore"
- To enable this feature and for an additional assistance, please contact the Satori support team.