Skip to main content

Advanced installation

The SKE Operator

The recommended approach to install and manage your SKE installation is to use the SKE Operator. As well as full lifecycle support, it provides a simpler interface to customise and secure your SKE instance.

The operator has its own releases and it manages instances of SKE as defined by a Kratix Custom Resource.

To install the SKE Operator and instantiate a new SKE instance, we provide several mechanisms:

The sections below cover each one of these methods of installation.

Via the SKE CLI

The SKE CLI is the command-line interface to install and manage an instance of Syntasso Kratix Enterprise (SKE). Follow the steps below to install the CLI and deploy SKE with it.

info

The SKE CLI requires access to the private registry where the SKE images are distributed in order to work.

For air-gapped and other locked-down environments, install using Helm and follow the setup for air-gapped environments.

Install the SKE CLI

To install the Kratix CLI, go to the releases page, download the latest release of the binary for your platform.

Once you have downloaded the binary, you can install it by moving it to a directory in your PATH.

To verify your installation, run:

ske --version

Install SKE Operator and SKE

info

By default Syntasso Kratix Enterprise requires cert-manager to be installed on the cluster. Please refer to its documentation for installation instructions.

If you wish to install SKE without cert-manager, you can do so by following the Helm Installation instructions.

To install the SKE Operator and a SKE instance, run:

ske install --access-token $SKE_LICENSE_TOKEN

Verify the installation

Once installation is complete you can verify what has been installed by running:

ske get version

You should see the following output (or similar):

Latest Available:
SKE Operator: v0.2.0; SKE Deployment: v0.3.0

Deployed:
SKE Operator: v0.2.0; SKE Deployment: v0.3.0

To verify that the Operator and SKE are healthy, run the following command:

kubectl get deployments.apps --namespace kratix-platform-system

You should see the following output:

NAME                                 READY   UP-TO-DATE   AVAILABLE   AGE
kratix-platform-controller-manager   1/1     1            1           1h
ske-operator-controller-manager      1/1     1            1           1h

You can now proceed with the configuration of Kratix (i.e. registering destinations or installing promises). For that, refer to the appropriate guide.

Via the Helm Chart

info

Syntasso Kratix Enterprise requires cert-manager to be installed on the cluster unless you are configuring custom certificates. Please refer to its documentation for installation instructions.

To install SKE operator using the Helm chart, start by adding the Syntasso Helm repository:

helm repo add syntasso https://syntasso.github.io/helm-charts
helm repo update

Configure values

Helm can accept values via the values file. Refer to the examples below for common configuration options. Any configuration should be placed in a values.yaml file that is then passed in to the helm install command.

tip

You can see all available configuration in the helm chart repository.

Suggested starter values.yaml file
skeLicense: your-token-here
skeDeployment:
  version: latest
Example air-gapped values.yaml file

To use this example, please set all values to your specific environment

  skeLicense: your-token-here
  skeDeployment:
    version: latest
  imageRegistry:
    host: "ghcr.io"
    imagePullSecret: "my-secret"
    skeOperatorImage:
      name: "syntasso/ske-operator"
    skePlatformImage:
      name: "syntasso/ske-platform"
    skePlatformPipelineAdapterImage:
      name: "syntasso/ske-platform-pipeline-adapter"
  releaseStorage:
    path: "ske"
    git:
      branch: main
      repo: https://github.com/org/repo
      secret:
        name: git-creds # the secret must be created in the same namespace as the operator. It must contain the following keys: username, password. If provided below it is automatically created
        values:
          username: "my-username" # instead of providing a secretName you can provide the username and password directly
          password: "my-password"

The SKE license

To run SKE, you need a license. You can get one by requesting a free trial. In your values file, you can set the skeLicense field to the license token provided to you by Syntasso.

skeLicense: LICENSE # provided to you by Syntasso

SKE version

The Helm chart version determines what version of the SKE Operator is installed. To configure the version of SKE that the operator will install, you can use the skeDeployment.version field as shown below.

skeDeployment:
  version: v0.99.0 # select your desired version

Custom Certs

By default, the SKE Operator and the SKE instance it deploys use cert-manager to manage TLS certificates for their webhooks. This default setup requires no additional configuration. However, if you prefer not to use cert-manager, you can disable it and manually provide your own TLS certificates.

To disable cert-manager and supply your custom certificates, update your configuration as follows:

global:
  skeOperator:
    tlsConfig:
      certManager:
        disabled: true
      webhookCACert: |
        -----BEGIN CERTIFICATE-----
        ...
      webhookTLSKey: |
        -----BEGIN PRIVATE KEY-----
        ...
      webhookTLSCert: |
        -----BEGIN CERTIFICATE-----
        ...

skeDeployment:
  enabled: true
  tlsConfig:
    certManager:
      disabled: true
    webhookCACert: |
      -----BEGIN CERTIFICATE-----
      ...
    webhookTLSKey: |
      -----BEGIN PRIVATE KEY-----
      ...
    webhookTLSCert: |
      -----BEGIN CERTIFICATE-----
      ...

Both the SKE Operator and SKE Deployment require valid TLS certificates for their webhook servers to securely communicate with the Kubernetes API. Below are the DNS names that must be included in the TLS certificates for each component.

The TLS certificate for the SKE Operator's webhook server must cover the following DNS names:

  • ske-operator-webhook-service.kratix-platform-system.svc
  • ske-operator-webhook-service.kratix-platform-system.svc.cluster.local

The TLS certificate for the SKE Deployment's webhook server must cover the following DNS names:

  • kratix-platform-webhook-service.kratix-platform-system.svc
  • kratix-platform-webhook-service.kratix-platform-system.svc.cluster.local

Air-gapped mirrors

To run SKE in air-gapped environments, you first need to mirror the Image Registry and the Release Storage, as described in the air-gapped setup instructions.

You can then provide the details of the mirrored Image Registry and Release Storage via the imageRegistry and releaseStorage fields in your helm values file.

Image Registry

imageRegistry:
  host: "ghcr.io"
  imagePullSecret: "my-secret"
  skeOperatorImage:
    name: "syntasso/ske-operator"
  skePlatformImage:
    name: "syntasso/ske-platform"
  skePlatformPipelineAdapterImage:
    name: "syntasso/ske-platform-pipeline-adapter"

Release Storage

releaseStorage:
  path: "ske" # the path within the bucket that contains the SKE Versions
  bucket:
    name: "syntasso-enterprise-releases"
    region: "eu-west-2"
      secret:
        name: "my-secret" # the secret must be created in the same namespace as the operator. It must contain the following keys: accessKeyID, secretAccessKey. If provided below it is automatically created
        values: # optional: if you've not pre-created the secret, you can instead provide the values below and the helm chart will create it for you
          accessKeyID: "my-access"
          secretAccessKey: "my-secret"

Install the Operator

Next, install the SKE Operator:

helm install ske-operator syntasso/ske-operator \
  --namespace kratix-platform-system \
  --create-namespace \
  --wait \
  --values values.yaml # This is optional. Only use if you are configuring custom values.

Verify the installation

To verify that Syntasso Kratix Enterprise has been installed successfully, run the following command:

kubectl get deployments.apps --namespace kratix-platform-system

You should see the following output:

NAME                                 READY   UP-TO-DATE   AVAILABLE   AGE
kratix-platform-controller-manager   1/1     1            1           1h
ske-operator-controller-manager      1/1     1            1           1h

You can now proceed with the configuration of Kratix (i.e. registering destinations or installing promises). For that, refer to the Open-Source Kratix documentation.

Via the Manifests

Create the namespace

To install the SKE Operator via the distribution manifest, you will first need to create the kratix-platform-system namespace. This is where the SKE operator will be installed:

kubectl create namespace kratix-platform-system

Create the Operator configuration

If you are not running SKE in an air-gapped environment, all you need to do is create a secret with your license token:

kubectl create secret docker-registry syntasso-registry \
  --namespace=kratix-platform-system \
  --docker-server=registry.syntasso.io \
  --docker-username=syntasso-pkg \
  --docker-password=<YOUR TOKEN>

For air-gapped environments, you will need to create a ConfigMap with the following structure:

apiVersion: v1
kind: ConfigMap
metadata:
  creationTimestamp: null
  name: ske-operator
  namespace: kratix-platform-system
data:
  config: |
    releaseStorage:
      path: # path within the git repository or bucket to look for releases
      # one of: git or bucket
      git:
        secretName: # the name of the secret containing the git credentials
        repo: # the git repository to look for releases
        branch: # the branch to look for releases
      bucket:
        name: # the name of the bucket to look for releases
        endpoint: # the endpoint of the bucket
        region: # the region of the bucket
        secretName: # optional: the name of the secret containing the credentials to access the bucket
    imageRegistry:
      host: # the host of the image registry
      pullSecret: # optional: the name of the secret containing the image registry credentials
      platformImage: # the image of the platform
      pipelineImage: # the image of the pipeline adapter

Refer to the air-gapped installations section for more information on how to configure the underlying storage and image registry, as well as the expected structure of the referenced secrets.

Deploy the SKE Operator

With all of the prerequisites in place, the platform is now ready to deploy the SKE Operator. Locate the desired release of the SKE-Operator and apply its manifest with kubectl:

kubectl apply -f http://s3.eu-west-2.amazonaws.com/syntasso-enterprise-releases/ske-operator/<VERSION>/ske-operator-distribution.yaml

Applying the manifest will install the SKE Operator in the kratix-platform-system namespace, together with a Kratix Custom Resource Definition (CRD) that allows you to manage the Syntasso Kratix Enterprise installation.

Deploy SKE

The SKE Operator includes a custom resource definition (CRD) for managing SKE. Only one instance of SKE can be created by the SKE Operator in a given cluster.

To deploy SKE, create a file named ske-instance.yaml with the following contents:

apiVersion: platform.syntasso.io/v1alpha1
kind: Kratix
metadata:
  name: my-kratix
spec:
  version: v0.99.0 # The desired version of SKE

Apply the file with kubectl:

kubectl apply --filename ske-instance.yaml

The operator will then install SKE and its necessary configurations. For more information about the Kratix CRD, see the SKE Operator documentation.

Verify the installation

To verify that Syntasso Kratix Enterprise has been installed successfully, run the following command:

kubectl get deployments.apps --namespace kratix-platform-system

You should see the following output:

NAME                                 READY   UP-TO-DATE   AVAILABLE   AGE
kratix-platform-controller-manager   1/1     1            1           1h
ske-operator-controller-manager      1/1     1            1           1h

You can now proceed with the configuration of Kratix (i.e. registering destinations or installing promises). For that, refer to the Open-Source Kratix documentation.