Configuring Cortex

To integrate SKE with Cortex, you need to set up your Cortex workspace and install the SKE Cortex integration on your Platform cluster.

This document will cover:

Configuring the Cortex Workspace
Creating a Cortex token for Kratix
Installing Cortex Controller

Set up the Cortex Workspace

The Cortex Workflows will create and update Resource Requests for their respective Promises. These requests which will be sent to SKE via GitOps, meaning that the requests will be written to a Git repository that the Platform Cluster will watch and converge upon. To enable this GitOps flow from your Workflows, you will need to set up a version control integration in your Cortex workspace.

Follow the official Cortex documentation on integrations to set up the integration with your Git provider. The SKE Cortex integration currently only supports Github and GitLab integration, if you require a different version control provider, please contact Syntasso at feedback@syntasso.io.

Create a Cortex token for SKE

The SKE Cortex integration communicates with Cortex through the Cortex API so you'll need to generate a token for authenticating with your Cortex Workspace. Follow Cortex's official documentation to create a personal access token to access your Cortex workspace. You will need to provide this token when installing the SKE Cortex integration.

The SKE Cortex integration will use the access token to authenticate. It will:

create, update, and delete Workflows
create, update, and delete custom Entity Types
create, update, and delete Entities

Please ensure the token is generated with the right permissions.

Install the SKE Cortex Controller

Via the SKE Operator Helm Chart

important

You will need v0.58.0 of the SKE Operator Helm Chart

The Cortex Controller is installed by the SKE Operator and can be deployed via the SKE Operator Helm Chart.

To deploy the Cortex Controller via the SKE Operator Helm Chart, configure the cortexIntegration values. Most crucially, you will need to set cortexIntegration.enabled to true.

cortexIntegration:
  enabled: true
  version: "latest"
  config:
    branch: main # any branch that exists; defaults to main
    integrationAlias: cortex # needs to match the integrationAlias for your GitOps integration
    path: test-sub-dir # the directory within the Cortex repo, if not set, it will default to `kratix-resource-requests`
    provider: github # must be github
    repositoryName: syntasso/cortex-testing # needs to be an existing repo
    # auth options (choose exactly one):
    # 1) set both token and url and this chart creates Secret `cortex-credentials`
    # 2) set secretRef.name to an existing Secret in kratix-platform-system
    # token/url and secretRef are mutually exclusive.
    token: ""
    url: ""
    # optional existing Secret reference (used only when token/url are not set)
    # secretRef:
    #   name: "cortex-credentials"
  deploymentConfig:
    resources:
      limits:
        memory: "256Mi"
        cpu: "100m"
      requests:
        memory: "256Mi"
        cpu: "100m"

Image registry for Air-gapped Environments

You may want to manage the Cortex Controller images within your own environment either due to air-gapped requirements or other security measures.

To do this, you will need to set up image mirroring and configure the Cortex Controller distribution to pull images from your own registry.

You must ensure that the Cortex Controller image is mirrored in your own image registry and tagged according to the version.

ghcr.io/syntasso/cortex-controller

As is the case for the SKE Operator and SKE Platform images, the Cortex Controller will use the registry configured via the imageRegistry.host in the Helm Chart when pulling images. If you have changed the name of the Cortex Controller image in your internal registry, ensure that the imageRegistry.cortexControllerImage.name is updated to reflect this.

Deploy the Cortex Controller

Having updated the Helm values, install the Cortex Controller by running:

helm install ske-operator syntasso/ske-operator \
  --namespace kratix-platform-system \
  --wait \
  --values values.yaml

Via the SKE Integrations CRD

warning

You will need v0.20.0 of the SKE Operator or later

The SKE Operator includes a Custom Resource Definition (CRD) for managing SKE Integrations such as Cortex. Only one instance of a Cortex SKE Integration can be created by the SKE Operator in a given cluster.

Before creating the SKE Integration, you will need to create the secret that will be used to connect to Cortex. This will include the personal access token created in the first step:

apiVersion: v1
kind: Secret
metadata:
  name: cortex-connection
  namespace: kratix-platform-system
type: Opaque
data:
  token: "cortex-personal-token"
  url: "https://api.getcortexapp.com"

If both the SKE Operator and SKE are deployed on your cluster, you can deploy the Cortex Controller by creating a SKE Integration. Create a file named cortex-integration.yaml with the following contents:

apiVersion: platform.syntasso.io/v1alpha1
kind: SKEIntegration
metadata:
  name: cortex-integration
spec:
  type: cortex
  version: v0.99.0 # The desired version of the Controller
  cortex:
    branch: main # any branch that exists; defaults to main
    integrationAlias: my-alias # needs to match the integrationAlias for your GitOps integration
    path: test-sub-dir # the directory to be created in the Cortex repository, if not set, it will default to `kratix-resource-requests`
    provider: github # must be github
    repositoryName: syntasso/cortex-testing # needs to be an existing repo
  deploymentConfig:
    resources:
      limits:
        memory: "256Mi"
        cpu: "100m"
      requests:
        memory: "256Mi"
        cpu: "100m"

Apply the file with kubectl:

kubectl apply --filename cortex-integration.yaml

The operator will then install the Cortex Controller and the desired configurations.

Configure GitOps for Cortex-Generated Resource Requests

When the Cortex Workflows run, they will create resource requests for a given promise and write these to a Git Repository. To ensure these requests are created on the Platform Cluster where SKE is installed, GitOps tooling must be configured on the cluster to watch and converge upon the files written to this repository.

Please refer to the appropriate documentation to use ArgoCD, FluxCD, or your preferred GitOps Agent.

You can see two examples of how to configure the GitOps repository using ArgoCD and FluxCD below.

ArgoCD Application
Flux Kustomization

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: kratix-cortex-resources
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/${ORGANIZATION}/${CORTEX_REPOSITORY}
    targetRevision: HEAD
    path: .
    directory:
      recurse: true
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      selfHeal: true
      prune: true

apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: kratix-cortex-resources
  namespace: flux-system
spec:
  interval: 5s
  url: https://github.com/${ORGANIZATION}/${CORTEX_REPOSITORY}
  ref:
    branch: main
  secretRef:
    name: cortex-git-credentials

Set up the Cortex Workspace​

Create a Cortex token for SKE​

Install the SKE Cortex Controller​

Via the SKE Operator Helm Chart​

Image registry for Air-gapped Environments​

Deploy the Cortex Controller​

Via the SKE Integrations CRD​

Configure GitOps for Cortex-Generated Resource Requests​