Skip to main content

Via Helm

Syntasso Kratix Enterprise images are distributed through a private image registry. To install SKE on your Kubernetes cluster, follow the steps below.

Install SKE operator

Prerequisites

info

Syntasso Kratix Enterprise requires cert-manager to be installed on the cluster unless you are configuring custom certificates. Please refer to its documentation for installation instructions.

To install SKE operator using the Helm chart, start by adding the Syntasso Helm repository:

helm repo add syntasso https://syntasso.github.io/helm-charts
helm repo update

Configuring your values

Helm can accept values via the values file. Refer to the examples below for common configuration options. Any configuration should be placed in a values.yaml file that is then passed in to the helm install command.

tip

You can see all available configuration in the helm chart repository.

Required configuration

skeLicense: LICENSE # provided to you by Syntasso

SKE version

The Helm chart version determines what version of the SKE Operator is installed. To configure the version of SKE that the operator will install, you can use the skeDeployment.version field as shown below.

skeDeployment:
  version: v0.99.0 # select your desired version

Mirrored Image Registry

Add this configuration to your helm values file if you are following the air-gapped setup instructions for a self-hosted Image Registry.

imageRegistry:
  host: "ghcr.io"
  imagePullSecret: "my-secret"
  skeOperatorImage:
    name: "syntasso/ske-operator"
  skePlatformImage:
    name: "syntasso/ske-platform"
  skePlatformPipelineAdapterImage:
    name: "syntasso/ske-platform-pipeline-adapter"

Mirrored Release Storage

Add this configuration to your helm values file if you are following the air-gapped setup instructions for a self-hosted Release Storage.

releaseStorage:
  path: "ske" # the path within the bucket that contains the SKE Versions
  bucket:
    name: "syntasso-enterprise-releases"
    region: "eu-west-2"
      secret:
        name: "my-secret" # the secret must be created in the same namespace as the operator. It must contain the following keys: accessKeyID, secretAccessKey. If provided below it is automatically created
        values: # optional: if you've not pre-created the secret, you can instead provide the values below and the helm chart will create it for you
          accessKeyID: "my-access"
          secretAccessKey: "my-secret"
Suggested starter values.yaml file
skeLicense: your-token-here
skeDeployment:
  version: latest
Example air-gapped values.yaml file

To use this example, please set all values to your specific environment

  skeLicense: your-token-here
  skeDeployment:
    version: latest
  imageRegistry:
    host: "ghcr.io"
    imagePullSecret: "my-secret"
    skeOperatorImage:
      name: "syntasso/ske-operator"
    skePlatformImage:
      name: "syntasso/ske-platform"
    skePlatformPipelineAdapterImage:
      name: "syntasso/ske-platform-pipeline-adapter"
  releaseStorage:
    path: "ske"
    git:
      branch: main
      repo: https://github.com/org/repo
      secret:
        name: git-creds # the secret must be created in the same namespace as the operator. It must contain the following keys: username, password. If provided below it is automatically created
        values:
          username: "my-username" # instead of providing a secretName you can provide the username and password directly
          password: "my-password"

Configuring TLS Certificates for SKE Operator and Deployment

By default, the SKE Operator and the SKE instance it deploys use cert-manager to manage TLS certificates for their webhooks. This default setup requires no additional configuration. However, if you prefer not to use cert-manager, you can disable it and manually provide your own TLS certificates.

To disable cert-manager and supply your custom certificates, update your configuration as follows:

global:
  skeOperator:
    tlsConfig:
      certManager:
        disabled: true
      webhookCACert: |
        -----BEGIN CERTIFICATE-----
        ...
      webhookTLSKey: |
        -----BEGIN PRIVATE KEY-----
        ...
      webhookTLSCert: |
        -----BEGIN CERTIFICATE-----
        ...

skeDeployment:
  enabled: true
  tlsConfig:
    certManager:
      disabled: true
    webhookCACert: |
      -----BEGIN CERTIFICATE-----
      ...
    webhookTLSKey: |
      -----BEGIN PRIVATE KEY-----
      ...
    webhookTLSCert: |
      -----BEGIN CERTIFICATE-----
      ...

Both the SKE Operator and SKE Deployment require valid TLS certificates for their webhook servers to securely communicate with the Kubernetes API. Below are the DNS names that must be included in the TLS certificates for each component.

The TLS certificate for the SKE Operator's webhook server must cover the following DNS names:

  • ske-operator-webhook-service.kratix-platform-system.svc
  • ske-operator-webhook-service.kratix-platform-system.svc.cluster.local

The TLS certificate for the SKE Deployment's webhook server must cover the following DNS names:

  • kratix-platform-webhook-service.kratix-platform-system.svc
  • kratix-platform-webhook-service.kratix-platform-system.svc.cluster.local

Installing the Operator

Next, install the SKE Operator:

helm install ske-operator syntasso/ske-operator \
  --namespace kratix-platform-system \
  --create-namespace \
  --wait \
  --values values.yaml # This is optional. Only use if you are configuring custom values.
Alternative installation method

If you prefer not to use Helm, you can install the SKE Operator by applying the manifests directly. Check SKE Operator for the instructions.

Verify the installation

To verify that Syntasso Kratix Enterprise has been installed successfully, run the following command:

kubectl get deployments.apps --namespace kratix-platform-system

You should see the following output:

NAME                                 READY   UP-TO-DATE   AVAILABLE   AGE
kratix-platform-controller-manager   1/1     1            1           1h
ske-operator-controller-manager      1/1     1            1           1h

You can now proceed with the configuration of Kratix (i.e. registering destinations or installing promises). For that, refer to the Open-Source Kratix documentation.

Upgrades

Upgrading the Operator

To verify the version of the Operator installed, run the following command:

helm list

You should see the following output:

NAME            NAMESPACE    [...]    CHART                   APP VERSION
ske-operator    default      [...]    ske-operator-0.8.0      v0.1.1

To check the available versions of the Operator, run the following command:

helm search repo syntasso/ske-operator --versions

To upgrade, run:

helm upgrade ske-operator syntasso/ske-operator \
  --version <CHART VERSION> --values values.yaml
Not using Helm?

Refer to the alternative installation method summary box above to upgrade the operator without Helm.

Upgrading the SKE Instance

To upgrade the version of SKE being deployed by the operator, you can edit your Kratix instance definition and change the version field to the desired version.

The SKE Operator will perform pre-upgrade checks and post-upgrade checks as part of the upgrade flow.

info

It is not possible to skip upgrade checks when upgrading via Helm. If you would like to use this feature, we recommend that you install via the SKE CLI or by directly applying the manifests.

Deletions

Deleting the SKE Operator

To delete the SKE operator (and any deployed SKE instance), run the following command:

helm uninstall ske-operator

Deleting the SKE Instance

To delete the SKE instance, run:

kubectl -n kratix-platform-system delete kratix <INSTANCE_NAME>