Bootstrap the Satellite using Kubernetes

This topic describes the steps of how to use Kubernetes secrets to provide configuration details when setting up the Harness SEI Satellite agent.

Step 1: Write a Custom Dockerfile Wrapper

Create a custom Dockerfile that wraps around the existing satellite image. In this container, install the necessary commands like kubectl, which will be used to fetch the Kubernetes secrets at runtime.

Note: This code snippet is a sample and should be adjusted to your specifications.

FROM levelops/ingestion-satellite:latest

USER root

# Download and install kubectl
RUN mkdir -p /k8s \
    && curl -LO$(curl -s \
    && chmod +x ./kubectl \
    && mv ./kubectl /usr/local/bin

# Setting up permissions
RUN chown -R satellite:satellite /levelops

USER satellite

COPY --chown=satellite:satellite --chmod=755 /
COPY --chown=satellite:satellite --chmod=755 satellite.yml /levelops/config.yml
COPY --chown=satellite:satellite --chmod=755 <kubeconfigFile> /k8s/kubeconfig

# JVM settings
ENV JAVA_OPTS "-XX:MinRAMPercentage=20.0 -XX:MaxRAMPercentage=90.0"

CMD ["./"]

The Dockerfile above creates a Docker Container based on the Satellite image, sets up the required directory and installation of kubectl, and copies the required files over to the directories.

Step 2: Write the Script

This script is invoked at the start of the Dockerfile. It performs the following tasks:

  1. Fetch the required Kubernetes Secrets

  2. Use sed to replace the secret values in the YAML with actual values

  3. Start the Satellite Java process


export KUBECONFIG=/k8s/kubeconfig
export LC_ALL=C.UTF-8

# Retrieve the secrets from Kubernetes
HARNESS_SEI_API_TOKEN=$(kubectl get secret -n my-ns my-secret -o "jsonpath={.data.secret-data}" | base64 -d)
JIRA_API_KEY=$(kubectl get secret -n my-ns my-secret-jira -o "jsonpath={.data.secret-data}" | base64 -d)

# Set the secrets in config.yaml
sed -i "s/HARNESS_SEI_API_TOKEN/$HARNESS_SEI_API_TOKEN/" /levelops/config.yml
sed -i "s/JIRA_TOKEN/$JIRA_API_KEY/" /levelops/config.yml

# Run the application
java $JVM_OPTS -jar satellite-agent.jar

Note that the YAML file provided to the satellite is expected to contain the following placeholders:



Replace the HARNESS_SEI_API_TOKEN and JIRA_TOKEN placeholders with the actual secret values retrieved from the Kubernetes secrets.

Last updated