Bootstrap the Satellite using Kubernetes

This topic describes the steps of how to use Kubernetes secrets to provide configuration details when setting up the Harness SEI Satellite agent.

Step 1: Write a Custom Dockerfile Wrapper

Create a custom Dockerfile that wraps around the existing satellite image. In this container, install the necessary commands like kubectl, which will be used to fetch the Kubernetes secrets at runtime.

FROM levelops/ingestion-satellite:latest

USER root

# Download and install kubectl
RUN mkdir -p /k8s \
    && curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl \
    && chmod +x ./kubectl \
    && mv ./kubectl /usr/local/bin

# Setting up permissions
RUN chown -R satellite:satellite /levelops

USER satellite

COPY --chown=satellite:satellite --chmod=755 start.sh /
COPY --chown=satellite:satellite --chmod=755 satellite.yml /levelops/config.yml
COPY --chown=satellite:satellite --chmod=755 <kubeconfigFile> /k8s/kubeconfig

# JVM settings
ENV JAVA_OPTS "-XX:MinRAMPercentage=20.0 -XX:MaxRAMPercentage=90.0"

CMD ["./start.sh"]

The Dockerfile above creates a Docker Container based on the Satellite image, sets up the required directory and installation of kubectl, and copies the required files over to the directories.

Step 2: Write the start.sh Script

This script is invoked at the start of the Dockerfile. It performs the following tasks:

  1. Fetch the required Kubernetes Secrets

  2. Use sed to replace the secret values in the YAML with actual values

  3. Start the Satellite Java process

#!/bin/bash

export JAVA_OPTS=$JAVA_OPTS
export KUBECONFIG=/k8s/kubeconfig
export LC_ALL=C.UTF-8

# Retrieve the secrets from Kubernetes
HARNESS_SEI_API_TOKEN=$(kubectl get secret -n my-ns my-secret -o "jsonpath={.data.secret-data}" | base64 -d)
JIRA_API_KEY=$(kubectl get secret -n my-ns my-secret-jira -o "jsonpath={.data.secret-data}" | base64 -d)

# Set the secrets in config.yaml
sed -i "s/HARNESS_SEI_API_TOKEN/$HARNESS_SEI_API_TOKEN/" /levelops/config.yml
sed -i "s/JIRA_TOKEN/$JIRA_API_KEY/" /levelops/config.yml

# Run the application
java $JVM_OPTS -jar satellite-agent.jar

Note that the YAML file provided to the satellite is expected to contain the following placeholders:

  • HARNESS_SEI_API_TOKEN

  • JIRA_TOKEN

Replace the HARNESS_SEI_API_TOKEN and JIRA_TOKEN placeholders with the actual secret values retrieved from the Kubernetes secrets.

Last updated