Configuring GimletD
Setting a Gitops repository
This will kickstart the Gitops worker.
- Generate a keypair with
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
- Open GitHub, navigate to your gitops repository, and under Settings > Deploy keys click on "Add deploy key"
- Paste the generated public key
- Make sure to check the "Allow write access" checkbox
cat << EOF > values.yaml
image:
repository: ghcr.io/gimlet-io/gimletd
tag: latest
probe:
enabled: true
path: /
+vars:
+ GITOPS_REPO: mycompany/gitops
+ GITOPS_REPO_DEPLOY_KEY_PATH: /github/deploy.key
+sealedFileSecrets:
+ - name: github-gitops-deploy-key
+ path: /github
+ filesToMount:
+ - name: deploy.key
+ source: AgA/7BnNhSkZAzbMqxMDidxK[...]
EOF
helm repo add onechart https://chart.onechart.dev
helm template gimletd onechart/onechart -f values.yaml
If you don't have Sealed Secrets running in your cluster, you can use your own secrets solution, or the following example that uses regular Kubernetes secrets stored in git (not for production use).
cat << EOF > values.yaml
image:
repository: ghcr.io/gimlet-io/gimletd
tag: latest
probe:
enabled: true
path: /
vars:
GITOPS_REPO: mycompany/gitops
GITOPS_REPO_DEPLOY_KEY_PATH: /github/deploy.key
+fileSecrets:
+ - name: github-gitops-deploy-key
+ path: /github
+ secrets:
+ deploy.key: |
+ -----BEGIN OPENSSH PRIVATE KEY-----
+ b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
+ NhAAAAAwEAAQAAAgEA7BqMTFnDm6+C9FrRK5aoj[...]
EOF
helm repo add onechart https://chart.onechart.dev
helm template gimletd onechart/onechart -f values.yaml
Slack notifications
First, create a Slack app
To generate a new Slack token visit the https://api.slack.com/apps page and follow these steps:
- Create a new application. "App Name" is Gimlet, pick your workspace as "Development Slack Workspace"
- Navigate to "OAuth & Permissions" on the left sidebar
- Under "Bot Token Scopes", add scopes
chat:write
,chat:write.customize
andchat:write.public
- Click the "Install App to Workspace" button on the top of the page
- Once you installed the app, save "Bot User OAuth Access Token" in Gimlet above
cat << EOF > values.yaml
image:
repository: ghcr.io/gimlet-io/gimletd
tag: latest
probe:
enabled: true
path: /
+vars:
+ NOTIFICATIONS_PROVIDER: slack
+ NOTIFICATIONS_TOKEN: xoxb-41[...]
+ NOTIFICATIONS_DEFAULT_CHANNEL: gimletd
EOF
helm template gimletd onechart/onechart -f values.yaml
Github token to update commit statuses
- Set
GITHUB_STATUS_TOKEN
with a Github Personal Access Token withrepo:status
permission. - Go and add the Personal Access Token now at https://github.com/settings/tokens
cat << EOF > values.yaml
image:
repository: ghcr.io/gimlet-io/gimletd
tag: latest
probe:
enabled: true
path: /
+vars:
+ GITHUB_STATUS_TOKEN: 9a4243[...]
EOF
helm template gimletd onechart/onechart -f values.yaml
Deploy key to access private Helm chart repositories
If you use a Helm chart from a private git repository - like if you forked OneChart - add a read-only deploy key to the repo on Github.
You can follow how to add a deploy key in the Setting a Gitops repository section.
cat << EOF > values.yaml
image:
repository: ghcr.io/gimlet-io/gimletd
tag: latest
probe:
enabled: true
path: /
+vars:
+ GITOPS_CHART_ACCESS_DEPLOY_KEY_PATH: /github-chart/deploy.key
+sealedFileSecrets:
+ - name: github-chart-deploy-key
+ path: /github-chart
+ filesToMount:
+ - name: deploy.key
+ source: AgBGFCheUt5LP9[...]
EOF
helm template gimletd onechart/onechart -f values.yaml
Notifications on gitops repo applies
This section you will configure Flux - the gitops controller - to notify GimletD whenever it applies the latest changes.
- Generate a Gimlet user for Flux:
curl -i \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-X POST -d '{"login":"flux"}' \
http://gimletd.mycompany.com:8888/api/user\?access_token\=$GIMLET_ADMIN_TOKEN
- Create the
notifications.yaml
file in your gitops repo under $your_env/flux/notifications.yaml
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
name: gimletd
namespace: flux-system
spec:
type: generic
address: https://gimletd.<your-company-com>/api/flux-events?access_token=<token>
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
name: all-kustomizations
namespace: flux-system
spec:
providerRef:
name: gimletd
eventSeverity: info
eventSources:
- kind: Kustomization
namespace: flux-system
name: '*'
suspend: false
You will see the notifications reaching Slack:
Next steps
- Continue with getting access to the API
- Or see how to create release artifacts directly with Gimlet CLI, or with Gimlet's CircleCI integration
- See how to create ad-hoc or policy based releases