Version: 0.38.0

Install Weave GitOps Enterprise via CLI

caution

This feature is in alpha and certain aspects will change

We're very excited for people to use this feature. However, please note that changes in the API, behaviour and security will evolve. The feature is suitable to use in controlled testing environments.

You could install Weave GitOps Enterprise via gitops-ee bootstrap CLI command which is suitable for two main scenarios:

Day 0: you want to get started quickly for discovery with the less knowledge possible.
Day 1: you have done discovery and want to set it up in your organisation.

Each scenario is supported by an operation modes:

Interactive: guides you step-by-step through the process until Weave GitOps Enterprise is up and running.
Non-interactive: for your automated workflows where you are already familiar with install process and have the configuration.

For those seeking other scenarios or fine-grain customisation Weave GitOps Enterprise manual install would be the recommended.

Getting Started

Prerequisites

Required Permissions

A Platform Engineer running the boostrap command requires to have both cluster admin permissions on the Management Cluster and push permissions to the Git repository.

Before you start make sure the following requirements are met:

Management Cluster: a Kubernetes cluster with a Kubeconfig with cluster admin permissions to be able to create resources.
Git Repository with SSH access: the Git configuration repo to be used by Flux and Weave GitOps.
Flux CLI: is installed locally. It will be used for reconciling Flux resources.
Weave GitOps Enterprise Entitlements are installed in the Management Cluster. Contact Sales for help on getting them.
Cert Manager: (optional) as a dependency for Policy Agent

Install `gitops-ee` CLI

Weave GitOps Enterprise Bootstrap functionality is available on Weave GitOps Enterprise CLI starting from version v0.35. If you haven't already, please install the latest gitops-ee CLI using this command.

brew install weaveworks/tap/gitops-ee

Bootstrap Weave GitOps Enterprise

Please use the following command to start the installation wizard of Weave GitOps Enterprise.

Interactive
Non-Interactive

gitops bootstrap

The bootstrap wizard will take you step-by-step into configuring Weave GitOps Enterprise. To understand more about the CLI configurations experience, check the below sections here.

You could run the bootstrap command in non-interactive mode by providing the required configurations as flags. The following gives you an example to get started that you could adapt to your own context

 gitops bootstrap \
    --kubeconfig=$HOME/.kube/config \
    --private-key=$HOME/.ssh/id_ed25519 --private-key-password="" \
    --version="0.35.0" \
    --domain-type="localhost" \
    --password="admin123"  \
    --repo-url="ssh://git@github.com/my-org-name/my-repo-name"  \
    --branch="main"  \
    --repo-path="clusters/my-cluster"

For more information about the CLI configurations, check the below sections here

Appendix

Understanding `gitops-ee bootstrap`

gitops-ee bootstrap is a workflow that will take you through the following stages:

Verify Flux: verify Flux installation on the Management cluster.
(Optional) Bootstrap Flux: bootstrap Flux in case is not found.
Verify Entitlement: verify the Entitlements secret content (username, password, entitlement).
Configure Git Access: configure the access to your configuration repo.
Select WGE version: from the latest 3 available releases.
Create Cluster User: create a Secret with the username and password for the emergency cluster user.
Configure Dashboard Access: choose between 2 methods to access the dashboard either local or external.
(Optional) Configure OIDC: to enable login to dashboard via OIDC providers.
(Optional) Extra Components: to install extra components from (Policy Agent, Terraform Controller).
Access the dashboard: via the link from the installation success message.

Verify Flux

Weave GitOps Enterprise runs on top of Flux, the bootstrap CLI will check if Flux is installed on the management cluster, and it will verify that it has the right version with valid git repository setup, and it is able to reconcile Flux components properly. If Flux is installed, but doesn't have a valid installation, the bootstrap CLI will terminate pending the fix or uninstall of current Flux installation.

Bootstrap Flux

If Flux is not found in the Management Cluster, you have the ability to bootstrap it with the Generic Git. You will be prompted to provide: repository url, repository branch and path to reconcile. Based on your repository url authentication credentials will be requested. For SSH, private key path & private key password. For HTTPS, username and password. After getting the right info regarding your repo, Flux will start to bootstrap and reconcile your repo.

Verify Entitlement

Weave GitOps Enterprise Entitlement is your obtained license to use our product. The Entitlements file is a Kubernetes secret that contains your licence. Bootstrapping checks that the secret exists on the management cluster, and that it is valid will check if it has valid content and the entitlement is not expired. To get the entitlement secret please contact sales@weave.works, then apply it on your management cluster with the name weave-gitops-enterprise-credentials under flux-system namespace.

Configure Git Access

In order for gitops-ee bootstrap to push WGE resources to the management cluster's git repository, you will be prompted to provide the private key used to access your repo via ssh. If the private key is encrypted, you will also be asked to provide the private key password.

info

Disclaimer: The bootstrap CLI will ONLY use the private key to push WGE resources to your repo, and won't use it in any other way that can comprimise your repo or clusters security.

Select WGE version

The bootstrap CLI will prompt you to choose from the latest 3 versions of Weave GitOps Enterprise.

Create Cluster User

You will be prompt to provide admin username and password, which will be used to access the dashboard. This will create admin secret with the credentials. If you already have previous admin credentials on your cluster, the installation will prompt you if you want to continue with the old credentials or exit and revoke them and re-run the installation.

Configure Dashboard Access

Weave GitOps Enterprise dashboard is available by default via ClusterIP service. You could use the port-forward command output as part of the bootstrapping session. Other networking configurations could be achieved by modifying the service or ingress in the HelmRelease values:

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: weave-gitops-enterprise
  namespace: flux-system
spec:
  values:
    service: # update to meet your needs
      ...
    ingress: # update to meet your needs
      ...

(Optional) Extra Components

The CLI will prompt you to install extra components to the installation from (Policy Agent, Terraform Controller)

note

The controllers will be installed with the default values. To customize controller values, Please edit the corresponding values file and reconcile

(Optional) Configure OIDC

OIDC configuration will enable you to login with OIDC provider beside, or instead of the admin credentials. Afte the installation is complete, you will be prompt if you want to configure OIDC access. If you don't want to set it up right away, you can do it later by running gitops-ee bootstrap auth --type=oidc command.

To configure OIDC access, you will be asked to provide the following values: DiscoveryUrl this will verify that OIDC is accessible and get the issuerUrl from the OIDC settings. clientID & clientSecret that you have configured on your OIDC static-clients.

note

Please don't forget to add a new static-client on your OIDC provider settings with the redirectURI your-domain/oauth2/callback for example http://localhost:3000/oauth2/callback

Access the dashboard

After installation is successful. The CLI will print out the URL where you can access the dashboard.

CLI configurations

--kubeconfig Paths to a kubeconfig. Only required if out-of-cluster.
--bootstrap-flux chose whether you want to install flux in the generic way in case no flux installation detected
-b, --branch git branch for your flux repository (example: main)
-i, --client-id OIDC client ID
--client-secret OIDC client secret
--components-extra extra components to be installed from (policy-agent, tf-controller)
--discovery-url OIDC discovery URL
--git-password git password/token used in https authentication type
--git-username git username used in https authentication type
-h, --help help for bootstrap
-k, --private-key private key path. This key will be used to push the Weave GitOps Enterprise's resources to the default cluster repository
-c, --private-key-password private key password. If the private key is encrypted using password
-r, --repo-path git path for your flux repository (example: clusters/my-cluster)
--repo-url Git repo URL for your Flux repository. For supported URL examples see here
-s, --silent chose the defaults with current provided information without asking any questions
-v, --version version of Weave GitOps Enterprise (should be from the latest 3 versions)
-p, --password The Weave GitOps Enterprise password for dashboard access

Install Weave GitOps Enterprise via CLI

Getting Started​

Prerequisites​

Install gitops-ee CLI​

Bootstrap Weave GitOps Enterprise​

Appendix​

Understanding gitops-ee bootstrap​

Verify Flux​

Bootstrap Flux​

Verify Entitlement​

Configure Git Access​

Select WGE version​

Create Cluster User​

Configure Dashboard Access​

(Optional) Extra Components​

(Optional) Configure OIDC​

Access the dashboard​

CLI configurations​