Configuring the Anjuna Nitro Kubernetes Toolset

On this page, you will create the necessary configurations for the Anjuna Nitro Kubernetes Toolset.

Webhook certificate

  • First you will create a TLS certificate.

  • The Anjuna Nitro Webhook is an HTTPS server and requires a TLS certificate and key.

  • When you deploy the Anjuna Nitro Webhook, the K8s cluster will validate the TLS certificate used by the Anjuna Nitro Webhook using a given CA certificate.

Generate a self-signed TLS certificate for the Anjuna Nitro Webhook:

$ bash generate-webhook-tls-cert.sh

Create a K8s TLS secret to store the signed Anjuna Nitro Webhook certificate and key:

$ kubectl create secret tls \
      anjuna-nitro-webhook-cert \
      --cert=webhook-tls/tls.crt \
      --key=webhook-tls/tls.key

Create an environment variable to store a base64-encoded version of the CA certificate:

$ export CA_BUNDLE=$(cat webhook-tls/caBundle.txt)

Determine the version of your Anjuna Nitro Kubernetes Toolset and set an environment variable for it:

$ export ANJUNA_VERSION=$(grep appVersion helm-charts/anjuna-tools/Chart.yaml | cut -f2 -d" " | cut -f2 -d\")

Create another environment variable in which to store your Docker registry URL:

$ export DOCKER_REGISTRY=[your Docker registry URL]

Helm deployment

If you wish to use Helm to deploy the Anjuna Nitro Kubernetes Toolset, follow the instructions in this section. Otherwise, go to the Manual deployment section, below.

Create a configuration file for your Helm chart at helm-charts/anjuna-tools/Values.yaml:

cat <<EOF > helm-charts/anjuna-tools/Values.yaml
webhookRepo: "${DOCKER_REGISTRY}/anjuna-nitro-webhook"
launcherRepo: "${DOCKER_REGISTRY}/anjuna-nitro-launcher"
deviceManagerRepo: "${DOCKER_REGISTRY}/anjuna-device-manager"
caBundle: "${CA_BUNDLE}"
EOF
To see all possible Helm chart configurations, see the Configuring and deploying the Anjuna Kubernetes Toolset section.

Manual deployment

Update the Anjuna Nitro Webhook Pod spec file at:
helm-charts/anjuna-tools/templates/anjuna-nitro-webhook.yaml

$ export WEBHOOK_IMAGE="${DOCKER_REGISTRY}\/anjuna-nitro-webhook:${ANJUNA_VERSION}"
$ export LAUNCHER_IMAGE="${DOCKER_REGISTRY}\/anjuna-nitro-launcher:${ANJUNA_VERSION}"
$ export FALLBACK_ENCLAVE_CPU_COUNT=2
$ export FALLBACK_ENCLAVE_MEMORY_MB=2048
$ export SPEC_FILE=helm-charts/anjuna-tools/templates/anjuna-nitro-webhook.yaml

$ sed -i \
      "s/    image: .*/    image: ${WEBHOOK_IMAGE}/g" \
      "${SPEC_FILE}"
$ sed -i \
      "s/caBundle: .*/caBundle: ${CA_BUNDLE}/g" \
      "${SPEC_FILE}"
$ sed -i \
      "s/launcher-image: .*/launcher-image: ${LAUNCHER_IMAGE}/g" \
      "${SPEC_FILE}"
$ sed -i \
      "s/fallback-enclave-cpu-count: .*/fallback-enclave-cpu-count: ${FALLBACK_ENCLAVE_CPU_COUNT}/g" \
      "${SPEC_FILE}"
$ sed -i \
      "s/fallback-enclave-memory-mb: .*/fallback-enclave-memory-mb: ${FALLBACK_ENCLAVE_MEMORY_MB}/g" \
      "${SPEC_FILE}"
$ sed -i \
      "s/log-level: .*/log-level: info/g" \
      "${SPEC_FILE}"
$ sed -i \
      "s/huge-page-size: .*/huge-page-size: 2Mi/g" \
      "${SPEC_FILE}"

Update the Anjuna Nitro Device Manager DaemonSet spec file at:
helm-charts/anjuna-tools/templates/device-manager-daemonset.yaml

$ export DEVICE_MANAGER_IMAGE="${DOCKER_REGISTRY}\/anjuna-device-manager:${ANJUNA_VERSION}"
$ export SPEC_FILE=helm-charts/anjuna-tools/templates/device-manager-daemonset.yaml

$ sed -i \
      "s/image: .*/image: ${DEVICE_MANAGER_IMAGE}/g" \
      "${SPEC_FILE}"