Skip to main content
Version: 0.26.0

Install Weave GitOps EnterpriseEnterprise

info

To purchase an entitlement to Weave GitOps Enterprise, please contact sales@weave.works.

Follow the instructions on this page to:

tip

There is no need to install the open source version of Weave GitOps before installing Weave GitOps Enterprise.

Prep Step: Create a Repository

Create a new private GitHub repository and give it a name. We'll call our repo fleet-infra.

Set up a Git client for your private repo. For GitHub, see their docs on setting your username and setting your email address.

1. Set up a Management Cluster with flux

These steps reflect Flux’s architecture and operations.

To get you started, we'll cover:

  • kind as our management cluster with the CAPD provider
  • EKS as our management cluster with the CAPA provider

Note that Weave GitOps Enterprise supports any combination of management cluster and CAPI provider.

1.1 We start by creating a kind-config
kind-config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraMounts:
- hostPath: /var/run/docker.sock
containerPath: /var/run/docker.sock

The extraMounts enable the Docker CAPI provider (CAPD) to talk to the host docker.

1.2 Start your kind cluster using the configuration above and Kubernetes v1.23.6
kind create cluster --config kind-config.yaml --image=kindest/node:v1.23.6
Install Flux onto your cluster with the flux bootstrap command
flux bootstrap github \
--owner=<github username> \
--repository=fleet-infra \
--branch=main \
--path=./clusters/management \
--personal
--components-extra image-reflector-controller,image-automation-controller

Your private GitHub repo should have a clusters/management folder that includes the manifests Flux needs to operate, and that also generates a key value pair for Flux to access the repo.

  • owner - The username (or organization) of the git repository
  • repository - Git repository name
  • branch - Git branch (default "main")
  • path - Path relative to the repository root; when specified, the cluster sync will be scoped to this path
  • personal - If set, the owner is assumed to be a repo user

Go here for more information about flux and the flux bootstrap command.

At this point your Flux management cluster should be running. Take a look at the repository you created earlier.

2. Install a CAPI provider

clusterctl versions

Download a specific version of clusterctl from the releases page. We've tested the example templates provided in this guide with clusterctl version 1.1.3. You might need to use a different version, depending on the CAPI provider you plan to use.

You must install a CAPI provider to provision Kubernetes clusters. Visit the Cluster API Providers page for more details on providers.

Here we'll continue with our example instructions for CAPD and CAPA.

# Enable support for `ClusterResourceSet`s for automatically installing CNIs
export EXP_CLUSTER_RESOURCE_SET=true

clusterctl init --infrastructure docker

3. Apply the entitlements secret

Contact sales@weave.works for a valid entitlements secret. Then apply it to the cluster:

kubectl apply -f entitlements.yaml

4. Configure access for writing to git from the UI

GitHub requires no additional configuration for OAuth git access

5. Configure and Commit

We deploy WGE via a Helm chart. We'll save and adapt the below template before committing it in Git to a Flux-reconciled path.

Clone the newly created repo locally. We're gonna add some things!

git clone git@<provider>:<username>/fleet-infra
cd fleet-infra

Download the helm-release to clusters/management/weave-gitops-enterprise.yaml.

Expand to see file contents
clusters/management/weave-gitops-enterprise.yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: weave-gitops-enterprise-charts
namespace: flux-system
spec:
interval: 60m
secretRef:
name: weave-gitops-enterprise-credentials
url: https://charts.dev.wkp.weave.works/releases/charts-v3
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: weave-gitops-enterprise
namespace: flux-system
spec:
chart:
spec:
interval: 65m
chart: mccp
sourceRef:
kind: HelmRepository
name: weave-gitops-enterprise-charts
namespace: flux-system
version: 0.22.0
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
interval: 50m
values:
# -- Configure TLS settings if needed
# tls:
# -- Can be disabled if TLS is handled by a user-provided ingress controller
# enabled: true
# -- optionally specify a TLS secret
# secretName: null
config:
capi:
repositoryURL: https://github.com/$GITHUB_USER/fleet-infra
# -- Can be changed depending on your git repo structure
# repositoryPath: ./clusters/management/clusters
# repositoryClustersPath: ./cluster
git:
type: github
# -- Change if using on-prem github/gitlab
# hostname: https://github.com

Once you have copied the above file, open and adjust the following configuration options:

values.config.capi.repositoryURL

Ensure this has been set to your repository URL.

values.config.capi.repositoryPath

By default, WGE will create new clusters in the clusters/management/clusters path. You can configure it with values.config.capi.repositoryPath. You might what to change it to clusters/my-cluster/cluster if you configured Flux to reconcile ./clusters/my-cluster instead.

values.config.capi.repositoryClustersPath

The other important path to configure is where you'll store applications and workloads run on the new cluster. By default this is ./clusters. When a new cluster is specified, any selected profiles will be written to ./clusters/{.namespace}/{.clusterName}/profiles.yaml. When the new cluster is bootstrapped, Flux will sync the ./clusters/{.namespace}/{.clusterName} path.

(Optional) Install policy agent

Policy agent comes packaged with the WGE chart. To install it, set the following values:

  • values.policy-agent.enabled: set to true to install the agent with WGE
  • values.policy-agent.config.accountId: organization name, used as identifier
  • values.policy-agent.config.clusterId: unique identifier for the cluster

Commit and push all the files

git add clusters/management/weave-gitops-enterprise.yaml
git commit -m "Deploy Weave GitOps Enterprise"
git push

Flux will reconcile the helm-release and WGE will be deployed into the cluster. You can check the flux-system namespace to verify all pods are running.

6. Configure password

To login to the WGE UI, generate a bcrypt hash for your chosen password and store it as a secret in the Kubernetes cluster.

There are several different ways to generate a bcrypt hash. This guide uses gitops get bcrypt-hash from our CLI, which you can install with these instructions.

PASSWORD="<Make up and insert a brand-new password here. Keeping the quotes, but remove the brackets.>"
echo -n $PASSWORD | gitops get bcrypt-hash
$2a$10$OS5NJmPNEb13UgTOSKnMxOWlmS7mlxX77hv4yAiISvZ71Dc7IuN3q

Use the hashed output to create a Kubernetes username/password secret. Insert it in the last line of this command, replacing what’s currently shown within the quotation marks ('$2a$.......').

kubectl create secret generic cluster-user-auth \
--namespace flux-system \
--from-literal=username=wego-admin \
--from-literal=password='$2a$.......'

7. Install the CLI

Install the Weave GitOps Enterprise CLI tool. You can use brew or curl.

brew install weaveworks/tap/gitops-ee
curl --silent --location "https://artifacts.wge.dev.weave.works/releases/bin/0.22.0/gitops-$(uname | tr '[:upper:]' '[:lower:]')-$(uname -m).tar.gz" | tar xz -C /tmp
sudo mv /tmp/gitops /usr/local/bin
gitops version

Next steps

Check out:

(Optional) Install the Terraform Controller

The Terraform Controller is a controller for Flux to reconcile Terraform resources in a GitOps way.

With Flux and the TF-Controller, WGE makes it easy to add Terraform templates to clusters and continuously reconcile any changes made to the Terraform source manifest.

Check out our guide on how to use Terraform templates. Then try your hands at using it with the RDS example!

Install the TF-Controller to a cluster using Helm:

# Add tf-controller helm repository
helm repo add tf-controller https://weaveworks.github.io/tf-controller/

# Install tf-controller
helm upgrade -i tf-controller tf-controller/tf-controller \
--namespace flux-system

Consult the TF-Controller Installation documentation for more details on which parameters are configurable and how to install a specific version.