logo

Getting Started


Requirements


  • x86_64 platform
  • AWS Access (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY required)
  • Azure access (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID required)
  • Kubernetes access
  • Switchblade license key

Installation


  1. Create namespace for Switchblade

kubectl create ns operators

  1. Install License and AWS Access keys (replace variables or set environment variables accordingly)

kubectl create secret -n operators generic credentials --from-literal AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID --from-literal AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY --from-literal LICENSE_KEY=$LICENSE_KEY

  1. Create state bucket

// use favorite IaC or console or CLI
aws s3api create-bucket --acl private --bucket mycompany-myenvironment-switchblade-state

  1. Download and extract deployment package

wget https://s3.amazonaws.com/software.boundless.distributions/switchblade-0.0.18.tgz
tar xvf switchblade-0.0.18.tgz

  1. Edit deployment.yaml

# update with values from step 3
        - name: AWS_STATE_BUCKET
          value: ""
        - name: AWS_STATE_BUCKET_REGION
          value: ""

  1. Install yamls into cluster

# If installing for first time
kubectl create -f crd.yaml
kubectl create -f rbac.yaml
kubectl apply -f deployment.yaml

# If upgrading
kubectl replace -f crd.yaml
kubectl replace -f rbac.yaml
kubectl apply -f deployment.yaml

Azure setup for Switchblade


Create Enterprise Application


  1. In the Azure portal, navigate to Azure EntraId > App registrations > New registration.
  2. Name the application and click register.
  3. Export the application (client) ID and directory (tenant) ID.

export AZURE_TENANT_ID="Your Azure Tenant ID"
export AZURE_CLIENT_ID="Your Azure Client ID"

Generate Client Secret


  1. In the Azure portal, go to Azure EntraId > App registrations > Select the Enterprise Application you created.
  2. Navigate To Certificates & Secrets > New client secret.
  3. Choose an expiry period, and click Add.
  4. Export the generated secret value.

export AZURE_CLIENT_SECRET="Your Azure Client Secret"

Assign API Permissions (optional, only required for EntraId resources)


  1. App registrations > Select the Enterprise Application you created.

  2. Go to API permissions > Add a permission > Microsoft Graph > Application permissions > Select the following permissions:

    • User.ReadWrite.All
    • Directory.ReadWrite.All
    • Group.ReadWrite.All
    • User.ManageIdentities.All
    • User.Export.All
    • AppRoleAssignment.ReadWrite.All

  3. Click Add permissions.

  4. Grant Admin Consent for default directory.


Assign Permissions


  1. In the Azure portal, go to Entra Id default directory.
  2. Navigate to Roles and Administrators.
  3. Click on Global Administrator.
  4. Click Add assignments > Search for the Enterprise Application you created > Next > Enter justification > Assign.

Add Application To Your Subscription


  1. In the Azure portal, go to subscriptions.
  2. Select the subscription you will add the application to and will be using with Switchblade.
  3. Export the subscription ID.

export AZURE_SUBSCRIPTION_ID="Your Azure Subscription ID"

  1. Navigate to Access control (IAM) > Add > Add role assignment.
  2. Select Privileged Permissions > Owner
  3. Click next > Select members > Search for the Enterprise Application you created > Select allow user to assign all roles > Click Assign.
  4. Click next > select “Allow user to assign all roles (highly privileged)” > Click Review + assign. > Click Review + assign.

Provider Specifications


AWSProviderSpec


NameTypeDescription
regionstringThe region for the aws provider.

AzureProviderSpec


NameTypeDescription
regionstringThe region to create your resources in. Required.


Next

EKS >>