Getting Started with Switchblade
Requirements
- x86_64 platform
- AWS Access (
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
required) -
Azure access (`AZURE_TENANT_ID`, `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID` required)
- Kubernetes access
- Switchblade license key
Installation
- Create namespace for switchblade
kubectl create ns operators
- Install License and AWS Access keys (replace variables or set environment variables accordingly)
kubectl create secret -n operators generic credentials --from-literal AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID --from-literal AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY --from-literal LICENSE_KEY=$LICENSE_KEY
- Create state bucket
// use favorite IaC or console or CLI
aws s3api create-bucket --acl private --bucket mycompany-myenvironment-switchblade-state
- Download and extract deployment package
wget https://s3.amazonaws.com/software.boundless.distributions/switchblade-0.0.6.tgz
tar xvf switchblade-0.0.6.tgz
- Edit deployment.yaml
# update with values from step 3
- name: AWS_STATE_BUCKET
value: ""
- name: AWS_STATE_BUCKET_REGION
value: ""
- Install yamls into cluster
# If installing for first time
kubectl create -f crd.yaml
kubectl create -f rbac.yaml
kubectl apply -f deployment.yaml
# If upgrading
kubectl replace -f crd.yaml
kubectl replace -f rbac.yaml
kubectl apply -f deployment.yaml
Azure setup for Switchblade
Create Enterprise Application
- In the Azure portal, navigate to Azure EntraId > App registrations > New registration.
- Name the application and click register.
- Export the application (client) ID and directory (tenant) ID.
export AZURE_TENANT_ID="Your Azure Tenant ID"
export AZURE_CLIENT_ID="Your Azure Client ID"
Generate Client Secret
- In the Azure portal, go to Azure EntraId > App registrations > Select the Enterprise Application you created.
- Navigate To Certificates & Secrets > New client secret.
- Choose an expiry period, and click Add.
- Export the generated secret value.
export AZURE_CLIENT_SECRET="Your Azure Client Secret"
Assign API Permissions (optional, only required for EntraId resources)
- App registrations > Select the Enterprise Application you created.
- Go to API permissions > Add a permission > Microsoft Graph > Application permissions > Select the following permissions:
- User.ReadWrite.All
- Directory.ReadWrite.All
- Group.ReadWrite.All
- User.ManageIdentities.All
- User.Export.All
- AppRoleAssignment.ReadWrite.All
- Click Add permissions.
- Grant Admin Consent for default directory.
Assign Permissions
- In the Azure portal, go to Entra Id default directory.
- Navigate to Roles and Administrators.
- Click on Global Administrator.
- Click Add assignments > Search for the Enterprise Application you created > Next > Enter justification > Assign.
Add Application To Your Subscription
- In the Azure portal, go to subscriptions.
- Select the subscription you will add the application to and will be using with Switchblade.
- Export the subscription ID.
export AZURE_SUBSCRIPTION_ID="Your Azure Subscription ID"
- Navigate to Access control (IAM) > Add > Add role assignment.
- Select Privileged Permissions > Owner
- Click next > Select members > Search for the Enterprise Application you created > Select allow user to assign all roles > Click Assign.
- Click next > select “Allow user to assign all roles (highly privileged)” > Click Review + assign. > Click Review + assign.
AWS
AwsProviderSpec
EKS
A managed Kubernetes service that automates key tasks like patching, node provisioning, and updates.
Example yaml file:
EKS Inputs
EksClusterSpec
AddOnSpec
EksNodeGroupSpec
OidcProviderSpec
EndPointSpec
LaunchTemplateSpec
NodeGroupRemoteAccessSpec
EksNodeGroupScalingConfig
EksNodeGroupTaint
EKS Outputs
EksAddonStatus
EksNodeGroupStatus
VPC
A customizable virtual network where you can launch AWS resources, providing network isolation and security for your applications.
Example yaml file:
VPC Inputs
SubnetSpec
NatGatewaySpec
RouteTableSpec
EndpointSpec
PeerSpec
RouteSpec
VPC Outputs
SubnetStatus
InternetGatewayStatus
NatGatewayStatus
RouteTableStatus
RouteStatus
IAM
Provides user management and policy control for AWS resources.
Example yaml file:
IAM Inputs
InstanceProfileSpec
OidcProviderSpec
IamPolicySpec
RoleSpec
UserSpec
UserGroupSpec
IAM Outputs
InstanceProfileStatus
OidcProviderStatus
PolicyStatus
RoleStatus
UserStatus
UserGroupStatus
RDS
A managed relational database service that supports multiple database engines.
Example yaml file:
RDS Inputs
GlobalClusterSpec
RdsClusterSpec
RdsInstanceSpec
ParameterGroupSpec
SubnetGroupSpec
RDS Outputs
GlobalClusterStatus
RdsClusterStatus
RdsInstanceStatus
ParameterGroupStatus
SubnetGroupStatus
KMS
A secure and resilient service that helps you manage cryptographic keys for your applications.
Example yaml file:
KMS Inputs
KmsReplicaSpec
KMS Outputs
KmsAliasStatus
KmsReplicaStatus
EC2
Use Amazon EC2 for scalable computing capacity in the AWS Cloud so you can develop and deploy applications without hardware constraints.
Example yaml file:
apiVersion: aws.boundless.software/v1alpha1
kind: Ec2
metadata:
labels:
app.kubernetes.io/name: ec2
app.kubernetes.io/instance: ec2-sample
app.kubernetes.io/part-of: switchblade
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: switchblade
name: ec2-sample
spec:
provider:
region: us-east-1
securityGroup:
name: group222
vpcId: vpc-0af6dca97ac881d3a
tags:
tag: tag
egress:
– fromPort: 30
protocol: All
toPort: 40
cidrBlocks:
– 10.0.0.0/16
ingress:
– fromPort: 60
toPort: 80
protocol: TCP
cidrBlocks:
– 0.0.0.0/16
instance:
imageId: ami-0889a44b331db0194
instanceType: t3.medium
keyName: boundless
securityGroupIds:
– sg-0b79d8f04392685b1
– sg-0b5c5f55df36fe031
subnetId: subnet-074934a8420fbae54
tags:
Project: MyProject
volumes:
– deviceName: /dev/sda1
volumeSize: 200
volumeId: vol-0e47a6a740b5fef5d
volumeType: gp2
deleteOnTermination: true
loadBalancer:
name: “example-load-balancer222”
scheme: “internet-facing”
type: “application”
instanceId: i-0a7f6bf3834d3a200
subnets:
– subnet-074934a8420fbae54
– subnet-08b3e56bd0402bdbb
– subnet-074934a8420fbae54
securityGroups:
– sg-0b79d8f04392685b1
– sg-0e8853e4e5c0cbfab
tags:
tagKey1: “tagValue1”
targetGroup:
name: “example-target-group2222”
port: 80
tags:
tagKey1: “tagValue1”
protocol: “HTTP”
vpcId: vpc-0af6dca97ac881d3a
targetType: “instance”
healthCheck:
protocol: “HTTP”
port: “traffic-port”
path: “/”
intervalSeconds: 30
timeoutSeconds: 5
healthyThreshold: 5
unhealthyThreshold: 2
successCodes: “200-299”
EC2 Inputs
EC2 Inputs
SecurityGroupSpec
SecurityGroupRuleConfig
Ec2InstanceSpec
VolumeSpec
LoadBalancerSpec
EC2 Outputs
Status
SecurityGroupStatus
LoadBalancerStatus
TargetGroupStatus
S3
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.
Example yaml file:
apiVersion: aws.boundless.software/v1alpha1
kind: S3
metadata:
labels:
app.kubernetes.io/name: s3
app.kubernetes.io/instance: s3-akhil
app.kubernetes.io/part-of: switchblade
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: switchblade
name: s3-akhil
annotations:
s3.aws.boundless.software/import.s3.Arn: arn:aws:s3:::my-akhil-s3-bucket
spec:
provider:
region: us-east-1
bucket:
bucketName: my-akhil-s3-bucket
locationConstraint: “us-west-2”
acl: “private”
encryptionKeyARN: arn:aws:kms:us-east-1:818674127672:key/1a7b98d6-0b3a-458f-84cc-9dc70780d373
tags:
environment: “test”
epic: “true”
bucketPolicy:
Version: 2012-10-17
Statement:
– Sid: PublicReadGetObject
Effect: Allow
Principal:
AWS: “*”
Action:
– s3:GetObject
– s3:PutObject
– s3:DeleteObject
Resource: arn:aws:s3:::my-akhil-s3-bucket/*
website:
IndexDocument: “index.html”
ErrorDocument: “error.html”
S3 Inputs
Spec
S3BucketSpec
S3BucketPolicy
S3BucketWebsite
S3BucketPolicyAction
S3 Outputs
S3Status
S3Status
Route 53
Amazon Route 53 is a highly available and scalable cloud domain name system (DNS) service. Enables to customize DNS routing policies to reduce latency.
Example yaml file:
apiVersion: aws.boundless.software/v1alpha1
kind: Route53
metadata:
labels:
app.kubernetes.io/name: route53
app.kubernetes.io/instance: route53-sample
app.kubernetes.io/part-of: switchblade
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: switchblade
name: route53-sample
spec:
provider:
region: us-east-1
zone:
name: kurtzone30.com
records:
kurt3.kurtzone30.com:
type: A
ttl: 200
weight: 3
records:
– 192.0.0.235
cname.kurtzone30.com:
type: CNAME
ttl: 200
location: AF
records:
– kurt1.kurtzone30.com
txt22.kurtzone30.com:
type: TXT
ttl: 200
failover: SECONDARY
records:
– “test22”
akhil.kurtzone30.com:
type: MX
ttl: 200
records:
– 10 inbound-smtp.region.amazonaws.com
Route 53 Inputs
Spec
Route53ZoneSpec
Route53RecordSpec
Route 53 Outputs
Route53Status
Route53ZoneStatus
Route53RecordStatus
OpenSearch
OpenSearch is a family of software consisting of a search engine, and OpenSearch Dashboards, a data visualization dashboard for that search engine.
Example yaml file:
OpenSearch Inputs
Spec
CollectionSpec
AccessRuleSpec
RuleSpec
NetworkRuleSpec
EncryptionPolicySpec
DomainSpec
VPCConfig
ClusterConfig
OpenSearch Outputs
Status
DomainStatus
CollectionStatus
NetworkPolicyStatus
AccessPolicyStatus
EncryptionPolicyStatus
Azure
AzureProviderSpec
Resource Group
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
Example yaml file:
Resource Group Inputs
ResourceGroupSpec
Resource Group Outputs
ResourceGroupStatus
EntraID
Microsoft Entra ID is a cloud-based identity and access management service that enables your employees access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.
Example yaml file:
EntraID Inputs
EntraIDSpec
AzureUserSpec
AzureUserPasswordProfileSpec
AzureGroupSpec
MemberSpec
AzureEnterpriseApplicationSpec
EntraID Outputs
EntraIDStatus
AzureUserStatus
AssignedRole
AzureGroupStatus
AzureEnterpriseApplicationStatus
KeyStatus
ServicePrincipalStatus
OpenAI
Azure OpenAI Service offers industry-leading coding and language AI models that you can fine-tune to your specific needs for a variety of use cases.
Example yaml file:
OpenAI Inputs
OpenAISpec
NetworkingSpec
DeploymentSpec
PrivateEndpointSpec
OpenAI Outputs
OpenAIStatus
PrivateEndpointStatus
NetworkingStatus
KeysStatus
DeploymentStatus
Virtual Network
Azure Virtual Network is a service that provides the fundamental building block for your private network in Azure.
Example yaml file:
Virtual Network Inputs
VirtualNetworkSpec
PeerSpec
NetworkSecurityGroupSpec
NetworkSecurityGroupSpec
SubnetSpec
NatGatewaySpec
ZoneSpec
RouteTableSpec
RouteSpec
Virtual Network Outputs
VirtualNetworkStatus
PeerStatus
NetworkSecurityGroupStatus
SubnetStatus
NatGatewayStatus
NatGatewayStatus
NatGatewayStatus
Managed Identity
Managed identities for Azure resources provide Azure services with an automatically managed identity in Microsoft Entra ID.
Example yaml file:
Managed Identity Inputs
ManagedIdentitiesSpec
Managed Identity Outputs
ManagedIdentitiesStatus
AKS
AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure.
Example yaml file:
AKS Inputs
AksSpec
ManagedClusterSKU
ManagedClusterIdentity
ManagedClusterProperties
ManagedClusterAPIServerAccessProfile
DefaultAgentPool
ManagedClusterAutoUpgradeProfile
AgentPoolProfileSpec
LinuxProfile
SSHConfiguration
SSHPublicKey
WindowsProfile
GmsaProfile
ManagedClusterAddonProfile
NetworkProfile
ManagedClusterServicePrincipalProfile
ManagedClusterAADProfile
AKS Outputs
AKSStatus
AgentPoolStatus
Virtual Machine
Azure Virtual Machines offers a range of networking capabilities and related services such as Azure Virtual Network, public and private IP addresses,
Example yaml file:
Virtual Machine Inputs
VirtualMachineSpec
VMImageSpec
DiskSpec
OSDiskEncryptionSpec
DataDiskSpec
HardwareSpec
VMNetworkingSpec
OSProfileSpec
Virtual Machine Outputs
VirtualMachineStatus
ImageStatus
OSDiskStatus
VMNetworkingStatus
DataDiskStatus
Core
Helm
A package manager for Kubernetes that helps you define, install, and upgrade even the most complex Kubernetes applications.
Example yaml file:
Helm Inputs
IstioSpec
IstioDestinationRuleSpec
IstioVirtualServiceSpec
Helm Outputs
Bigger, Better, Brilliant… Boundless