# GitOps Based Installation The document is primarily intended to be used for standard ISD GitOps based installation. ## Infrastructure and Laptop requirements Before you start, it might be helpful to go through these documents: * The infrastructure required for a non-prod installation can be found [**here**](https://docs.opsmx.com/release-history/previous-releases/isd-4.0/operator-manual/installation-and-configuration/isd-on-prem-pov-infrastructure-requirements) * The infrastructure required for a Production Setup can be found [**here**](https://docs.opsmx.com/release-history/previous-releases/isd-4.0/operator-manual/installation-and-configuration/isd-on-prem-production-infrastructure-requirements) * Basic requirements of a laptop and Kubernetes cluster can be found [**here**](https://docs.opsmx.com/release-history/previous-releases/isd-4.0/operator-manual/installation-and-configuration/environment-setup-for-opsmx-isd)**.** If you need a different infrastructure, please [**contact** ](https://www.opsmx.com/contact/)OpsMx. ### Create your git-repo ISD stores all the configuration in a repo, typically a 'git repo', though bitbucket, S3 and others are supported. 1. Create an empty-repo (called the "gitops-repo" in the document), "main" branch should be the default, and clone it locally. 2. Clone , selecting the appropriate branch: * `git clone https://github.com/OpsMx/standard-isd-gitops -b 2025.10.00` 3. Copy contents of the standard-isd-repo to the gitops-repo created above using the below command: `cp -r standard-isd-gitops/* gitops-repo` # Replace "gitops-repo" with your repo-name and cd to the gitops-repo e.g. `cd gitops-repo` **Specify inputs based on your environment and git-repo** The installation process requires inputs such as the application version, git-repo details and so on. 4. In the gitops-repo cloned to disk and edit `install/inputcm.yaml`. This should be updated, at a **minimum**, with gitrepo url, username, namespace and gitmail. 5. **Update Values.yaml as required**, specifically: At **minimum** the ISD URL and gitops-repo details in spinnaker.gitopsHalyard section must be updated. Full values.yaml is available at: * (Optional step) If you want to enable the new Insights pages (Pipeline Insights and Stage Insights) added to ISD refer Refer [**Enabling Pipeline Insights or Deployment Insights or Stage Insights in ISD**](https://docs.opsmx.com/opsmx-intellignt-software-delivery-isd-platform-spinnaker/opsmx-intelligent-software-delivery-isd-platform-spinnaker/operator-manual/installation-and-configuration/standard-installation/isd-v2025.10.00/enabling-pipeline-insights-or-deployment-insights-or-user-insights-in-isd)**.** {% hint style="info" %} We recommend that we start with the defaults, updating just the URL and gitopsHalyard details and gradually adding SSO, external DBs, etc. while updating the installed instance. {% endhint %} 6. Edit namespace in the `install/inputcm.yaml` file and `install/serviceaccount.yaml`, if changed from default (i.e. "opsmx-isd") 7. Edit the beta value to true in the `install/inputcm.yaml` file for beta releases only, let the default value be false (i.e. "false") 8. Push all changes in the gitops-repo to git (e.g `git add -A; git commit -m"my changes";git push`) 9. Create namespace, a configmap for inputs and a service account as follows \[edit namespace (i.e. opsmx-isd) as appropriate]: * `kubectl create ns opsmx-isd` * `kubectl -n opsmx-isd apply -f install/inputcm.yaml` * `kubectl -n opsmx-isd apply -f install/serviceaccount.yaml` **Create secrets** ISD supports multiple secret managers for storing secrets such as DB passwords, SSO authentication details and so on. Using kubernetes secrets is the default. 10. Create the following secrets. The default values are handled by the installer, except for git token. If you are using external SSO, DBs, etc. you might want to change them. Else, best to leave them at the defaults: * `kubectl -n opsmx-isd create secret generic gittoken --from-literal=gittoken=PUT_YOUR_GITTOKEN_HERE` * `kubectl -n opsmx-isd create secret generic docker-pat-secret --from-literal=REG_PAT=PUT_YOUR_DOCKERTOKEN_HERE` #### Optional In case we want to change these, please enter the correct values and create the secrets * `kubectl -n opsmx-isd create secret generic ldapconfigpassword --from-literal ldapconfigpassword=PUT_YOUR_SECRET_HERE` * `kubectl -n opsmx-isd create secret generic ldappassword --from-literal ldappassword=PUT_YOUR_SECRET_HERE` * `kubectl -n opsmx-isd create secret generic miniopassword --from-literal miniopassword=PUT_YOUR_SECRET_HERE` * `kubectl -n opsmx-isd create secret generic redispassword --from-literal redispassword=PUT_YOUR_SECRET_HERE` * `kubectl -n opsmx-isd create secret generic saporpassword --from-literal saporpassword=PUT_YOUR_SECRET_HERE` * `kubectl -n opsmx-isd create secret generic rabbitmqpassword --from-literal rabbitmqpassword=PUT_YOUR_SECRET_HERE` * `kubectl -n opsmx-isd create secret generic keystorepassword --from-literal keystorepassword=PUT_YOUR_SECRET_HERE` * `kubectl -n opsmx-isd create secret generic dbpassword --from-literal dbpassword=PUT_YOUR_SECRET_HERE` * `kubectl -n opsmx-isd create secret generic docker-pat-secret --from-literal=REG_PAT=PUT_YOUR_DOCKERTOKEN_HERE` **Start the Installation** The installation is done by a kubenetes job that processes the secrets, generates YAMLs, stores them into the git-repo and creates the objectes in Kubernetes. 11. Install ISD by executing this command: * `kubectl -n opsmx-isd apply -f install/ISD-Install-Job.yaml` **Monitor the installation process** 12. Wait for all pods to stabilize (about 10-20 min, depending on your cluster load). The "oes-config" in Completed status indicates the completion of the installation process. Check the status using the following command: * `kubectl -n opsmx-isd get po -w` {% hint style="info" %} If the pod starting with isd-install-\* errors out, please check the logs as follows, replacing the pod-name correctly: {% endhint %} * `kubectl -n opsmx-isd logs isd-install-tjzlx -c get-secrets` * `kubectl -n opsmx-isd logs isd-install-tjzlx -c git-clone` * `kubectl -n opsmx-isd logs isd-install-tjzlx -c apply-yamls` {% hint style="info" %} It is normal for some pods, specifically oes-ui pod to crash a few times before running. However, if isd-spinnaker-halyard-0 pod crashes or errors out, please check the logs of the "create-halyard-local" init container using this command: {% endhint %} * `kubectl -n opsmx-isd logs isd-spinnaker-halyard-0 -c create-halyard-local` **Check the installation** 13. If you had enabled the Insights feature (as in step 5), follow the post installation steps given in Refer [**Enabling Pipeline Insights or Deployment Insights or** **Stage Insights in ISD**](https://docs.opsmx.com/opsmx-intellignt-software-delivery-isd-platform-spinnaker/opsmx-intelligent-software-delivery-isd-platform-spinnaker/operator-manual/installation-and-configuration/standard-installation/isd-v2025.10.00/enabling-pipeline-insights-or-deployment-insights-or-user-insights-in-isd)**.** 14. Access ISD using the URL specified in the values.yaml in step 5 in a browser such as Chrome. 15. Login to the ISD instance by using the credentials listed below: * **User Name**: admin * **Password**: Execute the following command to retrieve the password 
kubectl -n opsmx-isd get secret isd-openldap -o jsonpath='{.data.LDAP_ADMIN_PASSWORD}'| base64 -d
* In case "base64 command not found": Please execute the below command. 
kubectl -n opsmx-isd get secret isd-openldap -o jsonpath='{.data.LDAP_ADMIN_PASSWORD}'
After executing the above command, copy the output and decode it using any online decoding site such as [**https://www.base64decode.org/**](https://www.base64decode.org/). **Switch from OpenLDAP to Saml** 1. Inorder to Install/Upgrade you can use the saml-values.yaml file. Refer Instructions in [Update the Parameters in value.yaml](https://docs.opsmx.com/operator-manual/installation-and-configuration/standard-installation/isd-v4.0.4.3/instructions-to-update-the-parameters-in-value.yaml) for updating to SAML from OpenLDAP. 2. Inorder to Install/Upgrade user can use saml-values.yaml file. * Move the old values.yaml to openldap-values.yaml and saml-values.yaml to values.yaml **NOTE**: Make sure values.yaml has saml configuration. {% hint style="info" %} If you are facing any Issues during installation, refer to the [**Troubleshooting** ](https://docs.opsmx.com/additional-resources/troubleshooting/troubleshooting-isd-gitops-installation-issues)page {% endhint %}