edera-dev · anners · Jan 13, 2026 · Jan 15, 2026 · Jan 15, 2026
diff --git a/getting-started/edera-installer/.gitignore b/getting-started/edera-installer/.gitignore
@@ -0,0 +1 @@
+key.json
diff --git a/getting-started/edera-installer/Makefile b/getting-started/edera-installer/Makefile
@@ -0,0 +1,139 @@
+.PHONY: help deploy configure test test-standalone verify clean
+
+# Default target
+help:
+	@echo "Edera Manual Installation"
+	@echo ""
+	@echo "Available targets:"
+	@echo "  deploy          - Install Edera on a target node (requires INSTALLER_IP)"
+	@echo "  test-standalone - Test standalone installation (no Kubernetes)"
+	@echo "  configure       - Apply RuntimeClass and label nodes (Kubernetes)"
+	@echo "  test            - Test Kubernetes deployment with a test workload"
+	@echo "  verify          - Verify Kubernetes cluster configuration"
+	@echo "  clean           - Clean up test resources"
+	@echo ""
+	@echo "Environment variables:"
+	@echo "  INSTALLER_IP  - Required. IP address of the target node"
+	@echo "  SSH_USER      - SSH username (default: root)"
+	@echo "  SSH_KEY       - Path to SSH private key (optional)"
+	@echo ""
+	@echo "Quick start (standalone):"
+	@echo "  1. Save your GAR key as key.json"
+	@echo "  2. INSTALLER_IP=<node-ip> make deploy"
+	@echo "  3. INSTALLER_IP=<node-ip> make test-standalone"
+	@echo ""
+	@echo "Quick start (Kubernetes):"
+	@echo "  1. Save your GAR key as key.json"
+	@echo "  2. INSTALLER_IP=<node-ip> make deploy"
+	@echo "  3. make configure"
+	@echo "  4. make test"
+	@echo ""
+	@echo "Example with SSH key (e.g., for EC2):"
+	@echo "  INSTALLER_IP=<ip> SSH_USER=ubuntu SSH_KEY=~/.ssh/my-key.pem make deploy"
+
+# Check that key.json exists
+check-key:
+	@if [ ! -f key.json ]; then \
+		echo "Error: key.json not found!"; \
+		echo "Please save your Google Artifact Registry key as key.json"; \
+		exit 1; \
+	fi
+
+# Deploy Edera to a node
+deploy: check-key
+	@if [ -z "$(INSTALLER_IP)" ]; then \
+		echo "Error: INSTALLER_IP is not set"; \
+		echo "Usage: INSTALLER_IP=<node-ip> make deploy"; \
+		exit 1; \
+	fi
+	@echo "Installing Edera on $(INSTALLER_IP)..."
+	./scripts/install.sh
+	@echo ""
+	@echo "Installation complete!"
+	@echo ""
+	@echo "Next steps:"
+	@echo "  make configure  # Apply RuntimeClass and label nodes"
+	@echo "  make test       # Test the deployment"
+
+# Test standalone installation (no Kubernetes)
+test-standalone:
+	@if [ -z "$(INSTALLER_IP)" ]; then \
+		echo "Error: INSTALLER_IP is not set"; \
+		echo "Usage: INSTALLER_IP=<node-ip> make test-standalone"; \
+		exit 1; \
+	fi
+	@echo "Testing Edera installation on $(INSTALLER_IP)..."
+	@SSH_OPTS=""; \
+	if [ -n "$(SSH_KEY)" ]; then SSH_OPTS="-i $(SSH_KEY)"; fi; \
+	SSH_USER=$${SSH_USER:-root}; \
+	echo ""; \
+	echo "Edera version:"; \
+	ssh $$SSH_OPTS $${SSH_USER}@$(INSTALLER_IP) "sudo protect --version"; \
+	echo ""; \
+	echo "Edera services:"; \
+	ssh $$SSH_OPTS $${SSH_USER}@$(INSTALLER_IP) "sudo systemctl status protect-daemon --no-pager | head -5"; \
+	echo ""; \
+	echo "Zone list:"; \
+	ssh $$SSH_OPTS $${SSH_USER}@$(INSTALLER_IP) "sudo protect zone list"; \
+	echo ""; \
+	echo "Edera is installed and running!"
+
+# Configure kubectl with RuntimeClass
+configure:
+	@echo "Applying Edera RuntimeClass..."
+	kubectl apply -f https://public.edera.dev/kubernetes/runtime-class.yaml
+	@echo ""
+	@echo "RuntimeClass applied. Label your nodes with:"
+	@echo "  kubectl label nodes <node-name> runtime=edera"
+	@echo ""
+	@echo "Or label all nodes:"
+	@echo "  kubectl label nodes --all runtime=edera"
+
+# Test the deployment
+test:
+	@echo "Testing Edera deployment..."
+	@echo ""
+	@echo "Node status:"
+	kubectl get nodes -o wide
+	@echo ""
+	@echo "Node labels (checking for runtime=edera):"
+	kubectl get nodes --show-labels | grep runtime=edera || echo "No nodes with runtime=edera label found"
+	@echo ""
+	@echo "RuntimeClass status:"
+	kubectl get runtimeclass edera -o wide || echo "RuntimeClass not found"
+	@echo ""
+	@echo "Deploying test workload..."
+	kubectl apply -f kubernetes/test-workload.yaml
+	@echo ""
+	@echo "Waiting for test pod to be ready..."
+	kubectl wait --for=condition=ready pod/edera-test-pod -n edera-test --timeout=300s
+	@echo ""
+	@echo "Test pod is running!"
+	@echo ""
+	@echo "Test results:"
+	kubectl get pods -n edera-test -o wide
+	@echo ""
+	@echo "Verifying pod is using Edera runtime:"
+	@kubectl get pod edera-test-pod -n edera-test -o jsonpath="{.spec.runtimeClassName}"
+	@echo ""
+	@echo ""
+	@echo "Success! Your node is running with Edera protection."
+
+# Verify the deployment
+verify:
+	@echo "Verifying Edera installation..."
+	@echo ""
+	@echo "Cluster nodes:"
+	kubectl get nodes
+	@echo ""
+	@echo "Edera RuntimeClass:"
+	kubectl get runtimeclass edera
+	@echo ""
+	@echo "Test workload:"
+	kubectl get pods -n edera-test
+
+# Clean up test resources
+clean:
+	@echo "Cleaning up test resources..."
+	kubectl delete -f kubernetes/test-workload.yaml --ignore-not-found=true
+	@echo "Test resources cleaned up"
diff --git a/getting-started/edera-installer/README.md b/getting-started/edera-installer/README.md
@@ -0,0 +1,250 @@
+# Edera Manual Installation - Complete Example
+
+This example provides scripts for installing Edera on any Linux node. It's designed for users who want direct control over the installation process or need to install Edera on existing infrastructure.
+
+## What This Example Provides
+
+- **Installation Scripts**: Automated scripts to install Edera on remote nodes
+- **RuntimeClass Configuration**: Kubernetes RuntimeClass for Edera pods
+- **Test Workload**: Sample nginx pod using Edera runtime
+- **Makefile Automation**: Simple commands for deploy, test, and cleanup
+
+## Quick Start
+
+### Standalone (no Kubernetes)
+
+```bash
+# 1. Save your GAR key as key.json
+cp /path/to/your/key.json .
+
+# 2. Install Edera on your node
+INSTALLER_IP=<node-ip> make deploy
+
+# 3. Verify installation (after reboot completes)
+INSTALLER_IP=<node-ip> make test-standalone
+```
+
+### With Kubernetes
+
+```bash
+# 1. Save your GAR key as key.json
+cp /path/to/your/key.json .
+
+# 2. Install Edera on your node
+INSTALLER_IP=<node-ip> make deploy
+
+# 3. Configure Kubernetes RuntimeClass
+make configure
+
+# 4. Test with a pod
+make test
+```
+
+### Cloud instances (EC2, GCE, etc.)
+
+For cloud instances that use non-root SSH users:
+
+```bash
+INSTALLER_IP=<node-ip> SSH_USER=ubuntu SSH_KEY=~/.ssh/my-key.pem make deploy
+INSTALLER_IP=<node-ip> SSH_USER=ubuntu SSH_KEY=~/.ssh/my-key.pem make test-standalone
+```
+
+## Prerequisites
+
+Before starting, ensure you have:
+
+1. **Edera Access**: Contact [[email protected]](mailto:[email protected]) for:
+   - Google Artifact Registry (GAR) key for pulling Edera images
+
+2. **SSH Access**: Root SSH access to your target node(s)
+
+3. **Container Runtime**: Docker or nerdctl installed on the target node
+
+4. **kubectl** (optional): For Kubernetes deployments
+
+   ```bash
+   kubectl version --client
+   ```
+
+## Configuration
+
+### Required: GAR Key
+
+Save your Google Artifact Registry key as `key.json` in this directory:
+
+```bash
+cp /path/to/your/key.json .
+```
+
+### Target Node Requirements
+
+The target node must have:
+
+- Linux operating system
+- Root SSH access
+- Docker or nerdctl installed
+- Network access to `us-central1-docker.pkg.dev`
+
+## Deployment
+
+### Step-by-Step
+
+```bash
+# 1. Install Edera on a node
+INSTALLER_IP=<node-ip> make deploy
+
+# 2. Configure Kubernetes RuntimeClass
+make configure
+
+# 3. Label your nodes
+kubectl label nodes <node-name> runtime=edera
+
+# 4. Test the deployment
+make test
+```
+
+### Installing Multiple Nodes
+
+Run the deploy command for each node:
+
+```bash
+INSTALLER_IP=192.168.1.10 make deploy
+INSTALLER_IP=192.168.1.11 make deploy
+INSTALLER_IP=192.168.1.12 make deploy
+```
+
+### Manual Installation
+
+If you prefer not to use the Makefile:
+
+```bash
+# Copy files to target node
+scp key.json root@<node-ip>:/tmp/
+scp scripts/edera-install.sh root@<node-ip>:~
+
+# SSH to node and run installer
+ssh root@<node-ip> 'chmod +x ~/edera-install.sh && ~/edera-install.sh'
+
+# Apply RuntimeClass (Kubernetes only)
+kubectl apply -f https://public.edera.dev/kubernetes/runtime-class.yaml
+
+# Label nodes
+kubectl label nodes <node-name> runtime=edera
+
+# Deploy test workload
+kubectl apply -f kubernetes/test-workload.yaml
+```
+
+## Verification
+
+### Automatic Verification
+
+```bash
+make verify
+```
+
+This checks:
+
+- Cluster nodes are online
+- RuntimeClass is configured
+- Test workload is running
+
+### Manual Verification
+
+```bash
+# Check cluster status
+kubectl get nodes -o wide
+
+# Verify Edera RuntimeClass
+kubectl get runtimeclass edera
+
+# Check node labels
+kubectl get nodes --show-labels | grep runtime=edera
+
+# Verify test pod
+kubectl get pods -n edera-test
+kubectl get pod edera-test-pod -n edera-test -o jsonpath="{.spec.runtimeClassName}"
+```
+
+## Cleanup
+
+### Remove Test Resources Only
+
+```bash
+make clean
+```
+
+## Troubleshooting
+
+### Common Issues
+
+#### SSH Permission Denied
+
+If you see `Permission denied (publickey)`, specify the SSH user and key:
+
+```bash
+INSTALLER_IP=<node-ip> SSH_USER=ubuntu SSH_KEY=~/.ssh/my-key.pem make deploy
+```
+
+Common SSH users by platform:
+- **EC2 Ubuntu**: `ubuntu`
+- **EC2 Amazon Linux**: `ec2-user`
+- **GCE**: Your Google account username
+- **Azure**: The admin username you specified
+
+#### Make deploy shows "Error 255"
+
+This is expected. The installer reboots the node when complete, which closes the SSH connection. Wait 1-2 minutes for the node to come back online, then run `make test-standalone` to verify.
+
+#### Installation Fails
+
+- Verify SSH access: `ssh -i <key> <user>@<node-ip>`
+- Check container runtime: `ssh -i <key> <user>@<node-ip> 'docker --version || nerdctl --version'`
+- Verify GAR key is valid and has appropriate permissions
+
+#### Pod Stuck in Pending (Kubernetes)
+
+```bash
+kubectl describe pod edera-test-pod -n edera-test
+```
+
+Check for:
+
+- Missing `runtime=edera` labels on nodes
+- RuntimeClass not installed
+- Node capacity issues
+
+#### Container Login Fails
+
+- Verify `key.json` is a valid GAR service account key
+- Check network access to `us-central1-docker.pkg.dev`
+
+### Getting Help
+
+1. **Check Logs**:
+
+   ```bash
+   kubectl logs edera-test-pod -n edera-test
+   ```
+
+2. **Describe Resources**:
+
+   ```bash
+   kubectl describe pod edera-test-pod -n edera-test
+   kubectl describe node
+   ```
+
+3. **Contact Support**: [[email protected]](mailto:[email protected])
+
+## Next Steps
+
+- Deploy your own applications using `runtimeClassName: edera`
+- Explore [Edera documentation](https://docs.edera.dev)
+- Check out other examples in this repository
+
+## Files
+
+- `Makefile` - Automation commands
+- `scripts/install.sh` - Remote installation wrapper
+- `scripts/edera-install.sh` - Node installation script
+- `kubernetes/test-workload.yaml` - Test pod configuration