Install on Kubernetes
To install the chart, retrieve your steadybit agent key from the setup page in the SaaS platform and run the following command. Please also fill in your cluster name:
helm repo add steadybit https://steadybit.github.io/helm-charts
helm repo update
helm install steadybit-agent --namespace steadybit-agent \
--create-namespace \
--set agent.key=<replace-with-agent-key> \
--set cluster.name=<replace-with-cluster-name> \
--set agent.containerRuntime=containerd \
steadybit/steadybit-agent
To configure the installation, specify the values on the command line using the --set flag, or provide a yaml file with your values using the -f flag.
By default, the agent assumes that your cluster uses the Docker container runtime. If this is not the case, you need to setagent.containerRuntimeto eithercontainerdorcrio.
It is also possible to install the Helm chart with Terraform. For that the official
helm_release resource will be used. Analogous to the above procedure, the agent key needs to be specified. See the following provider and resource definition for Terraform:provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}
resource "helm_release" "steadybit_helm_chart" {
name = "steadybit-agent"
chart = "steadybit/steadybit-agent"
set {
name = "agent.key"
value = "<replace-with-agent-key>"
}
}
To configure additional parameters, specify the values directly in the terraform file, using the following syntax:
set {
name = "agent.registerUrl"
value = "https://platform.steadybit.com"
}
Apply the Terraform definition:
terraform apply -var agent_key="<replace-with-agent-key>"
To install and configure steadybit within
Kubernetes as a DaemonSet you need to define the DaemonSet YAML file. Below you will see an example of a YAML file to run the steadybit agent.As with all deployments in Kubernetes, make use of namespaces to keep things organized. The following YAML creates a Namespace called
steadybit-agent in which the DaemonSet will be created. It allows you to tag and isolate the agents or even stop all of them at once by simply deleting the steadybit-agent namespace.Please replace the string
replace-with-agent-key with your specific Agent-Key and run the shown commands to encode the key correctly.This needs to be done in three steps:
- 1.Run
echo -n _:<replace-with-agent-key> | base64and fill in the result into the value for theauthkey
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: steadybit-agent
namespace: steadybit-agent
automountServiceAccountToken: true
---
apiVersion: v1
kind: Secret
metadata:
name: steadybit-agent
namespace: steadybit-agent
type: Opaque
data:
key: <echo -n <replace-with-agent-key> | base64>
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: steadybit-agent-in-steadybit-agent
rules:
- apiGroups: [ "batch" ]
resources:
- "jobs"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "extensions" ]
resources:
- "deployments"
- "replicasets"
- "ingresses"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "apps" ]
resources:
- "deployments"
- "replicasets"
- "daemonsets"
- "statefulsets"
verbs: [ "get", "list", "watch", "patch" ]
- apiGroups: [ "autoscaling" ]
resources:
- "horizontalpodautoscalers"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "networking.k8s.io" ]
resources:
- "ingresses"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources:
- "events"
- "namespaces"
- "services"
- "endpoints"
- "nodes"
- "pods"
- "pods/log"
- "replicationcontrollers"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources:
- "pods"
verbs: [ "delete", "patch" ]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: steadybit-agent-in-steadybit-agent
subjects:
- kind: ServiceAccount
name: steadybit-agent
namespace: steadybit-agent
roleRef:
kind: ClusterRole
name: steadybit-agent-in-steadybit-agent
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: steadybit-agent
namespace: steadybit-agent
rules:
- apiGroups: [ "coordination.k8s.io" ]
resources:
- "leases"
verbs: [ "get", "list", "watch", "create", "update" ]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: steadybit-agent
namespace: steadybit-agent
subjects:
- kind: ServiceAccount
name: steadybit-agent
namespace: steadybit-agent
roleRef:
kind: Role
name: steadybit-agent
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: steadybit-agent
namespace: steadybit-agent
spec:
selector:
matchLabels:
app.kubernetes.io/name: steadybit-agent
app.kubernetes.io/instance: steadybit-agent
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
app.kubernetes.io/name: steadybit-agent
app.kubernetes.io/instance: steadybit-agent
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/prometheus"
prometheus.io/port: "42899"
spec:
serviceAccountName: steadybit-agent
hostIPC: true
hostNetwork: true
hostPID: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: steadybit-agent
image: "steadybit/agent:latest"
imagePullPolicy: Always
resources:
requests:
memory: 450Mi
cpu: 250m
limits:
memory: 650Mi
cpu: 1500m
livenessProbe:
httpGet:
host: 127.0.0.1
port: 42899
path: /health
initialDelaySeconds: 300
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
env:
- name: STEADYBIT_AGENT_REGISTER_URL
value: "https://platform.steadybit.com"
- name: STEADYBIT_AGENT_KEY
valueFrom:
secretKeyRef:
name: steadybit-agent
key: key
- name: STEADYBIT_KUBERNETES_CLUSTER_NAME
value: "<replace-with-cluster-name>"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: STEADYBIT_AGENT_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: STEADYBIT_AGENT_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: STEADYBIT_AGENT_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: STEADYBIT_HTTP_ENDPOINT_PORT
value: "42899"
- name: STEADYBIT_AGENT_MODE
value: "default"
- name: STEADYBIT_AGENT_SIDECAR_IMAGE
value: "steadybit/agent:latest"
securityContext:
readOnlyRootFilesystem: false
privileged: true
volumeMounts:
- name: steadybit-agent-state
mountPath: /var/lib/steadybit-agent
- name: container-sock
mountPath: /run/containerd/containerd.sock
- name: cgroup-root
mountPath: /sys/fs/cgroup
- name: sys
mountPath: /sys
- name: runc-root
mountPath: /run/containerd/runc/k8s.io
- name: container-run
mountPath: /run/containerd
- name: container-namespaces
mountPath: /var/run
mountPropagation: HostToContainer
- name: container-sidecar-bundles-root
mountPath: /var/lib/containerd/steadybit-agent
volumes:
- name: steadybit-agent-state
hostPath:
path: /var/lib/steadybit-agent
- name: container-sock
hostPath:
path: /run/containerd/containerd.sock
- name: cgroup-root
hostPath:
path: /sys/fs/cgroup
- name: sys
hostPath:
path: /sys
- name: runc-root
hostPath:
path: /run/containerd/runc/k8s.io
- name: container-run
hostPath:
path: /run/containerd
- name: container-namespaces
hostPath:
path: /var/run
- name: container-sidecar-bundles-root
hostPath:
path: /var/lib/containerd/steadybit-agent
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: steadybit-agent
namespace: steadybit-agent
automountServiceAccountToken: true
---
apiVersion: v1
kind: Secret
metadata:
name: steadybit-agent
namespace: steadybit-agent
type: Opaque
data:
key: <echo -n <replace-with-agent-key> | base64>
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: steadybit-agent-in-steadybit-agent
rules:
- apiGroups: [ "batch" ]
resources:
- "jobs"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "extensions" ]
resources:
- "deployments"
- "replicasets"
- "ingresses"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "apps" ]
resources:
- "deployments"
- "replicasets"
- "daemonsets"
- "statefulsets"
verbs: [ "get", "list", "watch", "patch" ]
- apiGroups: [ "autoscaling" ]
resources:
- "horizontalpodautoscalers"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "networking.k8s.io" ]
resources:
- "ingresses"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources:
- "events"
- "namespaces"
- "services"
- "endpoints"
- "nodes"
- "pods"
- "pods/log"
- "replicationcontrollers"
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources:
- "pods"
verbs: [ "delete", "patch" ]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: steadybit-agent-in-steadybit-agent
subjects:
- kind: ServiceAccount
name: steadybit-agent
namespace: steadybit-agent
roleRef:
kind: ClusterRole
name: steadybit-agent-in-steadybit-agent
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: steadybit-agent
namespace: steadybit-agent
rules:
- apiGroups: [ "coordination.k8s.io" ]
resources:
- "leases"
verbs: [ "get", "list", "watch", "create", "update" ]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: steadybit-agent
namespace: steadybit-agent
subjects:
- kind: ServiceAccount
name: steadybit-agent
namespace: steadybit-agent
roleRef:
kind: Role
name: steadybit-agent
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: steadybit-agent
namespace: steadybit-agent
spec:
selector:
matchLabels:
app.kubernetes.io/name: steadybit-agent
app.kubernetes.io/instance: steadybit-agent
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
app.kubernetes.io/name: steadybit-agent
app.kubernetes.io/instance: steadybit-agent
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/prometheus"
prometheus.io/port: "42899"
spec:
serviceAccountName: steadybit-agent
hostIPC: true
hostNetwork: true
hostPID: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: steadybit-agent
image: "steadybit/agent:latest"
imagePullPolicy: Always
resources:
requests:
memory: 450Mi
cpu: 250m
limits:
memory: 650Mi
cpu: 1500m
livenessProbe:
httpGet:
host: 127.0.0.1
port: 42899
path: /health
initialDelaySeconds: 300
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
env:
- name: STEADYBIT_AGENT_REGISTER_URL
value: "https://platform.steadybit.com"
- name: STEADYBIT_AGENT_KEY
valueFrom:
secretKeyRef:
name: steadybit-agent
key: key
- name: STEADYBIT_KUBERNETES_CLUSTER_NAME
value: "<replace-with-cluster-name>"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: STEADYBIT_AGENT_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: STEADYBIT_AGENT_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: STEADYBIT_AGENT_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: STEADYBIT_HTTP_ENDPOINT_PORT
value: "42899"
- name: STEADYBIT_AGENT_MODE
value: "default"
- name: STEADYBIT_AGENT_SIDECAR_IMAGE
value: "steadybit/agent:latest"
securityContext:
readOnlyRootFilesystem: false
privileged: true
volumeMounts:
- name: steadybit-agent-state
mountPath: /var/lib/steadybit-agent
- name: container-sock
mountPath: /var/run/docker.sock
- name: cgroup-root
mountPath: /sys/fs/cgroup
- name: sys
mountPath: /sys
volumes:
- name: steadybit-agent-state
hostPath:
path: /var/lib/steadybit-agent
- name: container-sock
hostPath:
path: /var/run/docker.sock
- name: cgroup-root
hostPath:
path: /sys/fs/cgroup
- name: sys
hostPath:
path: /sys
For your convenience you can use the setup page in the SaaS platform, where your agent key is already prepared in the yaml.
Once the YAML file is customized you can apply it with
kubectl:kubectl apply -f steadybit-agent.yml
To get even more information and insights, the above manifest contains a
Service Account and RBAC Authorization for the steadybit-agent. With the access to the K8s API, the agent can provide further information to the platform for identifying potential targets. More information about Service Accounts or RBAC Authorization is available in the Kubernetes docs.You can learn more about our discovery of containers in the section Use Steadybit / Discovery / Container.
Last modified 3mo ago