Kubernetes
Kubernetes agents collect all metadata from the Kubernetes cluster where is deployed.
Kubernetes agents allows to collect metadata from any Kubernetes clusters. It works with Zero trust.
Prerequisites
- Required permissions
Procedure from web console
- Navigate to Integrations > Agents (or go directly to
/home/integrations/agents) - Click "Add agent"
- Add a name for the agent and select Kubernetes Inventory
- Click "Submit" to proceed to the configuration screen
- You'll see a setup guide with the commands needed to deploy your agent, copy and execute each command in your terminal/Kubernetes environment
- Optional: Modify the
httpRequestSizeparameter to adjust the maximum number of objects sent to the API in each request (must be an integer greater than 0, default value is usually sufficient)
Procedure from CLI
1. Create the Agent object
Create the Agent object in the cluster where Resiliency.IO is deployed:
apiVersion: core.resiliency.io/v1alpha1
kind: Agent
metadata:
name: <agent-name>
namespace: resiliency-system
spec:
type: KubernetesInventory
secretName: <agent-name>
2. Retrieve the APIKey
Resiliency.IO will create an APIKey that will be assigned to the Agent. Get the secret name:
kubectl -n resiliency-system get agent <agent-name> -o yaml
This command will display the Agent details, and the secret name is in the .status.secretName field:
apiVersion: core.resiliency.io/v1alpha1
kind: Agent
metadata:
name: <agent-name>
namespace: resiliency-system
spec:
type: KubernetesInventory
secretName: <agent-name>
status:
secretName: <agent-name>-kj2f4
state: Ready
Get the secret content:
kubectl -n resiliency-system get secret <secret-name> -o jsonpath="{.data}" | jq -r 'to_entries[] | "\(.key): \(.value | @base64d)"'
Example output:
apikey: 259eaa16-6e0e-456a-8f6c-774ac61bab01
apisecret: 0b25cbc0-5a87-49e2-83ad-bc08c51038d3
3. Deploy the AgentInstance
Deploy the AgentOperator in your target cluster:
kubectl apply -f http://api.<base_domain>/static/manifests/agent-operator.yaml
Create the APIKey secret with the AWS IAM User credentials:
kubectl -n resiliency-system create secret generic <agent-name> \
--from-literal=ASTROKUBE_AGENT_ID=<apikey> \
--from-literal=ASTROKUBE_AGENT_SECRET=<apisecret>
Deploy the AgentInstance:
apiVersion: core.resiliency.io/v1alpha1
kind: AgentInstance
metadata:
name: <agent-name>
namespace: resiliency-system
spec:
api: https://inventory.astrokube.cloud
httpRequestSize: 10
kubernetes:
secretName: <agent-name>
Verify agent deployment
-
Check the agent status in Kubernetes:
# Check agent instance
kubectl get agentinstances -n resiliency-system <name-of-your-agent>
#Check pod
kubectl get pods -n resiliency-system <name-of-your-agent-pod>
# Check logs in pod
kubectl logs -n resiliency-system <name-of-your-agent-pod>
You should see output similar to this for a healthy agent:
{"level":"info","timestamp":"2029-08-24T10:00:00Z","msg":"running exporter"}
{"level":"info","timestamp":"2029-08-24T10:00:01Z","msg":"running host listener"}
{"level":"info","timestamp":"2029-08-24T10:00:02Z","msg":"exported 1 objects"}
{"level":"info","timestamp":"2029-08-24T10:00:03Z","msg":"exported 5 objects"}