Installation on Kubernetes

Prerequisites

Install v1.9 on your kubernetes cluster�.

wget https://agent-binaries.astradot.com/kube/ksm.yml
kubectl apply -f ksm.yml

Supported Kubernetes Version: 1.16

Agent Installation

Copy/paste the configuration below to a file, eg astinfra.yaml
Edit the following variable values in the config:
1. AST_LIC_KEY : put your astradot license key here
Run kubectl apply -f astinfra.yaml

astinfra.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: astradot
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: astradot
rules:
  - apiGroups: [""]
    resources: ["endpoints", "nodes/stats"]
    verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: astradot
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: astradot
subjects:
  - name: astradot
    namespace: default
    kind: ServiceAccount
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: ast-infra-kube-agent
  labels:
    app: ast-infra-kube-agent
spec:
  selector:
    matchLabels:
      app: ast-infra-kube-agent
  template:
    metadata:
      name: ast-infra-kube-agent
      labels:
        app: ast-infra-kube-agent
    spec:
      serviceAccountName: astradot
      containers:
        - image: astradot/ast-infra-kube-agent:latest
          imagePullPolicy: Always
          name: ast-infra-kube-agent
          env:
            - name: AST_LIC_KEY
              value: "My-License-Key"
            - name: AST_KUBE_CLUSTER_NAME
              value: "default"
            - name: AST_INFRA_KUBE_MODE
              value: "yes"
            - name: AST_INFRA_KUBE_MONITOR
              value: "yes"
            - name: AST_INFRA_KUBE_NODE_HOSTNAME
              valueFrom:
                  fieldRef:
                    fieldPath: spec.nodeName
            - name: AST_INFRA_KUBE_NODE_HOSTIP
              valueFrom:
                  fieldRef:
                    fieldPath: status.hostIP
            - name: AST_INFRA_PODNAME
              valueFrom:
                  fieldRef:
                    fieldPath: metadata.name
          resources:
            requests:
              memory: "50Mi"
              cpu: "100m"
            limits:
              memory: "50Mi"
              cpu: "100m"
          volumeMounts:
            - name: procdir
              mountPath: /host/proc
              readOnly: true
        - image: fredrikjanssonse/leader-elector:0.6
          imagePullPolicy: IfNotPresent
          name: elector
          args:
              - --election=astinfra
              - --http=localhost:4040
          ports:
              - containerPort: 4040
                protocol: TCP
          resources:
              requests:
                cpu: 100m
      volumes:
      - name: procdir
        hostPath:
            path: /proc

Using Istio?

Istio's default security rules will block the agent from talking to Astradot's data collection servers to send metrics.

To get around this, you need to add this annotation to the above daemonset configuration, with the IP range being the IP range of your kubernetes cluster nodes.

traffic.sidecar.istio.io/includeOutboundIPRanges: 10.0.0.0/14

Example:

apiVersion: apps/v1
kind: DaemonSet
spec:
  template:
    metadata:
      annotations:
        traffic.sidecar.istio.io/includeOutboundIPRanges: 10.0.0.0/14

PreviousDatadog Agent Integration NextDatadog Agent Integration

Last updated 2 years ago

Was this helpful?

--- apiVersion: v1 kind: ServiceAccount metadata: name: astradot --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: astradot rules: - apiGroups: [""] resources: ["endpoints", "nodes/stats"] verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: astradot roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: astradot subjects: - name: astradot namespace: default kind: ServiceAccount --- apiVersion: apps/v1 kind: DaemonSet metadata: name: ast-infra-kube-agent labels: app: ast-infra-kube-agent spec: selector: matchLabels: app: ast-infra-kube-agent template: metadata: name: ast-infra-kube-agent labels: app: ast-infra-kube-agent spec: serviceAccountName: astradot containers: - image: astradot/ast-infra-kube-agent:latest imagePullPolicy: Always name: ast-infra-kube-agent env: - name: AST_LIC_KEY value: "My-License-Key" - name: AST_KUBE_CLUSTER_NAME value: "default" - name: AST_INFRA_KUBE_MODE value: "yes" - name: AST_INFRA_KUBE_MONITOR value: "yes" - name: AST_INFRA_KUBE_NODE_HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: AST_INFRA_KUBE_NODE_HOSTIP valueFrom: fieldRef: fieldPath: status.hostIP - name: AST_INFRA_PODNAME valueFrom: fieldRef: fieldPath: metadata.name resources: requests: memory: "50Mi" cpu: "100m" limits: memory: "50Mi" cpu: "100m" volumeMounts: - name: procdir mountPath: /host/proc readOnly: true - image: fredrikjanssonse/leader-elector:0.6 imagePullPolicy: IfNotPresent name: elector args: - --election=astinfra - --http=localhost:4040 ports: - containerPort: 4040 protocol: TCP resources: requests: cpu: 100m volumes: - name: procdir hostPath: path: /proc