What happens when you run the cluster connection command
YAML Unique URL
When you run the provided kubectl command, you are actually downloading a cluster-specific YAML file. This file is a spec to download and run the Magalix agent's pod.
YAML file URL is valid for 4 hours only
For security reasons the provided URL is valid for 4 hours only. You can retrieve a fresh URL anytime. The older one will be invalid at this point.
Below is a typical kubectl command needed to connect your cluster. It downloads your cluster-specific YAML file and applies that YAML file to your cluster.
kubectl apply -f https://console.magalix.com/cluster-deployment//deployment.yaml
Magalix Agent Spec File
Below is a typical YAML file that installs and configures the Magalix agent. Cluster-specific secrets and account Id are omitted from this file.
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: magalix-agent
#Magalix agent is installed in kube-system by default. You can change it to another namespace
namespace: kube-system
labels:
app.kubernetes.io/name: "magalix-agent"
app.kubernetes.io/version: "1"
app.kubernetes.io/component: "magalix-agent"
app.kubernetes.io/tier: "backend"
spec:
replicas: 1
template:
metadata:
labels:
name: magalix-agent
spec:
serviceAccountName: magalix-agent
restartPolicy: Always
containers:
- image: magalixcorp/agent:latest
imagePullPolicy: Always
name: agent
resources: #default agent resources. It will be automatically managed if the Autopilot is enabled
limits:
memory: 750Mi
cpu: 1
requests:
memory: 200Mi
cpu: 100m
args:
- --kube-incluster
- --gateway=ws://agent-gateway.magalix.com/
- --source=kubelet
- --trace-log=/agent.log #Where to store the log file
envFrom:
- secretRef:
name: magalix-agent
---
apiVersion: v1
kind: Secret
metadata:
name: magalix-agent
namespace: kube-system
labels:
app.kubernetes.io/name: "magalix-agent"
app.kubernetes.io/version: "1"
app.kubernetes.io/component: "secret"
app.kubernetes.io/tier: "backend"
type: Opaque
data:
ACCOUNT_ID: #[Removed from this sample]
CLUSTER_ID: #[Removed from this sample]
SECRET: #[Removed from this sample]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: magalix-agent
namespace: kube-system
labels:
app.kubernetes.io/name: "magalix-agent"
app.kubernetes.io/version: "1"
app.kubernetes.io/component: "service-account"
app.kubernetes.io/tier: "backend"
---
#If RBAC is enabled by default below cluster role and cluster role binding are required
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: magalix-agent
labels:
app.kubernetes.io/name: "magalix-agent"
app.kubernetes.io/version: "1"
app.kubernetes.io/component: "cluster-role"
app.kubernetes.io/tier: "backend"
rules:
# Allow the agent to perform get, watch, list, and path on below K8s resources.
# If you are on the FREE plan, the patch verb is not required
- apiGroups: ["", "extensions", "apps", "batch", "metrics.k8s.io"]
resources: ["nodes", "nodes/stats", "nodes/metrics", "nodes/proxy", "pods", "limitranges", "deployments", "replicationcontrollers", "statefulsets", "daemonsets", "replicasets", "cronjobs"]
verbs: ["get", "watch", "list", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: magalix-agent
labels:
app.kubernetes.io/name: "magalix-agent"
app.kubernetes.io/version: "1"
app.kubernetes.io/component: "cluster-role-binding"
app.kubernetes.io/tier: "backend"
subjects:
- kind: ServiceAccount
name: magalix-agent
namespace: kube-system
roleRef:
kind: ClusterRole
name: magalix-agent
apiGroup: rbac.authorization.k8s.io
Track and enforce the right configurations in your Kubernetes cluster with Magalix NOW
