The Anatomy of Magalix Agent YAML File

What happens when you run the cluster connection command

YAML Unique URL

When you run the provided kubectl command, you are actually downloading a cluster-specific YAML file. This file is a spec to download and run the Magalix agent's pod.

YAML file URL is valid for 4 hours only

For security reasons the provided URL is valid for 4 hours only. You can retrieve a fresh URL anytime. The older one will be invalid at this point.

Below is a typical kubectl command needed to connect your cluster. It downloads your cluster-specific YAML file and applies that YAML file to your cluster.

    kubectl apply -f https://console.magalix.com/cluster-deployment//deployment.yaml

    Magalix Agent Spec File

    Below is a typical YAML file that installs and configures the Magalix agent. Cluster-specific secrets and account Id are omitted from this file.

    kind: Deployment
    apiVersion: extensions/v1beta1
    metadata:
    name: magalix-agent
    #Magalix agent is installed in kube-system by default. You can change it to another namespace
    namespace: kube-system
    labels:
    app.kubernetes.io/name: "magalix-agent"
    app.kubernetes.io/version: "1"
    app.kubernetes.io/component: "magalix-agent"
    app.kubernetes.io/tier: "backend"
    spec:
    replicas: 1
    template:
    metadata:
    labels:
    name: magalix-agent
    spec:
    serviceAccountName: magalix-agent
    restartPolicy: Always
    containers:
    - image: magalixcorp/agent:latest
    imagePullPolicy: Always
    name: agent
    resources: #default agent resources. It will be automatically managed if the Autopilot is enabled
    limits:
    memory: 750Mi
    cpu: 1
    requests:
    memory: 200Mi
    cpu: 100m
    args:
    - --kube-incluster
    - --gateway=ws://agent-gateway.magalix.com/
    - --source=kubelet
    - --trace-log=/agent.log #Where to store the log file
    envFrom:
    - secretRef:
    name: magalix-agent
    ---

    apiVersion: v1
    kind: Secret
    metadata:
    name: magalix-agent
    namespace: kube-system
    labels:
    app.kubernetes.io/name: "magalix-agent"
    app.kubernetes.io/version: "1"
    app.kubernetes.io/component: "secret"
    app.kubernetes.io/tier: "backend"
    type: Opaque
    data:
    ACCOUNT_ID: #[Removed from this sample]
    CLUSTER_ID: #[Removed from this sample]
    SECRET: #[Removed from this sample]

    ---

    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: magalix-agent
    namespace: kube-system
    labels:
    app.kubernetes.io/name: "magalix-agent"
    app.kubernetes.io/version: "1"
    app.kubernetes.io/component: "service-account"
    app.kubernetes.io/tier: "backend"

    ---
    #If RBAC is enabled by default below cluster role and cluster role binding are required
    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
    name: magalix-agent
    labels:
    app.kubernetes.io/name: "magalix-agent"
    app.kubernetes.io/version: "1"
    app.kubernetes.io/component: "cluster-role"
    app.kubernetes.io/tier: "backend"
    rules:
    # Allow the agent to perform get, watch, list, and path on below K8s resources.
    # If you are on the FREE plan, the patch verb is not required
    - apiGroups: ["", "extensions", "apps", "batch", "metrics.k8s.io"]
    resources: ["nodes", "nodes/stats", "nodes/metrics", "nodes/proxy", "pods", "limitranges", "deployments", "replicationcontrollers", "statefulsets", "daemonsets", "replicasets", "cronjobs"]
    verbs: ["get", "watch", "list", "patch"]

    ---

    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
    name: magalix-agent
    labels:
    app.kubernetes.io/name: "magalix-agent"
    app.kubernetes.io/version: "1"
    app.kubernetes.io/component: "cluster-role-binding"
    app.kubernetes.io/tier: "backend"
    subjects:
    - kind: ServiceAccount
    name: magalix-agent
    namespace: kube-system
    roleRef:
    kind: ClusterRole
    name: magalix-agent
    apiGroup: rbac.authorization.k8s.io

    Track and enforce the right configurations in your Kubernetes cluster with Magalix NOW

    Connect Your First Cluster