Skip to main content

SKE Health Agent

The SKE Health Agent is a health check agent to be installed in Kubernetes Destinations where health checks can be executed.

The Agent is released separately from SKE. Its releases can be found here.

Features

The Agent will:

  • Schedule the execution of Health Check Workflows from the Destination
  • Persist the data from a health check into a state store

Requirements

The Agent will write the health information to a state store. The Platform cluster must have a GitOps agent listening to the state store, so the resource health can be applied back to the Platform cluster.

Install

The health agent is released separately from SKE. Its releases can be found in the SKE Health Agent release page and it can be installed using the helm chart.

To install the agent using the Helm chart, start by adding the Syntasso Helm repository:

helm repo add syntasso https://syntasso.github.io/helm-charts
helm repo update

Configure values

Helm can accept values via the values file. Any configuration should be placed in a values.yaml file that is then passed in to the helm install command.

tip

You can see all available configuration in the helm chart repository.

The SKE license

SKE Health Agent images are hosted in a private registry. To access these images, you will need to authenticate using the token you have been provided with by Syntasso.

In your values file, you can set the skeLicense field to the license token provided to you by Syntasso.

skeLicense: LICENSE # provided to you by Syntasso

This will generate a Kubernetes Secret in the k8s-health-agent-system namespace that will be used to authenticate to the image registry. You can use your own image pull secret by setting the imageRegistry.imagePullSecret field instead.

warning

For the SKE Health Agent to work, you will need to make sure that your Destination cluster can access the Image Registry.

Image registry for Air-gapped Environments

You may want to manage the agent images within your own environment either due to air-gapped requirements or other security measures.

To do this, you will need to set up image mirroring and configure the SKE Health Agent chart to pull image from your own registry.

You must ensure that images listed below are mirrored to your own image registry and tagged according to the version:

  • registry.syntasso.io/syntasso/k8s-health-agent
  • registry.syntasso.io/syntasso/health-check-adapter

You can then customise imageRegistry.host in your values file:

# Configuration for the image registry
# Update these values if you are using a private image registry
imageRegistry:
  host: "my-org.registry.io"
  imagePullSecret: "secret-name"
# ...

Deploy the agent

Next, install the agent by running:

helm install health-agent syntasso/k8s-health-agent --values values.yaml

Set up access to the State Store

You will need to create a ConfigMap and Secret with the credentials to access the state store. The format will depend on the type of state store you wish to use. The agent currently support two different types of state stores: S3-compatible buckets and Git repositories.

To configure a Git repository, create a ConfigMap and Secret with the following content:

apiVersion: v1
kind: ConfigMap
metadata:
  name: health-state-store-config
  namespace: k8s-health-agent-system
data:
  stateStoreKind: "GitStateStore"
  url: # address
  secretName: <secret name>
  branch: # optional (default: main)
---
apiVersion: v1
kind: Secret
metadata:
  name: <secret name>
  namespace: k8s-health-agent-system
stringData:
  # for basicAuth
  username: # username
  password: # password / API Token
info

ssh method for authentication is not currently supported.

To configure a S3-compatible bucket, create a ConfigMap and Secret with the following content:

apiVersion: v1
kind: ConfigMap
metadata:
  name: health-state-store-config
  namespace: k8s-health-agent-system
data:
  stateStoreKind: "BucketStateStore"
  endpoint: # address
  bucketName: # bucket name
  authMethod: # accessKey or IAM (default: accessKey)
  secretName: <secret name> # required for accessKey
  path: # path within the bucket; optional
  insecure: # true or false (default: false); optional
---
apiVersion: v1
kind: Secret
metadata:
  name: <secret name>
  namespace: k8s-health-agent-system
type: kubernetes.io/basic-auth
stringData:
  accessKeyID: # accessKey ID
  secretAccessKey: # secret access key
warning

The configuration should be created after installing agent, otherwise the namespace will not exist.