SKE Health Agent
The SKE Health Agent is a health check agent to be installed in Kubernetes Destinations where health checks can be executed.
The Agent is released separately from SKE. Its releases can be found here.
Features
The Agent will:
- Schedule the execution of Health Check Workflows from the Destination
- Persist the data from a health check into a state store
Requirements
The Agent will write the health information to a state store. The Platform cluster must have a GitOps agent listening to the state store, so the resource health can be applied back to the Platform cluster.
Install
The health agent is released separately from SKE. Its releases can be found in the SKE Health Agent release page and it can be installed using the helm chart.
To install the agent using the Helm chart, start by adding the Syntasso Helm repository:
helm repo add syntasso https://syntasso.github.io/helm-charts
helm repo update
Configure values
Helm can accept values via the values file. Any configuration should be placed in a values.yaml file that is then passed in to the helm install command.
You can see all available configuration in the helm chart repository.
The SKE license
SKE Health Agent images are hosted in a private registry. To access these images, you will need to authenticate using the token you have been provided with by Syntasso.
In your values file, you can set the skeLicense
field to the license token provided to you by Syntasso.
skeLicense: LICENSE # provided to you by Syntasso
For the SKE Health Agent to work, you will need to make sure that your Destination cluster can access the Image Registry.
Image registry for Air-gapped Environments
You may want to manage the agent images within your own environment either due to air-gapped requirements or other security measures.
To do this, you will need to set up image mirroring and configure the SKE Health Agent chart to pull image from your own registry.
You must ensure that images listed below are mirrored to your own image registry and tagged according to the version:
registry.syntasso.io/syntasso/k8s-health-agent
registry.syntasso.io/syntasso/health-check-adapter
You can then customise imageRegistry.host
in your values file:
# Configuration for the image registry
# Update these values if you are using a private image registry
imageRegistry:
host: "my-org.registry.io"
# ...
Deploy the agent
Next, install the agent by running:
helm install health-agent syntasso/k8s-health-agent --values values.yaml
Set up access to the State Store
You will need to create a ConfigMap and Secret with the credentials to access the state store. The format will depend on the type os state store you wish to use. The agent currently support two different types of state stores: S3-compatible buckets and Git repositories.
To configure a Git repository, create a ConfigMap and Secret with the following content:
apiVersion: v1
kind: ConfigMap
metadata:
name: health-state-store-config
namespace: k8s-health-agent-system
data:
stateStoreKind: "GitStateStore"
url: # address
secretName: <secret name>
branch: # optional (default: main)
---
apiVersion: v1
kind: Secret
metadata:
name: <secret name>
namespace: k8s-health-agent-system
stringData:
# for basicAuth
username: # username
password: # password / API Token
ssh
method for authentication is not currently supported.
To configure a S3-compatible bucket, create a ConfigMap and Secret with the following content:
apiVersion: v1
kind: ConfigMap
metadata:
name: health-state-store-config
namespace: k8s-health-agent-system
data:
stateStoreKind: "BucketStateStore"
endpoint: # address
bucketName: # bucket name
authMethod: # accessKey or IAM (default: accessKey)
secretName: <secret name> # required for accessKey
path: # path within the bucket; optional
insecure: # true or false (default: false); optional
---
apiVersion: v1
kind: Secret
metadata:
name: <secret name>
namespace: k8s-health-agent-system
type: kubernetes.io/basic-auth
stringData:
accessKeyID: # accessKey ID
secretAccessKey: # secret access key
The configuration should be created after installing agent, otherwise the namespace will not exist.