Skip to main content

Kubernetes

Estimated deployment time: 15 minutes

The OPA can be deployed on any Kubernetes cluster with the Superblocks Helm chart. If your organization doesn't use Helm to manage Kubernetes resources, you can still install the Helm CLI and use it to generate the manifest templates to deploy directly.

Installation

Add the chart repository

helm repo add superblocks https://charts.superblocks.com/superblocks
helm repo update

Configure values file

Create a local values.yaml file copied from the agent's Helm chart repo here. Aside from the default settings, the following settings are required to enable Ingress and allow communication from your users to the agent running in the cluster.

superblocks:
  agentHostUrl: "https://SUBDOMAIN.DOMAIN.TLD"

#(...)
service:
  # Use ClusterIP if your ingress controller routes traffic directly to pods.
  # Otherwise, update the service type based on your ingress controller settings.
  # For example, defaults for native cloud controllers require NodePort.
  type: ClusterIP
  ports:
    grpc: 8081
    http: 8080
    metrics: 9090

ingress:
  enabled: true
  class: "" # nginx
  annotations: {}
    # kubernetes.io/tls-acme: "true"
  
  hosts:
    - host: SUBDOMAIN.DOMAIN.TLD
      paths:
        - path: /
          pathType: Prefix
  tls: []
  # - secretName: chart-example-tls
  #   hosts:
  #     - SUBDOMAIN.DOMAIN.TLD

The values for superblocks.agentHostUrl and ingress.hosts[0].host should be the same DNS entry (CNAME or A record) that points to the ingress-managed load balancer in front of the agent.

info

If you use the EU Superblocks instance, also set superblocks.agentDataDomain to eu.superblocks.com.

Deploy the chart

info

Navigate to the On-Premise Agent Setup Wizard and click on the relevant Kubernetes tab for your platform (EKS, GKE, or AKS).

After making changes to values.yaml, save and deploy the chart. Adjust superblocks.agentTags as needed depending on your environment.

helm upgrade -i -n superblocks superblocks-agent superblocks/superblocks-agent \
  --create-namespace \
  -f values.yaml \
  --set superblocks.agentKey='<AGENT_KEY>' # obtained during agent onboarding \
  --set superblocks.agentTags='profile:*' \
  --set superblocks.agentDataDomain="app.superblocks.com"

Billable services

When running the OPA on Kubernetes, it is important to be aware of your container management provider's pricing (i.e. EKS, GKE, AKS) and the cost of any associated infrastructure like networking, load balancers, and DNS.