Skip to main content

Kubernetes

Estimated deployment time: 15 minutes

caution

Only deploy the agent with Kubernetes if your organization already runs Kubernetes. Otherwise, we recommend using one of the alternative production deployment methods.

The OPA can be deployed on any Kubernetes cluster with the Superblocks Helm chart. If your organization doesn't use Helm to manage Kubernetes resources, you can still install the Helm CLI and use it to generate the manifest templates to deploy directly.

Installation

Add the chart repository

helm repo add superblocks https://charts.superblocks.com/superblocks
helm repo update

Configure values file

Create a local values.yaml file copied from the agent's Helm chart repo here. Aside from the default settings, the following settings are required to enable Ingress and allow communication from your users to the agent running in the cluster.

superblocks:
  agentHostUrl: "https://YOUR.VALID.DOMAIN.COM"

#(...)

controller:
  service:
    # Use ClusterIP if your ingress controller routes traffic directly to pods.
    # Otherwise, update the type based on your ingress controller settings.
    # For example, defaults for native cloud controllers require NodePort.
    type: ClusterIP 
    port: 8020

  ingress:
    enabled: true
    class: "" # nginx
    annotations: {}
      # kubernetes.io/tls-acme: "true"
    hosts:
      - host: YOUR.VALID.DOMAIN.COM
        paths:
        - /
        - path: /agent
          pathType: Prefix
        - path: /health
    tls: []
    # - secretName: chart-example-tls
    #   hosts:
    #     - YOUR.VALID.DOMAIN.COM

The values for superblocks.agentHostUrl and controller.ingress.hosts[0].host should be the same DNS entry (CNAME or A record) that points to the ingress-managed load balancer in front of the agent.

Deploy the chart

After making changes to values.yaml, save and deploy the chart. 

helm upgrade -i -n superblocks superblocks-agent superblocks/superblocks-agent \
  --create-namespace \
  -f values.yaml \
  --set superblocks.agentKey='<AGENT_KEY>' # obtained during agent onboarding \
  --set superblocks.agentEnvironment='<"*"|"staging"|"production">'

## Billable services

When running the OPA on Kubernetes, it is important to be aware of your container management provider's pricing (i.e. [EKS](https://aws.amazon.com/eks/pricing/), [GKE](https://cloud.google.com/kubernetes-engine/pricing), [AKS](https://azure.microsoft.com/en-us/pricing/details/kubernetes-service/)) and the cost of any associated infrastructure like networking, load balancers, and DNS.