Kubernetes Agent

Deploy the KubeWatch agent on Kubernetes using Helm.

The Kubernetes agent uses the in-cluster Kubernetes API to collect pod, node, service, and event data, no Docker socket needed. It is deployed as a Deployment with a ClusterRole that grants read-only access to cluster resources.

Prerequisites

  • Helm 3.10+
  • kubectl configured with access to your cluster
  • A KubeWatch API key (from Settings → API Keys in the dashboard)

Step 1: Add the Helm repository

helm repo add kubewatch https://charts.kubewatchlabs.com
helm repo update

Step 2: Install the agent

helm install kubewatch-agent kubewatch/kubewatch-agent \
  --namespace kubewatch \
  --create-namespace \
  --set agent.apiKey=YOUR_API_KEY \
  --set agent.clusterName=my-production-cluster \
  --set agent.interval=15 \
  --set agent.logLevel=info

Replace YOUR_API_KEY with your actual API key and my-production-cluster with a descriptive name for this cluster, it will appear in the KubeWatch dashboard agent selector.

The agent connects to KubeWatch automatically, there is no endpoint to configure.

Running KubeWatch self-hosted? See [Self-Hosted](/self-hosted/kubernetes-helm) for deploying agents against your own gateway.

Step 3: Verify the agent is running

kubectl get pods -n kubewatch

Expected output:

NAME                               READY   STATUS    RESTARTS   AGE
kubewatch-agent-7d9f8b6c4d-xk2pq   1/1     Running   0          45s

Check the agent logs to confirm it registered successfully:

kubectl logs -n kubewatch -l app=kubewatch-agent

You should see:

INFO  agent registered, id=agent_abc123 cluster=my-production-cluster
INFO  push ok, containers=12 pods=8 nodes=3

RBAC

The Helm chart creates a ClusterRole that grants read-only access to the following resources:

ResourceVerbs
podsget, list, watch
nodesget, list, watch
servicesget, list, watch
namespacesget, list
eventsget, list, watch
replicationcontrollersget, list
deployments, replicasets, statefulsets, daemonsetsget, list, watch

No write permissions are granted. The agent never modifies cluster resources.

Helm values reference

ValueDefaultDescription
agent.apiKey""KubeWatch API key (required)
agent.clusterName""Display name in dashboard
agent.interval15Metrics push interval in seconds
agent.logLevelinfoLog level: debug, info, warn, error
agent.image.taglatestAgent image tag
resources.requests.memory64MiMemory request
resources.limits.memory128MiMemory limit

Uninstall

helm uninstall kubewatch-agent -n kubewatch
kubectl delete namespace kubewatch