Kubernetes Agent
Deploy the KubeWatch agent on Kubernetes using Helm.
The Kubernetes agent uses the in-cluster Kubernetes API to collect pod, node, service, and event data, no Docker socket needed. It is deployed as a Deployment with a ClusterRole that grants read-only access to cluster resources.
Prerequisites
- Helm 3.10+
kubectlconfigured with access to your cluster- A KubeWatch API key (from Settings → API Keys in the dashboard)
Step 1: Add the Helm repository
helm repo add kubewatch https://charts.kubewatchlabs.com
helm repo update
Step 2: Install the agent
helm install kubewatch-agent kubewatch/kubewatch-agent \
--namespace kubewatch \
--create-namespace \
--set agent.apiKey=YOUR_API_KEY \
--set agent.clusterName=my-production-cluster \
--set agent.interval=15 \
--set agent.logLevel=info
Replace YOUR_API_KEY with your actual API key and my-production-cluster with a descriptive name for this cluster, it will appear in the KubeWatch dashboard agent selector.
The agent connects to KubeWatch automatically, there is no endpoint to configure.
Step 3: Verify the agent is running
kubectl get pods -n kubewatch
Expected output:
NAME READY STATUS RESTARTS AGE
kubewatch-agent-7d9f8b6c4d-xk2pq 1/1 Running 0 45s
Check the agent logs to confirm it registered successfully:
kubectl logs -n kubewatch -l app=kubewatch-agent
You should see:
INFO agent registered, id=agent_abc123 cluster=my-production-cluster
INFO push ok, containers=12 pods=8 nodes=3
RBAC
The Helm chart creates a ClusterRole that grants read-only access to the following resources:
| Resource | Verbs |
|---|---|
| pods | get, list, watch |
| nodes | get, list, watch |
| services | get, list, watch |
| namespaces | get, list |
| events | get, list, watch |
| replicationcontrollers | get, list |
| deployments, replicasets, statefulsets, daemonsets | get, list, watch |
No write permissions are granted. The agent never modifies cluster resources.
Helm values reference
| Value | Default | Description |
|---|---|---|
agent.apiKey | "" | KubeWatch API key (required) |
agent.clusterName | "" | Display name in dashboard |
agent.interval | 15 | Metrics push interval in seconds |
agent.logLevel | info | Log level: debug, info, warn, error |
agent.image.tag | latest | Agent image tag |
resources.requests.memory | 64Mi | Memory request |
resources.limits.memory | 128Mi | Memory limit |
Uninstall
helm uninstall kubewatch-agent -n kubewatch
kubectl delete namespace kubewatch