- Managed Kubernetes
- Managed Kubernetes
First of all, let’s talk about the Fairwinds Insights In-Cluster Agent —what is it, anyway? At Fairwinds, we refer to the Helm chart used to deploy it as the Fairwinds Insights Agent. The agent makes it easy to deploy multiple open-source tools using that single Helm installation; we refer to the tools integrated with the software as reports. This simple installation process makes it easy to redeploy Fairwinds Insights if you want to add or remove reports, which helps engineers avoid doing custom work to install and configure each tool.
The In-Cluster Agent runs inside your Kubernetes clusters and sends the data collected back to Fairwinds Insights, where the findings from each report are aggregated and published in a dashboard view to enable easy consumption, prioritization, and issue tracking. This provides a unified, multi-cluster view into the three areas where organizations deploying on Kubernetes run into the most configuration issues: security, cost efficiency, and reliability.
If you’re new to Fairwinds Insights, check out this post on how to get started (try our free tier for environments up to 20 nodes, two clusters, and one repo). If you have already created an organization within Fairwinds Insights, log in to the user interface (UI). Then, click on Clusters in the left column and then find the button in the top right corner that says Add Cluster. Enter a new cluster name and click Create Cluster. This creates an endpoint that allows the agent to send data back to the Insights platform.
Once you create the cluster within the Insights platform, you have a lot of options to choose from on how you want to configure it. Insights allows a lot of different reports to share data with it to help you better understand how your Kubernetes clusters are functioning. These reports cover a lot of important aspects of Kubernetes, including:
Depending on which area you're currently most focused on, you may want to pick one or two of those reports (or more, it’s up to you) and install them. Once installed, the reports can begin to scan your cluster and upload data to the platform. From there, you can also create Jira tickets, Slack alerts, set up policies for governance, and other actions and integrations.
Now that you have created the cluster in Fairwinds Insights, let’s look at how to add Polaris and Nova. Polaris is an open-source policy engine that validates and remediates Kubernetes resources, while Nova helps you find outdated or deprecated Helm charts running in your cluster. Go to Install Hub in the top navigation and click the button that says Available under Polaris if you want to customize your reports cadence and schedule — make your choices and click Update Config Options. Or just click Quick Add if you want to make those updates later.
It’s important to understand that completing this step does not actually install Polaris or any other report. It generates a Helm chart for you, adding Polaris and the configuration settings you selected. If you click on the button that says Ready to Install in the top right of that area of the UI, you can see the new values for the Helm chart are automatically generated for you.
You can select the text in gray or click the little copy/paste icon to the left of the gray box.
This is the contents of the values.yaml file, which also includes the token that allows you to authenticate to the platform. You can see in the code that Polaris and Nova are the two reports that you are going to enable. Now you need to create the values.yaml file, paste the helm chart, and then save. Next head to your command line and run the helm install command provided. Then you can copy the command to install Insights with those new values.
There are a lot of things that may need to be configured. Some of the configurations are simple, as they are with Polaris and Nova. You can make changes in the Install Hub and rebuild the values.yaml file or you can make updates to the file at the command line. Other reports require a little more effort to install properly.
Trivy scans for vulnerabilities in your containers, and it’s a good example of a report that can require more configuration. If you have containers that reside in a private repo, such as an AWS or GCP repo, Trivy will need permissions to access those repos. So you need to give it the necessary permissions in the values.yaml file. There are a lot of different flags and settings that you can set, so expect to spend a little bit of time working with these reports to get them tailored to your specific needs.
Once you have set your configurations the way you want them, it's time to update the helm chart settings by rerunning the Helm upgrade command provided. In order to check on the status of the pods, feel free to run a "get pods" command in the "insights-agent" namespace.
Still looking at the command line, you can see that everything is installed the way you planned. If you look closely, you can see that the agent set up a number of cron jobs for Nova and Polaris. Based on what is set up in this example, it will run a scan of the cluster every three hours. Then it sends that information back to the Insights platform, and you can see that data turn into Action Items in the Insights dashboard.
Now that you have the In-Cluster Agent installed, you’ll see your Insights dashboard updated regularly. You can come back and change which reports are installed and how they are configured, so you can focus on making your Kubernetes clusters as secure, cost efficient, and reliable as possible. Reach out if you get stuck or have questions. And join the Fairwinds Community Slack group to ask questions and get answers from the Fairwinds team and the community members.
Watch the install video: How to Install the Fairwinds Insights In-Cluster Agent