Skip to main content

Deploy SPIRL Agent to the Cluster

We'll deploy the SPIRL Agent to the cluster using the Helm chart. You'll need to provide the following values to the Helm chart:

  • Endpoint - the address of the Trust Domain server you previously deployed. e.g. td-server.spirl.example.com
  • ClusterVersionID - the Cluster Version ID you recorded after registering the cluster with the Trust Domain server. e.g. cv-1r0yfu9yjy
  • PrivateKey - the Private Key you recorded after registering the cluster with the Trust Domain server.

Here is a sample values file:

agent:
  endpoint: 
    endpoint: "td-server.spirl.example.com"
  auth:
    key:
      id: "cv-1r0yfu9yjy"
      pem: |
        -----BEGIN PRIVATE KEY-----
        MC4CAQAwBQYDK2VwBCIEIIsMdMEaZz+WVkIkiCzHHGWmvnyWiyhwFmxgKdUbTzRy
        -----END PRIVATE KEY-----

Download the latest SPIRL Agent

You can download the latest version of the Helm chart by running the following command.

helm pull oci://ghcr.io/spirl/charts/spirl-system -d .

Deploy SPIRL Agent

You can deploy the SPIRL Agent to the cluster using the following command:

helm upgrade --install --namespace spirl-system --create-namespace --values ./values.yaml spirl-system ./spirl-system-0.9.0.tgz

You should see the following output:

Release "spirl-system" does not exist. Installing it now.
NAME: spirl-system
LAST DEPLOYED: Tue Dec 19 14:02:09 2023
NAMESPACE: spirl-system
STATUS: deployed
REVISION: 1
TEST SUITE: None

Verify SPIRL Agent Deployment

Check your target namespace for the SPIRL Agent pods and verify that they are running. You can also check the logs of the SPIRL Agent pods to verify that they are connected to the SPIRL Trust Domain Server.

 kubectl -n spirl-system logs $(kubectl -n spirl-system get pods -o name | grep "spirl-agent" | head -n 1)

For successful deployment you should see the following log message:

{"level":"info","ts":1703024269.4806662,"logger":"bundleRefresher","msg":"Bundle added or updated","trustDomain":"spirl.example.com"}

The trustDomain key will contain the name of your trust domain.

Disable TLS for SPIRL Agent and SPIRL Trust Domain Server Communication

By default, SPIRL Agent and SPIRL Trust Domain server communicate over TLS. However, in some scenarios (e.g. lab environments) you may want to disable TLS for SPIRL Agent and SPIRL Trust Domain server communication. You can do that by editing the spirl-agent daemonset and adding SPIRL_ENDPOINT_ENABLE_TLS environment variable with the "false" value.