You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is no single reference guide for deploying an agent via kubectl (without the Kagenti UI/backend). The pieces exist across multiple docs and demos, but a developer deploying manually has to discover the conventions and required resources by reading operator source code.
Problem
The controller assumes the Service name matches the workload name (ServiceName: targetRef.Name in internal/controller/agentcard_controller.go:374). This convention is not documented as a requirement. A developer deploying via kubectl who names their Service differently will get ServiceNotFound errors with no clear guidance.
The required resources and conventions are spread across:
docs/dynamic-agent-discovery.md — covers Deployment+Service example and AgentCard auto-creation, but not the full checklist
demos/agentcard-spire-signing/k8s/ — complete manifests but specific to SPIRE signing flow
docs/agentcard-signature-verification.md — covers the signing init container setup
Proposed Content
A single kubectl deployment guide covering the full resource checklist:
Namespace — with appropriate labels
ServiceAccount — for SPIRE registration if using signing
Deployment — required labels:
kagenti.io/type: agent
protocol.kagenti.io/a2a: ""
app.kubernetes.io/name: <name>
Service — must match the Deployment name (controller convention)
AgentCard CR — optional (sync controller auto-creates one), but needed to configure identityBinding
The guide should include a ready-to-use template covering all six resources, with annotations explaining which parts are required vs optional and which conventions must be followed.
Summary
There is no single reference guide for deploying an agent via
kubectl(without the Kagenti UI/backend). The pieces exist across multiple docs and demos, but a developer deploying manually has to discover the conventions and required resources by reading operator source code.Problem
The controller assumes the Service name matches the workload name (
ServiceName: targetRef.Nameininternal/controller/agentcard_controller.go:374). This convention is not documented as a requirement. A developer deploying via kubectl who names their Service differently will getServiceNotFounderrors with no clear guidance.The required resources and conventions are spread across:
docs/dynamic-agent-discovery.md— covers Deployment+Service example and AgentCard auto-creation, but not the full checklistdemos/agentcard-spire-signing/k8s/— complete manifests but specific to SPIRE signing flowdocs/agentcard-signature-verification.md— covers the signing init container setupProposed Content
A single kubectl deployment guide covering the full resource checklist:
kagenti.io/type: agentprotocol.kagenti.io/a2a: ""app.kubernetes.io/name: <name><name>-card-unsigned) — if using SPIRE signing; should contain real capabilities (see Signed AgentCard always has empty skills/capabilities in automated deploy path #292)identityBindingThe guide should include a ready-to-use template covering all six resources, with annotations explaining which parts are required vs optional and which conventions must be followed.
Related
docs/dynamic-agent-discovery.md— existing partial coveragedemos/agentcard-spire-signing/k8s/— existing demo manifests