|
| 1 | +# Support existing Flux |
| 2 | + |
| 3 | +Agent Control supports using an existing Flux installation. In other words, we can install Agent Control in a k8s cluster where Flux is already present. However, for the moment, we **DON’T HAVE** extensive and complete support for that. There are some limitations to that feature. |
| 4 | + |
| 5 | +## Requirements |
| 6 | + |
| 7 | +> [!WARNING] |
| 8 | +> **Unsupported Configuration**\ |
| 9 | +> Ensure the cluster complies with the following requirements. Configurations that deviate from these specifications are not validated or supported and may result in unexpected behavior or instability. |
| 10 | +
|
| 11 | +* Flux version 2 |
| 12 | + * Helm Controller component |
| 13 | + * HelmRelease CRD from helm.toolkit.fluxcd.io/v2 |
| 14 | + * Source Controller component |
| 15 | + * HelmRepository CRD from source.toolkit.fluxcd.io/v1 |
| 16 | +* ClusterRole for Flux with sufficient permissions |
| 17 | +* Flux is configured to watch resources in the namespace where Agent Control will be installed |
| 18 | + |
| 19 | +## How do we configure AC to work with an already existing Flux? |
| 20 | + |
| 21 | +Disable agent-control-cd. This is very straightforward. |
| 22 | + |
| 23 | +```yaml |
| 24 | +agentControlCd: |
| 25 | + enabled: false |
| 26 | +``` |
| 27 | +
|
| 28 | +The final config would look something like the following: |
| 29 | +
|
| 30 | +```yaml |
| 31 | +global: |
| 32 | + cluster: "xxx" |
| 33 | + licenseKey: "xxx" |
| 34 | + |
| 35 | +agentControlCd: |
| 36 | + enabled: false |
| 37 | + |
| 38 | +agentControlDeployment: |
| 39 | + chartValues: |
| 40 | + subAgentsNamespace: "newrelic" |
| 41 | + config: |
| 42 | + fleet_control: |
| 43 | + fleet_id: "xxx" |
| 44 | + systemIdentity: |
| 45 | + organizationId: "xxx" |
| 46 | + parentIdentity: |
| 47 | + clientId: "xxx" |
| 48 | + clientSecret: "xxx" |
| 49 | +``` |
| 50 | +
|
| 51 | +## What's the minimum set of permissions required for the Cluster Role? |
| 52 | +
|
| 53 | +This depends on the agents that we plan to install with Agent Control. The permissions is the sum of the permissions needed by: |
| 54 | +
|
| 55 | +* `HelmController` |
| 56 | +* `SourceController` |
| 57 | +* Agent Control |
| 58 | +* Every agent we want to install |
| 59 | + |
| 60 | +Alternatively, we can use `cluster-admin`. This grants root privileges and it's [used by default in the Flux chart](https://github.com/fluxcd-community/helm-charts/tree/main/charts/flux2). |
| 61 | + |
| 62 | +## How does Flux watched namespaces influence Agent Control? |
| 63 | + |
| 64 | +Agent Control must be installed on a namespace watched by Flux. Otherwise, agents won't be installed. Now, we can find ourselves in two situations. |
| 65 | + |
| 66 | +First, Flux is configured to watch every namespace (`--watch-all-namespaces` is true). In that case, we can install Agent Control in any namespace and it will work out of the box. |
| 67 | + |
| 68 | +Second, Flux is configured to only watch the runtime namespace (`--watch-all-namespaces` is false). Then, we need to install Agent Control in the same namespace where Flux was installed. |
0 commit comments