Installation

  1. Install Helm v3 on your machine if not already installed, as it is the only supported way to install the Admiralty agent at the moment.

    The Admiralty agent must be installed in all clusters that you want to connect. Repeat the following steps for each cluster:

  2. Set your current kubeconfig and context to target the cluster:

    export KUBECONFIG=changeme # if using multiple kubeconfig files
    kubectl config use-context changeme # if using multiple contexts

  3. Refer to the cert-manager documentation to install version 1.0+, if not already installed.

  4. Install the Admiralty agent with Helm v3:

    helm install admiralty oci://public.ecr.aws/admiralty/admiralty \
    --namespace admiralty --create-namespace \
    --version 0.17.0 \
    --wait

Virtual Kubelet certificate

Some cloud control planes, such as EKS won't sign certificates for the virtual kubelet if they don't have the right CSR SignerName value, meaning that kubernetes.io/kubelet-serving would be rejected as a invalid SignerName.

If that's the case, you can set VKUBELET_CSR_SIGNER_NAME env var in the controller-manager deployment, or set controllerManager.certificateSignerName value in the helm chart, which would use the correct SignerName to be signed by the control plane.

In particular, on EKS, use beta.eks.amazonaws.com/app-serving.

Edit this page