# Install ### Install Kubernetes Collector installation has a different flow than normal collectors. Steps 1. Create a configuration for a Kubernetes platform 1. Kubernetes Node: Deploys a collector to each node in the cluster using a DaemonSet. 2. Kubernetes Cluster: Deploys a collector as a single pod Deployment. 3. Kubernetes Gateway: Deploys a scalable set of collectors using a Deployment or StatefulSet. 4. OpenShift Daemonset: Deploys a collector to each node in the cluster. 5. OpenShift Deployment: Deploys a collector as a single pod deployment. 6. OpenShift Gateway: Deploys a scalable set of collectors as a Deployment. See [OpenShift Gateway](#openshift-gateway) for special instructions. 2. Navigate to the collector's page and select "Install Collectors" 3. Choose a Kubernetes Platform 4. Select your configuration from step 1 5. Copy the YAML manifest to a file 6. Deploy the YAML manifest with `kubectl apply -f ` The collectors will be deployed to the cluster in the `bindplane-agent` namespace and connect to Bindplane automatically. #### OpenShift Gateway Unlike the OpenShift Node and Cluster agent, the Gateway agent does not require additional\ SecurityContextConstraint configuration nor does it require the same RBAC configuration. Deploying the OpenShift Gateway is similar to deploying the Kubernetes Gateway, outlined in the steps above. There is one exception. Create your namespace if it does not already exist. This will also create an OpenShift Project resource. ```bash oc create namespace bindplane-agent ``` Determine your `uid` range by describing the project. Look for the `openshift.io/sa.scc.uid-range`\ label. ```bash oc describe project bindplane-agent ``` ```txt Name: bindplane-agent Created: 8 minutes ago Labels: kubernetes.io/metadata.name=bindplane-agent pod-security.kubernetes.io/audit=restricted pod-security.kubernetes.io/audit-version=v1.24 pod-security.kubernetes.io/warn=restricted pod-security.kubernetes.io/warn-version=v1.24 openshift.io/display-name=bindplane-agent openshift.io/node-selector= openshift.io/sa.scc.mcs=s0:c33,c2 openshift.io/sa.scc.supplemental-groups=1001060000/10000 openshift.io/sa.scc.uid-range=1001060000/10000 Display Name: bindplane-agent Description: Status: Active Node Selector: Quota: Resource limits: ``` In this example, the `openshift.io/sa.scc.uid-range` starts at `1001060000`. Yours will differ. Update the YAML manifest downloaded from the Bindplane (Step 2 above). Make the following changes. 1. Replace all instances of `1000000000` with a UID from your range. 2. If you used a project name other than `bindplane-agent`, update all instances of `namespace: bindplane-agent` to reflect that change. Apply the YAML manifest to your cluster with `oc apply`. ```txt serviceaccount/bindplane-agent created role.rbac.authorization.k8s.io/bindplane-gateway-agent created rolebinding.rbac.authorization.k8s.io/bindplane-gateway-agent created service/bindplane-gateway-agent created service/bindplane-gateway-agent-headless created deployment.apps/bindplane-gateway-agent created horizontalpodautoscaler.autoscaling/bindplane-gateway-agent created ``` If the pods are running, everything is working. ```txt $ oc -n bindplane-agent get pod NAME READY STATUS RESTARTS AGE bindplane-gateway-agent-74ff748988-bpzw5 1/1 Running 0 5s bindplane-gateway-agent-74ff748988-ptd2x 1/1 Running 0 3s ``` ### Example Installation Create a configuration using a Kubernetes-compatible source. This example uses the Kubernetes Event Logs source.
Bindplane docs - Install Kubernetes Collectors - image 1
Once the configuration has been created, navigate to the Collectors page and select "Install Collectors". Select your Kubernetes platform and configuration. You will be prompted to copy the YAML manifest. Copy it and save it to a file.
Bindplane docs - Install Kubernetes Collectors - image 2
Ensure that the `OPAMP_ENDPOINT`environment variable has the correct value for your server. If you did not configure ingress, this value should match your deployment clusterIP service name and namespace. In this example, the service name is "my-bindplane" and the namespace is "default". ``` - name: OPAMP_ENDPOINT value: "ws://my-bindplane.default.svc.cluster.local:3001/v1/opamp" ``` If you configured ingress, your `OPAMP_ENDPOINT` should contain the ingress hostname and port. The port should be `80` for non-TLS ingress, and `443` if ingress TLS is enabled. Similarly, the protocol should be `ws` (websocket) when TLS is not configured, and `wss` (secure web socket) when TLS is enabled. Deploy the YAML manifest with `kubectl apply -f `. Once deployed, your collector(s) will appear on the Collectors page, and they will be bound to your configuration.
Bindplane docs - Install Kubernetes Collectors - image 3
### TLS Kubernetes agents can be configured to connect to Bindplane using TLS. If the Bindplane TLS certificate is publicly signed, no action is required. If the certificate is signed by an internal certificate\ authority, the agent can be configured with a custom certificate authority for verifying the Bindplane\ certificate. Your certificate authority file (`ca.crt`) can be added to a secret in the `bindplane-agent` namespace using the following command. ```bash kubectl -n bindplane-agent create secret generic my-tls \ --from-file ca.crt ``` Once the secret is created, you can modify your agent YAML manifest. Specifically, you need to append to the `volumes`, `volumeMounts`, and `env` sections of the agent container. ```yaml spec: template: spec: containers: - name: opentelemetry-collector env: + - name: OPAMP_TLS_CA + value: /opt/tls/ca.crt volumeMounts: + - name: tls + mountPath: /opt/tls volumes: + - name: tls + secret: + secretName: my-tls ``` Using this example, the CA certificate `ca.crt` will be mounted to `/opt/tls/ca.crt`. The OpAMP client will be configured to use this certificate authority when validating CA certificates. You can learn more about the various OpAMP environment variables [here](https://github.com/observIQ/bindplane-otel-collector/blob/main/docs/opamp.md#environment-variables). #### Mutual TLS When using mutual TLS, the same process is used. In this case, a client keypair is provided. This example uses `client.crt` and `client.key`. ```bash kubectl -n bindplane-agent create secret generic my-tls \ --from-file ca.crt \ --from-file client.crt \ --from-file client.key ``` ```yaml spec: template: spec: containers: - name: opentelemetry-collector env: + - name: OPAMP_TLS_CA + value: /opt/tls/ca.crt + - name: OPAMP_TLS_CERT + value: /opt/tls/client.crt + - name: OPAMP_TLS_KEY + value: /opt/tls/client.key volumeMounts: + - name: tls + mountPath: /opt/tls volumes: + - name: tls + secret: + secretName: my-tls ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bindplane.com/deployment/kubernetes/collector/install.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.