Docs
Free trial

Automated Installation

Automated installation via Terraform

The Kubernetes agent can be installed and managed using a combination of the Kubernetes agent Helm chart <= v1.1.0, Octopus Deploy <= v0.20.0 Terraform provider and/or Helm Terraform provider.

Octopus Deploy & Helm

Using a combination of the Octopus Deploy and Helm providers you can completely manage the Kubernetes agent via Terraform.

To ensure that the Kubernetes agent and the deployment target within Octopus associate with each other correctly the some of the Helm chart values and deployment target properties must meet the following criteria: octopusdeploy_kubernetes_agent_deployment_target.name and agent.targetName have the same values. octopusdeploy_kubernetes_agent_deployment_target.uri and agent.serverSubscriptionId have the same values. octopusdeploy_kubernetes_agent_deployment_target.thumbprint is the thumbprint calculated from the certificate used in agent.certificate.

terraform {
  required_providers {
    octopusdeploy = {
      source  = "octopus.com/com/octopusdeploy"
      version = "0.20.0"
    }

    helm = {
      source  = "hashicorp/helm"
      version = "2.13.2"
    }
  }
}

locals {
  octopus_api_key         = "API-XXXXXXXXXXXXXXXX"
  octopus_address         = "https://myinstance.octopus.app"
  octopus_polling_address = "https://polling.myinstance.octopus.app"
}

provider "helm" {
  kubernetes {
    # Configure authentication for me
  }
}

provider "octopusdeploy" {
  address = local.octopus_address
  api_key = local.octopus_api_key
}

resource "octopusdeploy_space" "agent_space" {
  name                 = "agent space"
  space_managers_teams = ["teams-everyone"]
}

resource "octopusdeploy_environment" "dev_env" {
  name     = "Development"
  space_id = octopusdeploy_space.agent_space.id
}

resource "octopusdeploy_polling_subscription_id" "agent_subscription_id" {}
resource "octopusdeploy_tentacle_certificate" "agent_cert" {}

resource "octopusdeploy_kubernetes_agent_deployment_target" "agent" {
  name         = "agent-one"
  space_id     = octopusdeploy_space.agent_space.id
  environments = [octopusdeploy_environment.dev_env.id]
  roles        = ["role-1", "role-2", "role-3"]
  thumbprint   = octopusdeploy_tentacle_certificate.agent_cert.thumbprint
  uri          = octopusdeploy_polling_subscription_id.agent_subscription_id.polling_uri
}

resource "helm_release" "octopus_agent" {
  name             = "octopus-agent-release"
  repository       = "oci://registry-1.docker.io"
  chart            = "octopusdeploy/kubernetes-agent"
  version          = "1.*.*"
  atomic           = true
  create_namespace = true
  namespace        = "octopus-agent-target"

  set {
    name  = "agent.acceptEula"
    value = "Y"
  }

  set {
    name  = "agent.targetName"
    value = octopusdeploy_kubernetes_agent_deployment_target.agent.name
  }

  set_sensitive {
    name  = "agent.serverApiKey"
    value = local.octopus_api_key
  }

  set {
    name  = "agent.serverUrl"
    value = local.octopus_address
  }

  set {
    name  = "agent.serverCommsAddress"
    value = local.octopus_polling_address
  }

  set {
    name  = "agent.serverSubscriptionId"
    value = octopusdeploy_polling_subscription_id.agent_subscription_id.polling_uri
  }

  set_sensitive {
    name  = "agent.certificate"
    value = octopusdeploy_tentacle_certificate.agent_cert.base64
  }

  set {
    name  = "agent.space"
    value = octopusdeploy_space.agent_space.name
  }

  set_list {
    name  = "agent.targetEnvironments"
    value = octopusdeploy_kubernetes_agent_deployment_target.agent.environments
  }

  set_list {
    name  = "agent.targetRoles"
    value = octopusdeploy_kubernetes_agent_deployment_target.agent.roles
  }
}

Helm

The Kubernetes agent can be installed using just the Helm provider but the associated deployment target that is created in Octopus when the agent registers itself cannot be managed solely using the Helm provider, as the Helm chart values relating to the deployment target are only used on initial installation and any modifications to them will not trigger an update to the deployment target unless you perform a complete reinstall of the agent. This option is useful if you plan on managing the configuration of the deployment target via means such as the Portal or API.

terraform {
  required_providers {
    helm = {
      source  = "hashicorp/helm"
      version = "2.13.2"
    }
  }
}

provider "helm" {
  kubernetes {
    # Configure authentication for me
  }
}

locals {
  octopus_api_key         = "API-XXXXXXXXXXXXXXXX"
  octopus_address         = "https://myinstance.octopus.app"
  octopus_polling_address = "https://polling.myinstance.octopus.app"
}

resource "helm_release" "octopus_agent" {
  name             = "octopus-agent-release"
  repository       = "oci://registry-1.docker.io"
  chart            = "octopusdeploy/kubernetes-agent"
  version          = "1.*.*"
  atomic           = true
  create_namespace = true
  namespace        = "octopus-agent-target"

  set {
    name  = "agent.acceptEula"
    value = "Y"
  }

  set {
    name  = "agent.targetName"
    value = "octopus-agent"
  }

  set_sensitive {
    name  = "agent.serverApiKey"
    value = local.octopus_api_key
  }

  set {
    name  = "agent.serverUrl"
    value = local.octopus_address
  }

  set {
    name  = "agent.serverCommsAddress"
    value = local.octopus_polling_address
  }

  set {
    name  = "agent.space"
    value = "Default"
  }

  set_list {
    name  = "agent.targetEnvironments"
    value = ["Development"]
  }


  set_list {
    name  = "agent.targetRoles"
    value = ["Role-1"]
  }
}

Help us continuously improve

Please let us know if you have any feedback about this page.

Send feedback

Page updated on Tuesday, May 14, 2024

Edit on GitHub