Install a Remote Network Agent
Before you begin
- If you are coming to this guide from the Add a New Remote Network Agent page in the UI, you have your RNA name (Agent Identifier), Client ID, and Client Secret. Do not close the pop-up window in the UI until you have completed RNA installation. The credentials in the pop-up window are deleted if you close the window before the RNA has connected.
- You have created client credentials. See the Create Client Credentials guide for instructions.
- You have access to a Kubernetes cluster and have installed kubectl.
- You have installed Helm(v3), which is used to install the Remote Network Agent.
Install the Remote Network Agent
Kubernetes permissions for the Remote Network Agent
By default, the RNA is installed with full access to the cluster. At a minimum, the RNA needs permissions to create, edit, and delete all
kind objects that you plan to deploy with CD-as-a-Service, in all namespaces to which you plan to deploy. The RNA also requires network access to any monitoring solutions or webhook APIs that you plan to forward through it.
For advanced use cases such as restricting permissions, proxy configurations, custom annotations, labels, or environment variables, download and modify the
values.yaml for the RNA or override existing values on the command line using
--set. For information about using a
values file, see the Helm Values Files guide and the Customizing the Chart Before Installing section of the Using Helm guide.
In your terminal, configure your
kubectlcontext to connect to the cluster where you want to deploy your app:
kubectl config set-context <NAME>
Create the namespace for the RNA:
kubectl create ns armory-rna
Create secrets from your Client ID and Client Secret:
kubectl --namespace armory-rna create secret generic rna-client-credentials --type=string --from-literal=client-secret=<your-client-secret> --from-literal=client-id=<your-client-id>
The examples use Kubernetes secrets to encrypt the value. You supply the encrypted values in the Helm command to install the RNA.
You can install the RNA with default permissions and values or you can customize using a
For most scenarios, you install one RNA per cluster. Use the
agentIdentifierparameter to give each RNA a unique name. When you deploy your app, you specify which RNA to use, so Armory recommends creating a meaningful name that identifies the cluster.
The encrypted values for
clientSecretreference the Kubernetes secrets you generated in an earlier step.
helm upgrade --install armory-rna armory/remote-network-agent \ --set agentIdentifier=<rna-name> \ --set 'clientId=encrypted:k8s!n:rna-client-credentials!k:client-id' \ --set 'clientSecret=encrypted:k8s!n:rna-client-credentials!k:client-secret' \ --namespace armory-rna
You can specify the path to your customized values file using
-f <your-path>values.yamlor you can override values using the command line
--set <key:value>. Refer to the Customizing the Chart Before Installing section in the Helm docs.
You can go to the Agents page in the CD-as-a-Service Console to verify that your RNA has been installed and is communicating with CD-as-a-Service. If you do not see the RNA, check the cluster logs to see if the RNA is running.
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified May 29, 2022: (975089c)