Aegis Install on Kubernetes
Use Helm to deploy the Aegis agent DaemonSet and attach tenant-scoped bootstrap credentials.
Overview
In Kubernetes, Aegis runs as a DaemonSet and references a secret containing bootstrap and control-plane auth material.
Cluster operators should keep release names and namespace conventions stable for predictable operational runbooks.
Endpoint Assumptions
- Production auth and API host:
https://axis.velikey.com(signin:https://axis.velikey.com/auth/signin). - Non-production override: set
AXIS_BASE_URLexplicitly before running docs commands. - Manual operator substitutions: provide tenant-scoped values for cookies, bearer tokens, agent IDs, and tenant slugs.
Actionable Steps
- Create or verify tenant-specific secret (`velikey-aegis-agent-secret`).
- Deploy the chart with explicit release and namespace.
- Wait for DaemonSet readiness and inspect logs for enrollment success.
# manual-only example export CHART_REF="./charts/aegis" kubectl -n velikey-aegis create secret generic velikey-aegis-agent-secret \ --from-literal=AEGIS_BOOTSTRAP_TOKEN='REDACTED' \ --from-literal=AEGIS_CP_BEARER='REDACTED' helm upgrade --install velikey-aegis "$CHART_REF" \ --namespace velikey-aegis \ --create-namespace \ --set agent.secret.existingSecretName=velikey-aegis-agent-secret kubectl -n velikey-aegis rollout status ds/velikey-aegis-aegis-agent --timeout=240s
Validation Checks (Last Step)
# executable example command -v helm command -v kubectl command -v bash
Run these checks from the same shell session used for chart deployment.
Common Failure Modes
- Secret keys are misspelled, so pods start but fail to authenticate to Axis.
- Namespace mismatch between secret and Helm release prevents secret mount resolution.
- Rolling updates stall due to node taints or restrictive PodSecurity admission.
Enterprise Install Paths
For production rollout runbooks, use the dedicated IaC/operator guides:
Navigate Docs
Docs Index • Previous: Aegis Install on EC2 • Install with Terraform • Install with Helm • Public Endpoints • Troubleshooting