Skip to content

feat: Add support for deploying K8s Agent as Helm Addon during cluster deployment #1374

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

feat: Add support for deploying K8s Agent as Helm Addon during cluster deployment #1374

wants to merge 2 commits into from

Conversation

@vijayaraghavanr31
Copy link
Contributor

@vijayaraghavanr31 vijayaraghavanr31 commented Nov 2, 2025
edited
Loading

Note

All commit history, discussions, and context for this change are available in PR #1345.
Due to GitHub’s signature verification requirements, I have recreated this PR with a single verified commit.
The code changes remain identical to PR #1345

What problem does this PR solve?:
This PR introduces support for deploying the Nutanix K8s Agent as a Helm-based addon as part of the cluster deployment workflow in the CAREN repository.

Key changes:

Added support for HelmAddon strategy in the K8s Registration Agent handler.

Updated handler logic to fetch and apply Helm chart configuration dynamically using the provided credentials.

Created unit tests to validate HelmAddon flow and error scenarios.

Ensured the agent’s credentials are handled securely through Kubernetes Secrets instead of directly passing via values.yaml.

This enhancement enables seamless installation of the K8s Agent via HelmReleaseProxy (HRP) and HelmChartProxy (HCP) without manual post-deployment intervention.

Motivation

Previously, the K8s Agent installation was not integrated into the cluster creation process and required manual setup.
By integrating it as an addon:

The K8s Agent will be automatically deployed during cluster provisioning.

Sensitive credentials are now secured using Kubernetes Secrets.

This aligns the agent deployment with other addon-based lifecycle management mechanisms.
Which issue(s) this PR fixes:
Fixes #

How Has This Been Tested?:
Verified K8s Agent deployment using the HelmAddon strategy.
Confirmed that:

Pre-install hooks execute as expected.

The secret is created and retained after installation.

Post-upgrade hooks are triggered correctly.

Added unit tests under k8sregistrationagent/handler_test.go

K8s agent documentation
Special notes for your reviewer:

Cluster class used for testing with konnector Agent:
ClusterConfigWIthKonnectorAgent.yaml

Cluster creation - with konnector agent secret and addon:
(devbox) vijayaraghavan.r@CQGK42CXL4 cluster-api-runtime-extensions-nutanix % kubectl apply -f /Users/vijayaraghavan.r/code/vijay/docs/clusteryamls/test/ClusterConfigWIthKonnectorAgent.yaml secret/nkp-vijay-test-cluster-29-pc-credentials created secret/nkp-vijay-test-cluster-29-pc-credentials-for-csi created secret/nkp-vijay-test-cluster-29-pc-credentials-for-konnector-agent created secret/nkp-vijay-test-cluster-29-image-registry-credentials created secret/global-nutanix-credentials created cluster.cluster.x-k8s.io/nkp-vijay-test-cluster-29 created configmap/kommander-bootstrap-configuration created secret/prism-central-metadata created

HelmChartProxy
`(devbox) vijayaraghavan.r@CQGK42CXL4 cluster-api-runtime-extensions-nutanix % kubectl get hcp konnector-agent-0199eb7b-6107-73a5-b257-aa86711fd583 -o yaml
apiVersion: addons.cluster.x-k8s.io/v1alpha1
kind: HelmChartProxy
metadata:
creationTimestamp: "2025-10-17T09:01:06Z"
finalizers:

  • helmchartproxy.addons.cluster.x-k8s.io
    generation: 1
    name: konnector-agent-0199eb7b-6107-73a5-b257-aa86711fd583
    namespace: default
    ownerReferences:
  • apiVersion: cluster.x-k8s.io/v1beta1
    kind: Cluster
    name: nkp-vijay-test-cluster-29
    uid: d3c523c6-f598-4760-9286-ce1e8ae8fcda
    resourceVersion: "19416"
    uid: 28266af0-9c08-4f52-be70-4ff7e1473afe
    spec:
    chartName: konnector-agent
    clusterSelector:
    matchLabels:
    cluster.x-k8s.io/cluster-name: nkp-vijay-test-cluster-29
    namespace: ntnx-system
    options:
    enableClientCache: false
    install:
    createNamespace: true
    timeout: 10m0s
    upgrade:
    maxHistory: 10
    releaseName: konnector-agent
    repoURL: oci://helm-repository.default.svc/charts
    tlsConfig:
    caSecret:
    name: helm-repository-tls
    namespace: default
    valuesTemplate: |-
    agent:
    name: konnector-agent
    image:
    repository: quay.io/karbon
    name: k8s-agent
    pc:
    port: 9440
    insecure: true #set this to true if PC does not have https enabled
    endpoint: pc.dev.nkp.sh # eg: ip or fqdn
    k8sClusterName: nkp-vijay-test-cluster-29
    k8sDistribution: NKP
    createSecret: false
    version: 1.3.0-rc.0
    status:
    conditions:
  • lastTransitionTime: "2025-10-17T09:03:25Z"
    status: "True"
    type: Ready
  • lastTransitionTime: "2025-10-17T09:03:25Z"
    status: "True"
    type: HelmReleaseProxiesReady
  • lastTransitionTime: "2025-10-17T09:01:06Z"
    status: "True"
    type: HelmReleaseProxySpecsUpToDate
    matchingClusters:
  • apiVersion: cluster.x-k8s.io/v1beta1
    kind: Cluster
    name: nkp-vijay-test-cluster-29
    namespace: default
    observedGeneration: 1
    (devbox) vijayaraghavan.r@CQGK42CXL4 cluster-api-runtime-extensions-nutanix %`

Cluster automatically onboarded in PC
Screenshot 2025-10-17 at 2 35 45 PM

cluster deletion:
(devbox) vijayaraghavan.r@CQGK42CXL4 cluster-api-runtime-extensions-nutanix % kubectl delete -f /Users/vijayaraghavan.r/code/vijay/docs/clusteryamls/test/1konnectorAgent.yaml secret "nkp-vijay-test-cluster-29-pc-credentials" deleted secret "nkp-vijay-test-cluster-29-pc-credentials-for-csi" deleted secret "nkp-vijay-test-cluster-29-pc-credentials-for-konnector-agent" deleted secret "nkp-vijay-test-cluster-29-image-registry-credentials" deleted secret "global-nutanix-credentials" deleted cluster.cluster.x-k8s.io "nkp-vijay-test-cluster-29" deleted configmap "kommander-bootstrap-configuration" deleted secret "prism-central-metadata" deleted

Screenshot 2025-10-17 at 2 39 23 PM

@vijayaraghavanr31 @manoj-nutanix @dkoshkin
Vijayr/109585 k8sagent addon 3 backup (#1373)
213e386 
**What problem does this PR solve?**:

**Which issue(s) this PR fixes**:
Fixes #

**How Has This Been Tested?**:
<!--
Please describe the tests that you ran to verify your changes.
Provide output from the tests and any manual steps needed to replicate
the tests.
-->

**Special notes for your reviewer**:
<!--
Use this to provide any additional information to the reviewers.
This may include:
- Best way to review the PR.
- Where the author wants the most review attention on.
- etc.
-->

---------

Co-authored-by: Manoj Surudwad <[email protected]>
Co-authored-by: Dimitri Koshkin <[email protected]>
@github-actions github-actions bot added feature and removed feature labels Nov 2, 2025
dkoshkin
dkoshkin approved these changes Nov 2, 2025
View reviewed changes
Copy link
Contributor

@dkoshkin dkoshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just push this commit to the other branch and keep the original PR?

@vijayaraghavanr31 vijayaraghavanr31 enabled auto-merge (squash) November 2, 2025 16:39
@vijayaraghavanr31
Copy link
Contributor Author

vijayaraghavanr31 commented Nov 2, 2025

Merged #1345. so closing this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dkoshkin dkoshkin dkoshkin approved these changes

Assignees

No one assigned

Labels

feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vijayaraghavanr31 @dkoshkin