Documentation

Terraform-based agent installation | Entitle

Suggest Edits

Overview

This guide outlines how to deploy the Entitle agent Helm chart using Terraform on a Kubernetes cluster. It leverages the Helm provider to enable infrastructure-as-code deployment, ensuring consistency and maintainability across environments.

ℹ️

For further reference on the Helm provider, see the Helm Provider documentation.

Prerequisites

  1. Terraform v1.0+ must be installed and available in your system path.
  2. Helm v3 should be installed if you plan to perform local validation (optional).
  3. Access to a Kubernetes cluster such as EKS, GKE, or AKS.
  4. Configure kubectl to communicate with the target cluster.
  5. Have valid Entitle agent credentials:
    • agent_token
    • namespace
    • image_credentials
    • datadog_api_key

      ℹ️

      For more information on how to retrieve the abovementioned components as well as all available variables, see the Entitle agent documentation.

  6. Include Terraform Helm and Kubernetes providers in your configuration.

Directory structure

entitle-agent-terraform/
├── main.tf
├── variables.tf
├── terraform.tfvars
└── provider.tf

Configure the Helm and Kubernetes providers (provider.tf)

provider "kubernetes" {
  config_path = "~/.kube/config"
}

provider "helm" {
  kubernetes = {
    config_path = "~/.kube/config"
  }
}

Define the input variables (variables.tf)

variable "agent_token" {
  type        = string
  description = "Entitle Agent Token"
  sensitive   = true
}

variable "namespace" {
  type    = string
  default = "entitle-agent"
}

variable "kms_type" {
  type    = string
  default = "kubernetes_secret_manager"
}

variable "image_credentials" {
  type    = string
  sensitive   = true
}

variable "datadog_api_key" {
  type    = string
  sensitive   = true
}

Configure the Helm chart deployment (main.tf)

resource "kubernetes_namespace" "entitle" {
  metadata {
    name = var.namespace
  }
}

resource "helm_release" "entitle_agent" {
  name       = "entitle-agent"
  namespace  = var.namespace
  repository = "https://anycred.github.io/entitle-charts/"
  chart      = "entitle-agent"

  values = [
    yamlencode({
      agent = {
        token = var.agent_token
      }
      kmsType = var.kms_type
      imageCredentials = var.image_credentials
      datadog = {
        datadog = {
          apikey = var.datadog_api_key
        }
      }
    })
  ]
}

Store sensitive values (terraform.tfvars)

agent_token = "you-agent-token"
namespace = "your-agent-namespace"
image_credentials = "your-image-credentials"
datadog_api_key = "your-datadog-api-key"

Deploy the agent

Run the following command:

terraform init
terraform plan
terraform apply

Optional lifecycle actions

Uninstall the agent

Run the following command:

terraform destroy

Updated about 3 hours ago