This topic describes how to install the legacy Kubernetes delegate, which always auto upgrades to the default delegate version associated with a Harness Manager version.
If you are migrating from Harness FirstGen to Harness NextGen, you must install new delegates in Harness NextGen. Harness FirstGen Delegates won't work with Harness NextGen.
Currently, Harness Kubernetes Delegates don't install with the default settings in GKE Auto Pilot Mode. Use the Manual mode when creating the cluster to make sure it meets the delegate requirements.
The delegate requires access to all the connectors and Harness Secrets needed to run a pipeline. This means that the delegate requires permissions to do the following:
- Access all the secrets used by all the connectors used in a pipeline.
- Create and update secrets in Kubernetes. This is necessary to pull the images needed to run individual Steps.
Inline or standalone installation
You can install a delegate whenever you are adding a connector to a pipeline, or you can install one outside a pipeline in Resources.
The steps involved are the same.
You can install the Kubernetes delegate inside or outside your deployment target cluster (CD) or build farm cluster (CIE).
- Inside the cluster: you can install the Kubernetes delegate inside the target or build farm cluster. Later, when you add a Kubernetes Cluster Connector, the connector can inherit its credentials from the Kubernetes delegate.
- Outside the cluster: you can install the Kubernetes delegate outside the target or build farm cluster. Later, when you add a Kubernetes Cluster Connector, the connector cannot inherit its credentials from the Kubernetes delegate. In this case, the Kubernetes Cluster Connector must use an alternate method for credentials. For example, the master URL of the target cluster and a Service Account with the required credentials.
Step 1: Ensure Kubernetes prerequisites
To install a Kubernetes delegate, you must have access to a Kubernetes cluster. You'll install the Harness Delegate as YAML or Helm Chart.
For connectivity, go to Delegate Requirements.
You'll need the following Kubernetes permissions to install the delegate:
- Permission to create a namespace (for the Harness Delegate namespace).
- Permission to create statefulSets (to create the Harness Delegate pod).
Step 2: Select the Kubernetes delegate type
Inline or standalone, select New Delegate. Delegate selection options appear.
Select Kubernetes, and then select Continue.
Enter a name and description for the delegate that informs others of its use or installation location.
Step 3: Add delegate name
Do not run delegates with the same name in different clusters. Go to Troubleshooting.
Add a name for the delegate. The name will be added to the delegate YAML as the
name metadata of the StatefulSet.
Legacy Delegates are deployed as StatefulSet objects. By default, the StatefulSet.serviceName field is empty (“”) and does not need to be specified. Delegates do not require service names.
Add tags to the delegate. By default, Harness adds a tag using the name you enter, but you can more. Simply type them in, and press Enter.
These tags are useful for selecting the delegate when creating a connector.
Step 4: Select delegate size
In Delegate Size, select the size of delegate you want to install.
Your Kubernetes cluster must have the unallocated resources required to run the Harness Delegate workload:
- Laptop - 1.6GB memory, 0.5CPU
- Small - 3.3GB memory, 1CPU
- Medium - 6.6GB memory, 2CPU
- Large - 13.2GB memory, 4CPU
Important: These sizing requirements are for the delegate only. Your cluster will require more memory for Kubernetes, the operating system, and other services.
Important resource considerations
These requirements are for the delegate only. Your cluster will have system, Kubernetes, and other resources consumers. Make sure that the cluster has enough memory, storage, and CPU for all of its resource consumers.
Most importantly, when the delegate is installed inside the target deployment or build farm cluster, the cluster must also support the resources needed by the services you are deploying or building.
For example, if you use the Small option that requires 3.3GB of memory, don't use a cluster with only 4GB or memory. It won't be enough to run the delegate and other resources.
Step 5: Download and install the script
Click Download Script. The YAML file for the Kubernetes delegate, and its README, downloads to your computer as an archive.
Open a terminal and change your directory to the delegate file's location.
Extract the YAML file from the download, and then navigate to the extracted file:
tar -zxvf harness-delegate-kubernetes.tar.gz
You'll connect to your cluster using the terminal, so you can simply copy the YAML file over.
In the same terminal, log into your Kubernetes cluster. In most platforms, you select the cluster, select Connect, and copy the access command.
To confirm that the cluster you created can connect to the Harness platform, enter the following command:
wget -p https://app.harness.io/ -O /dev/null
A successful connection displays the following:
HTTP request sent, awaiting response... 200 OK
Next, install the Harness Delegate using the harness-delegate.yaml file you just downloaded. In the terminal connected to your cluster, run this command:
kubectl apply -f harness-delegate.yaml
The successful output is something like this:
% kubectl apply -f harness-delegate.yaml
Run this command to verify that the delegate pod was created:
kubectl get pods -n harness-delegate-ng
It'll take a moment for the delegate to appear in Harness' Delegates list.
You're ready to connect Harness to your artifact server and cluster. After those steps, you'll begin creating your deployment.
Review: Delegate role requirements
The YAML provided for the Harness Delegate defaults to the
cluster-admin role to ensure you can apply updates. If you can't use
cluster-admin because you are using a cluster in your company, you'll need to edit the delegate YAML.
The set of permissions should include
watch (to fetch the pod events), and
delete permissions for each entity type Harness uses.
If you don’t want to use
resources: [“*”] for the role, you can list out the resources you want to grant. Harness requires
pod at a minimum for deployments, as stated above.
In the delegate installation settings, you also have the option to select cluster read-only access and namespace-specific access. When you select these options, the YAML generated by Harness is changed to reflect the limited access.
Step 6: Verify
For an overview of verification, go to Delegate Registration and Verification.
In the delegate wizard, select Verify. Harness verifies that it is receiving heartbeats from the delegate.
Your delegate is installed.
If Harness does not receive heartbeats from the delegate, here are a few troubleshooting steps:
Check the status of the delegate on your cluster:
kubectl describe pod <your-delegate-pod> -n harness-delegate-ng
Check the delegate logs:
kubectl logs -f <harness-delegate> -n harness-delegate-ng
If the pod isn't up, you might see the following error in your cluster:
CrashLoopBackOff: Kubernetes Cluster Resources are not available.
Make sure the Kubernetes Cluster Resources (CPU, Memory) are enough.
If the delegate didn’t reach a healthy state, run the following:
kubectl describe pod <your-delegate-pod> -n harness-delegate-ng
The following environment variables are available in the legacy Kubernetes delegate YAML.
JVM options for the delegate. Use this variable to override or add JVM parameters.
- name: JAVA_OPTS value: "-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=2 -Xms64M"
The Harness account Id for the account where this delegate will attempt to register. This value is added automatically to the delegate config file (YAML, etc) when you add the delegate.
- name: ACCOUNT_ID value: H5W8iol5TNWc4G9h5A2MXg
The Harness account token used to register the delegate.
- name: DELEGATE_TOKEN value: d239xx88bf7xxxxxxx836ea
The Harness SaaS manager URL.
https indicates port 443.
- name: MANAGER_HOST_AND_PORT value: https://app.harness.io
The URL for the Watcher versions.
- name: WATCHER_STORAGE_URL value: https://app.harness.io/public/prod/premium/watchers
The delegate version location for the Watcher to check for.
- name: WATCHER_CHECK_LOCATION value: current.version
The CDN URL for Watcher builds.
- name: REMOTE_WATCHER_URL_CDN value: https://app.harness.io/public/shared/watchers/builds
The URL where published delegate jars are stored.
- name: DELEGATE_STORAGE_URL value: https://app.harness.io
The storage location hosting the published delegate versions.
- name: DELEGATE_CHECK_LOCATION value: delegateprod.txt
Deployment mode: Kubernetes, Docker, etc.
- name: DEPLOY_MODE value: KUBERNETES
The name of the delegate. This is the name that displays in Harness when the delegate is registered. You can automate delegate creation by omitting the name, and use a script to copy the delegate YAML file and add a unique name to
value for each new delegate you want to register. For more information, go to Automate Delegate Installation.
- name: DELEGATE_NAME value: qa
Indicates that this delegate will register in Harness NextGen(
true) or FirstGen(
- name: NEXT_GEN value: "true"
The description added to the delegate in the Harness Manager or YAML before registering. It appears on the Delegate details page in the Harness Manager.
- name: DELEGATE_DESCRIPTION value: ""
The type of delegate.
- name: DELEGATE_TYPE value: "KUBERNETES"
The tags added to the delegate in the Harness Manager or YAML before registering. Tags are generated by Harness using the delegate name, but you can also add your own tags. Tags appear on the Delegate details page in the Harness Manager. For more information, go to Tags Reference and Select Delegates with Tags.
- name: DELEGATE_TAGS value: ""
The maximum number of tasks the delegate can perform at once. All of the operations performed by the delegate are categorized as different types of tasks.
- name: DELEGATE_TASK_LIMIT value: "50"
The Harness Organization Identifier where the delegate will register. Delegates at the account-level do not have a value for this variable.
- name: DELEGATE_ORG_IDENTIFIER value: "engg"
The Harness Project Identifier where the delegate will register. Delegates at the account or org-level do not have a value for this variable.
- name: DELEGATE_PROJECT_IDENTIFIER value: "myproject"
All delegates include proxy settings you can use to change how the delegate connects to the Harness Manager. The
secretKeyRef are named using the delegate name.
- name: PROXY_HOST value: ""- name: PROXY_PORT value: ""- name: PROXY_SCHEME value: ""- name: NO_PROXY value: ""- name: PROXY_MANAGER value: "true"- name: PROXY_USER valueFrom: secretKeyRef: name: mydel-proxy key: PROXY_USER- name: PROXY_PASSWORD valueFrom: secretKeyRef: name: mydel-proxy key: PROXY_PASSWORD
You can run scripts on delegate using
INIT_SCRIPT. For example, if you wanted to install software on the delegate pod, you can enter the script in
INIT_SCRIPT and then apply the delegate YAML. A multiline script must follow the YAML spec for literal scalar style. For more information, go to Build custom delegate images with third-party tools.
- name: INIT_SCRIPT value: |- echo install wget apt-get install wget echo wget installed
Enables or disables polling for delegate tasks. By default, the delegate uses Secure WebSocket (WSS) for tasks. If the
PROXY_* settings are used and the proxy or some intermediary does not allow WSS, then set
true to enable polling.
- name: POLL_FOR_TASKS value: "false"
By default, Harness Delegates are installed with and use Helm 3. You can set the Helm version in the Harness Delegate YAML file using the
HELM_DESIRED_VERSION environment property. Include the
v with the version. For example,
- name: HELM_DESIRED_VERSION value: ""
Makes the delegate use a CDN for new versions.
- name: USE_CDN value: "true"
The CDN URL for delegate versions.
- name: CDN_URL value: https://app.harness.io
The Java Runtime Environment version used by the delegate.
- name: JRE_VERSION value: 1.8.0_242
When you Install and run a new Harness Delegate, Harness includes Helm 3 support automatically. In some cases, you may want to use one of the custom Helm binaries available from Helm release. For a Helm 3 binary, enter the local path to the binary in
- name: HELM3_PATH value: ""- name: HELM_PATH value: ""
The Harness Delegate ships with the 3.5.4 release of Kustomize. If you want to use a different release of Kustomize, add it to a location on the delegate, update
KUSTOMIZE_PATH, and (re)start the delegate.
- name: KUSTOMIZE_PATH value: ""
You can use
KUBECTL_PATH to change the kubectl config path. The default is
- name: KUBECTL_PATH value: ""
By default, the delegate requires HTTP/2 for gRPC (gRPC Remote Procedure Calls) to be enabled for connectivity between the delegate and Harness Manager.
- name: GRPC_SERVICE_ENABLED value: "true"- name: GRPC_SERVICE_CONNECTOR_PORT value: "8080"
By default, the delegate always checks for new versions (via the Watcher).
- name: VERSION_CHECK_DISABLED value: "false"
The namespace for the delegate is taken from the
- name: DELEGATE_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace
By default, Harness does not include a value for
serviceName in the
StatefulSet in the delegate YAML:
You do not need to change
serviceName, but you can if you have a static code analysis tool that flags it or some other use case.
Add the delegate name as the value using the syntax
harness.io/name: [Delegate name].
For example, if your delegate name is