Deploy DevOps Genie Agent
The DevOps Genie Agent is an optional Kubernetes agent. Deploy it when you want infrastructure automation, VCS-backed pull requests, or workflows that need to run from inside your environment.
Prerequisites
| Requirement | Notes |
|---|---|
| DevOps Genie admin access | Required to generate or retrieve agent install credentials. |
| Kubernetes cluster | Required for the agent. |
| Helm 3 | Used to install the chart. |
| Cluster permissions | Required to install the chart resources and agent runtime components. |
| Image pull credentials | Provided through the DevOps Genie product or your onboarding flow. |
| Optional VCS access | Required for pull-request based automation. |
Add the Helm repository
helm repo add devopsgenie https://devopsgenie-ai.github.io/devopsgenie-charts
helm repo update
Install with Kubernetes Secrets
Use Kubernetes Secrets for sensitive values, then pass Secret names to Helm.
export DG_NAMESPACE=devopsgenie
export DG_RELEASE=dg-agent
kubectl create namespace "$DG_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
kubectl create secret generic dg-platform-agent \
--namespace "$DG_NAMESPACE" \
--from-literal=DG_API_KEY="<agent-api-key-from-devops-genie>" \
--dry-run=client -o yaml | kubectl apply -f -
kubectl create secret docker-registry devopsgenie-pull-secret \
--namespace "$DG_NAMESPACE" \
--docker-server="registry.devopsgenie.ai" \
--docker-username="<registry-username-from-devops-genie>" \
--docker-password="<registry-password-from-devops-genie>" \
--dry-run=client -o yaml | kubectl apply -f -
helm upgrade --install "$DG_RELEASE" devopsgenie/dg-platform-agent \
--namespace "$DG_NAMESPACE" \
--set credentials.existingSecret=dg-platform-agent \
--set imageCredentials.existingSecret=devopsgenie-pull-secret
The DevOps Genie Agent images are pulled from the private registry host registry.devopsgenie.ai. The registry username and password come from the install bundle generated in Integrations > DevOps Genie Agent.
Verify the agent
kubectl get pods -n "$DG_NAMESPACE" -l app.kubernetes.io/instance="$DG_RELEASE"
kubectl get deploy -n "$DG_NAMESPACE" -l app.kubernetes.io/instance="$DG_RELEASE"
Then open Integrations in DevOps Genie. The DevOps Genie Agent tile should show a live connection after the controller has authenticated and sent a fresh heartbeat.
Production values file
For production, keep sensitive values in Kubernetes Secrets or your external secret manager. Use a values file for non-secret configuration:
credentials:
existingSecret: dg-platform-agent
imageCredentials:
existingSecret: devopsgenie-pull-secret
vcs:
provider: github
infrastructureRepoUrl: "https://github.com/example-org/infrastructure.git"
infrastructureRepoPath: "terraform/"
deploymentRepoUrl: "https://github.com/example-org/kubernetes-manifests.git"
deploymentRepoPath: "clusters/prod/"
controller:
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
serviceAccount:
create: true
annotations: {}
# AWS IRSA example:
# annotations:
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/dg-agent-role
agentPod:
resources:
requests:
cpu: "1"
memory: "2Gi"
limits:
cpu: "2"
memory: "4Gi"
workspaceSize: 10Gi
See Configure VCS Access and Helm Values Reference.
Upgrading
helm repo update
helm upgrade "$DG_RELEASE" devopsgenie/dg-platform-agent \
--namespace "$DG_NAMESPACE" \
-f values.yaml
The agent reconnects automatically after the controller pod restarts.
Uninstalling
helm uninstall "$DG_RELEASE" --namespace "$DG_NAMESPACE"
Uninstalling the agent stops agent-powered automation. It does not delete existing DevOps Genie scan history, findings, compliance state, or conversations.