Self-Hosted Kubernetes

Overview

OpsWorker supports any CNCF-conformant Kubernetes distribution, version 1.24 or later.

Setup

Follow the standard agent installation process.

Supported Distributions

Distribution	Support
kubeadm	Fully supported
k3s	Fully supported
Rancher (RKE/RKE2)	Fully supported
OpenShift	Supported (see notes below)
Tanzu (TKG)	Fully supported
MicroK8s	Fully supported

Network Requirements

The agent requires outbound HTTPS (port 443) to AWS SQS:

sqs.*.amazonaws.com
*.amazonaws.com

Ensure your firewall, proxy, or network policies allow this traffic.

Proxy Configuration

If outbound traffic goes through a proxy:

helm install opsworker-agent opsworker/opsworker-agent \
  --namespace opsworker \
  --create-namespace \
  --set clusterToken=YOUR_CLUSTER_TOKEN \
  --set proxy.https=http://proxy.internal:3128 \
  --set proxy.noProxy=10.0.0.0/8,172.16.0.0/12,.cluster.local

OpenShift Notes

OpenShift may require SecurityContextConstraints (SCC) adjustments:

oc adm policy add-scc-to-user anyuid \
  system:serviceaccount:opsworker:opsworker-agent

Or create a custom SCC for the agent based on the restricted SCC with necessary permissions.

Air-Gapped Environments

OpsWorker requires connectivity to AWS SQS for agent communication. Fully air-gapped environments (no internet access) are not currently supported. If you have a partial air gap with outbound proxy, configure the proxy settings as shown above.

Next Steps

Install the Agent — Step-by-step installation
Agent Requirements — Full prerequisites list

Overview​

Setup​

Supported Distributions​

Network Requirements​

Proxy Configuration​

OpenShift Notes​

Air-Gapped Environments​

Next Steps​