Programmatically install Buoyant Cloud agent

One recommended way to install the Buoyant Cloud agent is via Helm. The advantage of using Helm is that it provides a single install command that can be used to install the agent on multiple clusters, which is essential for automated devops workflows such as GitOps. This document walks you through how to use Helm to install the Buoyant Cloud agent programmatically.

In order for the agent to successfully connect to Buoyant Cloud once installed, it must have access to the client credentials for your Buoyant Cloud workspace. These are provided via a Helm values.yaml file. You can download this file from the Buoyant Cloud Settings page.

Once you have your values.yaml file, you can provide it to the helm command to install the Buoyant Cloud agent, as follows:

helm repo add linkerd-buoyant
helm install --create-namespace \
  --namespace linkerd-buoyant \
  --values values.yaml \
  --set metadata.agentName=$CLUSTER_NAME \
  linkerd-buoyant linkerd-buoyant/linkerd-buoyant

You should set the CLUSTER_NAME variable to the canonical name of the cluster on which you’re installing the agent. This will be the name that identifies the cluster in Buoyant Cloud. To install on a separate cluster, simply change the value of the CLUSTER_NAME variable and use a different kubeconfig context.

It’s also possible to programmatically upgrade the Buoyant Cloud agent, using the the same values.yaml file that you downloaded in the previous step. To upgrade an agent that’s already running, run:

helm repo update linkerd-buoyant
helm upgrade --install linkerd-buoyant \
  --create-namespace \
  --namespace linkerd-buoyant \
  --values values.yaml \
  --set metadata.agentName=$CLUSTER_NAME \

Be sure to set the value of the CLUSTER_NAME variable to match the value that you used on initial install, to avoid creating a separate cluster in Buoyant Cloud.

Rather than providing your Buoyant Cloud org credentials via Helm values, you may instead manage the secret yourself. If the api.clientID and api.clientSecret Helm values are not provided, Helm will instead check for the existence of a buoyant-cloud-org-credentials secret in the linkerd-buoyant namespace.

You can retrieve your ClientID and ClientSecret at

To generate your own buoyant-cloud-org-credentials:

CLIENT_ID=$(echo -n my-client-id | base64 | tr -d '\n')
CLIENT_SECRET=$(echo -n my-client-secret | base64 | tr -d '\n')
cat <<EOF > bcloud-secret.yml
kind: Secret
apiVersion: v1
  name: buoyant-cloud-org-credentials
  namespace: linkerd-buoyant
  labels: linkerd-buoyant
type: Opaque
  client_id: $CLIENT_ID
  client_secret: $CLIENT_SECRET

Be sure to create the linkerd-buoyant namespace and the buoyant-cloud-org-credentials secret prior to running Helm install or upgrade.