KubeHero docs

Deploy

Helm install for Cloud, Self-Hosted, and air-gapped environments.

KubeHero Cloud (agent only)

Customer runs only the collector. Telemetry streams to ingest.kubehero.io.

helm repo add kubehero https://charts.kubehero.io
helm install kubehero-agent kubehero/kubehero \
  --namespace kubehero-system --create-namespace \
  --set controlPlane.enabled=false \
  --set operator.enabled=false \
  --set dashboard.enabled=false \
  --set pricingEngine.enabled=false \
  --set cloud.enabled=true \
  --set cloud.token=$KUBEHERO_TOKEN

Self-Hosted (full stack)

Everything runs inside the customer's cluster. No egress required.

helm install kubehero kubehero/kubehero \
  --namespace kubehero-system --create-namespace \
  -f values.yaml

See deploy/helm/kubehero/values.yaml in the source for every tunable.

Air-gapped

Pre-mirror images to your internal registry, then:

helm install kubehero kubehero/kubehero \
  -f values.yaml \
  -f values.airgap.yaml \
  --set image.registry=registry.internal.acme.com \
  --set imagePullSecrets[0].name=acme-regcred

Troubleshooting

  • "collector pods not ready" — check RBAC; the DaemonSet needs hostPID: true. On GKE Autopilot, see the GKE Autopilot guide.
  • "no telemetry at control plane"kubectl -n kubehero-system logs ds/kubehero-collector. If you see ebpf: load: invalid argument, your kernel is too old. The collector falls back to cAdvisor automatically; see --enable-cadvisor-fallback.
  • "policies not firing" — confirm humanArm is false, or run kubehero cap --arm --policy <name>.

Identity · SSO · RBAC

OIDC via Dex or WorkOS, role-based access, SCIM user provisioning.

Production deployment

Sizing, HA, backups, disaster recovery, air-gap, and federation for enterprise KubeHero installs.

On this page

KubeHero Cloud (agent only)Self-Hosted (full stack)Air-gappedTroubleshooting