Skip to main content

Environment Variables

All configuration is via environment variables in the changeguard-agent-config secret.

Required

VariableDescription
API_KEYYour ChangeGuard API key (starts with cg_)
CLUSTER_IDUnique identifier for this cluster

Optional

VariableDefaultDescription
BACKEND_URLhttps://api.changeguard.aiBackend endpoint
CLUSTER_NAMESame as CLUSTER_IDDisplay name in dashboard
CLUSTER_PROVIDERKubernetesEKS, GKE, AKS, or Kubernetes
CLUSTER_REGION(empty)Cluster region
PUSH_INTERVAL10sHow often to push snapshots
ENABLE_LOG_COLLECTORtrueCollect pod logs
LOG_INTERVAL15sHow often to push logs
LOG_TAIL_LINES100Lines per container per cycle
ENABLE_EVENT_WATCHERtrueWatch Kubernetes events
ENABLE_DEPLOY_WATCHERtrueWatch deployment changes
ENABLE_ARGOCD_DISCOVERYtrueAuto-discover ArgoCD instances
HEALTH_PORT9090Health endpoint port

Log Collection

Exclude specific namespaces from log collection: 
LOG_EXCLUDE_NAMESPACES: "kube-system,monitoring,logging"
Include kube-system logs (excluded by default): 
LOG_INCLUDE_SYSTEM: "true"

Health Endpoint

The agent exposes health at :9090:
PathPurpose
/healthFull status JSON (push count, errors, payload size)
/healthzLiveness probe (returns 200)
/readyzReadiness probe (fails if no successful push in 2 minutes)
kubectl exec -n changeguard-agent deploy/changeguard-agent -- \
  wget -qO- http://localhost:9090/health

Updating Configuration

kubectl delete secret changeguard-agent-config -n changeguard-agent
kubectl create secret generic changeguard-agent-config -n changeguard-agent \
  --from-literal=API_KEY=cg_your_key \
  --from-literal=CLUSTER_ID=my-cluster \
  --from-literal=PUSH_INTERVAL=30s
kubectl rollout restart deployment/changeguard-agent -n changeguard-agent