Install a Kubernetes Delegate
- Before You Begin
- Limitations
- Visual Summary
- Review: Inline and Standalone Installation
- Review: Where Can I Install the Kubernetes Delegate?
- Step 1: Ensure Kubernetes Prerequisites
- Step 2: Select the Kubernetes Delegate Type
- Step 3: Select Delegate Size
- Step 4: Download and Install the Script
- Step 5: Verify
- Option: Troubleshooting
- Harness Kubernetes Delegate Environment Variables
- See Also
The Harness Delegate is a service you run in your own environment, such as your local network, VPC, or cluster.
For example, you can run the Delegate in the deployment target cluster for a CD Pipeline or the build farm cluster for a CI Pipeline.
The Delegate connects all of your artifact, infrastructure, collaboration, verification, and other providers with the Harness Manager.
Most importantly, the Delegate performs all Harness operations.
There are several types of Delegates. This topic describes how to install the Kubernetes Delegate.
Before You Begin
- Learn Harness' Key Concepts
- Delegate Requirements and Limitations
- Delegates Overview
- Delegate Installation Overview
Limitations
Currently, Harness Kubernetes Delegates don't install with the default settings in GKE Auto Pilot Mode. Please use the Manual mode when creating the cluster to make sure it meets the Delegate requirements.
The Delegate requires access to all the Connectors and Harness Secrets needed to run a Pipeline. This means that the Delegate requires permissions to do the following:
- Access all the secrets used by all the Connectors used in a Pipeline.
- Create and update secrets in Kubernetes. This is necessary to pull the images needed to run individual Steps.
Visual Summary
The following diagram shows how the Delegate enables Harness to integrate with all of your deployment resources:

Here's a 10min video that walks you through adding a Harness Kubernetes Cluster Connector and Harness Kubernetes Delegate. The Delegate is added to the target cluster and then the Kubernetes Cluster Connector uses the Delegate to connect to the cluster:
Review: Inline and Standalone Installation
You can install a Delegate whenever you are adding a Connector to a Pipeline or you can install one outside a Pipeline in Resources.
The steps involved are the same.
Review: Where Can I Install the Kubernetes Delegate?
You can install the Kubernetes Delegate inside or outside your deployment target cluster (CD) or build farm cluster (CIE).
- Inside the cluster: you can install the Kubernetes Delegate inside the target or build farm cluster. Later, when you add a Kubernetes Cluster Connector, the Connector can inherit its credentials from the Kubernetes Delegate.
- Outside the cluster: you can install the Kubernetes Delegate outside the target or build farm cluster. Later, when you add a Kubernetes Cluster Connector, the Connector cannot inherit its credentials from the Kubernetes Delegate. In this case, the Kubernetes Cluster Connector must use an alternate method for credentials. For example, the master URL of the target cluster and a Service Account with the required credentials.
Step 1: Ensure Kubernetes Prerequisites
To install a Kubernetes Delegate, you must have access to a Kubernetes cluster. You'll install the Harness Delegate as YAML or Helm Chart.
For permissions, see Kubernetes Cluster Connector Settings Reference.
For connectivity, see Delegate Requirements and Limitations.
You'll need the following Kubernetes permissions to install the delegate:
- Permission to create a namespace (for the Harness Delegate namespace).
- Permission to create statefulSets (to create the Harness Delegate pod).
Step 2: Select the Kubernetes Delegate Type
Inline or standalone, click New Delegate.
Delegate selection options appear.

Click Kubernetes, and then click Continue.
Enter a name and description for the Delegate that will let others know what it is used for, or where it's installed.
Step 3: Select Delegate Size
In Delegate Size, select the size of Delegate you want to install.
Your Kubernetes cluster must have the unallocated resources required to run the Harness Delegate workload:
- Laptop - 1.6GB memory, 0.5CPU
- Small - 3.3GB memory, 1CPU
- Medium - 6.6GB memory, 2CPU
- Large - 13.2GB memory, 4CPU
Important Resource Considerations
These requirements are for the Delegate only. Your cluster will have system, Kubernetes, and other resources consumers. Make sure that the cluster has enough memory, storage, and CPU for all of its resource consumers.
Most importantly, when the Delegate is installed inside the target deployment or build farm cluster, the cluster must also support the resources needed by the services you are deploying or building.
For example, if you use the Small option that requires 3.3GB of memory, don't use a cluster with only 4GB or memory. It won't be enough to run the Delegate and other resources.
Step 4: Download and Install the Script
Click Download Script. The YAML file for the Kubernetes Delegate, and its README, will download to your computer as an archive.
Open a terminal and navigate to where the Delegate file is located.
Extract the YAML file's folder from the download and then navigate to the harness-delegate-kubernetes folder that you extracted:
tar -zxvf harness-delegate-kubernetes.tar.gz
cd harness-delegate-kubernetes
You'll connect to your cluster using the terminal so you can simply copy the YAML file over.
In the same terminal, log into your Kubernetes cluster. In most platforms, you select the cluster, click Connect, and copy the access command.
Let's quickly confirm that the cluster you created can connect to the Harness platform. Enter the following command:
Next, install the Harness Delegate using the harness-delegate.yaml file you just downloaded. In the terminal connected to your cluster, run this command:
kubectl apply -f harness-delegate.yaml
The successful output is something like this:
% kubectl apply -f harness-delegate.yaml
namespace/harness-delegate unchanged
clusterrolebinding.rbac.authorization.k8s.io/harness-delegate-cluster-admin unchanged
secret/k8s-quickstart-proxy unchanged
statefulset.apps/k8s-quickstart-sngxpn created
service/delegate-service unchanged
Run this command to verify that the Delegate pod was created:
kubectl get pods -n harness-delegate-ng
It'll take a moment for the Delegate to appear in Harness' Delegates list.
You're ready to connect Harness to your artifact server and cluster. After those quick steps, you'll begin creating your deployment.
Step 5: Verify
For an overview of verification, see Delegate Registration and Verification.
In the Delegate wizard, click Verify and Harness will verify that it is receiving heartbeats from the Delegate.
Your Delegate is installed.
Option: Troubleshooting
Harness will provide a lot of troubleshooting steps. Here are a few:
Check the status of the Delegate on your cluster:
kubectl describe pod <your-delegate-pod> -n harness-delegate-ng
Check the Delegate logs:
kubectl logs -f <harness-delegate> -n harness-delegate-ng
If the pod isn't up, you might see the following error in your cluster:
CrashLoopBackOff: Kubernetes Cluster Resources are not available.
Make sure the Kubernetes Cluster Resources (CPU, Memory) are enough.
If the Delegate didn’t reach a healthy state, try this:
kubectl describe pod <your-delegate-pod> -n harness-delegate-ng
Harness Kubernetes Delegate Environment Variables
The following table lists each of the environment variables in the Harness Kubernetes Delegate YAML.
Name | Description | Example |
| JVM options for the Delegate. Use this variable to override or add JVM parameters. | - name: JAVA_OPTS |
| The Harness account Id for the account where this Delegate will attempt to register. This value is added automatically to the Delegate config file (YAML, etc) when you add the Delegate. | - name: ACCOUNT_ID |
| The Harness account token used to register the Delegate. | - name: ACCOUNT_SECRET |
| The Harness SaaS manager URL. | - name: MANAGER_HOST_AND_PORT |
| The URL for the Watcher versions. | - name: WATCHER_STORAGE_URL |
| The Delegate version location for the Watcher to check for. | - name: WATCHER_CHECK_LOCATION |
| The CDN URL for Watcher builds. | - name: REMOTE_WATCHER_URL_CDN |
| The URL where published Delegate jars are stored. | - name: DELEGATE_STORAGE_URL |
| The storage location hosting the published Delegate versions. | - name: DELEGATE_CHECK_LOCATION |
| Deployment mode: Kubernetes, Docker, etc. | - name: DEPLOY_MODE |
| The name of the Delegate. This is the name that will appear in Harness when the Delegate is registered. You can automate Delegate creation by omitting the name, and then have a script copying the Delegate YAML file and add a unique name to | - name: DELEGATE_NAME |
| Indicates that this Delegate will register in Harness NextGen. If it set to | - name: NEXT_GEN |
| The description added to the Delegate in the Harness Manager or YAML before registering. It appears in the Delegate details page in the Harness Manager. | - name: DELEGATE_DESCRIPTION |
| The type of Delegate. | - name: DELEGATE_TYPE |
| The Tags added to the Delegate in the Harness Manager or YAML before registering. Tags are generated by Harness using the Delegate name but you can also add your own Tags. Tags appear in the Delegate details page in the Harness Manager. See Tags Reference and Select Delegates with Tags. | - name: DELEGATE_TAGS |
| The maximum number of tasks the Delegate can perform at once. All of the operations performed by the Delegate are categorized as different types of tasks. | - name: DELEGATE_TASK_LIMIT |
| The Harness Organization where the Delegate will register. Delegates at the account-level do not have a value for this variable. | - name: DELEGATE_ORG_IDENTIFIER |
| The Harness Project where the Delegate will register. Delegates at the account or Org-level do not have a value for this variable. | - name: DELEGATE_PROJECT_IDENTIFIER |
| All of the Delegates include proxy settings you can use to change how the Delegate connects to the Harness Manager. The | - name: PROXY_HOST |
| You can run scripts on the Delegate using For example, if you wanted to install software on the Delegate pod, you can enter the script in A multiline script must follow the YAML spec for literal scalar style. | - name: INIT_SCRIPT |
| Enables or disables polling for Delegate tasks. By default, the Delegate uses Secure WebSocket (WSS) for tasks. If the | - name: POLL_FOR_TASKS |
| By default, Harness Delegates are installed with and use Helm 3. You can set the Helm version in the Harness Delegate YAML file using the | - name: HELM_DESIRED_VERSION |
| Makes the Delegate use a CDN for new versions. | - name: USE_CDN |
| The CDN URL for Delegate versions. | - name: CDN_URL |
| The Java Runtime Environment version used by the Delegate. | - name: JRE_VERSION |
| When you Install and run a new Harness Delegate, Harness includes Helm 3 support automatically. But in some cases, you might want to use one of the custom Helm binaries available from Helm release. For a Helm 3 binary, enter the local path to the binary in For a Helm 2 binary, enter the path local path to the binary in | - name: HELM3_PATH |
| The Harness Delegate ships with the 3.5.4 release of Kustomize. If you want to use a different release of Kustomize, add it to a location on the Delegate, update | - name: KUSTOMIZE_PATH |
| You can use | - name: KUBECTL_PATH |
| By default, the Delegate requires HTTP/2 for gRPC (gRPC Remote Procedure Calls) be enabled for connectivity between the Delegate and Harness Manager. | - name: GRPC_SERVICE_ENABLED |
| By default, the Delegate always checks for new versions (via the Watcher). | - name: VERSION_CHECK_DISABLED |
| The namespace for the Delegate is taken from the | - name: DELEGATE_NAMESPACE |