Install

Run BytePort on your cluster in 60 seconds.

All it needs: read-only Kube creds and outbound HTTPS to api.byteport.polsia.app. In the first 5 minutes it inventories signals, classifies incidents by type, and dry-runs every fix before executing.

helm install byteport byteport/byteport-agent --namespace byteport-agent --create-namespace

Default mode is dry_run — it plans every action and posts it to your ops channel. Nothing executes without approval for the first 24 h.

Step 1

Prerequisites

⎈

Kubernetes 1.24+ — any managed cluster (EKS, GKE, AKS) or self-hosted. The agent deploys as a single Deployment in its own namespace.

🔒

Outbound HTTPS to api.byteport.polsia.app:443 — used only to report runbook decisions and post-remediation postmortems. No inbound port needed.

🪪

A ServiceAccount with these verbs (Helm creates it automatically; listed here for security review):

Resource	Verbs	Why
pods, nodes, events	`get`, `list`, `watch`	Signal collection
deployments, replicasets	`get`, `list`, `watch`	Runbook matching
deployments	`patch`	Rollback action only — guarded by allowlist
pods/exec	`create`	Diagnostics (`df -h`, `free -m`) — read-only commands

🔑

A BYTEPORT_API_KEY — get one at byteport.polsia.app/pricing. Starter tier is free for the first 10 resolved incidents.

Step 2

Install

Two options — pick whichever fits your workflow. Both produce identical runtime behaviour.

Option A — Helm (recommended)

bash

# Add the BytePort chart repo
helm repo add byteport https://byteport.polsia.app/charts
helm repo update

# Install — default mode is dry_run (safe to run in prod immediately)
helm install byteport byteport/byteport-agent \
  --namespace byteport-agent \
  --create-namespace \
  --set config.apiKey=YOUR_BYTEPORT_API_KEY \
  --set config.clusterName=prod-us-east-1 \
  --set config.mode=dry_run

# Confirm the agent is running and watching (logs appear within 30s)
kubectl get pods -n byteport-agent
kubectl logs -n byteport-agent -l app.kubernetes.io/name=byteport-agent --tail=20

Option B — Raw manifest

bash

# Download and inspect the manifest before applying
curl -sL https://byteport.polsia.app/install/manifest.yaml -o byteport-manifest.yaml

# Apply to your cluster
kubectl apply -f byteport-manifest.yaml

# Set required env vars on the Deployment
kubectl set env deployment/byteport-agent \
  -n byteport-agent \
  BYTEPORT_API_KEY=YOUR_API_KEY \
  BYTEPORT_CLUSTER_NAME=prod-us-east-1 \
  BYTEPORT_MODE=dry_run

After install, you should see the agent reporting to your ops channel within 60 seconds:

text

byteport-agent  INFO  Signal monitor started — cluster: prod-us-east-1
byteport-agent  INFO  Adapter: kubernetes-events connected (12 nodes, 47 pods)
byteport-agent  INFO  Mode: dry_run — runbook plans will be posted to Slack before execution
byteport-agent  INFO  Ready. Watching for: disk_pressure, memory_pressure, pod_crashloop, tls_cert_expiring, db_connections_saturated

Step 3

Configure

Three required vars. Everything else is optional.

env

# Required
BYTEPORT_API_KEY=bp_live_...         # from /pricing — Starter is free
BYTEPORT_CLUSTER_NAME=prod-us-east-1 # shows up in postmortems + Slack messages
BYTEPORT_MODE=dry_run                # dry_run | auto (see below)

# Notify — at least one required (Slack recommended)
BYTEPORT_SLACK_WEBHOOK_URL=https://hooks.slack.com/services/...
BYTEPORT_PAGERDUTY_ROUTING_KEY=...  # optional — escalation fan-out

# Signal adapter — defaults to Kubernetes events; override for Prometheus/Datadog
BYTEPORT_ADAPTER=kubernetes          # kubernetes | prometheus | datadog | cloudwatch | sentry
PROMETHEUS_URL=http://prometheus:9090 # if adapter=prometheus

Why dry_run for the first 24 hours? The agent needs one full on-call cycle to build a signal baseline for your cluster. In dry_run mode every planned action is posted to your ops channel as a structured message — you see exactly what it would have done and can approve or dismiss. After 24 h of signal history, switching to auto is a one-liner: helm upgrade byteport byteport/byteport-agent --set config.mode=auto.

Step 4

How your first signal looks end-to-end

Here's the full loop from alert to postmortem — takes about 4 minutes for a disk-pressure incident:

Signal

disk_pressure detected on node-3 (91% used)

→

Classify

Runbook matcher picks DiskSpaceAutoReclaimRunbook

→

Dry-run plan

Posts to Slack: "will run docker system prune -f — approve?"

→

Execute

Operator approves (or auto mode acts immediately)

→

Verify

Re-polls signal — confirms disk back below threshold

→

Postmortem

Auto-generated markdown posted to GitHub Issues + emailed

To trigger a synthetic test signal without waiting for a real incident:

bash

# Trigger a synthetic disk_pressure signal (safe — dry_run by default)
curl -X POST https://byteport.polsia.app/api/webhooks/signal \
  -H "Content-Type: application/json" \
  -d '{
    "signal_type": "disk_pressure",
    "value": 91.5,
    "severity": "warning",
    "cluster": "prod-us-east-1",
    "node": "node-3"
  }'

Check byteport.polsia.app/incidents within 30 seconds — your signal will appear in the live feed.

After install, BytePort auto-handles 9 pager classes without intervention. See the full autonomy matrix →

Step 5

What stays in your cluster vs. what calls home

The #1 question from security-conscious buyers. Here's the complete list:

✓ Stays in your cluster

Raw pod logs and application logs
Secrets, ConfigMaps, environment variables
Container images and build artifacts
kubectl exec output (used locally for diagnostics only)
Customer data in databases
Network traffic payload

↑ Leaves the cluster (to BytePort API)

Signal metadata: type, value, severity, timestamp, node/pod name
Runbook decision: which runbook matched, confidence score
Action outcome: succeeded / failed / escalated, MTTR
Postmortem text (structured markdown, no log lines)
Cluster name and Kubernetes version (for compatibility checks)

Air-gapped option: Scale tier supports fully on-prem control plane with zero external egress. Email sales to discuss.

Step 6

Uninstall

One command. Removes all cluster resources including the ServiceAccount and RBAC roles:

bash

helm uninstall byteport --namespace byteport-agent
kubectl delete namespace byteport-agent

Signal history and postmortems are kept in your BytePort account for 90 days after uninstall. Data deletion on request.

Start in dry_run mode — free.

First 10 resolved incidents are on us. No credit card. Switch to auto whenever you're ready.

Get your API key — Starter is free → See a live incident resolved →