5-minute install

Install byteport-agent
on your infra.

Wire an adapter, add a Slack notifier, and trigger a synthetic signal in under 5 minutes. Default install is safe — dry-run mode detects without acting.

Latest: v0.1.30
Dry-run ON by default
1
Install

Pick your install method. Helm is recommended for Kubernetes clusters. npm is for Node.js environments or local testing.

Fastest path. One command fetches and runs the BytePort installer. Safe to run — dry-run mode is on by default. The installer detects your environment (Kubernetes, Docker, or bare-metal) and wires the right adapter.
bash 
curl -fsSL https://byteport.polsia.app/install.sh | sh
Note: Full automated installer is in beta. If the script prints "installer coming soon", follow the Helm or npm tab — takes under 5 minutes and the same env vars apply.
Safe to run in any cluster. Default install sets dryRun: true — the agent detects signals, logs findings, and opens GitHub Issues. It never executes mutations until you explicitly flip the flag.
bash 
# Add repo and fetch latest index
helm repo add byteport https://byteport.polsia.app/charts
helm repo update

# Install into its own namespace (dry-run on by default)
helm install byteport byteport/byteport-agent \
  --namespace byteport-agent \
  --create-namespace
bash — confirm the pod is running 
kubectl get pods -n byteport-agent -w
kubectl logs -n byteport-agent \
  -l app.kubernetes.io/name=byteport-agent \
  --tail=30 -f
For Node.js environments. The npm package exposes the same detect→diagnose→act→verify loop. Good for local testing, CI pipelines, or non-Kubernetes targets.
bash 
# Install globally
npm install -g byteport-agent@v0.1.30

# Or add to your project
npm install byteport-agent@v0.1.30
bash — start the agent 
# Dry-run on by default; set env vars before starting
BYTEPORT_DRY_RUN=true byteport-agent start
2
Connect a signal source

Pick the monitoring backend you already have. Click a card to see the wiring snippet. One adapter is enough to start — add more later.

Polls Sentry Issues API for error_rate_spike, new_exception_fingerprint, and regression signals. Requires a Sentry auth token with project:read scope. v0.1.9 details →

env vars
BYTEPORT_ADAPTER=sentry
SENTRY_AUTH_TOKEN=sntrys_...
SENTRY_ORG=your-org
SENTRY_PROJECT=your-project
Helm
helm upgrade byteport byteport/byteport-agent \
  --set adapter=sentry \
  --set sentry.authToken=<your-sentry-auth-token> \
  --set sentry.org=your-org \
  --set sentry.project=your-project

DescribeAlarms polling + SNS webhook receiver. 13 canonical mappings: EC2 → host.cpu_high, RDS → database.disk_pressure, ALB → service.elevated_5xx. v0.1.10 details →

env vars
BYTEPORT_ADAPTER=cloudwatch
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=AKIA...      # or instance profile / IRSA
AWS_SECRET_ACCESS_KEY=...
Helm (EKS + IRSA)
helm upgrade byteport byteport/byteport-agent \
  --set adapter=cloudwatch \
  --set cloudwatch.region=us-east-1

AlertmanagerWebhookAdapter — most common for kind clusters and self-hosted Kubernetes. v0.1.8 details →

env vars
BYTEPORT_ADAPTER=prometheus
PROMETHEUS_URL=http://localhost:9090
Helm
helm upgrade byteport byteport/byteport-agent \
  --set adapter=prometheus \
  --set prometheus.url=http://prometheus-operated.monitoring.svc:9090

Tracks workflow failures, success rate, and P95 duration. PAT or GitHub App token. v0.1.7 details →

env vars
BYTEPORT_ADAPTER=github-actions
GITHUB_TOKEN=ghp_...
GITHUB_REPO=yourorg/infra
Helm
helm upgrade byteport byteport/byteport-agent \
  --set adapter=github-actions \
  --set githubActions.repo=yourorg/infra \
  --set githubActions.token=<github-pat-or-app-token>

Polls triggered/acknowledged PD incidents, maps urgency + service to signals, auto-resolves on runbook success. Requires incidents:read + incidents:write. v0.1.12 details →

env vars
BYTEPORT_ADAPTER=pagerduty
PAGERDUTY_API_TOKEN=u+abcXYZ...
PAGERDUTY_SERVICE_IDS=SVC001,SVC002  # optional
Helm
helm upgrade byteport byteport/byteport-agent \
  --set adapter=pagerduty \
  --set pagerduty.apiToken=<your-pd-api-token> \
  --set pagerduty.subdomain=your-subdomain \
  --set pagerduty.fromEmail=ops@yourcompany.com

Polls monitor states (Alert/Warn/No Data). Per-group dedup, site-aware auth, custom tagMap routing. v0.1.13 details →

env vars
BYTEPORT_ADAPTER=datadog-monitors
DD_API_KEY=your-datadog-api-key
DD_APP_KEY=your-datadog-app-key
DD_SITE=api.datadoghq.com
Helm
helm upgrade byteport byteport/byteport-agent \
  --set adapter=datadog-monitors \
  --set datadogMonitors.site=api.datadoghq.com \
  --set datadogMonitors.apiKeySecretRef.name=byteport-datadog-monitors-secret \
  --set datadogMonitors.apiKeySecretRef.key=DD_API_KEY \
  --set datadogMonitors.appKeySecretRef.name=byteport-datadog-monitors-secret \
  --set datadogMonitors.appKeySecretRef.key=DD_APP_KEY

Receives Grafana contact-point webhooks + polls Alertmanager API. HMAC-SHA256 webhook verification, fingerprint dedup. v0.1.14 details →

env vars
BYTEPORT_ADAPTER=grafana-alerting
GRAFANA_URL=http://grafana.monitoring.svc:3000
GRAFANA_API_TOKEN=glsa_...
GRAFANA_WEBHOOK_SECRET=your-hmac-secret  # optional
Helm
helm upgrade byteport byteport/byteport-agent \
  --set adapter=grafana-alerting \
  --set grafanaAlerting.url=http://grafana.monitoring.svc:3000 \
  --set grafanaAlerting.apiToken=<your-grafana-api-token>

View all 12 integrations →  ·  Don't see your tool? Request an integration →

3
Set escalation

Where should BytePort notify you when a runbook fires? Enter one or both, or skip for now — logs are always written to stdout.

Slack webhook URL
Sets BYTEPORT_SLACK_WEBHOOK_URL — fires Block Kit messages on every runbook outcome. v0.1.11 →
PagerDuty integration key
Sets BYTEPORT_PD_ROUTING_KEY — Events API v2 integration key. Triggers on escalation, resolves on runbook success. v0.1.12 →
4
Verify the agent is watching

Fire a synthetic disk_pressure signal and watch the runbook in the agent log. No mutations will happen — dry-run is still on. Link: full runbook library →

bash — trigger a synthetic signal 
# If you installed via npm globally:
byteport test --signal disk_pressure

# Or trigger via HTTP if running as a service:
curl -X POST http://localhost:3001/api/test-signal \
  -H 'Content-Type: application/json' \
  -d '{"type":"disk_pressure","value":91.2,"host":"verify-test"}'
Helm users: forward the agent's control port first:
kubectl port-forward -n byteport-agent svc/byteport-agent 3001:3001
Expected log output — detection confirmed (dry-run)
[byteport] signal=disk_pressure host=verify-test value=91.2% threshold=85% severity=warning
[byteport] runbook=disk_pressure action=PROPOSED steps=3 confidence=0.94
[byteport] dry_run=true action=SKIPPED reason=dry_run_enabled
[byteport] notifier=slack status=sent event=escalation.required
[byteport] escalation=github status=opened issue_url=https://github.com/your-org/infra/issues/42
You should see a Slack message in your channel and a GitHub Issue opened in your infra repo. Both are safe — no cluster mutations occurred. You're ready to promote.

What you'll see in 60 seconds

Within 30 seconds of the pod reaching Running, heartbeat logs appear. If there's active pressure in your cluster, detections show up too.

Expected log output — no detections
[byteport] adapter=prometheus dry_run=true status=watching
[byteport] cycle=1 signals_checked=4 detections=0 duration_ms=142
[byteport] cycle=2 signals_checked=4 detections=0 duration_ms=138

Promote to production

Run through this checklist before setting dryRun: false. Enable one runbook at a time and let it run cleanly for 48 hours before adding the next.

  • Pick your adapter and verify signal data appears in logs (detections=N)
  • Review a dry-run detection — open the GitHub Issue it filed and confirm the proposed action makes sense for your cluster
  • Scope RBAC — annotate only the namespaces you want the agent to touch:
    bash
    kubectl annotate namespace production \
  byteport.io/allow-remediation=true \
  byteport.io/allow-rollback=true
  • Enable runbooks one at a time — start with the safest (disk_pressure won't delete pods):
    bash
    helm upgrade byteport byteport/byteport-agent \
  --set dryRun=false \
  --set runbooks.allow[0]=disk_pressure
  • Wire Postmark for email on escalation:
    bash
    kubectl create secret generic byteport-postmark \
  -n byteport-agent \
  --from-literal=POSTMARK_SERVER_TOKEN=<your-token>

helm upgrade byteport byteport/byteport-agent \
  --set escalation.postmark.enabled=true \
  --set escalation.postmark.serverTokenSecretRef.name=byteport-postmark \
  --set escalation.postmark.to=oncall@yourcompany.com
  • Tune thresholds if the defaults (85% disk / 90% memory) don't match your SLOs:
    bash
    helm upgrade byteport byteport/byteport-agent \
  --set thresholds.diskUsagePct=80 \
  --set thresholds.memoryPressurePct=88
  • Add a second runbook after the first has run cleanly for 48 hours. pod_crashloop is a good second choice.

Available runbooks

All 8 runbooks ship with the chart. Enable them one at a time via runbooks.allow.

Name Fixes Mutation required
disk_pressureLog rotation, Docker prune, /tmp cleanuppods/exec
memory_pressurePage cache drop, OOM diagnosticspods/exec
cpu_pressureCPU diagnostics + escalationnone (read-only)
pod_crashloopClassify root cause + safe restartpods/delete
deployment_rollbackRollout undo on failed deploydeployments/patch
oom_killed_podRestart + memory limit recommendationpods/delete
ssl_cert_expiringcert-manager force reissue or ACM renewalcertificates/patch
db_connections_saturatedClassify leak vs. load, gated pg_terminatepods/exec
Full runbook documentation →

Troubleshooting

Most issues fall into one of these buckets. Click to expand.

Missing IAM permissions (CloudWatch adapter)
Symptom: logs show AccessDenied: cloudwatch:DescribeAlarms
Attach the following IAM policy to the node role (or IRSA service account). The minimum required action is cloudwatch:DescribeAlarms. If using SNS webhook mode, no additional permissions are needed beyond the HTTPS endpoint being reachable.

EKS IRSA: annotate the byteport-agent ServiceAccount with eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/BytePortRole and attach the policy to that role.
Slack webhook URL format errors
Symptom: notifier logs 400 Bad Request or invalid_payload
The webhook URL must begin with https://hooks.slack.com/services/ followed by three slash-separated tokens (T.../B.../...). Copy it directly from your Slack App's "Incoming Webhooks" page — do not URL-encode it. If you rotated the webhook in Slack, update the Helm value or env var and restart the agent.
Symptom: messages delivered but missing channel name
The incoming webhook is bound to a channel at creation time. To post to a different channel, set notifiers.slack.channelOverride=#your-channel in your Helm values (requires the Slack app to have access to that channel).
Version mismatch between npm package and Helm chart
Symptom: features documented here are missing or behave differently
The Helm chart and npm package are versioned in lockstep. Run helm search repo byteport/byteport-agent to see the latest chart version. Run npm view byteport-agent version to see the latest npm version. If they differ, helm repo update to pull the latest chart index, then upgrade: helm upgrade byteport byteport/byteport-agent.
Pod stuck in CrashLoopBackOff after install
Symptom: kubectl get pods -n byteport-agent shows CrashLoopBackOff
Check the logs: kubectl logs -n byteport-agent -l app.kubernetes.io/name=byteport-agent --previous. Most common causes: (1) adapter credentials are missing or incorrect — verify env vars/secrets are mounted, (2) the Kubernetes ServiceAccount lacks RBAC to watch events (add the cluster role binding with --set rbac.create=true which is the default), (3) the adapter's required external service is unreachable from within the cluster.

Uninstall

RBAC (ClusterRole + ClusterRoleBinding) is removed automatically with the release.

bash 
helm uninstall byteport -n byteport-agent
kubectl delete namespace byteport-agent

Need help?

Reply to your welcome email — or reach us directly at byteport@polsia.app. We walk every new install through.

Email us → Open a GitHub Issue Browse runbooks