Skip to content

astuto-ai/onelens-installation-scripts

BranchesTags

Repository files navigation

OneLens Installation Scripts

Simplified Kubernetes cost optimization and monitoring deployment

Documentation Helm Charts Docker

Table of Contents

Overview

OneLens deploys a monitoring stack into your Kubernetes cluster to collect cost and resource utilization data. The deployment consists of two parts:

  1. OneLens Deployer (this chart) - A Kubernetes Job that installs and configures the monitoring stack. A daily CronJob keeps it updated.
  2. OneLens Agent (installed by the deployer) - The monitoring stack: OneLens Agent, Prometheus, OpenCost, and Kube-State-Metrics.

You only install the deployer chart. It handles everything else.

Prerequisites

  • Kubernetes cluster (1.25+)
  • Helm 3.0+
  • kubectl configured for your cluster
  • AWS EBS CSI driver (for AWS EKS clusters) or Azure Disk CSI driver (for AKS clusters)
  • Minimum node resources available: 50m CPU and 256Mi memory for the deployer job

Run the pre-requisite checker to validate your environment before installing. It checks connectivity, tools, Kubernetes version, and CSI driver status:

curl -sSL https://raw.githubusercontent.com/astuto-ai/onelens-installation-scripts/master/scripts/prereq-check/onelens-prereq-check.sh | bash

Quick Start

1. Add the Helm repository

OneLens charts are hosted on a public Helm repository. Add it to your local Helm client so you can install charts from it:

helm repo add onelens https://astuto-ai.github.io/onelens-installation-scripts/
helm repo update

2. Install

This installs the OneLens deployer, which registers your cluster and sets up the full monitoring stack. You only need to do this once per cluster — running it again on an already-connected cluster will fail at registration.

Your Kubernetes clusters are automatically discovered and visible in the OneLens console. Navigate to the cluster you want to connect, and the console provides a ready-to-use install command with the REGISTRATION_TOKEN pre-filled. Copy and run it directly, or use the template below:

helm upgrade --install onelensdeployer onelens/onelensdeployer \
  -n onelens-agent --create-namespace \
  --set job.env.CLUSTER_NAME=<cluster-name> \
  --set job.env.REGION=<region> \
  --set-string job.env.ACCOUNT=<account-id> \
  --set job.env.REGISTRATION_TOKEN=<token>

Add any optional parameters (encryption, labels, tolerations) from the Configuration Reference below.

3. Verify installation

# Check all pods are running
kubectl get pods -n onelens-agent

# Expected pods (all should be Running):
#   onelens-agent-prometheus-server-*        - Metrics storage
#   onelens-agent-kube-state-metrics-*       - Kubernetes object metrics
#   onelens-agent-prometheus-opencost-*      - Cost metrics
#   onelens-agent-prometheus-pushgateway-*   - Metrics push endpoint
#
# Note: The onelens-agent pod is a CronJob that runs hourly by default.
# It collects metrics from Prometheus and sends them to the OneLens API.
# It will not appear until its first scheduled run. To trigger it immediately,
# see step 4 below.

4. Trigger a manual data collection (optional)

kubectl create job manual-trigger --from=cronjob/onelens-agent -n onelens-agent

Configuration Reference

All parameters below are passed via --set flags during helm upgrade --install. Examples are shown with each section so you can copy-paste and adapt.

  • Required Parameters — cluster name, region, account, token
  • Storage Encryption — encrypt Prometheus persistent volumes (AWS EBS / Azure Disk)
  • Volume Tags — apply custom tags to persistent volumes for cost tracking
  • Node Scheduling — run OneLens pods on dedicated or specific nodes
  • Labels — apply custom labels to all OneLens resources
  • Other — image pull secrets, CronJob schedule, suspend updater

Required Parameters

Parameter Description
job.env.CLUSTER_NAME Your Kubernetes cluster name
job.env.REGION Cloud region (e.g., us-east-1, centralindia)
job.env.ACCOUNT Cloud account ID (use --set-string to preserve leading zeros)
job.env.REGISTRATION_TOKEN Registration token from OneLens platform
AWS EKS example 
helm upgrade --install onelensdeployer onelens/onelensdeployer \
  -n onelens-agent --create-namespace \
  --set job.env.CLUSTER_NAME=my-eks-cluster \
  --set job.env.REGION=us-east-1 \
  --set-string job.env.ACCOUNT=123456789012 \
  --set job.env.REGISTRATION_TOKEN=your-token
Azure AKS example 
helm upgrade --install onelensdeployer onelens/onelensdeployer \
  -n onelens-agent --create-namespace \
  --set job.env.CLUSTER_NAME=my-aks-cluster \
  --set job.env.REGION=centralindia \
  --set-string job.env.ACCOUNT=your-subscription-id \
  --set job.env.REGISTRATION_TOKEN=your-token

Storage Encryption

OneLens creates a StorageClass for Prometheus persistent volumes. You can enable encryption on these volumes.

AWS EBS
Parameter Description Default
job.env.EBS_ENCRYPTION_ENABLED Enable EBS volume encryption false
job.env.EBS_ENCRYPTION_KEY Custom KMS key ARN (omit to use AWS default aws/ebs key) ""

Encrypt with the default AWS-managed key (aws/ebs):

helm upgrade --install onelensdeployer onelens/onelensdeployer \
  -n onelens-agent --create-namespace \
  --set job.env.CLUSTER_NAME=my-eks-cluster \
  --set job.env.REGION=us-east-1 \
  --set-string job.env.ACCOUNT=123456789012 \
  --set job.env.REGISTRATION_TOKEN=your-token \
  --set job.env.EBS_ENCRYPTION_ENABLED=true

Encrypt with a customer-managed KMS key:

helm upgrade --install onelensdeployer onelens/onelensdeployer \
  -n onelens-agent --create-namespace \
  --set job.env.CLUSTER_NAME=my-eks-cluster \
  --set job.env.REGION=us-east-1 \
  --set-string job.env.ACCOUNT=123456789012 \
  --set job.env.REGISTRATION_TOKEN=your-token \
  --set job.env.EBS_ENCRYPTION_ENABLED=true \
  --set job.env.EBS_ENCRYPTION_KEY=arn:aws:kms:us-east-1:123456789012:key/your-key-id
Azure Disk
Parameter Description Default
job.env.AZURE_DISK_ENCRYPTION_ENABLED Enable Azure Disk encryption false
job.env.AZURE_DISK_ENCRYPTION_SET_ID Azure Disk Encryption Set resource ID ""
job.env.AZURE_DISK_CACHING_MODE Disk caching mode (None, ReadOnly, ReadWrite) ReadOnly 
helm upgrade --install onelensdeployer onelens/onelensdeployer \
  -n onelens-agent --create-namespace \
  --set job.env.CLUSTER_NAME=my-aks-cluster \
  --set job.env.REGION=centralindia \
  --set-string job.env.ACCOUNT=your-subscription-id \
  --set job.env.REGISTRATION_TOKEN=your-token \
  --set job.env.AZURE_DISK_ENCRYPTION_ENABLED=true \
  --set job.env.AZURE_DISK_ENCRYPTION_SET_ID=/subscriptions/<sub-id>/resourceGroups/<rg>/providers/Microsoft.Compute/diskEncryptionSets/<des-name>

Volume Tags

Apply custom tags to the persistent volumes created by OneLens. Useful for cost tracking and compliance.

AWS EBS
Parameter Description Default
job.env.EBS_TAGS_ENABLED Enable custom tags on EBS volumes false
job.env.EBS_TAGS Comma-separated key=value pairs "" 
  --set job.env.EBS_TAGS_ENABLED=true \
  --set job.env.EBS_TAGS="env=prod,team=platform,cost-center=engineering"
Azure Disk
Parameter Description Default
job.env.AZURE_DISK_TAGS_ENABLED Enable custom tags on Azure Disks false
job.env.AZURE_DISK_TAGS Comma-separated key=value pairs "" 
  --set job.env.AZURE_DISK_TAGS_ENABLED=true \
  --set job.env.AZURE_DISK_TAGS="env=prod,team=platform,cost-center=engineering"

Node Scheduling

Schedule OneLens pods on specific nodes using nodeSelector and tolerations. The job.env.* parameters apply to the agent pods (Prometheus, KSM, OpenCost, etc.). To also schedule the deployer job/cronjob on the same nodes, set job.tolerations, job.nodeSelector, cronjob.tolerations, and cronjob.nodeSelector as shown in the example.

Parameter Description Default
job.env.NODE_SELECTOR_KEY Node selector label key (applied to all agent pods) ""
job.env.NODE_SELECTOR_VALUE Node selector label value ""
job.env.TOLERATION_KEY Toleration key (applied to all agent pods) ""
job.env.TOLERATION_VALUE Toleration value (leave empty for Exists operator) ""
job.env.TOLERATION_OPERATOR Equal or Exists ""
job.env.TOLERATION_EFFECT NoSchedule, PreferNoSchedule, or NoExecute ""

Example — nodes tainted with dedicated=onelens:NoSchedule:

helm upgrade --install onelensdeployer onelens/onelensdeployer \
  -n onelens-agent --create-namespace \
  --set job.env.CLUSTER_NAME=my-cluster \
  --set job.env.REGION=us-east-1 \
  --set-string job.env.ACCOUNT=123456789012 \
  --set job.env.REGISTRATION_TOKEN=your-token \
  --set job.env.NODE_SELECTOR_KEY=dedicated \
  --set job.env.NODE_SELECTOR_VALUE=onelens \
  --set job.env.TOLERATION_KEY=dedicated \
  --set job.env.TOLERATION_VALUE=onelens \
  --set job.env.TOLERATION_OPERATOR=Equal \
  --set job.env.TOLERATION_EFFECT=NoSchedule \
  --set job.nodeSelector.dedicated=onelens \
  --set 'job.tolerations[0].key=dedicated' \
  --set 'job.tolerations[0].operator=Equal' \
  --set 'job.tolerations[0].value=onelens' \
  --set 'job.tolerations[0].effect=NoSchedule' \
  --set cronjob.nodeSelector.dedicated=onelens \
  --set 'cronjob.tolerations[0].key=dedicated' \
  --set 'cronjob.tolerations[0].operator=Equal' \
  --set 'cronjob.tolerations[0].value=onelens' \
  --set 'cronjob.tolerations[0].effect=NoSchedule'

For taints without a value (e.g., dedicated:NoSchedule), use Exists operator and omit the value:

  --set job.env.TOLERATION_OPERATOR=Exists \
  --set-string job.env.TOLERATION_VALUE="" \
  --set 'job.tolerations[0].operator=Exists'

Labels

Apply custom labels to OneLens resources. Useful for organizational policies that require specific labels on all resources.

Parameter Description Default
globals.labels Applied to namespace, deployer job/cronjob, and all agent pods {}
job.labels Additional labels only on the deployer job {}
cronjob.labels Additional labels only on the updater cronjob {} 
  --set globals.labels."company\.com/team"=platform \
  --set globals.labels."company\.com/env"=prod

Other

Parameter Description Default
job.env.IMAGE_PULL_SECRET Image pull secret name for private registries ""
cronjob.schedule Updater CronJob schedule "0 2 * * *"
cronjob.suspend Suspend the daily updater false

Upgrade

To upgrade to a newer version:

helm repo update
helm upgrade onelensdeployer onelens/onelensdeployer \
  -n onelens-agent \
  --version <new-version> \
  --reuse-values

The deployer job will re-run and upgrade the agent stack to the matching version.

Uninstall

# Remove the deployer
helm uninstall onelensdeployer -n onelens-agent

# Remove the agent stack (installed by the deployer)
helm uninstall onelens-agent -n onelens-agent

# Optionally delete the namespace and all resources
kubectl delete namespace onelens-agent

Note: PersistentVolumeClaims are retained by default (helm.sh/resource-policy: keep). To also delete Prometheus data:

kubectl delete pvc -n onelens-agent --all

Troubleshooting

See the Troubleshooting Guide for common issues, diagnostic commands, and operational procedures.

How It Works

helm install onelensdeployer
    |
    v
[Deployer Job] -- runs install.sh inside a pod
    |              - detects cloud provider (AWS/Azure)
    |              - registers cluster with OneLens API
    |              - sizes resources based on pod count
    |              - creates StorageClass, RBAC, namespace
    |              - runs: helm install onelens-agent
    v
[OneLens Agent Stack]
    - Prometheus (metrics collection + storage)
    - Kube-State-Metrics (Kubernetes object metrics)
    - OpenCost (cost calculation)
    - OneLens Agent (data processing + upload to OneLens platform)
    - Pushgateway (metrics push endpoint)
    |
    v
[Daily Updater CronJob] -- runs patching.sh
    - re-evaluates cluster size
    - adjusts resource allocations
    - applies configuration updates

Documentation

Scripts & Tools

Support

About

Onelens Agent Bootstraper

astuto-ai.github.io/onelens-installation-scripts/

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 16

Release v2.1.7 Latest
Mar 12, 2026
+ 15 releases

Contributors

Languages