ExoExo
§02 — Exo Control Plane

Prerequisites & topology

What you're installing, where it runs, and what the cluster needs before you apply anything. Read this once so the rest of the Deploy chapter has nothing surprising in it.

5 min read·Set by Exo Editorial·v0.3.0 Beta

Deploying Exo means standing up three things into your own Kubernetes cluster: the CRDs, the Exo Operator, and the platform (the Exo backend + UI). The recommended path — exo-install — applies all three for you, but it helps to know the shape before you run it.

Three components

  • CRDs — the five agentkube.io custom resource definitions (Agent, Tool, MCP, LLMGateway, Claw). Registering them is what lets you author agents as Kubernetes objects.
  • Operator — the agentkube-manager Deployment, its RBAC, and a pods/exec admission webhook. It reconciles the CRDs into running pods and (optionally) connects out to the control plane.
  • Platform — the Exo backend with the UI embedded in the same binary, plus its Postgres. This is the dashboard your team logs into and the control plane the Exo Operator phones home to.

Cluster requirements

  • Kubernetes 1.27+ with cluster-admin (you create CRDs, ClusterRoles, and namespaces).
  • A working kubectl context — Exo's installer drives the cluster through your existing kubeconfig, so exec plugins, OIDC, and cloud IAM all work unchanged.
  • The operator pod is tiny: requests 100m CPU / 128Mi, limits 500m / 512Mi. The platform pod requests 100m / 128Mi, limits 1 CPU / 512Mi.

Database

The platform needs PostgreSQL 16. You can let the installer deploy a bundled in-cluster Postgres (fine for trials), or bring your own managed instance (recommended for production) and pass its DSN. The backend runs all migrations, partition setup, and the encryption-keyring bootstrap at boot — there is no separate migration step to run.

Namespaces

  • agentkube-system — the operator's namespace (fixed; the webhook serving cert is signed foragentkube-manager.agentkube-system.svc).
  • Platform namespace — defaults to exo; you can override it (--namespace). Agents, Tools, and other CRs live in whatever namespaces you choose.

Network

  • Inbound to the platform: the backend serves plain HTTP on port 9092. Terminate TLS at your ingress.
  • Outbound from the Exo Operator: when run in managed mode, the operator opens one outbound WebSocket to the platform at /api/agentkube/connect. No inbound ports are opened on the operator's cluster.
  • Image pulls: the operator launches runtime pods fromadaptivelive/* images. Air-gapped clusters mirror these and setAGENTKUBE_IMAGE_REGISTRY — see Air-gapped.

Local tooling

Run the installer's pre-flight check before anything else:

terminal· bash
1exo-install precheck

It verifies (hard requirements marked ✓):

precheck· text
1kubectl on PATH                                        ✓ required
2helm on PATH                                           required only with --helm
3docker, git on PATH                                    advisory
4current kube-context set                               ✓ required
5cluster reachable                                      ✓ required
6server version                                         informational
7RBAC: can create CRDs / ClusterRoles / ns / deploys    advisory
Previous · StartGetting startedNext · Exo Control Plane Install with exo-install