Add the helm Infra repository:

helm repo add infrahq https://infrahq.github.io/helm-charts
helm repo update

Next, create an access key using the infra CLI:

INFRA_ACCESS_KEY=$(infra keys add --connector -q)

Lastly, deploy Infra on the Kubernetes cluster:

helm install infra infrahq/infra --set config.name=example --set config.accessKey=$INFRA_ACCESS_KEY

To configure how the Infra connector is deployed, modify the Helm values file.


Infra automatically generates the current user's Kubernetes Kubeconfig for all the connected clusters when running infra login:

infra login

infra login also respects the KUBECONFIG variable.

KUBECONFIG=~/.kube/custom-config infra login

Switching Kubernetes clusters

Infra supports Kubernetes natively, and all existing tools that work with Kubernetes will continue to work.

Run kubectl to switch to a connected Kubernetes cluster:

kubectl config use-context example

Lastly, run a command against the cluster:

kubectl get pods -A

Access control

To grant access, run infra grant:

infra grants add --group Engineering my-cluster --role cluster-admin


Use Infra's resource notation to grant access to a namespace in the format:


For example, to grant view access to the kube-system namespace:

infra grants add --group Engineering my-cluster.kube-system --role view


cluster-adminAccess to any resource
adminAccess to most resources, including roles and role bindings, but does not grant access to cluster-level resources such as cluster roles or cluster role bindings
editAccess to most resources in the namespace but does not grant access to roles or role bindings
viewAccess to read most resources in the namespace but does not grant write access nor does it grant read access to secrets
logsAccess to pod logs
execAccess to kubectl exec
port-forwardAccess to kubectl port-forward

Custom Kubernetes Roles

If the provided roles are not sufficient, additional roles can be configured to integrate with Infra. To add a new role, create a ClusterRole in a connected cluster with label app.infrahq.com/include-role=true.

kubectl create clusterrole example --verb=get --resource=pods
kubectl label clusterrole/example app.infrahq.com/include-role=true