Install Agones using Helm

Install Agones on a Kubernetes cluster using the Helm package manager.


Helm 3

Installing the Chart

To install the chart with the release name my-release using our stable helm repository:

helm repo add agones
helm repo update
helm install my-release --namespace agones-system --create-namespace agones/agones

We recommend installing Agones in its own namespaces, such as agones-system as shown above. If you want to use a different namespace, you can use the helm --namespace parameter to specify.

When running in production, Agones should be scheduled on a dedicated pool of nodes, distinct from where Game Servers are scheduled for better isolation and resiliency. By default Agones prefers to be scheduled on nodes labeled with and tolerates node taint If no dedicated nodes are available, Agones will run on regular nodes, but that’s not recommended for production use. For instructions on setting up a dedicated node pool for Agones, see the Agones installation instructions for your preferred environment.

The command deploys Agones on the Kubernetes cluster with the default configuration. The configuration section lists the parameters that can be configured during installation.


By default Agones is configured to work with game servers deployed in the default namespace. If you are planning to use another namespace you can configure Agones via the parameter gameservers.namespaces.

For example to use default and xbox namespaces:

kubectl create namespace xbox
helm install my-release agones/agones --set "gameservers.namespaces={default,xbox}" --namespace agones-system

If you want to add a new namespace afterward upgrade your release:

kubectl create namespace ps4
helm upgrade my-release agones/agones --reuse-values --set "gameservers.namespaces={default,xbox,ps4}" --namespace agones-system

Uninstalling the Chart

To uninstall/delete the my-release deployment:

helm uninstall my-release --namespace=agones-system


By default, agones.rbacEnabled is set to true. This enables RBAC support in Agones and must be true if RBAC is enabled in your cluster.

The chart will take care of creating the required service accounts and roles for Agones.

If you have RBAC disabled, or to put it another way, ABAC enabled, you should set this value to false.


The following tables lists the configurable parameters of the Agones chart and their default values.

Parameter Description Default
agones.rbacEnabled Creates RBAC resources. Must be set for any cluster configured with RBAC true
agones.registerWebhooks Registers the webhooks used for the admission controller true
agones.registerApiService Registers the apiservice(s) used for the Kubernetes API extension true
agones.registerServiceAccounts Attempts to create service accounts for the controllers true
agones.createPriorityClass Attempts to create priority classes for the controllers true
agones.priorityClassName Name of the priority classes to create agones-system
agones.featureGates A URL query encoded string of Flags to enable/disable e.g. Example=true&OtherThing=false. Any value accepted by strconv.ParseBool(string) can be used as a boolean value ``
agones.crds.install Install the CRDs with this chart. Useful to disable if you want to subchart (since crd-install hook is broken), so you can copy the CRDs into your own chart. true
agones.crds.cleanupOnDelete Run the pre-delete hook to delete all GameServers and their backing Pods when deleting the helm chart, so that all CRDs can be removed on chart deletion true
agones.metrics.prometheusServiceDiscovery Adds annotations for Prometheus ServiceDiscovery (and also Strackdriver) true
agones.metrics.prometheusEnabled Enables controller metrics on port 8080 and path /metrics true
agones.metrics.stackdriverEnabled Enables Stackdriver exporter of controller metrics false
agones.metrics.stackdriverProjectID This overrides the default gcp project id for use with stackdriver ``
agones.metrics.stackdriverLabels A set of default labels to add to all stackdriver metrics generated in form of key value pair (key=value,key2=value2). By default metadata are automatically added using Kubernetes API and GCP metadata enpoint. ``
agones.metrics.serviceMonitor.interval Default scraping interval for ServiceMonitor 30s
agones.serviceaccount.sdk.annotations A map of namespaces to maps of Annotations added to the Agones SDK service account for the specified namespaces {}
agones.image.registry Global image registry for all images
agones.image.tag Global image tag for all images 1.30.0 Image name for the controller agones-controller
agones.image.controller.pullPolicy Image pull policy for the controller IfNotPresent
agones.image.controller.pullSecret Image pull secret for the controller, allocator, sdk and ping image. Should be created both in agones-system and default namespaces `` Image name for the sdk agones-sdk
agones.image.sdk.tag Image tag for the sdk value of agones.image.tag
agones.image.sdk.cpuRequest The cpu request for sdk server container 30m
agones.image.sdk.cpuLimit The cpu limit for the sdk server container 0 (none)
agones.image.sdk.memoryRequest The memory request for sdk server container 0 (none)
agones.image.sdk.memoryLimit The memory limit for the sdk server container 0 (none)
agones.image.sdk.alwaysPull Tells if the sdk image should always be pulled false Image name for the ping service agones-ping Image tag for the ping service value of agones.image.tag Image pull policy for the ping service IfNotPresent
agones.controller.http.port Port to use for liveness probe service and metrics 8080
agones.controller.healthCheck.initialDelaySeconds Initial delay before performing the first probe (in seconds) 3
agones.controller.healthCheck.periodSeconds Seconds between every liveness probe (in seconds) 3
agones.controller.healthCheck.failureThreshold Number of times before giving up (in seconds) 3
agones.controller.healthCheck.timeoutSeconds Number of seconds after which the probe times out (in seconds) 1
agones.controller.resources Controller resource requests/limit {}
agones.controller.generateTLS Set to true to generate TLS certificates or false to provide your own certificates true
agones.controller.tlsCert Custom TLS certificate provided as a string ``
agones.controller.tlsKey Custom TLS private key provided as a string ``
agones.controller.nodeSelector Controller node labels for pod assignment {}
agones.controller.tolerations Controller toleration labels for pod assignment []
agones.controller.affinity Controller affinity settings for pod assignment {}
agones.controller.annotations Annotations added to the Agones controller pods {}
agones.controller.numWorkers Number of workers to spin per resource type 100
agones.controller.apiServerQPS Maximum sustained queries per second that controller should be making against API Server 400
agones.controller.apiServerQPSBurst Maximum burst queries per second that controller should be making against API Server 500
agones.controller.logLevel Agones Controller Log level. Log only entries with that severity and above info
agones.controller.persistentLogs Store Agones controller logs in a temporary volume attached to a container for debugging true
agones.controller.persistentLogsSizeLimitMB Maximum total size of all Agones container logs in MB 10000
agones.controller.disableSecret Disables the creation of any allocator secrets. If true, you MUST provide the {agones.releaseName}-cert secrets before installation. false
agones.controller.customCertSecretPath Remap cert-manager path to server.crt and server.key {}
agones.controller.allocationApiService.annotations Annotations added to the Agones apiregistration {}
agones.controller.allocationApiService.disableCaBundle Disable ca-bundle so it can be injected by cert-manager false
agones.controller.validatingWebhook.annotations Annotations added to the Agones validating webhook {}
agones.controller.validatingWebhook.disableCaBundle Disable ca-bundle so it can be injected by cert-manager false
agones.controller.mutatingWebhook.annotations Annotations added to the Agones mutating webhook {}
agones.controller.mutatingWebhook.disableCaBundle Disable ca-bundle so it can be injected by cert-manager false
agones.controller.allocationBatchWaitTime Wait time between each allocation batch when performing allocations in controller mode 500ms Whether to install the ping service true The number of replicas to run in the deployment 2 Expose the http ping service via a Service true The string response returned from the http service ok The port to expose on the service 80 The Service Type of the HTTP Service LoadBalancer The Load Balancer IP of the HTTP Service load balancer. Only works if the Kubernetes provider supports this option. `` The Load Balancer SourceRanges of the HTTP Service load balancer. Only works if the Kubernetes provider supports this option. [] Annotations added to the Agones ping http service {} Expose the udp ping service via a Service true Number of UDP packets the ping service handles per instance, per second, per sender 20 The port to expose on the service 80 The Service Type of the UDP Service LoadBalancer The Load Balancer IP of the UDP Service load balancer. Only works if the Kubernetes provider supports this option. `` The Load Balancer SourceRanges of the UDP Service load balancer. Only works if the Kubernetes provider supports this option. [] Annotations added to the Agones ping udp service {} Initial delay before performing the first probe (in seconds) 3 Seconds between every liveness probe (in seconds) 3 Number of times before giving up (in seconds) 3 Number of seconds after which the probe times out (in seconds) 1 Ping pods resource requests/limit {} Ping node labels for pod assignment {} Ping toleration labels for pod assignment [] Ping affinity settings for pod assignment {} Annotations added to the Agones ping pods {} The strategy to apply to the allocator deployment {} Set to true to enable the creation of a PodDisruptionBudget for the ping deployment false Description of the number of pods from that set that must still be available after the eviction, even in the absence of the evicted pod. Can be either an absolute number or a percentage. Mutually Exclusive with maxUnavailable 1 Description of the number of pods from that set that can be unavailable after the eviction. It can be either an absolute number or a percentage Mutually Exclusive with minAvailable ``
agones.allocator.apiServerQPS Maximum sustained queries per second that an allocator should be making against API Server 400
agones.allocator.apiServerQPSBurst Maximum burst queries per second that an allocator should be making against API Server 500
agones.allocator.allocationTimeout Remote allocation call timeout. 10s
agones.allocator.remoteAllocationTimeout Total remote allocation timeout including retries. 30s
agones.allocator.logLevel Agones Allocator Log level. Log only entries with that severity and above info
agones.allocator.install Whether to install the allocator service true
agones.allocator.replicas The number of replicas to run in the deployment 3 Service name for the allocator agones-allocator
agones.allocator.service.serviceType The Service Type of the HTTP Service LoadBalancer
agones.allocator.service.http.nodePort If the ServiceType is set to “NodePort”, this is the NodePort that the allocator http service is exposed on. 30000-32767
agones.allocator.service.loadBalancerIP The Load Balancer IP of the Agones allocator load balancer. Only works if the Kubernetes provider supports this option. ``
agones.allocator.service.loadBalancerSourceRanges The Load Balancer SourceRanges of the Agones allocator load balancer. Only works if the Kubernetes provider supports this option. []
agones.allocator.service.annotations Annotations added to the Agones allocator service {}
agones.allocator.service.http.enabled If true the allocator service will respond to REST requests true
agones.allocator.service.http.port The port that is exposed externally by the allocator service for REST requests 443
agones.allocator.service.http.portName The name of exposed port http
agones.allocator.service.http.targetPort The port that is used by the allocator pod to listen for REST requests. Note that the allocator server cannot bind to low numbered ports. 8443
agones.allocator.service.grpc.enabled If true the allocator service will respond to gRPC requests true
agones.allocator.service.grpc.port The port that is exposed externally by the allocator service for gRPC requests 443
agones.allocator.service.grpc.portName The name of exposed port ``
agones.allocator.service.grpc.nodePort If the ServiceType is set to “NodePort”, this is the NodePort that the allocator gRPC service is exposed on. 30000-32767
agones.allocator.service.grpc.targetPort The port that is used by the allocator pod to listen for gRPC requests. Note that the allocator server cannot bind to low numbered ports. 8443
agones.allocator.generateClientTLS Set to true to generate client TLS certificates or false to provide certificates in certs/allocator/allocator-client.default/* true
agones.allocator.generateTLS Set to true to generate TLS certificates or false to provide your own certificates true
agones.allocator.disableMTLS Turns off client cert authentication for incoming connections to the allocator. false
agones.allocator.disableTLS Turns off TLS security for incoming connections to the allocator. false
agones.allocator.disableSecretCreation Disables the creation of any allocator secrets. If true, you MUST provide the allocator-tls, allocator-tls-ca, and allocator-client-ca secrets before installation. false
agones.allocator.tlsCert Custom TLS certificate provided as a string ``
agones.allocator.tlsKey Custom TLS private key provided as a string ``
agones.allocator.clientCAs A map of secret key names to allowed client CA certificates provided as strings {}
agones.allocator.tolerations Allocator toleration labels for pod assignment []
agones.allocator.affinity Allocator affinity settings for pod assignment {}
agones.allocator.annotations Annotations added to the Agones allocator pods {}
agones.allocator.resources Allocator pods resource requests/limit {}
agones.allocator.nodeSelector Allocator node labels for pod assignment {} Second Service name for the allocator agones-allocator-metrics-service
agones.allocator.serviceMetrics.annotations Annotations added to the Agones allocator second Service {}
agones.allocator.serviceMetrics.http.port The port that is exposed within cluster by the allocator service for http requests 8080
agones.allocator.serviceMetrics.http.portName The name of exposed port http
agones.allocator.allocationBatchWaitTime Wait time between each allocation batch when performing allocations in allocator mode 500ms
agones.allocator.updateStrategy The strategy to apply to the ping deployment {}
agones.allocator.pdb.enabled Set to true to enable the creation of a PodDisruptionBudget for the allocator deployment false
agones.allocator.pdb.minAvailable Description of the number of pods from that set that must still be available after the eviction, even in the absence of the evicted pod. Can be either an absolute number or a percentage. Mutually Exclusive with maxUnavailable 1
agones.allocator.pdb.maxUnavailable Description of the number of pods from that set that can be unavailable after the eviction. It can be either an absolute number or a percentage. Mutually Exclusive with minAvailable `` Service account name for the controller agones-controller Service account name for the sdk agones-sdk Service account name for the allocator agones-allocator
agones.serviceaccount.allocator.annotations Annotations added to the Agones allocator service account {}
agones.serviceaccount.controller.annotations Annotations added to the Agones controller service account {}
gameservers.namespaces a list of namespaces you are planning to use to deploy game servers ["default"]
gameservers.minPort Minimum port to use for dynamic port allocation 7000
gameservers.maxPort Maximum port to use for dynamic port allocation 8000
gameservers.podPreserveUnknownFields Disable field pruning and schema validation on the Pod template for a GameServer definition false
helm.installTests Add an ability to run helm test agones to verify the installation false
agones.image.registry Global image registry for all the Agones system images
agones.extensions.http.port Port to use for liveness probe service and metrics 8080
agones.extensions.healthCheck.initialDelaySeconds Initial delay before performing the first probe (in seconds) 3
agones.extensions.healthCheck.periodSeconds Seconds between every liveness probe (in seconds) 3
agones.extensions.healthCheck.failureThreshold Number of times before giving up (in seconds) 3
agones.extensions.healthCheck.timeoutSeconds Number of seconds after which the probe times out (in seconds) 1
agones.extensions.resources Extensions resource requests/limit {}
agones.extensions.generateTLS Set to true to generate TLS certificates or false to provide your own certificates true
agones.extensions.tlsCert Custom TLS certificate provided as a string ``
agones.extensions.tlsKey Custom TLS private key provided as a string ``
agones.extensions.nodeSelector Extensions node labels for pod assignment {}
agones.extensions.tolerations Extensions toleration labels for pod assignment []
agones.extensions.affinity Extensions affinity settings for pod assignment {}
agones.extensions.annotations Annotations added to the Agones extensions pods {}
agones.extensions.numWorkers Number of workers to spin per resource type 100
agones.extensions.apiServerQPS Maximum sustained queries per second that extensions should be making against API Server 400
agones.extensions.apiServerQPSBurst Maximum burst queries per second that extensions should be making against API Server 500
agones.extensions.logLevel Agones Extensions Log level. Log only entries with that severity and above info
agones.extensions.persistentLogs Store Agones extensions logs in a temporary volume attached to a container for debugging true
agones.extensions.persistentLogsSizeLimitMB Maximum total size of all Agones container logs in MB 10000
agones.extensions.disableSecret Disables the creation of any allocator secrets. If true, you MUST provide the {agones.releaseName}-cert secrets before installation. false
agones.extensions.customCertSecretPath Remap cert-manager path to server.crt and server.key {}
agones.extensions.allocationApiService.annotations Annotations added to the Agones apiregistration {}
agones.extensions.allocationApiService.disableCaBundle Disable ca-bundle so it can be injected by cert-manager false
agones.extensions.validatingWebhook.annotations Annotations added to the Agones validating webhook {}
agones.extensions.validatingWebhook.disableCaBundle Disable ca-bundle so it can be injected by cert-manager false
agones.extensions.mutatingWebhook.annotations Annotations added to the Agones mutating webhook {}
agones.extensions.mutatingWebhook.disableCaBundle Disable ca-bundle so it can be injected by cert-manager false
agones.extensions.allocationBatchWaitTime Wait time between each allocation batch when performing allocations in controller mode 500ms Image name for extensions agones-extensions
agones.image.extensions.pullPolicy Image pull policy for extensions IfNotPresent
agones.extensions.pdb.minAvailable Description of the number of pods from that set that must still be available after the eviction, even in the absence of the evicted pod. Can be either an absolute number or a percentage. Mutually Exclusive with maxUnavailable 1
agones.extensions.pdb.maxUnavailable Description of the number of pods from that set that can be unavailable after the eviction. It can be either an absolute number or a percentage Mutually Exclusive with minAvailable ``
agones.extensions.replicas The number of replicas to run in the deployment 2

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

helm install my-release --namespace agones-system \
  --set gameservers.minPort=1000,gameservers.maxPort=5000 agones

The above command will deploy Agones controllers to agones-system namespace. Additionally Agones will use a dynamic GameServers' port allocation range of 1000-5000.

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

helm install my-release --namespace agones-system -f values.yaml agones/agones

Helm test

This test would create a GameServer resource and delete it afterwards.

Check the Agones installation by running the following command:

helm test my-release -n agones-system

You should see a successful output similar to this :

NAME: my-release
LAST DEPLOYED: Wed Mar 29 06:13:23 2023
NAMESPACE: agones-system
STATUS: deployed
TEST SUITE:     my-release-test
Last Started:   Wed Mar 29 06:17:52 2023
Last Completed: Wed Mar 29 06:18:10 2023
Phase:          Succeeded

Controller TLS Certificates

By default agones chart generates tls certificates used by the admission controller, while this is handy, it requires the agones controller to restart on each helm upgrade command.


For most use cases the controller would have required a restart anyway (eg: controller image updated). However if you really need to avoid restarts we suggest that you turn off tls automatic generation (agones.controller.generateTLS to false) and provide your own certificates (certs/server.crt,certs/server.key).


Another approach is to use solution for cluster level certificate management.

In order to use the cert-manager solution, first install cert-manager on the cluster. Then, configure an Issuer/ClusterIssuer resource and last configure a Certificate resource to manage controller Secret. Make sure to configure the Certificate based on your system’s requirements, including the validity duration.

Here is an example of using a self-signed ClusterIssuer for configuring controller Secret where secret name is my-release-cert or {{ template "agones.fullname" . }}-cert:

# Create a self-signed ClusterIssuer
cat <<EOF | kubectl apply -f -
kind: ClusterIssuer
  name: selfsigned
  selfSigned: {}

# Create a Certificate with IP for the my-release-cert )
cat <<EOF | kubectl apply -f -
kind: Certificate
  name: my-release-cert
  namespace: agones-system
    - agones-controller-service.agones-system.svc
  secretName: my-release-cert
    name: selfsigned
    kind: ClusterIssuer

After the certificates are generated, we will want to inject caBundle into controller webhook and disable controller secret creation by setting the following:

helm install my-release \
  --set agones.controller.disableSecret=true \
  --set agones.controller.customCertSecretPath[0].key='ca.crt',customCertSecretPath[0].path='ca.crt'
  --set agones.controller.customCertSecretPath[1].key='tls.crt',customCertSecretPath[1].path='server.crt'
  --set agones.controller.customCertSecretPath[2].key='tls.key',customCertSecretPath[2].path='server.key'
  --set agones.controller.allocationApiService.annotations={'': 'agones-system/my-release-cert'} \
  --set agones.controller.allocationApiService.disableCaBundle=true \
  --set agones.controller.validatingWebhook.annotations={'': 'agones-system/my-release-cert'} \
  --set agones.controller.validatingWebhook.disableCaBundle=true \
  --set agones.controller.mutatingWebhook.annotations={'': 'agones-system/my-release-cert'} \
  --set agones.controller.mutatingWebhook.disableCaBundle=true \
  --namespace agones-system --create-namespace  \

Reserved Allocator Load Balancer IP

In order to reuse the existing load balancer IP on upgrade or install the agones-allocator service as a LoadBalancer using a reserved static IP, a user can specify the load balancer’s IP with the agones.allocator.http.loadBalancerIP helm configuration parameter value. By setting the loadBalancerIP value:

  1. The LoadBalancer is created with the specified IP, if supported by the cloud provider.
  2. A self-signed server TLS certificate is generated for the IP, used by the agones-allocator service.

Next Steps

Last modified April 5, 2023: Add helm setting for leader election (#3051) (9eb58c1b0)