ConfigHub Documentation: For comprehensive worker documentation (installation, RBAC, live-state, reconciliation), see docs.confighub.com. This guide covers DevOps-examples-specific setup.
All DevOps examples require a ConfigHub worker to bridge between ConfigHub and your Kubernetes cluster. Without this worker, units created in ConfigHub won't be deployed to Kubernetes.
When installing ConfigHub workers, you MUST use the --include-secret flag to generate proper authentication credentials for each worker.
Without --include-secret:
- Workers will reuse existing secrets with WRONG credentials
- Workers fail with:
[ERROR] Failed to get bridge worker slug: server returned status 404 - Cannot connect or deploy units
With --include-secret:
- Each worker gets its own unique
CONFIGHUB_WORKER_SECRET - Workers authenticate successfully
- Full deployment workflow works
Each example has a bin/setup-worker script that handles worker creation with proper credentials:
# For drift-detector
cd drift-detector
bin/setup-worker
# For cost-optimizer
cd cost-optimizer
bin/setup-worker
# For cost-impact-monitor
cd cost-impact-monitor
bin/setup-workerThese scripts will:
- ✅ Create a ConfigHub worker in the project space
- ✅ Generate worker deployment with unique credentials (
--include-secret) - ✅ Deploy worker as a Kubernetes pod in
confighubnamespace - ✅ Automatically create targets for unit deployment
# Check worker is connected
cub worker list --space <your-space>
# Should show: Condition=Ready
# Check targets were created
cub target list --space <your-space>
# Should show: k8s-<worker-name> target
# Check worker pod
kubectl get pods -n confighub
# Should show: <worker-name>-xxx Running┌─────────────┐ ┌──────────────┐ ┌────────────┐
│ ConfigHub │────▶│ Worker │────▶│ Kubernetes │
│ Units │ │ (Bridge) │ │ Cluster │
└─────────────┘ └──────────────┘ └────────────┘
↑ ↑
│ │
┌─────────────┐ ┌────────────┐
│ DevOps │ │ Actual │
│ Apps │◀──────────────────────▶│ Resources │
└─────────────┘ (Monitoring) └────────────┘
If the script doesn't work, here are the manual steps:
cub worker create my-worker --space my-space# CRITICAL: Use --include-secret to generate unique credentials
cub worker install my-worker \
--namespace confighub \
--space my-space \
--include-secret \
--export > worker.yaml
kubectl apply -f worker.yaml# Wait for worker to connect
sleep 10
# Check worker status
cub worker list --space my-space
# Should show: Condition=Ready
# Check targets were auto-created
cub target list --space my-space
# Should show: k8s-my-worker
# Check worker pod
kubectl logs -n confighub -l app=my-worker --tail=10
# Should show: "Successfully connected to event stream"# Set target for specific units
cub unit set-target unit-name k8s-my-worker --space my-space
# Or set target for all units in a space
cub unit set-target k8s-my-worker --where "Space.Slug = 'my-space'" --space my-spacecub unit apply unit-name --space my-space
# Check deployment
kubectl get all -n default[ERROR] Failed to get bridge worker slug: server returned status 404: 404 Not Found
Root Cause: Worker is using wrong authentication credentials (missing --include-secret).
Solution:
- Delete the worker:
kubectl delete deployment <worker-name> -n confighub - Recreate with
--include-secret:cub worker install <worker-name> --space <space> --include-secret --export > worker.yaml kubectl apply -f worker.yaml
- Verify:
cub worker list --space <space>should showCondition=Ready
$ cub worker list --space my-space
NAME CONDITION SPACE LAST-SEEN
my-worker Disconnected my-space 0001-01-01 00:00:00Causes:
- Missing
--include-secret(most common) - Worker pod crashed - check logs:
kubectl logs -n confighub -l app=my-worker - Network issues - check worker can reach ConfigHub API
If cub target list shows empty:
- Worker must be connected first (Condition=Ready)
- Targets are auto-created when worker connects
- If worker is Ready but no targets, restart worker pod
If units aren't deploying to Kubernetes:
- Check unit has a target:
cub unit get <unit-name> --space <space> - Set target if missing:
cub unit set-target <unit-name> <target-name> --space <space> - Verify worker is running:
cub worker list --space <space> - Check worker logs:
kubectl logs -n confighub -l app=<worker-name> - Apply manually:
cub unit apply <unit-name> --space <space>
See worker documentation for details. In brief: workers bridge ConfigHub (desired state) to Kubernetes (actual state). Without a worker, DevOps examples can't compare desired vs actual state for drift detection or cost analysis.
- Reads desired state from ConfigHub units
- Reads actual state from Kubernetes
- Compares and detects drift
- Requires: Worker to deploy ConfigHub units first
- Analyzes Kubernetes resource usage
- Stores recommendations in ConfigHub
- Can apply optimizations via ConfigHub
- Requires: Worker to apply optimization changes
- Always run the worker when testing DevOps examples
- Use separate workers for different environments (dev, staging, prod)
- Monitor worker health - check
cub worker listregularly - Use namespaces to isolate different applications
- Set appropriate timeouts in target configuration
Once your worker is running:
-
Test drift-detector:
cd drift-detector ./drift-detector --space drift-test-demo --namespace drift-test -
Test cost-optimizer:
cd cost-optimizer ./cost-optimizer -
View in ConfigHub UI:
open https://hub.confighub.com/spaces
Remember: The worker is the critical bridge between ConfigHub's desired state and Kubernetes' actual state!