Installation
The agent is a single static binary. There is nothing to configure at install time. The only thing you provide is your team key.
It detects your OS and architecture, downloads the matching binary from get.wakora.io,
verifies its SHA-256 and its ed25519 signature, installs it to /usr/local/bin/wakora,
registers the host with your team key, and sets up the service so it survives reboots. The
team key is used once and is never written to disk.
Quick start
- Linux
- macOS
- Windows
curl -fsSL https://get.wakora.io | bash -s -- --key <YOUR_TEAM_KEY>
Works on Debian and Ubuntu, RHEL, Rocky and Alma, SUSE, Alpine and others. Both systemd
and legacy init (OpenRC, sysvinit) are detected automatically. amd64 and arm64 are
both published and the installer picks the right one.
curl -fsSL https://get.wakora.io | bash -s -- --key <YOUR_TEAM_KEY>
Installs a launchd daemon. Intel and Apple Silicon are both supported. If run without
sudo, the installer re-elevates itself.
In PowerShell as Administrator:
curl.exe -fsSL https://get.wakora.io/bin/wakora.exe -o wakora.exe
.\wakora.exe --key <YOUR_TEAM_KEY>
.\wakora.exe service install
The agent runs as a Windows service with auto-start and crash recovery, and goes deep on Windows: base metrics, services, Event Log, IIS and MSSQL.
The host appears in your console within about a minute. Next: First start.
Verify it is running
wakora --version
- Linux
- macOS
- Windows
systemctl status wakora-agent
tail -f /var/log/wakora/agent.log
sudo launchctl print system/io.wakora.agent
tail -f /var/log/wakora/agent.log
Get-Service WakoraAgent
If you installed the service before entering a key, that is fine. The agent idles instead
of crash-looping and starts the moment you run wakora --key.
Containers
- Docker
- Kubernetes
Run the agent image with host visibility so it can see sibling containers:
docker run -d --name wakora \
--pid=host --network=host --cap-add=SYS_PTRACE \
-e WAKORA_TEAMKEY=<YOUR_TEAM_KEY> \
wakora/agent:latest
Deploy as a DaemonSet, one agent per node. Create the key secret once, then apply the manifest:
kubectl -n wakora create secret generic wakora-key \
--from-literal=teamkey=<YOUR_TEAM_KEY>
kubectl apply -f https://get.wakora.io/k8s/wakora-daemonset.yaml
The agent reads the cluster read-only through an in-cluster ServiceAccount (nodes, pods, namespaces). No cluster-admin credentials are required. The team key is delivered to a short-lived init container, so the long-running agent process never carries it in its environment.
Unattended and declarative install
For Ansible, cloud-init, golden images, and the long declarative flag form, see Fleet deployment. The short version:
curl -fsSL https://get.wakora.io | bash -s -- \
--key <YOUR_TEAM_KEY> --nginx --mysql --nginx-log-path=/www/logs
Inline credentials are visible in the process list. For database or SNMP passwords use
wakora secret set (interactive, or from stdin, env, or file). Those values are stored
encrypted on the host and never leave the machine. See Secrets.
For outbound proxy, custom CA, data region, and host labels, see Restricted networks and regions. To remove the agent later, see Uninstalling.
Supported platforms
| OS | Architectures | Service manager |
|---|---|---|
| Linux | amd64, arm64 | systemd, OpenRC, sysvinit |
| Windows | amd64, arm64 | Windows Service (SCM) |
| macOS | amd64, arm64 | launchd |
Verifying the download yourself
The installer already checks the SHA-256 and the ed25519 signature. If you download the
binary by hand for an air-gapped install, fetch the matching .sha256 and .sig next to
it under get.wakora.io/bin/ and verify both before running it.