# Steps to Generate Token for Agent/Controller v5.x {% hint style="info" %} The details in this page apply to all the release versions post v4.1.7 {% endhint %} The agents in remote clusters require JWT token to communicate with the controller in ISD. If the ISD installation is done through HELM charts the token is generated automatically. If not, you need to generate the token manually. Follow the steps given below to create the token manually: ## Prerequisite: * Install latest 4.1.7 images. ## To Create Controller Token 1. Execute the following command to access the controller pod. {% code overflow="wrap" %} ``` k exec -it -n -- sh Ex: kubectl exec -it opsmx-controller-controller1-b96c76db4-6lwrr 4 -n isd414 -- sh ``` {% endcode %} 2. Run the following command in the controller pod. ``` ./agent-controller -generate-control-tokens controller ``` The token will be generated and is similar to the example shown below: {% code overflow="wrap" %} ``` eyJhbGciOiJIUzI1NiIsImtpZCI6InB1YmxpYy5wZW0iLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE3MTMyODM0MTMsImlzcyI6Im9wc214LWNvbnRyb2wtYXV0aCIsIm9wc214Lm5hbWUiOiJjb250cm9sbGVyIiwib3BzbXgucHVycG9zZSI6ImNvbnRyb2wifQ.1RPnYwWTemO7-u3yzftDhU5rs5OO13p185nsqCYrK7Y ``` {% endcode %} ## Configuration changes a) Create ingress and service Add the ingress yaml file given below: ``` INGRESS YAML: (tcb-ingress ) apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tcb-ingress annotations: cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/issue-temporary-certificate: 'true' kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/backend-protocol: GRPC nginx.ingress.kubernetes.io/ssl-redirect: 'true' spec: tls: - hosts: - argo.tcb.opsmx.net secretName: controller-secret-tls-grpc rules: - host: argo.tcb.opsmx.net http: paths: - path: / pathType: Prefix backend: service: name: agent-grpc port: number: 9001 ``` {% hint style="info" %} The **agent-grpc** service should be of type: ClusterIP {% endhint %} b) In controller configmap: 1. Change the agentHostname, remoteCommandHostname with the newly created ingress. 2. Add the following param agentAdvertisePort: 443 Eg: See the below configuration added to the controller configmap ![](https://lh7-us.googleusercontent.com/docsz/AD_4nXdqbByrQedpN-USJwsnf-IIdmZRFj7UR83N_J2olW2c95I_NduuKYBZ7Vn58S7Wf_ILgjQTOsqr3PxPJ6ezpEm7DKYcTWVJsZDu0RJUvm-xulPeve9_9YT13nd3j3hu4rUipVOS72YrlWEC3pm033LuL1o1?key=9zKmyhY6O0kMPexgS12-hQ) c) Add the generated token in the **oes-carina-config** secret (carina-manager.yaml) d) Remove the following: ``` caPath: /app/secrets/controller-ca.crt certificatePath: /app/secrets/controller-control/tls.crt keyPath: /app/secrets/controller-control/tls.key ``` in the url use http instead of https url: '' token: eyJhbGciOiJIUzI1NiIsImtpZCI6InB1YmxpYy5wZW0iLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE3MTEwMjMzMDYsImlzcyI6Im9wc214LWNvbnRyb2wtYXV0aCIsIm9wc214Lm5hbWUiOiJjb250cm9sbGVyIiwib3BzbXgucHVycG9zZSI6ImNvbnRyb2wifQ.NQD5GBP9mQlK8b5K-wIou9lz6Gp4j2iPigSrGzzxwW8 d) Add token in the **oes-sapor-config** secret (application.yml) Add below details before secretManagement: (replace your token) controller: token: eyJhbGciOiJIUzI1NiIsImtpZCI6InB1YmxpYy5wZW0iLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE3MTEwMjMzMDYsImlzcyI6Im9wc214LWNvbnRyb2wtYXV0aCIsIm9wc214Lm5hbWUiOiJjb250cm9sbGVyIiwib3BzbXgucHVycG9zZSI6ImNvbnRyb2wifQ.NQD5GBP9mQlK8b5K-wIou9lz6Gp4j2iPigSrGzzxwW8 3\. Upgrade the existing agents (This step is required for upgrading existing agents only) 1. Go to **Setup** > **CD integrations**. 2. Edit the existing CD integration. 3. Save the existing CD integration (This action will refresh the agent-manifest.yaml file 4. Download the agent-manifest file. 5. Execute the following command to replace the old agent manifest with new agent. {% code overflow="wrap" %} ``` kubectl replace - - force -f -n ``` {% endcode %} Repeat these steps for all the existing agents.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opsmx.com/opsmx-1/opsmx-intelligent-software-delivery-isd-platform-argo/additional-resources/configuration-changes/steps-to-generate-token-for-agent-controller-v5.x.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.