Steps to Generate Token for Agent/Controller v5.x

The details in this page apply to all the release versions post v4.1.7

The agents in remote clusters require JWT token to communicate with the controller in ISD. If the ISD installation is done through HELM charts the token is generated automatically.

If not, you need to generate the token manually. Follow the steps given below to create the token manually:


  • Install latest 4.1.7 images.

To Create Controller Token

  1. Execute the following command to access the controller pod.

k exec -it <controller pod name> -n <namesapce> -- sh

Ex: kubectl exec -it  opsmx-controller-controller1-b96c76db4-6lwrr 4  -n  isd414  -- sh
  1. Run the following command in the controller pod.

./agent-controller -generate-control-tokens controller 

The token will be generated and is similar to the example shown below:


Configuration changes

a) Create ingress and service

Add the ingress yaml file given below:

INGRESS YAML: (tcb-ingress  )

kind: Ingress
  name: tcb-ingress  
  annotations: letsencrypt-prod 'true' nginx GRPC 'true'
    - hosts:
      secretName: controller-secret-tls-grpc 
    - host:  
          - path: /
            pathType: Prefix
                name: agent-grpc  
                  number: 9001

The agent-grpc service should be of type: ClusterIP

b) In controller configmap:

  1. Change the agentHostname, remoteCommandHostname with the newly created ingress.

  2. Add the following param agentAdvertisePort: 443

Eg: See the below configuration added to the controller configmap

c) Add the generated token in the oes-carina-config secret (carina-manager.yaml)

d) Remove the following:

caPath: /app/secrets/controller-ca.crt
certificatePath: /app/secrets/controller-control/tls.crt
keyPath: /app/secrets/controller-control/tls.key

in the url use http instead of https

url: 'http://opsmx-controller-controller1:9003'

token: eyJhbGciOiJIUzI1NiIsImtpZCI6InB1YmxpYy5wZW0iLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE3MTEwMjMzMDYsImlzcyI6Im9wc214LWNvbnRyb2wtYXV0aCIsIm9wc214Lm5hbWUiOiJjb250cm9sbGVyIiwib3BzbXgucHVycG9zZSI6ImNvbnRyb2wifQ.NQD5GBP9mQlK8b5K-wIou9lz6Gp4j2iPigSrGzzxwW8

d) Add token in the oes-sapor-config secret (application.yml)

Add below details before secretManagement: (replace your token)


token: eyJhbGciOiJIUzI1NiIsImtpZCI6InB1YmxpYy5wZW0iLCJ0eXAiOiJKV1QifQ.eyJpYXQiOjE3MTEwMjMzMDYsImlzcyI6Im9wc214LWNvbnRyb2wtYXV0aCIsIm9wc214Lm5hbWUiOiJjb250cm9sbGVyIiwib3BzbXgucHVycG9zZSI6ImNvbnRyb2wifQ.NQD5GBP9mQlK8b5K-wIou9lz6Gp4j2iPigSrGzzxwW8

3. Upgrade the existing agents (This step is required for upgrading existing agents only)

  1. Go to Setup > CD integrations.

  2. Edit the existing CD integration.

  3. Save the existing CD integration (This action will refresh the agent-manifest.yaml file

  4. Download the agent-manifest file.

  5. Execute the following command to replace the old agent manifest with new agent.

kubectl replace - - force -f <newly generated manifest file name> -n <namepace of argocd>

Repeat these steps for all the existing agents.

Last updated