Agent Overview

Introduction

OpsMx Agents allow ISD Argo access to controlled clusters while maintaining customer network security. ISD Argo may be situated in a network outside of a customer’s private network however, in order to function it requires credentials that are only available inside a customer’s private network. Due to security reasons, these credentials cannot leave this private network.

In this situation, the Agent serves as a delegate--a liaison-- within a customer’s private network. Based on directions from the controller, the Agent supplies the required credentials the customer provides during the configuration process and routes requests to the appropriate service or cluster (Kubernetes, Jenkins, etc.). Because Agents do not act autonomously, they are lightweight and require minimal resources to operate.

Agent Controller

There are two main components: An Agent and a Controller. The Controller runs outside of the customer’s private network(typically in the same cluster as ISD) while an Agent runs inside a customer’s private network. The Agent serves as a secure point of contact between ISD and the customer’s network environment. The Agent is configured to communicate with specific services (Kubernetes, Jenkins, etc.) within a customer's security domain.

Once configured, ISD Argo provides the Agent manifest for download. Using the manifest the customer creates the Agent within his network environment and configures the services.

ISD receives service information from the controller and allows a user to connect an Agent service to an Argo instance. Connecting an Agent service to an Argo instance allows access to crucial information such as per-service health along with overall Agent health.

Agent Security

All communication between Agent and the Controller using Mutual Transport Layer Security(mTLS) Protocol. Agent-side credentials are never transmitted to ISD Argo.

The Controller maintains its own certificate authority, and issues certificates to Agents, and credentials for Argo to identify specific services. All Communication is secured using these certificates.

Agent Dashboard

To view the Agents dashboard page, Click Setup from the application dashboard and the Agents tab on the left. The Agents page dashboard appears as shown below:

The page displays the following details:

  • Name: Displays the name of the agent.

  • Version: Displays the version of the agent.

  • Last Connected at: Displays the time the agent was last connected.

  • Replicas: Displays the number of agent pods running on the target environment.

  • Description: Displays the description given for the agent.

  • Status: Displays the status of the agent.

Last updated