"The agent" manages your machine identities across Cloud Native Kubernetes and OpenShift environments and builds a detailed view of the enterprise security posture.
Please review the documentation for the agent.
Detailed installation instructions are available for a variety of methods.
To build and run a version from master:
go run main.go agent --agent-config-file ./path/to/agent/config/file.yaml -p 0h1m0s
You can find an example agent file here.
You might also want to run a local echo server to monitor requests sent by the agent:
go run main.go echo
The agent exposes its metrics through a Prometheus server, on port 8081.
The Prometheus server is disabled by default but can be enabled by passing the --enable-metrics
flag to the agent binary.
If you deploy the agent using the venafi-kubernetes-agent Helm chart, the metrics server will be enabled by default, on port 8081.
If you use the Prometheus Operator, you can use --set metrics.podmonitor.enabled=true
to deploy a PodMonitor
resource,
which will add the venafi-kubernetes-agent metrics to your Prometheus server.
The following metrics are collected:
- Go collector: via the default registry in Prometheus
client_golang
. - Process collector: via the default registry in Prometheus
client_golang
. - Agent metrics:
data_readings_upload_size
: Data readings upload size (in bytes) sent by the in-cluster agent.