Skip to content

jetstack/jetstack-secure

Repository files navigation

Venafi Kubernetes Agent

tests Go Reference Go Report Card

"The agent" manages your machine identities across Cloud Native Kubernetes and OpenShift environments and builds a detailed view of the enterprise security posture.

Installation

Please review the documentation for the agent.

Detailed installation instructions are available for a variety of methods.

Local Execution

To build and run a version from master:

go run main.go agent --agent-config-file ./path/to/agent/config/file.yaml -p 0h1m0s

You can find an example agent file here.

You might also want to run a local echo server to monitor requests sent by the agent:

go run main.go echo

Metrics

The agent exposes its metrics through a Prometheus server, on port 8081.

The Prometheus server is disabled by default but can be enabled by passing the --enable-metrics flag to the agent binary.

If you deploy the agent using the venafi-kubernetes-agent Helm chart, the metrics server will be enabled by default, on port 8081.

If you use the Prometheus Operator, you can use --set metrics.podmonitor.enabled=true to deploy a PodMonitor resource, which will add the venafi-kubernetes-agent metrics to your Prometheus server.

The following metrics are collected:

  • Go collector: via the default registry in Prometheus client_golang.
  • Process collector: via the default registry in Prometheus client_golang.
  • Agent metrics: data_readings_upload_size: Data readings upload size (in bytes) sent by the in-cluster agent.

About

Open-source components of Jetstack Secure.

Resources

License

Stars

Watchers

Forks

Contributors 28