kas->agentk communications support
Relates to #496 (closed).
How to test this locally
Setup GDK locally. Register an agent in GDK, put agent token into a file.
Code changes
We need to do this since the rails part is not ready yet. It's being worked on in API to get the list of receptive agents (gitlab-org/gitlab#463427 - closed). In internal/module/kas2agentk_tunnel/server/module.go
set resp
to something like:
resp := &gapi.GetReceptiveAgentsResponse{
Agents: []*gapi.ReceptiveAgent{
{
Id: 3,
Url: "grpc://127.0.0.1:8082",
Token: "xmsx8F0hdcZekEQCrZukljF+/c0ySpO8hocwsgdP9HdXHJaI4NaD2SwmKfZMl/UtLTfBJ8hGu/gB7XMhZita3w==",
},
},
}
- Use agent id from your GDK agent. This needs to be a valid agent id.
-
Token
is an EdDSA private key to create JWT tokens. You can use the one above. -
Url
is the URL your local agent listens on. This must match the agent's configuration that'll we set up below.
Start agentk
Program arguments:
--context=rancher-desktop --token-file=file-with-agent-token.txt --receptive-jwt-file=receptive-jwt-file.txt --receptive-listen-address=:8082 --private-api-jwt-file=private-api-secret.txt
-
--context=rancher-desktop
Kubernetes context the agent should use. -
--receptive-listen-address=:8082
this is the address on which the agent will accept connections from kas. -
--private-api-jwt-file=private-api-secret.txt
is the file with a secret that is shared among all agent replicas to sign and validate JWT tokens. Any random string, encoded with base64 will do. E.g.YXNkZm5hc2RrZ2JsYWtzZGJnZXJibGdiYXNnYmFzZwo=
. -
--receptive-jwt-file=receptive-jwt-file.txt
is the file with EdDSA public key used by the agent to validate JWT tokens from kas, base64 encoded. If you used the secret from the previous step, then use this secret:VxyWiODWg9ksJin2TJf1LS03wSfIRrv4Ae1zIWYrWt8=
Environment variables:
OWN_PRIVATE_API_URL=grpc://127.0.0.1:8081
, POD_NAME=agent1
, POD_NAMESPACE=ns
. Set according to your local setup. 127.0.0.1:8081
is the default address for the private API in agentk. You can change it via command line flags.
Start kas
Change kas config file, set agent.receptive_agent.enabled
to true
:
agent:
receptive_agent:
enabled: true
Start as you normally do, no changes required.
Edited by Mikhail Mazurskiy