Skip to content

kas->agentk communications support

Mikhail Mazurskiy requested to merge ash2k/kas2agentk into master

Relates to #496 (closed).

How to test this locally

Setup GDK locally. Register an agent in GDK, put agent token into a file.

Code changes

We need to do this since the rails part is not ready yet. It's being worked on in API to get the list of receptive agents (gitlab-org/gitlab#463427). In internal/module/kas2agentk_tunnel/server/module.go set resp to something like:

resp := &gapi.GetReceptiveAgentsResponse{
			Agents: []*gapi.ReceptiveAgent{
				{
					Id:    3,
					Url:   "grpc://127.0.0.1:8082",
					Token: "xmsx8F0hdcZekEQCrZukljF+/c0ySpO8hocwsgdP9HdXHJaI4NaD2SwmKfZMl/UtLTfBJ8hGu/gB7XMhZita3w==",
				},
			},
		}
  • Use agent id from your GDK agent. This needs to be a valid agent id.
  • Token is an EdDSA private key to create JWT tokens. You can use the one above.
  • Url is the URL your local agent listens on. This must match the agent's configuration that'll we set up below.

Start agentk

Program arguments:

--context=rancher-desktop --token-file=file-with-agent-token.txt --receptive-jwt-file=receptive-jwt-file.txt --receptive-listen-address=:8082 --private-api-jwt-file=private-api-secret.txt
  • --context=rancher-desktop Kubernetes context the agent should use.
  • --receptive-listen-address=:8082 this is the address on which the agent will accept connections from kas.
  • --private-api-jwt-file=private-api-secret.txt is the file with a secret that is shared among all agent replicas to sign and validate JWT tokens. Any random string, encoded with base64 will do. E.g. YXNkZm5hc2RrZ2JsYWtzZGJnZXJibGdiYXNnYmFzZwo=.
  • --receptive-jwt-file=receptive-jwt-file.txt is the file with EdDSA public key used by the agent to validate JWT tokens from kas, base64 encoded. If you used the secret from the previous step, then use this secret: VxyWiODWg9ksJin2TJf1LS03wSfIRrv4Ae1zIWYrWt8=

Environment variables:

OWN_PRIVATE_API_URL=grpc://127.0.0.1:8081, POD_NAME=agent1, POD_NAMESPACE=ns. Set according to your local setup. 127.0.0.1:8081 is the default address for the private API in agentk. You can change it via command line flags.

Start kas

Change kas config file, set agent.receptive_agent.enabled to true:

agent:
  receptive_agent:
    enabled: true

Start as you normally do, no changes required.

Edited by Mikhail Mazurskiy

Merge request reports