Control Plane Secure Communications Agent
within the AWS Marketplace.
ARM
s version of the agent, click here.View purchase options
button in the upper right corner.Accept Terms
.Continue to Configuration
button in the upper right corner.region
pull-down and select the region where your AWS resources reside.Continue to Launch
button in the upper right corner.Choose Action
pull-down and select Launch through EC2
. Click the Launch
button.Launch an instance
wizard will be displayed.Name and tag
section, enter the agent’s name. (e.g., cpln-agent
).Instance type
section, select an applicable instance type.Optional:
Under the Key pair(login)
section, select or create a new key pair to
enable SSH access to the agent. A key pair is necessary only for accessing the
agent during troubleshooting.Network setting
section, review the details and verify that the selected VPC is the same as the AWS resource you are trying to access.Auto-assign Public IP
option is set to Enable
.If your requirements do not allow the instance to have a public IP, please review the section
How do instances without public IP addresses access the Internet
in this AWS FAQ.Either create or select an existing security group. The security groups belonging to the resources that the agent will need to
have access to will require to have the security group belonging to the agent added to its list of allowed inbound traffic.Initially, remove the checkbox for the “Allow SSH from” property. SSH access is only necessary for troubleshooting purposes. Control Plane will never need to connect directly to the agent.Configure storage
section, click the Advanced
link and expand the volume property. Modify the Delete on termination
dropdown to Yes
. This will ensure the associated volume is removed if the agent is terminated, thereby preventing any orphaned volumes.
Advanced details
section. Scroll to the bottom and paste the contents
of the JSON payload (from the bootstrap config file) generated in step one within the User data
textbox.
Please review the other properties in this section to check if any default values need to be modified.
Launch instance
in the lower right corner.
Marketplace
icon.Enter
.Create
dropdown, select gen-1
.Create a virtual machine
wizard:Control-Plane-Agent-01
. If installing multiple agents, increment the number.No infrastructure redundancy required
. Use a different option for your environment if you are running in production.gen-1
.SSH public key
.azureuser
.None
. The agent does not need any inbound ports open.Next: Disks
.Premium SSD
.(Default) Encryption at-rest with a platform-managed key
.Next: Networking
.None
.Basic
.None
.Next: Management
.Enable with managed storage account
.Image default
.Next: Advanced
.Next: Tags
.Next: Review + create
.Create
.Download private key and create resource
.gcloud init
.INSTANCE_NAME
and the bootstrap file (AGENT_NAME-bootstrapConfig.json)
that was created in step one.--machine-type=MACHINE_TYPE
to the command above to select a different type. Otherwise, the default type is n1-standard-1
.cpln
command above using a Windows command prompt and not using WSL.cpln
will generate the manifest.yaml file that will deploy two replicas of the agent to the namespace of your choice (NAMESPACE
in the example). The parameter --cluster CLUSTER_ID
will be added to the agent’s status which is used as a hint to know which cluster an agent has been deploy to.
It is recommended to use the option --replicas=2
for high availability (HA) configuration. This will generate two unique agent deployments in an active/failover configuration using leader election through the Control Plane API.