Installing Containerized Agents

Containerized Agents offer several advantages, including a more streamlined cloud integration and an "agentless" experience for Automic SaaS users. You can easily adopt these pre-configured Agents or integrate them into other Clients. This section guides you through deploying them.

The containerized Agent installation does not support non-TLS/SSL Agents.

Tip! This section contains information relevant for already containerized Agents. If you are searching for information relevant to the manual installation of on-premises Agents or how to containerize and install you own Agents, see Installing the Agents Manually and Containerizing and Installing your Agents.

Overview

Containerized Agents come preconfigured and ready for immediate use; therefore, you avoid the need to install your Agents manually or having to containerize them yourself. The container-based Agents use Kubernetes and Helm Charts and can be stored in any cloud and deployed to be used either for an on-premises Automic Automation system, an Automic Automation Kubernetes Edition or Automic SaaS environment.

The AAKE containers run in non-privileged/restricted mode. This means that you can now activate the restricted pod security policies that you deem appropriate.

The Agents available for this installation type are the following:

• Configuring and Deploying Containerized Linux Agents

• Configuring and Deploying Containerized SAP Agents

The following Agent integrations are also available in containers:

• Automic Automation / S3 Agent Integration

• Automic Automation / REST Agent Integration

Connecting to the Automation Engine

The Automation Engine and the Windows, UNIX, and Java Agents communicate using TLS/SSL. These agents establish a connection with the Java communication process (JCP), which uses trusted certificates to prove their identity to other communication partners.

Important! Make sure you are familiar with the TLS/SSL and certificate implementation before installing and/or upgrading the respective component. For more information, see:

• TLS/SSL Considerations for Automic Automation

• Securing Connections to the AE (TLS/SSL)

When you used certificates signed by a CA, the certificates are stored in the respective Java or OS store by default; that is the Java trust store for Java components and Java Agents, the Windows OS store for Windows Agents, or the TLS/SSL store for UNIX Agents. In this case, you only have to check that the root certificates already are in the respective store.

If the relevant certificates are not there and you want to import them, you can use OS or Java specific tools for that purpose, such as Keytool, cert-manager, OpenSSL and such. For more information on how to use those tools, please refer to the respective product documentation.

If you do not want to use the default locations for the components and Agents listed above, make sure you use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters (if applicable) in the respective configuration (INI) file to define the path to the folder where the trusted certificates are stored.

Important! TLS/SSL Agents (in containers and on-premises) as well as the TLS Gateway, when used for the Automic Automation Kubernetes Edition, establish a connection to an ingress / HTTPS load balancer, which requires a certificate for authentication.

Make sure that address of the load balancer is defined on both sides: the Automation Engine and the Agent / TLS Gateway and that your HTTPS load balancer has the required certificates in place. For more information, see Connecting to AWI, the JCP and REST Processes Using an Ingress.

Check the compatibility matrix to see which version is compatible with your system. For more information, see Compatibility Information.

Additional installation steps are required before the Agent can be started and used if you intend to use one of the available authentication methods. For more information, see Agent Authentication.

Configuration and Installation Steps

These steps ensure that the necessary configuration and storage resources are available when you deploy a containerized Agent using Helm. The values.yaml file specifies details about the installation.

• Get Helm and the Agent offering.

• Create and define the configmap for the Agent.

• Create a secret for authentication.

• Prepare the requires Persistent Volume (PV) and Persistent Volume Claim (PVC) for the security and temp folders. Optionally, create them also for tracing.

• Optionally, add trusted certificates and store them on a volume, too.

• Once you have covered the previous steps, you can trigger the installation of the Helm chart.

Agent configuration changes after deployment require you to upgrade the Agent container. For more information, see Upgrading Containerized Agents.

This section includes the following pages: