/

AGILITY External Access Requirement

AGILITY External Access Requirement

Owned by Charles Abondo

Last updated: Nov 07, 2024

2 min read

External access

Agility needs access to the following public endpoints in order to work

External service	Protocol/Port	External host (IP/subnet)

External service	Protocol/Port	External host (IP/subnet)
iad.ocir.io	`HTTPS tcp/443`	https://docs.oracle.com/en-us/iaas/tools/public_ip_ranges.json '.regions[] \| select(.region=="us-ashburn-1") \| .cidrs[].cidr'
central-monitoring.b-yond.com	`HTTPS tcp/443`
agility-central.b-yond.com	`HTTPS tcp/443`
AWS S3 us-west-2	`HTTPS tcp/443`	https://ip-ranges.amazonaws.com/ip-ranges.json '.prefixes[] \| select(.service=="S3" and .region=="us-west-2") .ip_prefix'

HTTP Proxy configuration

If the network where AGILITY is running requires an HTTP proxy setup to access Internet, follow these instructions:

Deploy the AGILITY Services chart

Create an override values file
cd agility-charts vi agility-services-values-overrides.yaml
Update agility-operator.env.manager.httpProxy options
agility-operator: env: manager: httpProxy: httpProxy: <<http://example.com:3128>> httpsProxy: <<http://example.com:3128>> noProxy: <10.0.0.0/8,172.16.0.0/12,192.168.0.0/16>
- httpProxy: HTTP Proxy setting, with URL format. Regular expression: ^https?:\\/\\/.+$.
- httpsProxy: HTTPS Proxy setting, with URL format. Regular expression: ^https?:\\/\\/.+$.
- noProxy: No Proxy setting, comma separated list of network addresses and/or domain names.
noProxy should at least include the Kubernetes Services network address.
For example, if the Kubernetes Services network address is 10.43.0.0/16. Then, the values should looks like:
agility-operator: env: manager: httpProxy: httpProxy: <http://example.com:3128> httpsProxy: <http://example.com:3128> noProxy: 10.43.0.0/16

Deploy the AGILITY application chart

Create an override values file (options available in the AGILITY chart):
Update cv.httpProxy options
- httpProxy: HTTP Proxy setting, with URL format. Regular expression: ^https?:\\/\\/.+$.
- httpsProxy: HTTPS Proxy setting, with URL format. Regular expression: ^https?:\\/\\/.+$.
- noProxy: No Proxy setting, comma separated list of network addresses and/or domain names.

Disable remote monitoring (central-monitoring.b-yond.com) and data report (AWS bucket)

AGILITY sends anonymous usage data collection to B-Yond. This can be disabled following these instructions:

Deploy the AGILITY application chart

Create an override values file (options available in the AGILITY chart):
Update cv.agilityOpenTelemetry.settings.remote.enabled and cv.settings.sharePcapInformation options

Enable customer monitoring

AGILITY can send metrics to a compliant Open Telemetry collector.

Create an override values file (options available in the AGILITY chart):
Update cv.agilityOpenTelemetry.settings.customer options
Complete based on the following options:
- enabled: <boolean> -required-
  - Enables a customer to route Agility data to a compliant Open Telemetry collector. Default value: false
- endpoint: <string> -required-
  - URL Endpoint where to send OpenTelemetry data. If useHttps is true, ensure to match the following pattern: ^https?:\\/\\/.+$. For example: https://example.com. If useHttps is false, ensure to match the following pattern: ^.*:[0-9]+$. For example: example.com:4317
- tlsInsecure: <boolean>
  - Do not validate TLS certificate
- tlsSecret: <Object>
  - The secret containing the Certificates and Key to encrypt OpenTelemetry traffic will need to contain the TLS certificate, TLS key and TLS certificate authority with the data keys set to tls.crt, tls.key and http://tls.ca , respectively. It will then be mounted as a volume projection to the '/tmp/oteltls' directory. For more information on Kubernetes secret projections, please see <Secrets >. NOTE: If tlsInsecure is true, this value will be ignored.
- useHttps: <boolean>
  - Use HTTPS protocol instead of gRPC protocol. Default value: true