Deploying agent prerequisite infrastructure

Agents for IBM Cloud® Schematics extend its ability to work directly to cloud infrastructure on the private network or in any isolated network zones.

Prerequisites

The following prerequisites must be met before you begin deploying the agent infrastructure.

You must have an IBM Cloud Pay-As-You-Go or Subscription account to proceed. For more information about managing your IBM Cloud, see Setting up your IBM Cloud account.
Check whether you have the permissions to provision a VPC, a IBM Cloud Kubernetes Service cluster, and logging service in the target resource group.
Check whether you have the permission to create a workspace.

Provisioning agent infrastructure using Schematics

Schematics provides a sample template that you can use to provision the infrastructure needed by your agent. The Agent infrastructure is composed of the following resources.

VPC infrastructure as public_gateways, subnets.
IBM Cloud® Kubernetes Service or Red Hat OpenShift Kubernetes Service as vpc_kubernetes_cluster.

To support agents on the Red Hat OpenShift Kubernetes Service, based on the requirement, you can control egress traffic through Security Groups and Network access control lists (ACLs). You need to define any Network Security Groups rules and ACLs at VPC level before deploying an agent on the cluster. For more information, see Terraform script to define security groups and ACLs on VPC.

Log in to IBM Cloud console.
Click the Menu icon > Platform Automation > Schematics > Terraform > Create workspace with the following inputs to create an Agent infrastructure workspace.
- In the Specify Template section:
  - GitHub, GitLab, or Bitbucket repository URL - https://github.com/Cloud-Schematics/agent-infrastructure-sample/tree/main/templates/infrastructure.
  - Personal access token - <leave it blank>. You can click the Open reference picker to select a your Secret Manager key reference. For more information, see creating a Secret Manager instance.
  - Terraform Version - terraform_v1.5. You need to select Terraform version 1.5 or greater than version.
  - Click Next.
- In the Workspace details section:
  - Workspace name as schematics-agent-infrastructure.
  - Tags as agents-infra.
  - Resource group as default or other resource group for this workspace. For more information, see Creating a resource group. You must have the access permission for the resource group.
  - Location as North America or other region for this workspace. If the location used for Agent infrastructure and Agent service does not match, then the logs are not sent to LogDNA.
  - Click Next.
  - Check the information that is entered are correct to create a workspace.
- Click Create.

On successful creation of the schematics-agent-infrastructure Workspace, review and edit the agent infrastructure input variables in the workspace Settings page.

The agent infrastructure and the workspace can be in different resource groups and locations. The agent infrastructure workspace can be defined in any Schematics supported region.

Schematics Agent infrastructure inputs
Input variable	Data type	Required/Optional	Description
`agent_prefix`	String	`Required`	Provide the prefix for naming your agent VPC, cluster, and logging configuration.
`location`	String	`Required`	The region in the agent infrastructure VPC and cluster are created in.
`resource_group_name`	String	`Required`	Name for the resource group used the agent infrastructure and agent are associated to. For example, `test_agent`. For more information, see Creating a resource group. You must have the access permission for the resource group.
`ibmcloud_api_key`	String	`Optional`	The IBM Cloud API key used to provision the Schematics Agent infrastructure resources. If not provided, resources provisions in currently logged in user credentials.
`tags`	List(String)	`Optional`	A list of user tags to be applied to the deployed, VPC, and cluster. For example, `myproject:agent`, `test:agentinfra`. You can see the provisioned resources of an Agent faster by using Tag name.

Click Apply plan on the schematics-agent-infrastructure workspace to provision the agent infrastructure. It takes up to 45 - 90 minutes to provision all the resources.
View the Jobs logs and Resources page to monitor the resources are provisioned successfully and verify that the workspace status is now ACTIVE.

Record the cluster_id and logdna_name from the Outputs: section of the Jobs log. This information is used when deploying the agent. If the job fails and you do not observe the cluster_id details in the Jobs log, you must have the IAM permissions to create VPC Infrastructure, and Kubernetes cluster services. Then, click Apply plan to redeploy the agent infrastructure.

Expected outcome

Follow the steps to view the Agent infrastructure workspace setup.

Navigate to the Resources list page.
Verify that the following resources are provisioned from the resource list page.
- VPC > Search <agent_prefix>-vpc the status as Available.
- Services and Software > <agent_prefix>-logdna the status as Active.
- Clusters > <agent_prefix>-iks the status as Normal.
Optional, you can search the provisioned resources with the user tag you specified in the Resources list page.

Next steps

You have completed the Schematics Agent infrastructure set up.

Now, you need to Deploy your Agent