gitea-mirror/Pulse
1
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-19 07:50:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
90bdd92e60bb761fe7ccb7eec00ad7afb0ef522b
Pulse/docs/PROXY_CONTROL_PLANE.md
rcourtman 2b48b0a459 feat: add --kube-include-all-deployments flag for Kubernetes agent 
Adds IncludeAllDeployments option to show all deployments, not just
problem ones (where replicas don't match desired). This provides parity
with the existing --kube-include-all-pods flag.

- Add IncludeAllDeployments to kubernetesagent.Config
- Add --kube-include-all-deployments flag and PULSE_KUBE_INCLUDE_ALL_DEPLOYMENTS env var
- Update collectDeployments to respect the new flag
- Add test for IncludeAllDeployments functionality
- Update UNIFIED_AGENT.md documentation

Addresses feedback from PR #855
2025-12-18 20:58:30 +00:00

1.8 KiB
Raw Blame History

📡 Proxy Control Plane

The Control Plane synchronizes pulse-sensor-proxy instances with the Pulse server, ensuring they trust the correct nodes without manual configuration.

Deprecated in v5: pulse-sensor-proxy (and its control-plane sync) is deprecated and not recommended for new deployments. New installs should use pulse-agent --enable-proxmox for temperature monitoring.

🏗️ Architecture

graph LR
    Pulse[Pulse Server] -- HTTPS /api/temperature-proxy --> Proxy[Sensor Proxy]
    Proxy -- SSH --> Nodes[Cluster Nodes]
  1. Registration: The proxy registers with Pulse on startup/install.
  2. Sync: The proxy periodically fetches the "Authorized Nodes" list from Pulse.
  3. Validation: The proxy only executes commands on nodes authorized by Pulse.

🔄 Workflow

  1. Install: install-sensor-proxy.sh calls /api/temperature-proxy/register.
  2. Token Exchange: Pulse returns a ctrl_token which the proxy saves to /etc/pulse-sensor-proxy/.pulse-control-token.
  3. Polling: The proxy polls /api/temperature-proxy/authorized-nodes every 60s (configurable).
  4. Update: If the node list changes (e.g., a new node is added to Pulse), the proxy updates its internal allowlist automatically.

⚙️ Configuration

The proxy configuration in /etc/pulse-sensor-proxy/config.yaml handles the sync:

pulse_control_plane:
  url: https://pulse.example.com:7655
  token_file: /etc/pulse-sensor-proxy/.pulse-control-token
  refresh_interval: 60s

🛡️ Security

  • Tokens: The ctrl_token is unique per proxy instance.
  • Least Privilege: The proxy only knows about nodes explicitly added to Pulse.
  • Fallback: If the control plane is unreachable, the proxy uses its last known good configuration.