Skip to main content

Integrating SPIRL on Docker

The SPIRL Agent can be deployed using Docker Compose. This is useful when attempting to deploy the agent to a bare metal node.

To deploy the SPIRL Agent you will need SSH access to the node where you want to deploy the agent. If you do not have SSH access you must have the ability to do the following on the node:

  • Write files to disk
  • Spin up a docker container

Adding a SPIRL Node Group

Create a node group for an existing trust domain. For example, using SPIRL CLI:

$ spirlctl node-group add my-node-group --trust-domain example.com --docker
Successfully added node group "my-node-group" to trust domain "example.com"
Node Config ID: cv-x15kldfclk

Agent configuration file written to: my-node-group.cv-x15kldfclk.agent-config.yaml
Agent node-group version key written to: my-node-group.cv-x15kldfclk.key.pem

Docker compose file written to: my-node-group.cv-x15kldfclk.compose.yaml

If you already have a node group, you can use this template compose.yaml file by replacing it with the information for your existing node group.

services:
  spirl-agent:
    image: $LATEST_AGENT_IMAGE
    command: [ "/ko-app/spirl-agent", "--config-file-path", "/etc/spirl/agent-config.yaml" ]
    privileged: true
    pid: host
    volumes:
      - type: bind
        source: /var/run/spirl/sockets
        target: /var/run/spirl/sockets
      - type: bind
        source: /etc/spirl/agent-config.yaml
        target: /etc/spirl/agent-config.yaml
      - type: bind
        source: /etc/spirl/key.pem
        target: /etc/spirl/key.pem

Installing SPIRL Agent on a Node

When a node group is added, an agent configuration file and an agent key are written to disk to two different files. The compose file generated expects these files to be at the following locations:

File NameDescriptionExpected Path
my-node-group.cv-x15kldfclk.agent-config.yamlThe configuration file for the agent/etc/spirl/agent-config.yaml
my-node-group.cv-x15kldfclk.key.pemThe private key for spirl-agent to authenticate to the SPIRL server/etc/spirl/my-node-group.cv-x15kldfclk.key.pem

The files should be copied to the expected path location. Alternatively, the compose file should be modified to update the path to the agent configuration and key files.

Next in the node where you wish to install the SPIRL agent, run this command to start the spirl-agent using docker compose:

docker compose -f my-node-group.cv-x15kldfclk.compose.yaml up -d