Admiral

Agent Lifecycle

Register, install, rotate, and monitor execution agents

Agents are Admiral's execution fleet. They register with the control plane, run next to your workloads, and pull their own work. For the conceptual model see Agents & Execution; this guide covers operating them.

The two kinds

An agent's kind determines what it executes and where it runs:

KindExecutesRunsInstalled
Terraforminfrastructure components (terraform)wherever it has cloud accessas a process or container with cloud access
Kubernetesworkload components (helm / kustomize / manifest)inside the target clustervia Helm chart into the cluster it manages

Both kinds share the same lifecycle: register, install, validate, monitor, rotate, upgrade.

Register

Registering an agent with Admiral yields a token the agent uses to authenticate when it pulls work.

admiral agent register --kind kubernetes --name prod-k8s
admiral agent register --kind terraform  --name aws-prod-tf

Keep the issued token secret; it is the agent's identity to the control plane.

Install

Terraform agent

Run the Terraform agent where it has the cloud access its targets need: an IAM role, instance profile, or configured cloud credentials. Provide the registration token; the agent deploys with the identity of its environment.

Kubernetes agent

Install the Kubernetes agent via its Helm chart into the Kubernetes cluster it will manage, passing the registration token. It connects outbound to Admiral and begins pulling revisions for workloads bound to it.

Validate registration

Confirm the agent has connected and is pulling:

admiral agent list
admiral agent get prod-k8s

A healthy agent reports recent heartbeats and its detected tooling.

Monitor

Agents report health and the work they are executing back to the control plane. Watch for:

  • Heartbeat staleness - an agent that stops checking in cannot pull new work.
  • Job or revision state - in-flight, succeeded, or failed work attributed to the agent.
  • Tooling drift: the runtime versions an agent reports, such as which Terraform version a Terraform agent is running.

Rotate credentials

Rotate an agent's token without downtime by issuing a new one, rolling it into the agent's configuration, then revoking the old one.

admiral agent rotate-token prod-k8s

Upgrade

Upgrade an agent by deploying the new agent build (a new container image for Terraform agents, a helm upgrade for Kubernetes agents). Because work is pull-based and idempotent, an agent can be restarted or replaced without coordinating with the control plane; it resumes pulling once it reconnects.

Where to go next

Agents & Execution

The pull-based execution model in depth

Authentication Model

Token types and how agents authenticate

Connect a Cluster

Run an agent and connect your first cluster end to end

Variables & Outputs

How configuration and cross-component data flow into a deployment

Authentication

How you log in to Admiral and how tokens authenticate the CLI, agents, and automation

On this page

The two kindsRegisterInstallTerraform agentKubernetes agentValidate registrationMonitorRotate credentialsUpgradeWhere to go next