Deployments telemetry

Domino provides a deployment management service named Fleetcommand that uses an agent to capture and securely transmit the telemetry and health status of deployments to the Domino-managed service. This telemetry is then used to provide proactive support whenever required.

What data is being captured?

Note
 No sensitive data is captured as part of the telemetry. Any potentially sensitive configuration is redacted before being transmitted.

The following data is captured and transmitted to the Fleetcommand service:

  • Installation configuration

  • Agent version

  • Health checks

  • Logs

  • Enabled feature flags

  • Domino central config keys

  • Nucleus and Frontend service versions

  • OS system data

  • Cloud provider data

  • Kubernetes data

    Installation Configuration

    YAML file used by the Domino installation process. Any potentially sensitive configuration information is redacted before being transmitted. All configuration keys containing the following words are automatically redacted:

  • password

  • license_key

  • api_token

  • secret

  • token

  • authToken

  • username

    Agent version

    The version of the agent that is running on the cluster.

    Health checker

    Health ensures the health of the running Agent instance by pinging the central server’s /_status endpoint every 5s. By default, one successful (code = 200) response is required for a Health instance to report as healthy.

    Logs

    The logs from the Agent Installer (inside Fleetcommand Agent) used for installing or upgrading domino. Any secrets or keys are redacted before being transmitted.

    Enabled Feature Flags

    The list of feature flags enabled on the deployment.

    Domino Central Config keys and values

    Any potentially sensitive configuration information is redacted before being transmitted. All configuration keys containing the following words are automatically redacted:

  • password

  • apiKey

  • secret

  • token

  • jiraPrivateKey

  • privateKey

  • consumerKey

  • secretAccessKey

  • secretKey

  • elasticSearchPassword

    Nucleus Frontend service versions

    Dispatcher and Frontend service versions.

    Operating system data

    Basic OS data from the cluster, including the OS image, OS, architecture, container runtime version, and kubelet/kube proxy versions.

    Cloud provider data

    Basic info about the cloud service provider, such as the accountId, name, and region from the cluster.

    Kubernetes data

    Cluster details such as the autoscaler status.

How is the data sent to Fleetcommand?

The data captured from the deployment is sent through the Fleetcommand Reporter Service.

URLs / Destinations

  • Url: update.domino.tech

  • Port: 443

  • Protocol: HTTPS

  • Authentication Method: Using a custom HTTP Header X-Api-Token to know which is the deployment associated with the collected information.

  • Endpoints:

    • /api/agent/log_records

    • /_status

    • /api/agent/release

    • /api/agent/status

Does it require and ingress?

No, just egress to https://update.domino.tech.

Is it enabled by default?

No, it’s not enabled by default. The following keys are required to be set up on the install configuration to enable:

fleetcommand.api_token = [Token provided by Domino]
fleetcommand.url = https://update.domino.tech/
Will this incur additional cloud costs?

The outgoing traffic will increase due to the telemetry leaving the cluster, but it will be minimal from a cloud costs perspective.

How is the data stored in Fleetcommand?

Where is the collected information stored?

The collected information is stored on a MongoDB instance. The information is persisted every time the Fleetcommand server receives a new update from the agent or reporter.

How often is the information reported?

The information is transmitted to Fleetcommand server every 30 seconds (or 15 seconds for Domino >5.3).