Domino provides a deployment management service named Fleetcommand that uses an agent to capture and securely transmit the telemetry and health status of deployments to the Domino-managed service. This telemetry is then used to provide proactive support whenever required.
Note
| No sensitive data is captured as part of the telemetry. Any potentially sensitive configuration is redacted before being transmitted. |
The following data is captured and transmitted to the Fleetcommand service:
-
Installation configuration
-
Agent version
-
Health checks
-
Logs
-
Enabled feature flags
-
Domino configuration record keys
-
Nucleus and Frontend service versions
-
OS system data
-
Cloud provider data
-
Kubernetes data
- Installation Configuration
-
YAML file used by the Domino installation process. Any potentially sensitive configuration information is redacted before being transmitted. All configuration keys containing the following words are automatically redacted:
-
password
-
license_key
-
api_token
-
secret
-
token
-
authToken
-
username
- Agent version
-
The version of the agent that is running on the cluster.
- Health checker
-
Health ensures the health of the running Agent instance by pinging the central server’s
/_status
endpoint every 5s. By default, one successful (code =200
) response is required for a Health instance to report as healthy. - Logs
-
The logs from the Agent Installer (inside Fleetcommand Agent) used for installing or upgrading domino. Any secrets or keys are redacted before being transmitted.
- Enabled Feature Flags
-
The list of feature flags enabled on the deployment.
- Domino configuration record keys and values
-
Any potentially sensitive configuration information is redacted before being transmitted. All configuration keys containing the following words are automatically redacted:
-
password
-
apiKey
-
secret
-
token
-
jiraPrivateKey
-
privateKey
-
consumerKey
-
secretAccessKey
-
secretKey
-
elasticSearchPassword
- Nucleus Frontend service versions
-
Dispatcher and Frontend service versions.
- Operating system data
-
Basic OS data from the cluster, including the OS image, OS, architecture, container runtime version, and kubelet/kube proxy versions.
- Cloud provider data
-
Basic info about the cloud service provider, such as the accountId, name, and region from the cluster.
- Kubernetes data
-
Cluster details such as the autoscaler status.
The data captured from the deployment is sent through the Fleetcommand Reporter Service.
-
Url:
update.domino.tech
-
Port: 443
-
Protocol: HTTPS
-
Authentication Method: Using a custom HTTP Header
X-Api-Token
to know which is the deployment associated with the collected information. -
Endpoints:
-
/api/agent/log_records
-
/_status
-
/api/agent/release
-
/api/agent/status
-
No, just egress to https://update.domino.tech.
No, it’s not enabled by default. The following keys are required to be set up on the install configuration to enable:
fleetcommand.api_token = [Token provided by Domino]
fleetcommand.url = https://update.domino.tech/
The outgoing traffic will increase due to the telemetry leaving the cluster, but it will be minimal from a cloud costs perspective.
The collected information is stored on a MongoDB instance. The information is persisted every time the Fleetcommand server receives a new update from the agent or reporter.
The information is transmitted to Fleetcommand server every 30 seconds (or 15 seconds for Domino >5.3).