Sentinel for Remote Execution Agents
Overview
The Sentinel service provides real-time monitoring and operational visibility for Astro Remote Execution Agents running in your Kubernetes cluster. Sentinel automates health checks and reports agent status back to the Astro orchestration plane. This enables Astronomer support to provide proactive support and improved triage for support issues.
Sentinel is available as part of the Remote Execution Agent Helm chart starting in version 1.2.0.
Sentinel is included in the Remote Execution Agent Helm chart and is disabled by default. Enable it in your Helm values to activate monitoring.
Sentinel provides the following key benefits:
- Detects Pod and component issues before they impact task execution.
- Monitors essential integrations such as XCom and secrets backends.
How Sentinel works
Sentinel runs as a Pod alongside your agent components in Kubernetes. It:
- Watches for issues with agent Pods in its namespace.
- Checks the health of key integrations and reports status.
- Sends regular “heartbeat” reports to Astro’s API, where Deployment health can be reviewed.
- Only monitors agent-managed Pods, default is Pods labeled
app=astro-agent. No user workload data, dag code, or unrelated Pod information leaves your environment.
Set up
To enable Sentinel, set the following in your Helm chart configuration:
Astronomer recommends that you host the Sentinel image in your organization’s registry and update the image reference in your Helm chart configuration.
To customize which agent pods Sentinel observes, you can change the agent_component_app_label in the Helm chart values. By default, Sentinel only monitors pods labeled app=astro-agent, but you can restrict or broaden this scope as needed.
Security and scope
- Sentinel only observes Pods with a specific label in its namespace.
- All status data flows outbound to Astro. No inbound connectivity is required.
- No dag, task logs, or business data is transmitted.
