🚀 Build your Minimum Viable Platform (MVP) with our playbook. Start now
close icon
All blogs
Feature announcement: The Humanitec Agent

Feature announcement: The Humanitec Agent

Susa TĂĽnker
February 7, 2024

Meet the Humanitec Agent. This newest addition to our security suite acts as a bridge between the Humanitec Platform Orchestrator and private networks and paves the way for advanced security scenarios.

⚠️ This post covers Platform Orchestrator v1. v2 is now available with simplified architecture and support for any compute target. See differences between the two products here
Table of contents
Example H2
Example H3
Example H4
Example H5
Example H6

Meet the Humanitec Agent, the newest addition to our security suite. This new feature acts as a bridge between the Humanitec Platform Orchestrator and private networks. It’s a simple yet powerful tool that paves the way for advanced security scenarios by giving you control over network traffic and ensuring compliance with security guidelines for access management.

Following several months of beta testing, we’re excited to announce the Agent as a robust and dependable solution that’s now ready for production use.

The Humanitec Agent at your service

The Agent is driven by the need to restrict access to internal resources such as clusters or databases. In its default mode, the Platform Orchestrator deploys workloads with their dependencies directly into the target network and requires a publicly accessible endpoint. This is a concern for teams that prefer to not expose certain endpoints to the public internet. The Agent addresses this challenge by enabling the use case for private networks. It establishes a secure tunnel between the user’s network and Humanitec’s servers, ensuring connectivity to the necessary systems the Platform Orchestrator needs access to.

The agent provides security teams with complete control over which external services have access to specific endpoints, reinforcing security measures within your Internal Developer Platform (IDP).

The Agent in a nutshell

Our developer documentation provides helpful guidance on the Agent’s inner workings, a series of frequently asked questions, and it’s where you can find an installation guide. Below is a brief summary, offering a high-level overview of the agent's functionality.

Setting the scene

By default, the Platform Orchestrator deploys your application and its dependencies directly to the target network through a public endpoint, as illustrated below.

For private networks

When dealing with resources in private networks, the Agent is installed as a container image within your network. It establishes a secure communication tunnel, allowing it to call out from the network to the Platform Orchestrator and forward any requests to the cluster.

From the developer’s perspective, the deployment process remains unchanged and mirrors that of public clusters. The only change is the rerouting of traffic through the agent.

How the Agent fits in

While exploring Humanitec’s security-related features and extensions, you may have come across the Humanitec Operator which offers control and flexibility in managing secrets. While both the Operator and Agent are components of Humanitec’s security suite, they serve different use cases and can be used independently: 

  • Humanitec Operator (secrets management): Allows you to store secrets in your own secrets store instead of the default store used by the Humanitec SaaS solution.
  • Humanitec Agent (network access): Enables you to control network access to internal resources such as clusters and databases.

If you’ve been conceptualizing different architecture approaches for cluster management in this context, you might be asking yourself how the Agent fits into all of this. 

Direct Cluster mode with the Agent

Direct Cluster mode describes the default operating mode for the Platform Orchestrator. In this setup, the Operator isn’t installed, so the Humanitec Platform Orchestrator securely stores any secrets an Application needs in a separate, internal secret store. Deployments take place directly to the cluster by default or alternatively as illustrated below, via the Agent into a secure network. 

If you’re interested in making use of the Agent to provision resources via internal systems, please reach out to us. This capability is currently under development and not yet available for public use.

Operator mode with the Agent

In this mode, deployments are managed by the Operator which sits inside the target cluster. The Platform Orchestrator passes on a set of Kubernetes custom resources, either directly to the Operator, or as illustrated below through a secure tunnel enabled by the Agent. The Operator receives the custom resources and completes the remaining rendering stages by retrieving secrets and calling drivers. 

For a more in-depth exploration of different architecture approaches, including modes such as GitOps, check our developer documentation on the Humanitec Operator and Humanitec Agent Architecture.

Get started now

To get started, log in to your Humanitec account or request one if you don’t yet have one. And be sure to check out our helpful guide in our developer documentation. 

We hope you enjoy exploring the new feature and if you have questions or need any help, please get in touch. Our team is always here to make sure you have the best experience.  

Susa TĂĽnker
Technical Product Manager at Humanitec
LinkedIn

Susa is a product manager with a love for design and technology. She has experience working with both larger scale SaaS companies as well as developing new products in a startup environment. At Humanitec, Susa is responsible for driving new features and continuously improving our user experience, with the goal of keeping developer teams productive and happy.

Upcoming events

No items found.
See all events

Recommended articles

No items found.
Join our Newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
WHY
Why Platform EngineeringWhy Internal Developer PlatformWhy Humanitec
PRODUCT
Product overviewPlatform OrchestratorScorePortalIntegrationsPricing
Features
Environment managementDeployment managementInfrastructure orchestrationDeveloper self-serviceRBAC & governance
Use Cases
Use cases overview
Kubernetes migration
Kubernetes complexity
Eliminate ticket Ops
End-to-end self service
Build developer portals
Build an IDP
Company
About Humanitec
Careers
Hiring
CustomersProfessional ServicesPartnersContact
Resources
DocsBlogWhitepapersFAQStart free trial
Community
SlackEvents
Reference ARCHITECTURES
AWS
Azure
GCP
Red Hat OpenShift
©2025 Humanitec. All Rights Reserved.
ImprintSupportSecurityStatusPoliciesTechnical DefinitionsWhistleblowing