3.7.0
What's New in ioFog 3.7.0?Core ConceptsArchitectureQuick Start With Local Deployment
IntroductionDownloadGetting FamiliarResource ManagementConnect/DisconnectLegacy
CLI Reference
iofogctliofogctl attachiofogctl attach agentiofogctl attach edge-resourceiofogctl attach execiofogctl attach exec agentiofogctl attach exec microserviceiofogctl attach volume-mountiofogctl completioniofogctl completion bashiofogctl completion fishiofogctl completion powershelliofogctl completion zshiofogctl configureiofogctl connectiofogctl createiofogctl create namespaceiofogctl deleteiofogctl delete agentiofogctl delete alliofogctl delete application-templateiofogctl delete applicationiofogctl delete catalogitemiofogctl delete certificateiofogctl delete configmapiofogctl delete controlleriofogctl delete edge-resourceiofogctl delete microserviceiofogctl delete namespaceiofogctl delete nats-account-ruleiofogctl delete nats-user-ruleiofogctl delete registryiofogctl delete roleiofogctl delete rolebindingiofogctl delete secretiofogctl delete serviceiofogctl delete serviceaccountiofogctl delete volume-mountiofogctl delete volumeiofogctl deployiofogctl describeiofogctl describe agent-configiofogctl describe agentiofogctl describe application-templateiofogctl describe applicationiofogctl describe certificateiofogctl describe configmapiofogctl describe controlleriofogctl describe controlplaneiofogctl describe edge-resourceiofogctl describe microserviceiofogctl describe namespaceiofogctl describe nats-account-ruleiofogctl describe nats-accountiofogctl describe nats-user-ruleiofogctl describe nats-useriofogctl describe registryiofogctl describe roleiofogctl describe rolebindingiofogctl describe secretiofogctl describe serviceiofogctl describe serviceaccountiofogctl describe system-microserviceiofogctl describe volume-mountiofogctl describe volumeiofogctl detachiofogctl detach agentiofogctl detach edge-resourceiofogctl detach execiofogctl detach exec agentiofogctl detach exec microserviceiofogctl detach volume-mountiofogctl disconnectiofogctl execiofogctl exec agentiofogctl exec microserviceiofogctl getiofogctl legacyiofogctl logsiofogctl moveiofogctl move agentiofogctl move microserviceiofogctl natsiofogctl nats accountsiofogctl nats accounts ensureiofogctl nats operatoriofogctl nats operator describeiofogctl nats usersiofogctl nats users create-mqtt-beareriofogctl nats users createiofogctl nats users credsiofogctl nats users delete-mqtt-beareriofogctl nats users deleteiofogctl pruneiofogctl prune agentiofogctl rebuildiofogctl rebuild microserviceiofogctl rebuild system-microserviceiofogctl renameiofogctl rename agentiofogctl rename applicationiofogctl rename controlleriofogctl rename edge-resourceiofogctl rename microserviceiofogctl rename namespaceiofogctl rollbackiofogctl startiofogctl start applicationiofogctl start microserviceiofogctl stopiofogctl stop applicationiofogctl stop microserviceiofogctl upgradeiofogctl versioniofogctl view
IntroductionPrepare Your NetworkPrepare Realm and OIDC ClientKeycloak DeploymentPrepare Your Remote HostsRemote Control PlaneKubernetes Prepare ClusterExternal Database DeploymentKubernetes iofogctlSetup Your AgentsAirgap Deployment
Securing ClusterRolesRole BindingsCertificates ManagerNATs Account RuleNATs User RuleNATs JWT Authentication
IntroductionAgent ConfigurationAttach/DetachVolumesDocker Image PruningUpgrade/Rollback
IntroductionApplication TemplatesMicroservice Lifecycle ManagementMicroservice LogsMicroservice Move/RenameMicroservice Registry Catalog
YAML KindsControl PlaneAgentApplicationApplication TemplateRegistryCatalogOfflineImageSecretCertificateConfigMapVolumeMountServiceRoleRoleBindingNatsAccountRuleNatsUserRule
ECN Viewer
OverviewConfigurationREST API
OverviewCLI UsageLocal APIConfigurationAgent Logs
HALREST Blue
GuidelinesCode of Conduct

What's New in ioFog v3.7?

  • NATS messaging is now available as default pub/sub, request/reply, KV store and JetStream messaging inside ioFog clusters; use NATS Account Rules at application level and NATS User Rules at microservice level—the Controller provisions credentials automatically with no manual JWT handling.
  • Access Control is now available with fine-grained Roles and Role Bindings for the Controller REST and WS APIs, plus NATS Account Rule and NATS User Rule for NATS access.
  • Security is now documented in a dedicated section: NATS JWT Authentication and Certificates Manager for Microservices. For Routers and NATs instances TLS by default, with support for custom CAs and volume-mounted certs.
  • Legacy ioFog Messagebus is deprecated.
  • Controller supports external KMS system for Secrets and ConfigMaps(spec.usevault: true) store. HashiCorp Vault, OpenBao, AWS Secret Manager, Azure Key Vault, Google Secret Manager.
  • VolumeMount is now available with type-based volume mapping and reference by name.
  • Logging via WebSocket is now available for streaming Agent and microservice logs in ECN-Viewer and iofogctl; see Agent Logs for details.
  • Airgap deployment is now documented with a dedicated guide for control plane and Agent images offline, OfflineImage for microservices, and iofogctl flags (--no-cache, --transfer-pool).
  • Service is now available for exposing microservices, agents, Kubernetes services, or external endpoints through Router's TCP bridge mechanism.
  • Secret Management is now available for storing and managing sensitive data including Opaque and TLS secrets.
  • Certificate and CertificateAuthority management is now available for generating self-signed certificates or using existing certificates from ioFog cluster or Kubernetes secrets.
  • ConfigMap is now available for managing non-sensitive configuration data that can be mounted to microservices.
  • VolumeMount is now available for attaching ConfigMaps or Secrets to Agents as volumes, enabling easy volume management for microservices.
  • OfflineImage is now available for deploying container images to edge nodes that cannot access the internet, enabling iofogctl to pull images locally and transfer them to remote hosts via SSH.
  • Debugging & Exec Sessions deliver role-aware remote terminals for Agents, microservices, and system microservices—powered by iofogctl and ECN Viewer.
  • ECN Viewer now mirrors nearly every iofogctl operation, enabling full-cluster workload management, remote exec, resource editing, and deployments directly from the browser.
  • Events and Auditing provides comprehensive tracking and auditing of all Controller API endpoint calls for compliance and troubleshooting.

Service

Services enable you to expose microservices, agents, Kubernetes services, or external endpoints through the Router's TCP bridge mechanism. Services create TCP connectors on Router instances, allowing microservices to reach these endpoints via a service mesh. Services are distributed to Agents based on tags, enabling flexible and scalable service discovery across your Edge Compute Network.

Find out more! and check out the YAML specification!

Secret Management

Secrets provide a secure way to store and manage sensitive data such as passwords, API keys, and TLS certificates. ioFog supports Opaque secrets for general-purpose data storage and TLS secrets for certificate management. Secrets can be referenced by microservices and other resources, ensuring sensitive information is handled securely throughout your ECN.

Find out more! and check out the YAML specification!

Certificate and CertificateAuthority

Certificate and CertificateAuthority resources enable comprehensive TLS certificate management for your Edge Compute Network. You can generate self-signed certificates, create Certificate Authorities, and sign certificates using existing CAs from your ioFog cluster or Kubernetes secrets. This feature simplifies SSL/TLS configuration across your edge infrastructure, ensuring secure communication between components.

Find out more! and check out the YAML specification!

ConfigMap

ConfigMaps allow you to store and manage non-sensitive configuration data in key-value pairs. ConfigMaps can be used to store application configuration, environment variables, or configuration files. They support both mutable and immutable modes, providing flexibility for different use cases. ConfigMaps can be mounted to microservices as volumes or referenced directly in your deployment configurations.

Find out more! and check out the YAML specification!

VolumeMount

VolumeMounts provide a convenient way to attach ConfigMaps or Secrets to Agents as volumes. Once attached, these volumes are available on the Agent and can be easily mounted to running microservices. This feature simplifies configuration and secret management by allowing you to create volumes from ConfigMaps or Secrets and attach them to multiple Agents, enabling consistent configuration across your edge infrastructure.

Find out more! and check out the YAML specification!

OfflineImage

OfflineImage enables you to deploy container images to edge nodes that cannot access the internet for pulling images. This feature is essential for air-gapped or network-restricted edge deployments. iofogctl pulls the images on your local machine (where iofogctl is installed), transfers them to remote edge hosts via SSH, loads them into Docker on each host, and automatically creates catalog items with registry ID 2 (from_cache). This allows microservices to use these pre-loaded images without requiring internet access on the edge nodes.

Find out more! and check out the YAML specification!

Debugging and Exec Sessions

Secure debugging is now available across the entire ECN:

  • iofogctl workflow: attach a privileged debugger container and open an exec session without handling SSH keys.
  • RBAC-aware access: SREs can exec into Agents, microservices, and system microservices; Developers are limited to microservices; Viewers cannot open exec sessions.
  • ECN Viewer parity: click the terminal icon in any Agent, microservice, or system microservice slide-over to launch the same exec experience directly in the browser.

iofogctl commands

Attach and exec into a microservice (application or system):

# Application microservice
iofogctl attach exec <app>/<microservice>
iofogctl exec <app>/<microservice>

# System microservice
iofogctl attach exec <sys-app>/<sys-microservice>
iofogctl exec <sys-app>/<sys-microservice>

Attach and exec into an Agent (with optional custom debugger image):

iofogctl attach exec agent <agent-name> [debuggerImage:tag]
iofogctl exec agent <agent-name>

If no image is provided, the cluster’s catalog debugger image is deployed automatically. Debugger containers run with the required host, pid, ipc, and net privileges, giving you SSH-like access without distributing key pairs.

ECN Viewer: Full-Stack Management

The browser-based ECN Viewer now provides operational parity with iofogctl for day-2 workflows. You can deploy and manage applications, edit any resource YAML, configure registries and catalogs, open exec sessions into Agents or microservices, and call the Controller REST API without leaving the UI. Only the installation of Controllers and Agents still requires iofogctl.

Find out more!

Events and Auditing

The Events endpoint provides comprehensive tracking and auditing of all Controller API calls. Administrators can filter events by type, endpoint, status, method, resource type, actor, and time range. Export event logs for compliance reporting or delete old events to manage storage. This feature is essential for enterprise deployments requiring audit trails and compliance with security policies.

Find out more!