I see in the getting started I need to allow access to docker.com & docker.io.
Any time we open access for an internal server to external site I need to be able to give our security team some sort of justification. Is there any documentation that describes why CSA needs access to these sites? Also is any info being sent up to those sites?
The CSA agent software is developed and tested by Netapp. We however do not have a publicly facing docker registry. Hence we use docker.com and docker.io to actually have the binary images available for download to a customer.
It should just need it at initial setup and then run fine so long as it can get to csa.netapp.com.
If we push revised agent versions, it will attempt to download and restart, and may fail at that point. You will start getting "agent offline" emails that should notify you of that condition if it occurs.