Deploying OneAgent in a non-privileged container

Question

Question by Enrico F. · Feb 05, 2018 at 11:36 AM · oneagent installation docker kubernetes openshift

Deploying OneAgent in a non-privileged container

Our applications are running on top of a fully-managed container platform (OpenShift in this case) to which we neither have direct access to the underlying nodes nor the permission to run containers in privileged mode.

Is there any possibility to monitor our application containers despite these limitations?

If not, are there any future plans to reduce the privilege requirements for installing & running the OneAgent and allow monitoring of applications in this type of scenario? I'm thinking along the lines of a "thin" agent similar to AppMon agents which can be injected directly into an application process/container...

Thanks,
Enrico

0

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Answer 1 · 2018-02-07T06:45:21Z

Best Answer

Answer by Daniela R. · Feb 07, 2018 at 06:45 AM

Hi Enrico,

thanks for reaching out. Yes there is a possibility to monitor your application although you do not have direct access to the underlying nodes of your OpenShift cluster. You can add OneAgent for PaaS monitoring (a "thin" agent) to your application container. To do that, you basically can follow two approaches: (i) deploying the OneAgent at image build time (which involves modifying the image build process); or (ii) deploying the OneAgent at container runtime.

I can also share examples on how to do that with you. Also, we recently looked into AWS Fargate and came up with exactly these two approaches for PaaS monitoring of AWS Fargate deployments. We plan to publish a blog post on AWS Fargate in the next couple of days.

Hope this helps for the moment.

Thanks,
Daniela

0 · Share

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Answer 2 · 2018-02-21T10:15:13Z

Answer by Julius L. · Feb 21, 2018 at 10:15 AM

@Daniela R blog post is missing important information how to use the thin PaaS agent. Is this https://github.com/dynatrace-innovationlab/oneagent-paas-install

the correct method? (as it clearly says not yet ready).
Second question - how are the PaaS agents licensed? At this time, Dynatrace server side monitoring is licensed by Host Units, but PaaS agents are not counted in this metric. (My experience with AIX "PaaS" agents in recent Dynatrace Managed deployment).

0 · Share

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Answer 3 · 2018-02-07T10:40:17Z

Answer by Daniela R. · Feb 07, 2018 at 10:40 AM

The mentioned blog post is already available here: https://www.dynatrace.com/news/blog/first-steps-with-aws-fargate/

0 · Share

10 |2000000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Deploying OneAgent in a non-privileged container

3 Replies

How to get started:

NAM 2019 SP4 is available

LIVE WEBINAR

Follow this Question

Related Questions

Forum Tags