topic Deploying OneAgent in a non-privileged container in Container platforms

Deploying OneAgent in a non-privileged container

Enrico_F — Mon, 05 Feb 2018 11:36:07 GMT

Our applications are running on top of a fully-managed container platform (OpenShift in this case) to which we neither have direct access to the underlying nodes nor the permission to run containers in privileged mode.

Is there any possibility to monitor our application containers despite these limitations?

If not, are there any future plans to reduce the privilege requirements for installing & running the OneAgent and allow monitoring of applications in this type of scenario? I'm thinking along the lines of a "thin" agent similar to AppMon agents which can be injected directly into an application process/container...

Thanks,
Enrico

Re: Deploying OneAgent in a non-privileged container

daniela_rabiser — Wed, 07 Feb 2018 06:45:21 GMT

Hi Enrico,

thanks for reaching out. Yes there is a possibility to monitor your application although you do not have direct access to the underlying nodes of your OpenShift cluster. You can add OneAgent for PaaS monitoring (a "thin" agent) to your application container. To do that, you basically can follow two approaches: (i) deploying the OneAgent at image build time
(which involves modifying the image build process); or (ii) deploying the OneAgent at
container runtime.

I can also share examples on how to do that with you. Also, we recently looked into AWS
Fargate and came up with exactly these two approaches for PaaS monitoring of
AWS Fargate deployments. We plan to publish a blog post on AWS Fargate in
the next couple of days.

Hope this helps for the
moment.

Thanks,
Daniela

Re: Deploying OneAgent in a non-privileged container

daniela_rabiser — Wed, 07 Feb 2018 10:40:17 GMT

The mentioned blog post is already available here: https://www.dynatrace.com/news/blog/first-steps-with-aws-fargate/

Re: Deploying OneAgent in a non-privileged container

Julius_Loman — Wed, 21 Feb 2018 10:15:13 GMT

@Daniela R blog post is missing important information how to use the thin PaaS agent. Is this https://github.com/dynatrace-innovationlab/oneagent-paas-install

the correct method? (as it clearly says not yet ready).
Second question - how are the PaaS agents licensed? At this time, Dynatrace server side monitoring is licensed by Host Units, but PaaS agents are not counted in this metric. (My experience with AIX "PaaS" agents in recent Dynatrace Managed deployment).