We currently use the Dynatrace to monitor the servers and containers of our OpenShift environment. To do that, we installed the OneAgent on all nodes in full-stack mode.
We observed that every container has access to the /opt/dynatrace/oneagent directory from the underlying node. Means that inside a container I can see all logs, reports and memorydumps from all containers running on the same node.
How can we restrict that?
Solved! Go to Solution.
The agent mounts this directory into every container to allow for automatic instrumentation and deep monitoring of the stuff running inside the container - without requiring the user to adapt or change the container deployments.
The logs in this directory cover only agent logs, there are no application or container logs in this directory. In full-stack mode, you cannot restrict the visibility to agent logs to this container only at the moment. The only way (as of today) to control this behavior is to turn off container injection and follow the app-only integration approach for your selected containers.
Hope this helps.
Unfortunately these agent logs will still give me some internal information about environment variables and java parameters. And if I trigger a memorydump I can see the complete dump in every container running on the specific host.
I think the only solution for us right now is to switch to app-only integraiton.