cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Host directory /opt/dynatrace/oneagent is accessible from all containers

tobias_denzler
Newcomer

Hi

We currently use the Dynatrace to monitor the servers and containers of our OpenShift environment. To do that, we installed the OneAgent on all nodes in full-stack mode.

We observed that every container has access to the /opt/dynatrace/oneagent directory from the underlying node. Means that inside a container I can see all logs, reports and memorydumps from all containers running on the same node.

How can we restrict that?

Regards


2 REPLIES 2

alois_mayr
Dynatrace Helper
Dynatrace Helper

Hi Tobias,

The agent mounts this directory into every container to allow for automatic instrumentation and deep monitoring of the stuff running inside the container - without requiring the user to adapt or change the container deployments.

The logs in this directory cover only agent logs, there are no application or container logs in this directory. In full-stack mode, you cannot restrict the visibility to agent logs to this container only at the moment. The only way (as of today) to control this behavior is to turn off container injection and follow the app-only integration approach for your selected containers.

Hope this helps.

Alois


tobias_denzler
Newcomer

Hi Alois

Unfortunately these agent logs will still give me some internal information about environment variables and java parameters. And if I trigger a memorydump I can see the complete dump in every container running on the specific host.

I think the only solution for us right now is to switch to app-only integraiton.

Regards

Tobi