Showing results for 
Show  only  | Search instead for 
Did you mean: 

Running a security gateway in a container (Docker)?

Dynatrace Leader
Dynatrace Leader

Hi all - I haven't been able to find anything around this. In AppMon on the Dynatrace Github there is a container image for the collector but there is nothing like this I can find for security gateways nor anything around whether there could be any issues with this.

Has anyone had success working on something like this or encountered any issues that may be good to know of in advance? It would also be good to know if there are any reasons this would not be recommended.

Any input is appreciated. Thanks!




It's not supported, see:

Just curious - what are your benefits of running the gateway as docker container?

Personally I don't know the benefits we would get from this - customer wants to use containers for as much as possible so I'm looking into it :). They're looking at moving cloud vendor to AWS and also converting to Dynatrace from AppMon so this all falls under that process. I imagine just creating an AMI or using bootstrap scripts would be preferable over containers anyway but was looking for some opinions on this.

I expect we would only ever want to run one sgw per host as any more than that would be difficult to manage especially with ports.

Regarding support, I don't see docker containers being listed for collectors in AppMon either so I don't think this would prevent it from working though it is good to note as far as making the final decision.

Well, docs for security gateway are clear and they say explicitely "no container". So I'd highly recommend not to containerize sgw.

Got it - looked through the doc again:

and I do see the references to not using containers. This should be all I need.

Thanks for preventing me from wasting time!

You are welcome... Just a note - you are mentioning one security gw per host. This seems to be a misunderstanding of Dynatrace architecture which is quite different from AppMon. Typically you deploy just one Oneagent per host regardless of the number of containers (and you can deploy Oneagent as container - this is AFAIK supported). Security GW is used for various reasons, mostly for proxying communication and storing memory dumps, but there is more functionality in them.

Sorry - I meant a single node would only ever be running one security gateway instance at a time. It would probably be uncommon to have multiple security gateways on one node at a time. Though I suppose there could be instances where one would want might want multiple private gateways if there are agents in one location that need to report to multiple environments if using SaaS. Haven't thought too much about this yet.

A benefit could be running HTTP monitors within the swarm network. It would then be possible to determine if there could be an issue could be with the proxy that is used to enter swarm or an issue with the service itself.

Just a thought