IBM Cloud Docs
Working with the Kubernetes agent

Working with the Kubernetes agent

After you provision an instance of the IBM Cloud® Monitoring service in the IBM Cloud, you can deploy the Monitoring agent on your cluster to collect data and metrics automatically. You can configure which metrics to monitor in each environment.

You can associate one or more tags to each monitoring agent. Tags are comma-separated values that are formatted as TAG_NAME:TAG_VALUE. When you monitor your environment, you can use these tags to identify metrics that are available from an agent. For example, you can include information about the service name and location with all of the metrics that are collected by this agent.

Prereqs

  • Check the topic Tune Agent

  • Get information about Kubernetes monitoring agent images.

  • Install the IBM Cloud CLI and plug-ins:

    • IBM Cloud CLI (ibmcloud)

    • IBM Cloud Kubernetes Service plug-in (ibmcloud ks)

    • IBM Cloud Container Registry plug-in (ibmcloud cr)

    • IBM Cloud Kubernetes Service observability plug-in (ibmcloud ob)

  • Install the Kubernetes CLI (kubectl)

    Make sure that the kubectl version is compatible with your cluster version. If the kubectl version is not compatible, you can get an error such as kubectl create clusterrolebinding failed!. You can use kubectl version --short to check versions of your cluster and your kubectl client.

  • If you plan to run the Monitoring service, Workload Protection with the node analyzer, or both, check your cluster flavor. You need a minimum b3c.4x16 flavor for node analyzer to run.

    If you have a cluster with a free plan, you do not have sufficient CPU to run the Monitoring agent.

  • Obtain the access key. For more information, see Getting the access key.

  • Obtain the public or private ingestion URL. For more information, see collector endpoints.

  • Log in to the Kubernetes cluster. Choose a method to login to an Kubernetes cluster. Learn more about the methods to login.

  • Check public endpoints are enabled if you plan to install image-analyzer, host-analyzer, and benchmark runner. For example, to deploy these components in a cluster in your Virtual Private Cloud (VPC), check that a public gateway is attached to the subnet configured for the cluster.

Deploying an agent by using a script

In order to use this script, you must have a minimum of Viewer and Manager IAM permissions assigned for the Kubernetes cluster.

To deploy the agent, run the following command:

curl -sL https://ibm.biz/install-sysdig-k8s-agent | bash -s -- -a ACCESS_KEY -c COLLECTOR_ENDPOINT -t TAG_DATA -ac 'sysdig_capture_enabled: false' --nodeanalyzer  --analysismanager https://<COLLECTOR ENDPOINT>/internal/scanning/scanning-analysis-collector --collector_port 6443 --api_endpoint <API-ENDPOINT> [-as] [-af]

Where

  • ACCESS_KEY is the ingestion key for the instance.

  • COLLECTOR_ENDPOINT is the public or private ingestion URL for the region where the instance is available. To get an endpoint, see Collector endpoints.

  • TAG_DATA are comma-separated tags that are formatted as TAG_NAME:TAG_VALUE. You can associate one or more tags to your agent. For example: role:serviceX,location:us-south.

  • Set sysdig_capture_enabled to false to disable the capture feature. By default is set to true. For more information, see Working with captures.

  • Add --imageanalyzer --analysismanager https://<COLLECTOR ENDPOINT>/internal/scanning/scanning-analysis-collector to install the image analyzer component. Configure this component when you have images that are hosted in the Container Registry.

  • Add --nodeanalyzer --analysismanager https://<COLLECTOR ENDPOINT>/internal/scanning/scanning-analysis-collector --api_endpoint <API-ENDPOINT>to install image-analyzer, host-analyzer, and benchmark runner. The API_ENDPOINT is needed by the benchmark runner. The COLLECTOR_ENDPOINT is needed by the image analyzer.

  • Add the option that defines the type of agent that you want to deploy:

    • -as to deploy a slim agent. This is the default option. Use this option to reduce the surface area of attack for potential vulnerabilities. When you deploy the agent, you install the agent package as two containers, one running the agent-kmodule and the other running the agent-slim.

    • -af to deploy the full agent. When you deploy the agent, the agent runs as a single container or a service.

To deploy the agent by using a public endpoint, run the following command:

curl -sL https://ibm.biz/install-sysdig-k8s-agent | bash -s -- -a ACCESS_KEY -c ingest.<REGION>.monitoring.cloud.ibm.com -t TAG_DATA -ac 'sysdig_capture_enabled: false' --nodeanalyzer --analysismanager https://ingest.<REGION>.monitoring.cloud.ibm.com/internal/scanning/scanning-analysis-collector --collector_port 6443 --api_endpoint <REGION>.monitoring.cloud.ibm.com [-as] [-af]

{: codeblock}api

To deploy the agent by using a private endpoint, run the following command:

curl -sL https://ibm.biz/install-sysdig-k8s-agent | bash -s -- -a ACCESS_KEY -c ingest.private.<REGION>.monitoring.cloud.ibm.com -t TAG_DATA -ac 'sysdig_capture_enabled: false' --nodeanalyzer --analysismanager https://ingest.private.<REGION>.monitoring.cloud.ibm.com/internal/scanning/scanning-analysis-collector --collector_port 6443 --api_endpoint private.<REGION>.monitoring.cloud.ibm.com [-as] [-af]

For example, you can run in the US-South region the following command to deploy the agent:

curl -sL https://ibm.biz/install-sysdig-k8s-agent | bash -s -- -a APIKEY -c ingest.us-south.monitoring.cloud.ibm.com -ac 'sysdig_capture_enabled: false' --nodeanalyzer  --analysismanager https://ingest.us-south.monitoring.cloud.ibm.com/internal/scanning/scanning-analysis-collector  --collector_port 6443 --api_endpoint us-south.monitoring.cloud.ibm.com

Removing an agent

Run the following command to remove an agent:

curl -sL https://ibm.biz/install-sysdig-k8s-agent | bash -s -- -a ACCESS_KEY -c COLLECTOR_ENDPOINT --remove

Where ACCESS_KEY is the ingestion key for the instance.

Verifying the state of the agent

Run the following command to check the status of the agent:

kubectl get pods -n ibm-observe

If pods are listed with status running, the agent is running.

If no pods are listed, the agent is not running.

In the event that the pods are not running but you expect the agent to be running, you can run the following command to understand why:

kubectl get events -n ibm-observe