cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

K8s "api-user" Requirement for Auto Instrumentation

Mohit.Gupta
Maker

Hi Folks,

 

Need help to understand the requirement of "api-user" (Controller local User) with administrative rights for auto instrumentation using cluster agent on EKS. We have installed the cluster agent successfully into our EKS cluster and it is reporting data properly, now we are planning to achieve auto instrumentation of all the containers/pods running. While going through the documentation I found that there is a requirement to create a local user with an administrator role.

 

I don't want to provide a local user with admin rights to the application team due to security concerns, Kindly suggest what else we can do here.

 

Also, why AppDynamics is not using "API Client" token-based authentication instead of the user?

 

Reference documentation: https://docs.appdynamics.com/21.4/en/infrastructure-visibility/monitor-kubernetes-with-the-cluster-a...

7 REPLIES 7

Everton.Arakaki
Creator

Hi AppDynamics team, can someone please respond to this question?

Everton.Arakaki
Creator

EvertonArakaki_0-1659456181085.png

documentation is very misleading. do we need or not username and password of an Administrator ?

Ryan.Paredez
Community Manager

Hi @Everton.Arakaki,

Can you share the link to the Docs page you grabbed that screenshot from? I'll share it with the Docs team to get some clarity. 

 


Thanks,
Ryan, AppDynamics Community Manager



Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.

Everton.Arakaki
Creator

hi @Ryan.Paredez , thanks for quick response. the link I took the screenshot is Auto-Instrument Applications with the Cluster Agent (appdynamics.com)

the thing that really upsets me are:
 - why username and password when appdynamics have api tokens

- why the docs says Administrator 

thanks! 

Everton.Arakaki
Creator

actually the screenshot is from here Install the Cluster Agent with Helm Charts (appdynamics.com) and the information about "local Administrator access" is from here Auto-Instrument Applications with the Cluster Agent (appdynamics.com)

Hi Everton,

You can skip the step where it is asking for an Admin user. I did the agent installation without the Admin user and everything is working fine except when a container stopped working it will still appear in the tiers and node tab as a disconnected node. Either you can delete it manually or wait for some time and it will be deleted automatically (Historical and Disconnected Nodes - https://docs.appdynamics.com/appd/22.x/22.1/en/application-monitoring/administer-app-server-agents/h...)


Admin user only helps in cleaning the disconnected nodes automatically as soon as a container is stopped/deleted Cluster Agent (With Admin User) will also delete it from AppDynamics immediately that's all it does.

Yes, it's very disappointing that the product has Client API functionality where we can use API tokens for providing more secure integrations but it still asks for the User ID. The same is the case with Dexter also.

Regards,
Mohit

Everton.Arakaki
Creator

thanks a lot for the information!! I`m absolutely sure my appdynamics administrators wont be happy with a bunch of dead pods on the system. but it`s not my problem right? its a flaw on the product. I was able to instrument without administrator access as well. 

Yes, it's very disappointing that the product has Client API functionality where we can use API tokens for providing more secure integrations but it still asks for the User ID. The same is the case with Dexter also.

we surely expect more from a really really really really really really really really really really really really really really  expensive product like appdynamics!