Help
Not a customer? Start a free trial

Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial.

AppDynamics customers and established members should click the sign in button to authenticate.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

K8s "api-user" Requirement for Auto Instrumentation

Go to solution
Mohit.Gupta
Maker

‎04-20-2022 11:01 PM

Hi Folks,

 

Need help to understand the requirement of "api-user" (Controller local User) with administrative rights for auto instrumentation using cluster agent on EKS. We have installed the cluster agent successfully into our EKS cluster and it is reporting data properly, now we are planning to achieve auto instrumentation of all the containers/pods running. While going through the documentation I found that there is a requirement to create a local user with an administrator role.

 

I don't want to provide a local user with admin rights to the application team due to security concerns, Kindly suggest what else we can do here.

 

Also, why AppDynamics is not using "API Client" token-based authentication instead of the user?

 

Reference documentation: https://docs.appdynamics.com/21.4/en/infrastructure-visibility/monitor-kubernetes-with-the-cluster-a...

Labels:
7 REPLIES 7

Go to solution
Everton.Arakaki
Creator

‎08-02-2022 08:39 AM

Hi AppDynamics team, can someone please respond to this question?

0 Kudos

Go to solution
Everton.Arakaki
Creator

‎08-02-2022 09:03 AM

EvertonArakaki_0-1659456181085.png

documentation is very misleading. do we need or not username and password of an Administrator ?

0 Kudos

Go to solution
Ryan.Paredez
Community Manager

‎08-03-2022 09:15 AM

Hi @Everton.Arakaki,

Can you share the link to the Docs page you grabbed that screenshot from? I'll share it with the Docs team to get some clarity. 

 


Thanks,
Ryan, AppDynamics Community Manager


Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.
0 Kudos

Go to solution
Everton.Arakaki
Creator

‎08-03-2022 01:14 PM

hi @Ryan.Paredez , thanks for quick response. the link I took the screenshot is Auto-Instrument Applications with the Cluster Agent (appdynamics.com)

the thing that really upsets me are:
 - why username and password when appdynamics have api tokens

- why the docs says Administrator 

thanks! 

0 Kudos

Go to solution
Everton.Arakaki
Creator

‎08-03-2022 01:16 PM

actually the screenshot is from here Install the Cluster Agent with Helm Charts (appdynamics.com) and the information about "local Administrator access" is from here Auto-Instrument Applications with the Cluster Agent (appdynamics.com)

0 Kudos

Go to solution
Mohit.Gupta
Creator
In response to Everton.Arakaki

‎08-03-2022 09:57 PM

Hi Everton,

You can skip the step where it is asking for an Admin user. I did the agent installation without the Admin user and everything is working fine except when a container stopped working it will still appear in the tiers and node tab as a disconnected node. Either you can delete it manually or wait for some time and it will be deleted automatically (Historical and Disconnected Nodes - https://docs.appdynamics.com/appd/22.x/22.1/en/application-monitoring/administer-app-server-agents/h...)


Admin user only helps in cleaning the disconnected nodes automatically as soon as a container is stopped/deleted Cluster Agent (With Admin User) will also delete it from AppDynamics immediately that's all it does.

Yes, it's very disappointing that the product has Client API functionality where we can use API tokens for providing more secure integrations but it still asks for the User ID. The same is the case with Dexter also.

Regards,
Mohit

Go to solution
Everton.Arakaki
Creator

‎08-04-2022 12:38 AM

thanks a lot for the information!! I`m absolutely sure my appdynamics administrators wont be happy with a bunch of dead pods on the system. but it`s not my problem right? its a flaw on the product. I was able to instrument without administrator access as well. 

Yes, it's very disappointing that the product has Client API functionality where we can use API tokens for providing more secure integrations but it still asks for the User ID. The same is the case with Dexter also.

we surely expect more from a really really really really really really really really really really really really really really  expensive product like appdynamics!

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support