Splunk AppDynamics
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

K8s "api-user" Requirement for Auto Instrumentation

Mohit_Gupta2
Explorer
‎04-20-2022 11:01 PM

Hi Folks,

Need help to understand the requirement of "api-user" (Controller local User) with administrative rights for auto instrumentation using cluster agent on EKS. We have installed the cluster agent successfully into our EKS cluster and it is reporting data properly, now we are planning to achieve auto instrumentation of all the containers/pods running. While going through the documentation I found that there is a requirement to create a local user with an administrator role.

I don't want to provide a local user with admin rights to the application team due to security concerns, Kindly suggest what else we can do here.

Also, why AppDynamics is not using "API Client" token-based authentication instead of the user?

Reference documentation: https://docs.appdynamics.com/21.4/en/infrastructure-visibility/monitor-kubernetes-with-the-cluster-a...

Labels (3)
Reply
1 Solution
Solved! Jump to solution
Solution

Mohit_Gupta
Engager
‎08-03-2022 09:57 PM

Hi Everton,

You can skip the step where it is asking for an Admin user. I did the agent installation without the Admin user and everything is working fine except when a container stopped working it will still appear in the tiers and node tab as a disconnected node. Either you can delete it manually or wait for some time and it will be deleted automatically (Historical and Disconnected Nodes - https://docs.appdynamics.com/appd/22.x/22.1/en/application-monitoring/administer-app-server-agents/h...)


Admin user only helps in cleaning the disconnected nodes automatically as soon as a container is stopped/deleted Cluster Agent (With Admin User) will also delete it from AppDynamics immediately that's all it does.

Yes, it's very disappointing that the product has Client API functionality where we can use API tokens for providing more secure integrations but it still asks for the User ID. The same is the case with Dexter also.

Regards,
Mohit

View solution in original post

Reply
Solved! Jump to solution

Everton_Arakaki
Explorer
‎08-04-2022 12:38 AM

thanks a lot for the information!! I`m absolutely sure my appdynamics administrators wont be happy with a bunch of dead pods on the system. but it`s not my problem right? its a flaw on the product. I was able to instrument without administrator access as well. 

Yes, it's very disappointing that the product has Client API functionality where we can use API tokens for providing more secure integrations but it still asks for the User ID. The same is the case with Dexter also.

we surely expect more from a really really really really really really really really really really really really really really  expensive product like appdynamics!

Reply
Solved! Jump to solution

Everton_Arakaki
Explorer
‎08-03-2022 01:16 PM

actually the screenshot is from here Install the Cluster Agent with Helm Charts (appdynamics.com) and the information about "local Administrator access" is from here Auto-Instrument Applications with the Cluster Agent (appdynamics.com)

0 Karma
Reply
Solved! Jump to solution
Solution

Mohit_Gupta
Engager
‎08-03-2022 09:57 PM

Hi Everton,

You can skip the step where it is asking for an Admin user. I did the agent installation without the Admin user and everything is working fine except when a container stopped working it will still appear in the tiers and node tab as a disconnected node. Either you can delete it manually or wait for some time and it will be deleted automatically (Historical and Disconnected Nodes - https://docs.appdynamics.com/appd/22.x/22.1/en/application-monitoring/administer-app-server-agents/h...)


Admin user only helps in cleaning the disconnected nodes automatically as soon as a container is stopped/deleted Cluster Agent (With Admin User) will also delete it from AppDynamics immediately that's all it does.

Yes, it's very disappointing that the product has Client API functionality where we can use API tokens for providing more secure integrations but it still asks for the User ID. The same is the case with Dexter also.

Regards,
Mohit

Reply
Solved! Jump to solution

Everton_Arakaki
Explorer
‎08-03-2022 01:14 PM

hi @Ryan.Paredez , thanks for quick response. the link I took the screenshot is Auto-Instrument Applications with the Cluster Agent (appdynamics.com)

the thing that really upsets me are:
 - why username and password when appdynamics have api tokens

- why the docs says Administrator 

thanks! 

0 Karma
Reply
Solved! Jump to solution

iamryan
Community Manager
Community Manager
‎08-03-2022 09:15 AM

Hi @Everton.Arakaki,

Can you share the link to the Docs page you grabbed that screenshot from? I'll share it with the Docs team to get some clarity. 

0 Karma
Reply
Solved! Jump to solution

Everton_Arakaki
Explorer
‎08-02-2022 09:03 AM

image.png

documentation is very misleading. do we need or not username and password of an Administrator ?

0 Karma
Reply
Solved! Jump to solution

Everton_Arakaki
Explorer
‎08-02-2022 08:39 AM

Hi AppDynamics team, can someone please respond to this question?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top