Add a private probe through Kubernetes
Add the private probe into a Kubernetes cluster as a Deployment, a DaemonSet, or as a sidecar container next to your own application.
Before getting started, make sure you have the prerequisites to install the Private Probe. See Private Probe requirements.
Create a Kubernetes secret for the ingestion token
-
Create a secret for the API token with the following command.
kubectl create secret generic api-token --from-literal=API_TOKEN="<token>"
Option 1: Run the private probe as a Kubernetes Deployment
To add the private probe as a Kubernetes deployment in your cluster, use the following file.
apiVersion: apps/v1
kind: Deployment
metadata:
name: private-probe-deployment
labels:
k8s-app: private-probe
spec:
replicas: 1
selector:
matchLabels:
app: private-probe
template:
metadata:
labels:
app: private-probe
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
containers:
- name: private-probe
image: solarwinds/synthetics-private-probe:latest
env:
- name: SYNTHETICS_COLLECTOR_URL
value: <cluster endpoint>
- name: LOCAL_ID
value: <private probe id>
- name: NAME
value: <private probe name>
- name: API_TOKEN
valueFrom:
secretKeyRef:
name: api-token
key: API_TOKEN
securityContext:
capabilities:
drop:
- all
add:
- NET_RAW
securityContext:
sysctls:
- name: net.ipv4.ping_group_range
value: "0 2147483647"
-
Save the YAML as
private-probe-deployment.yaml. -
Execute the following to apply the YAML file.
kubectl apply -f private-probe-deployment.yaml
-
Execute the following to verify that the pod is running.
kubectl get pods -l app=private-probe
Option 2 (Optional): Run the Private Probes as a Kubernetes DaemonSet
If you want a private probe instance on every node (to run checks from each node’s perspective, for example), you can add the probe as a DaemonSet instead of a Deployment. The DaemonSet example is similar to the Deployment but uses kind: DaemonSet and runs one pod per suitable node.
To apply the Private Probe as a DaemonSet in your multi-node cluster, use the following file.
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: private-probe-daemonset
labels:
k8s-app: private-probe
spec:
selector:
matchLabels:
name: private-probe
template:
metadata:
labels:
name: private-probe
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
tolerations:
# this toleration is to have the daemonset runnable on master nodes
# remove it if your masters can't run pods
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: private-probe
image: solarwinds/synthetics-private-probe:latest
env:
- name: SYNTHETICS_COLLECTOR_URL
value: <cluster endpoint>
- name: API_TOKEN
valueFrom:
secretKeyRef:
name: api-token
key: API_TOKEN
- name: LOCAL_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
capabilities:
drop:
- all
add:
- NET_RAW
securityContext:
sysctls:
- name: net.ipv4.ping_group_range
value: "0 2147483647"
terminationGracePeriodSeconds: 30
Option 3 (Optional): Run the Private Probe as a Kubernetes sidecar
You can run the private probe as a sidecar container next to your own application container in a StatefulSet so that each replica has its own probe instance. In this setup, the pod’s own hostname or metadata name can be used as both LOCAL_ID and NAME to keep each replica as a stable identity even when restarted.
Before adding the Private Probe as a sidecar in a replicated workload, you need to make sure that the Local ID does not change when the container is restarted or when a new pod for the replica is started. Use StatefulSet which will always assign the same host name for a replica with a particular ordinal number. The hostname can then be used as Local ID and NAME.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: app-with-private-probe-sidecar
spec:
selector:
matchLabels:
app: app-with-private-probe-sidecar
serviceName: app-with-private-probe-sidecar
replicas: 3
template:
metadata:
labels:
app: app-with-private-probe-sidecar
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
containers:
# - name: app # main app container
- name: private-probe-sidecar
image: solarwinds/synthetics-private-probe:latest
env:
- name: SYNTHETICS_COLLECTOR_URL
value: <cluster endpoint>
- name: API_TOKEN
valueFrom:
secretKeyRef:
name: api-token
key: API_TOKEN
- name: LOCAL_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
securityContext:
capabilities:
drop:
- all
add:
- NET_RAW
securityContext:
sysctls:
- name: net.ipv4.ping_group_range
value: "0 2147483647"