Run SolarWinds Observability Agent on the Kubernetes platform
You can use the following options to run the Agent on the Kubernetes platform.
Before you begin, review the limitations and supported environment variables.
If you plan to use the Agent for monitoring a database, enable host monitoring after you have deployed the Agent.
When you already have the Agent running, specify what you want to monitor. See Add entities for monitoring .
Run as a Kubernetes deployment
When running the Agent as a Kubernetes deployment, you can leverage Kubernetes secrets to hide the access token.
To create a secret for an access token, run the following command:
kubectl create secret generic access-token --from-literal=ACCESS_TOKEN="<token>"
To persist the Agent working directory between pod restarts, use a persistent volume. See Configure a Pod to Use a PersistentVolume for Storage in Kubernetes documentation.
For example, you can use the following file to create PersistentVolumeClaim
that will be referenced later in the Deployment definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: uamsclient-pv-claim
labels:
app: router
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
To apply the Agent as a Kubernetes deployment in your cluster, use the following file.
The restartPolicy
setting must be set to OnFailure
so that the Agent is able to perform restart procedures sent from the SolarWinds Observability.
apiVersion: apps/v1
kind: Deployment
metadata:
name: uamsclient-deployment
namespace: <namespace>
labels:
k8s-app: uamsclient
spec:
replicas: 1
selector:
matchLabels:
app: uamsclient
template:
metadata:
labels:
app: uamsclient
spec:
restartPolicy: OnFailure
containers:
- name: uamsclient
image: solarwinds/swo-agent:latest
env:
- name: UAMS_ACCESS_TOKEN
value: <token>
- name: SWO_URL
value: <cluster endpoint>
- name: UAMS_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: access-token
key: ACCESS_TOKEN
volumeMounts:
- name: uamsclient-persistent-storage
mountPath: /uamsclient/workdir
volumes:
- name: uamsclient-persistent-storage
persistentVolumeClaim:
claimName: uamsclient-pv-claim
Run as a Kubernetes DaemonSet
To apply the Agent as a DaemonSet in your multi-node cluster, use the following file.
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: uamsclient-daemonset
labels:
k8s-app: uamsclient
spec:
selector:
matchLabels:
name: uamsclient
template:
metadata:
labels:
name: uamsclient
spec:
tolerations:
# this toleration is to have the daemonset runnable on master nodes
# remove it if your masters can't run pods
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
containers:
- name: uamsclient
image: solarwinds/swo-agent:latest
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
env:
- name: UAMS_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: access-token
key: ACCESS_TOKEN
- name: SWO_URL
value: <cluster endpoint>
- name: UAMS_CONTAINER_HOSTNAME
value: <optional custom container name>
- name: UAMS_CLIENT_ID_OVERRIDE_SOURCE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
terminationGracePeriodSeconds: 30
Run as a Kubernetes sidecar
To apply the Agent as a sidecar in a replicated workload, ensure that the Agent ID is not changing when the container is restarted or when a new pod for the same replica is started.
To achieve this, use StatefulSet
which will always assign the same host name for a replica with a particular ordinal number. The hostname can then be used as UAMS_CLIENT_ID_OVERRIDE_SOURCE_NAME
to ensure that each replica has always the same Agent ID.
The restartPolicy
setting must be set to OnFailure
so that the Agent is able to perform restart procedures sent from the SolarWinds Observability.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: <app>-with-uamsclient-sidecar
spec:
selector:
matchLabels:
app: <app>-with-uamsclient-sidecar
serviceName: <app>-with-uamsclient-sidecar
replicas: 3
template:
metadata:
labels:
app: <app>-with-uamsclient-sidecar
spec:
restartPolicy: OnFailure
containers:
# - name: <app> # main app container
- name: uamsclient-sidecar
image: solarwinds/swo-agent:latest
env:
- name: UAMS_ACCESS_TOKEN
value: <token>
- name: SWO_URL
value: <cluster endpoint>
- name: UAMS_CLIENT_ID_OVERRIDE_SOURCE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: uamsclient-workdir
mountPath: /uamsclient/workdir
volumeClaimTemplates:
- metadata:
name: uamsclient-workdir
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi