Network Visibility with Kubernetes

This page describes how to configure Network Visibility to monitor applications running on Kubernetes.

Network Visibility monitors an application's network interactions and reports key performance metrics. These metrics isolate an application's network issues from its application issues.

The Network Agent uses a REST API to open a TCP port in each node for the application containers to communicate with the Network DaemonSet container. This communication enables monitoring between pods and nodes. You can deploy the agent as a DaemonSet in each node that has the host mode enabled. 

Before You Begin

Before you create a Docker image for the DaemonSet and configure the agent, verify the following requirements:

• You have at least one pod with a Java Agent >= 4.4 deployed to the same cluster as the Network Agent.

• The TCP port 3892 is not already used by the node. The application pods use port 3892 to communicate with the DaemonSet.

Create a Network Visibility DaemonSet Docker Image

To configure Network Visibility with Kubernetes, you must first create a Docker image for the Network Visibility DaemonSet and push the image to your Docker Trusted Registry.

1. Paste this sample Dockerfile into a text file and save the file.

   FROM ubuntu:14.04
   
   ARG NETVIZ_ZIP_PKG
   RUN groupadd -r appd-netviz && useradd -r -g appd-netviz appd-netviz
   
   RUN apt-get update && apt-get install -y \
     net-tools \
     tcpdump \
     curl  \
     unzip   \
     ssh-client \
     binutils \
     build-essential 
   
   WORKDIR /netviz-agent
   
   # copy NetViz agent contents
   COPY $NETVIZ_ZIP_PKG .
   
   # run the agent install script and disable netlib
   RUN unzip $NETVIZ_ZIP_PKG && ./install.sh \
       && sed -i -e "s|enable_netlib = 1|enable_netlib = 0|g" ./conf/agent_config.lua \
       && sed -i -e "s|WEBSERVICE_IP=.*|WEBSERVICE_IP=\"0.0.0.0\"|g" ./conf/agent_config.lua
   
   RUN chown -R appd-netviz:appd-netviz /netviz-agent
   RUN setcap cap_net_raw=eip /netviz-agent/bin/appd-netagent
   USER appd-netviz
   
   # default command to run for the agent
   CMD  ./bin/appd-netagent -c ./conf -l ./logs -r ./run

   CODE

2. Navigate to the directory where you saved the Dockerfile and build the Docker image by entering the following command:

   $ docker build --build-arg NETVIZ_ZIP_PKG=/path/to/netviz-agent-pkg.zip -t appd-netviz .

   CODE

3. Push the Docker image to your Docker Trusted Registry.

Configure Network Visibility with Kubernetes

1. Create a yaml file with the following configuration:

   apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
   kind: DaemonSet
   metadata:
     name: appd-netviz-agent
   spec:
     selector:
       matchLabels:
         name: appd-netviz-agent
     template:
       metadata:
         name: appd-netviz-agent
         labels:
           name: appd-netviz-agent
       spec:
         hostIPC: true
         hostNetwork: true
         containers:
         - name: appd-netviz-agent
           image: path/to/your/Docker/image # docker registry image
           resources:
             requests:
               memory: "250Mi"
               cpu: "0.5"
             limits:
               memory: "2Gi"
               cpu: "1"
           securityContext:
             capabilities:
               add: ["NET_RAW"]
           ports:
           - containerPort: 3892
             hostPort: 3892
         imagePullSecrets:
           - name: your-registry-key # add the registry key, kubectl create secret ...

   CODE
2. In the configuration file, update the following fields:
   • image (under containers): the file path to the DaemonSet image in your Docker Trusted Registry.
   • name (under imagePullSecrets): the key for your Docker Trusted Registry.

3. Deploy the Network Agent in Kubernetes by entering the following command:

   $ kubectl apply -f MyConfigFile.yaml

   CODE

Configure Network Visibility to Monitor Application Pods

After deploying Network Visibility in Kubernetes, you must deploy at least one pod with a Java Agent >= 4.4 to the same cluster as the Network Agent. This allows you to map network metrics to application flows. 

1. Open the application's deployment configuration yaml file with Kubernetes in a text editor and set the APPDYNAMICS_NETVIZ_AGENT_HOST and APPDYNAMICS_NETVIZ_AGENT_PORT values:

   - name: APPDYNAMICS_NETVIZ_AGENT_HOST
     valueFrom:
       fieldRef:
         fieldPath: status.hostIP
   - name: APPDYNAMICS_NETVIZ_AGENT_PORT
     value: 3892

   CODE
   

   If you are using a version of the Java Agent that is <= 4.5.2, you must open the <app-agent-install-dir>/<version-number>/external-services/netviz/netviz-service.properties file to set these values.

2. In the Controller UI, enable socket instrumentation to map network metrics to application flows. See Set Up the Network and App Agents.