These tips are common troubleshooting actions that you can take to solve Cloud Security issues.
If Cloud Security is unavailable:

  • Ensure that the Helm repos appdynamics colletors and appdynamics-collectors-1.13.658 are up-to-date, or an ensure that a higher version of the chart is used.

    helm repo update -n appdynamics
helm list -n appdynamics
    BASH
  • Check if your cluster is deployed or try a different time range.

  • Review logs of the security agent for any errors:

    kubectl logs -n appdynamics deploy/portshift-agent
    BASH

  • Check for any 401 errors, or agent registration errors:

    {Message:HTTP Status 401 - agent with agent ID <xxxx> not registered. path: /agents/logs}
    BASH

  • Check agent logs for any certificate errors:

    time="2023-08-02T23:44:24Z" level=warning msg="webhook_serverhttp: TLS handshake error from 10.115.86.209:41248: remote error: tls: bad certificate\n" time="2023-08-03T00:18:17Z" level=warning msg="webhook_serverhttp: TLS handshake error from 10.115.91.183:60398: read tcp 10.115.91.74:8443->10.115.91.183:60398: read: connection reset by peer\n"
    CODE

    Here you can ignore the agent error log message:

    time="2023-08-25T19:05:26Z" level=error msg="Automated policy requires deployer channel is nil" func="github.com/cisco-eti/agent/pkg/agent.(*Agent).handleAgentStateDiff" file="/home/ubuntu/go/src/github.com/portshift/agent/pkg/agent/status.go:494"
    CODE

If the agent fails to register: 

  • Update the collectors-values.yaml with the proper agentID and sharedSecret, then Upgrade Kubernetes and App Service Monitoring

    collectors-values.yaml

    appdynamics-security-collector:
  enabled: true
  panoptica:
    controller:
      agentID: <agent-ID>
      secret:
        sharedSecret: <shared-secret>
    YML

If TLS handshake error is noted: 

  • Delete the agent certificate, and restart the pod:

    kubectl delete secret -n appdynamics portshift-ca-secret
kubectl delete pod -n appdynamics -l app=portshift-agent
    CODE