Monitoring
Monitoring IBM Security Verify Access OIDC Provider
IBM Security Verify Access OIDC provider supports Instana and Dynatrace to monitor the performance of some application runtime components.
Instana
- CPU
- Memory
- Response time for individual HTTP calls
Dynatrace
- CPU
- Memory
- Response time for individual HTTP calls
- Detailed SQL queries for each HTTP call using OpenTelemetry libraries for PostgreSQL database
Configuration for Instana
- The Instana agent can be installed on a Kubernetes platform by using the instructions provided here
- A helm chart example
helm install instana-agent \
--repo https://agents.instana.io/helm \
--namespace instana-agent \
--create-namespace \
--set agent.key=QHAvLwgRSH11111zGGGnTA \
--set agent.downloadKey=QHAvLwgRSH11111zGGGnTA \
--set agent.endpointHost=ingress-test.instana.io \
--set agent.endpointPort=443 \
--set cluster.name='ISVAOP' \
--set zone.name='jp-tok' \
instana-agent
- To configure sending metrics to an Instana agent, some environmental variables must be set at the ISVAOP deployment.
- A Kubernetes environment example
env:
- name: INSTANA_ENDPOINT_URL
value: https://<INSTANA_ENDPOINT_URL>
- name: INSTANA_AGENT_KEY
value: uBp4GXpZQp11111XNcvInQ
- name: INSTANA_AGENT_HOST
value: 10.67.92.81
- name: INSTANA_ENABLEMENT
value: 'true'
| Environment Variable | Description | |
|---|---|---|
| INSTANA_ENDPOINT_URL | Instana endpoint URL, it can be retrieved from the Instana tenant | |
| INSTANA_AGENT_KEY | Instana agent key which can be retrieved from the tenant | |
| INSTANA_AGENT_HOST | The IP address on the Instana agent running in the same Kubernetes cluster | |
| INSTANA_ENABLEMENT | Boolean flag that control pushing metric to the Instana agent |
- After the connection is successful, the Kubernetes cluster and the HTTP calls can be monitored in the Instana dashboard.
Configuration for Dynatrace
- The Dynatrace One Agent can be installed on a Kubernetes platform by using the instructions provided here.
- A command example
$kubectl create namespace dynatrace
$kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.0.0/kubernetes.yaml
$kubectl apply -f csi.yaml
$kubectl -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s
$kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<apiToken>" --from-literal="dataIngestToken=<dataIngestToken>"
$kubectl apply -f cloudnative.yaml
- Example of csi.yaml
- Example of cloudnative.yaml, replace the TENANT with the Dynatrace tenant information.
- Access tokens can be generated with the right scopes by using this documentation link.
- Enable OpenTelemetry for Go by using the following link
- Enable Attribute Capturing by using the following link
- After the previous steps are configured successfully, all the HTTP calls and the respective DB queries are logged in Dynatrace Distributed Traces.
Note
Instrumentation is added only for the PostgreSQL database library.
Updated 4 months ago