Monitoring

Monitoring IBM Security Verify Access OIDC Provider

IBM Security Verify Access OIDC provider supports Instana and Dynatrace to monitor the performance of some application runtime components.

Instana

  • CPU
  • Memory
  • Response time for individual HTTP calls

Dynatrace

  • CPU
  • Memory
  • Response time for individual HTTP calls
  • Detailed SQL queries for each HTTP call using OpenTelemetry libraries for PostgreSQL database

Configuration for Instana

  • The Instana agent can be installed on a Kubernetes platform by using the instructions provided here
  • A helm chart example
helm install instana-agent \
   --repo https://agents.instana.io/helm \
   --namespace instana-agent \
   --create-namespace \
   --set agent.key=QHAvLwgRSH11111zGGGnTA \
   --set agent.downloadKey=QHAvLwgRSH11111zGGGnTA \
   --set agent.endpointHost=ingress-test.instana.io \
   --set agent.endpointPort=443 \
   --set cluster.name='ISVAOP' \
   --set zone.name='jp-tok' \
   instana-agent
  • To configure sending metrics to an Instana agent, some environmental variables must be set at the ISVAOP deployment.
  • A Kubernetes environment example
env:
  - name: INSTANA_ENDPOINT_URL
    value: https://<INSTANA_ENDPOINT_URL>
  - name: INSTANA_AGENT_KEY
    value: uBp4GXpZQp11111XNcvInQ
  - name: INSTANA_AGENT_HOST
    value: 10.67.92.81
  - name: INSTANA_ENABLEMENT
    value: 'true'
Environment VariableDescription
INSTANA_ENDPOINT_URLInstana endpoint URL, it can be retrieved from the Instana tenant
INSTANA_AGENT_KEYInstana agent key which can be retrieved from the tenant
INSTANA_AGENT_HOSTThe IP address on the Instana agent running in the same Kubernetes cluster
INSTANA_ENABLEMENTBoolean flag that control pushing metric to the Instana agent
  • After the connection is successful, the Kubernetes cluster and the HTTP calls can be monitored in the Instana dashboard.

Configuration for Dynatrace

  • The Dynatrace One Agent can be installed on a Kubernetes platform by using the instructions provided here.
  • A command example
$kubectl create namespace dynatrace
$kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.0.0/kubernetes.yaml
$kubectl apply -f csi.yaml 
$kubectl -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s
$kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<apiToken>" --from-literal="dataIngestToken=<dataIngestToken>"
$kubectl apply -f cloudnative.yaml
  • Example of csi.yaml
  • Example of cloudnative.yaml, replace the TENANT with the Dynatrace tenant information.
  • Access tokens can be generated with the right scopes by using this documentation link.
  • Enable OpenTelemetry for Go by using the following link
  • Enable Attribute Capturing by using the following link
  • After the previous steps are configured successfully, all the HTTP calls and the respective DB queries are logged in Dynatrace Distributed Traces.

๐Ÿ“˜

Note

Instrumentation is added only for the PostgreSQL database library.