Home
User Guides
Start typing to search…
  1. Add Data
  2. Observe Agent

Install on Red Hat OpenShift

This topic describes how to deploy the Observe Agent on Red Hat OpenShift to collect and forward cluster logs, metrics, and events to Observe. It covers prerequisites for access and permissions, step-by-step installation using the OpenShift CLI, and configuration details.

Prerequisites

Before you begin, verify that you have access and are able to run the following command line tools:

  • oc, the OpenShift CLI
  • helm, the Helm chart CLI
  • kubectl, the Kubernetes CLI

Security context constraint details

The Observe Agent consists of multiple components, all using the same Kubernetes Service Account (observe-agent-service-acount). This account requires privileged permissions in order to collect container logs and host metrics.

The following table outlines each Observe Agent component and the security context constraint (SCC) considerations for deploying to Red Hat OpenShift.

Component

SCC considerations

observe-agent-node-logs-metrics

Highest permissions required.

  • Requires Privileged SCC in order to read the host file system.
  • For host metrics, the agent reads /hostfs/…
  • For container logs, the agent reads:
    • /var/log/pods
    • /var/log/containers
    • /var/lib/docker/containers

observe-agent-metrics
observe-agent-cluster-events observe-agent-monitor

  • Requires modification to the Observe Helm chart values file. See the Full reference for the Observe Agent Helm chart values.yaml file.
  • The container requires an added emptyDir volume mount to allow use of persistent storage.

observe-agent-forwarder

No changes necessary.

Steps to install via CLI

Perform the following steps to install the Observe Agent on Red Hat OpenShift using the OpenShift CLI.

  1. Create a new OpenShift project. For example, to create a new project named observe: 
    oc new-project observe
  2. Generate an Observe Kubernetes Agent authorization token using the Add Data portal in Observe. Only follow the provided instructions to create the token, then return to the instructions on this page. See Create an ingest token in the Observe Agent for Kubernetes installation instructions.
  3. After you create the token, run the following command and provide the token you just created: 
    kubectl -n observe create secret generic agent-credentials --from-literal=OBSERVE_TOKEN=${TOKEN_FROM_ADD_DATA_PORTAL}
  4. Run the following command add an enabled privileged security context contraint (SCC) for the Observe service account: 
    oc adm policy add-scc-to-user privileged -z observe-agent-service-account -n observe
  5. Configure the Helm values.yaml file to collect application metrics from Prometheus endpoints. Be aware that you might encounter errors from the cluster-metrics component when it attempts to scrape OpenShift managed namespaces, as these namespaces override the Observe metrics component network policy. 
    node:
  application:
    prometheusScrape:
      enabled: true
  6. Run the following command to verify the latest Helm chart versions you have. For example, to check for the latest 0.74.x versions: 
    helm search repo observe/agent --versions --version ^0.74.0
  7. Run the following command to deploy the Observe Agent Helm chart: 
    helm install observe-agent observe/agent -n observe --values values.yaml --version 0.74.1

More information and reference

For more information, see the following topics for reference:

Updated 10 days ago