Kubernetes
- 11 Sep 2023
- 1 Minute to read
- PDF
Kubernetes
- Updated on 11 Sep 2023
- 1 Minute to read
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Traceable's Platform agent is an agent that receives various information from different Tracing agents. The Platform agent is deployed between a Tracing agent and Traceable Platform and works to collect data. It also works to classify data along with redacting the data. The Platform agent makes sure that no sensitive information reaches Traceable Platform. The Platform agent receives the blocking rule information from Traceable Platform and further sends it to the instrumentation agent.
Traceable components are typically deployed to their own namespace within a cluster. Traceable will then monitor other namespaces in the cluster, attaching a sidecar container to the pods you wish to protect. You can choose installation from the following methods:
Before you begin
- Basic understanding of Kubernetes environment along with Kubernetes sidecar.
- Valid username and password to log into Traceable Platform.
- Identify the namespaces which you want to monitor.
- You can use either the Helm charts or YAML files to install various Traceable components. Identify the one that you would like to use.
- Traceable supports Kubernetes version 1.22.x and later.
- View the Platform agent release notes.
Health Checks
Traceable does not support TCP Probes. Given Traceable redirects all incoming traffic to its sidecar, all the TCP ports appear open. The kubelet simply checks for any process listening on the specified port. This makes it appear as if the application is up and running when it may still be initializing. Imagine a four way stoplight with all green lights; this is what's happening in your cluster.
If your organization is using TCP Probes for liveness, you can work around this issue by switching to httpGet probes.
Traceable proxy injection
Traceable will act as a sidecar to the pods in the namespace you wish to protect. For a pod to be considered for proxy injection, the namespace for the pod should have the label traceableai-inject-proxy=enabled. Enter the following command:
export NAMESPACE=<namespace to protect>
kubectl label namespace $NAMESPACE traceableai-inject-proxy=enabledYou can alternatively add the following to the namespace manifest:
apiVersion: v1
kind: Namespace
metadata:
labels:
traceableai-inject-proxy: enabledThis enables the default injection of the proxy for all the pods in the namespace.
Was this article helpful?
