roles.rbac.authorization.k8s.io "dynatrace-oneagent-operator" is forbidden

[tedteng]

how to install oneagent in GCP ?

Error from server (Forbidden): error when creating "https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/v0.2.0/deploy/kubernetes.yaml": roles.rbac.authorization.k8s.io "dynatrace-oneagent-operator" is forbidden:

[aloismayr]

Hi @tedteng You'll need to create a role binding to grant your GKE user a cluster-admin before you can roll-out the operator to GKE.

kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value account)

[tedteng]

thanks issue fixed.

no sure whether is suitable asking in here, I have one issue after oneagent setup.

$ kc -n dynatrace get pod NAME READY STATUS RESTARTS AGE dynatrace-oneagent-operator-7ffff76c7b-lhjt7 1/1 Running 0 20m oneagent-bn6c5 0/1 CrashLoopBackOff 8 17m oneagent-dk57l 0/1 CrashLoopBackOff 8 17m oneagent-ggcj7 0/1 CrashLoopBackOff 8 17m

log from container: $ kc -n dynatrace log -f oneagent-bn6c5 06:57:52 Error: Dynatrace OneAgent is running, please stop it before starting the container. 06:57:52 Error: Initialization procedure failed 06:57:52 Error: ----- Begin container init log ----- 2018-09-21 06:57:51 UTC [INFO] ONEAGENT_INSTALLER_SCRIPT_URL=https://opd84192.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?Api-Token=***&arch=x86&flavor=default 2018-09-21 06:57:51 UTC [INFO] ONEAGENT_INSTALLER_SKIP_CERT_CHECK=false 2018-09-21 06:57:51 UTC [INFO] ONEAGENT_ENABLE_VOLUME_STORAGE= 2018-09-21 06:57:51 UTC [INFO] ONEAGENT_CONTAINER_STORAGE_PATH= 2018-09-21 06:57:51 UTC [INFO] ONEAGENT_NO_REMOUNT_ROOT= 2018-09-21 06:57:51 UTC [INFO] Path: /usr/sbin:/usr/bin:/sbin:/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 2018-09-21 06:57:51 UTC [INFO] 071d6cc7b557704f3ec4cd13aee85a1cccd4b409c6232e38bb76a97dc7396f3b found in /proc/self/cgroup 2018-09-21 06:57:52 UTC [ERROR] Dynatrace OneAgent is running, please stop it before starting the container. 2018-09-21 06:57:52 UTC [ERROR] Initialization procedure failed 2018-09-21 06:57:52 UTC [ERROR] ----- Begin container init log ----- 06:57:52 Error: ----- End of container init log -----

log form dynatrace-oneagent-operator $ kubectl -n dynatrace logs -f deployment/dynatrace-oneagent-operator time="2018-09-21T06:54:47Z" level=info msg="Go Version: go1.10.4" time="2018-09-21T06:54:47Z" level=info msg="Go OS/Arch: linux/amd64" time="2018-09-21T06:54:47Z" level=info msg="operator-sdk Version: 0.0.5" time="2018-09-21T06:54:47Z" level=info msg="watching namespace: dynatrace" time="2018-09-21T06:54:47Z" level=info msg="starting oneagents controller" time="2018-09-21T06:57:31Z" level=info msg="received oneagent" oneagent=oneagent status="{ map[] 0001-01-01 00:00:00 +0000 UTC}" time="2018-09-21T06:57:31Z" level=info msg="deploying daemonset" oneagent=oneagent time="2018-09-21T06:57:33Z" level=info msg="new version available" desired=1.151.251.20180831-143659 oneagent=oneagent previous= time="2018-09-21T06:57:34Z" level=warning msg="no agent found for host" hostIP=10.1.0.2 nodeName=gke-faros-beta-stage-faros-beta-stage-87a786dc-1x23 oneagent=oneagent pod=oneagent-bn6c5 warning="host not found" time="2018-09-21T06:57:34Z" level=warning msg="no agent found for host" hostIP=10.1.0.4 nodeName=gke-faros-beta-stage-faros-beta-stage-8b81680a-k42w oneagent=oneagent pod=oneagent-dk57l warning="host not found" time="2018-09-21T06:57:34Z" level=warning msg="no agent found for host" hostIP=10.1.0.3 nodeName=gke-faros-beta-stage-faros-beta-stage-42bb0880-lpj0 oneagent=oneagent pod=oneagent-ggcj7 warning="host not found" time="2018-09-21T06:57:34Z" level=info msg="status changed" oneagent=oneagent status.items="map[gke-faros-beta-stage-faros-beta-stage-87a786dc-1x23:{oneagent-bn6c5 } gke-faros-beta-stage-faros-beta-stage-8b81680a-k42w:{oneagent-dk57l } gke-faros-beta-stage-faros-beta-stage-42bb0880-lpj0:{oneagent-ggcj7 }]"

[aloismayr]

@tedteng Are you running on GKE Container Optimized OS? I'm asking because GKE COS is in EAP. I can send you the instructions (see #46). Please reach to me via email and I can get you into the EAP. (first dot last - at - dynatrace dot com)

[tedteng]

Hi Alois

Thanks answer me the question. Actually I am already raised the ticket in the Dynatrace.

https://support.dynatrace.com/supportportal/browse/SUP-14083

The OS is stand Ubuntu in GKE, My account also with the proper roles which I can create dynatrace-oneagent-operator later without any wring.

Node version 1.9.7-gke.6 Change Node image Ubuntu

The instruction I am following from here, https://www.dynatrace.com/support/help/cloud-platforms/kubernetes/full-stack/deployment/deploy-oneagent-on-kubernetes/?full-stack=oneagent-operator-for-kubernetes-19-or-higher without any issue during the setup. kubectl create -f https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/$LATEST_RELEASE/deploy/kubernetes.yaml namespace "dynatrace" created serviceaccount "dynatrace-oneagent-operator" created serviceaccount "dynatrace-oneagent" created role.rbac.authorization.k8s.io "dynatrace-oneagent-operator" created rolebinding.rbac.authorization.k8s.io "dynatrace-oneagent-operator" created customresourcedefinition.apiextensions.k8s.io "oneagents.dynatrace.com" created deployment.apps "dynatrace-oneagent-operator" created

kubectl -n dynatrace create secret generic oneagent xxxxxxxx secret "oneagent" created

kubectl create -f cr.yaml but the problem is oneagent not able to init, here is log from container oneagent-882zm $ kc -n dynatrace log oneagent-882zm 05:36:15 Error: Dynatrace OneAgent is running, please stop it before starting the container. 05:36:15 Error: Initialization procedure failed 05:36:15 Error: ----- Begin container init log ----- 2018-09-21 05:36:14 UTC [INFO] ONEAGENT_INSTALLER_SCRIPT_URL=https://opd84192.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?Api-Token=***&arch=x86&flavor=default 2018-09-21 05:36:14 UTC [INFO] ONEAGENT_INSTALLER_SKIP_CERT_CHECK=false 2018-09-21 05:36:14 UTC [INFO] ONEAGENT_ENABLE_VOLUME_STORAGE= 2018-09-21 05:36:14 UTC [INFO] ONEAGENT_CONTAINER_STORAGE_PATH= 2018-09-21 05:36:14 UTC [INFO] ONEAGENT_NO_REMOUNT_ROOT= 2018-09-21 05:36:14 UTC [INFO] Path: /usr/sbin:/usr/bin:/sbin:/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 2018-09-21 05:36:14 UTC [INFO] ec743313f42da311a06745c72c58056df17b5577e9e225629953d951546fe32c found in /proc/self/cgroup 2018-09-21 05:36:15 UTC [ERROR] Dynatrace OneAgent is running, please stop it before starting the container. 2018-09-21 05:36:15 UTC [ERROR] Initialization procedure failed 2018-09-21 05:36:15 UTC [ERROR] ----- Begin container init log ----- 05:36:15 Error: ----- End of container init log ----- log from oneagent Operator $ kubectl -n dynatrace logs -f deployment/dynatrace-oneagent-operator time="2018-09-21T05:35:06Z" level=info msg="Go Version: go1.10.4" time="2018-09-21T05:35:06Z" level=info msg="Go OS/Arch: linux/amd64" time="2018-09-21T05:35:06Z" level=info msg="operator-sdk Version: 0.0.5" time="2018-09-21T05:35:06Z" level=info msg="watching namespace: dynatrace" time="2018-09-21T05:35:06Z" level=info msg="starting oneagents controller" time="2018-09-21T05:35:55Z" level=info msg="received oneagent" oneagent=oneagent status="{ map[] 0001-01-01 00:00:00 +0000 UTC}" time="2018-09-21T05:35:55Z" level=info msg="deploying daemonset" oneagent=oneagent time="2018-09-21T05:35:57Z" level=info msg="new version available" desired=1.151.251.20180831-143659 oneagent=oneagent previous= time="2018-09-21T05:35:58Z" level=warning msg="no agent found for host" hostIP=10.1.0.4 nodeName=gke-faros-beta-stage-faros-beta-stage-8b81680a-k42w oneagent=oneagent pod=oneagent-882zm warning="host not found" time="2018-09-21T05:35:58Z" level=warning msg="no agent found for host" hostIP=10.1.0.3 nodeName=gke-faros-beta-stage-faros-beta-stage-42bb0880-lpj0 oneagent=oneagent pod=oneagent-brzg7 warning="host not found" time="2018-09-21T05:35:58Z" level=warning msg="no agent found for host" hostIP=10.1.0.2 nodeName=gke-faros-beta-stage-faros-beta-stage-87a786dc-1x23 oneagent=oneagent pod=oneagent-cz89z warning="host not found" time="2018-09-21T05:35:58Z" level=info msg="status changed" oneagent=oneagent status.items="map[gke-faros-beta-stage-faros-beta-stage-42bb0880-lpj0:{oneagent-brzg7 } gke-faros-beta-stage-faros-beta-stage-87a786dc-1x23:{oneagent-cz89z } gke-faros-beta-stage-faros-beta-stage-8b81680a-k42w:{oneagent-882zm }]" Can you kindly advise me what I should to for the next, Is there any more log information I can get from ? Thanks

Ted Teng Site Reliability Engineering Team, Engineering group China SAP (China) Co., Ltd., China, Shanghai, 1001 Chenhui Road, 201203

T +86 21 6030-6292, M +86 13761784074, ted.teng@sap.commailto:ted.teng@sap.com

From: Alois Mayr notifications@github.com Reply-To: Dynatrace/dynatrace-oneagent-operator reply@reply.github.com Date: Friday, September 21, 2018 at 3:22 PM To: Dynatrace/dynatrace-oneagent-operator dynatrace-oneagent-operator@noreply.github.com Cc: "Teng, Ted" ted.teng@sap.com, Mention mention@noreply.github.com Subject: Re: [Dynatrace/dynatrace-oneagent-operator] roles.rbac.authorization.k8s.io "dynatrace-oneagent-operator" is forbidden (#50)

@tedtenghttps://github.com/tedteng Are you running on GKE Container Optimized OS? I'm asking because GKE COS is in EAP. I can send you the instructions (see #46https://github.com/Dynatrace/dynatrace-oneagent-operator/issues/46). Please reach to me via email and I can get you into the EAP. (first dot last - at - dynatrace dot com)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Dynatrace/dynatrace-oneagent-operator/issues/50#issuecomment-423439492, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AoRyCLQEclhTN3tMwFdlHIk3mOhau133ks5udJPFgaJpZM4WzS-a.

[aloismayr]

@tedteng Okay thanks. Let's continue the discussion in the internal support system (SUP-14083) and close this issue. The issue is not related to the operator.

[deepforu47]

I have followed https://www.dynatrace.com/support/help/cloud-platforms/kubernetes/full-stack/deploy-oneagent-on-kubernetes/#expand-141other-parameters and getting below exceptions. Is this related to same of something different?

Running this on AKS.

time="2019-01-31T15:37:02Z" level=warning msg="no agent found for host" hostIP=*** nodeName=aks-nodepool1-39553865-4 oneagent=oneagent pod=oneagent-j66zl warning="error 403: Token is missing required scope. Use one of: DataExport (Access problem and event feed, metrics, topology and RUM JavaScript tag management), Davis (Dynatrace module integration - Davis)"

[baichinger]

@deepforu47 Your issue is not related to this one. The Dynatrace API token needs to have access to topology data.

[deepforu47]

@baichinger - You are right. it was some other issue with API token. Sorry for the popping up.