Review init container and GO script that injects the agent

newrelic / newrelic-java-agent

The New Relic Java agent

Apache License 2.0

192 stars 140 forks source link

Review init container and GO script that injects the agent #1862

Closed kford-newrelic closed 15 hours ago

kford-newrelic commented 4 weeks ago

Description

Each agent own two parts for the kubernetes agent operator:

The building of agent init containers

A script written in GO that is part of the kubernetes agent operator mutating webhook repository. This script is responsible for taking the agent code provided by the init container and injecting it into the customer’s application container(s).

Each agent should review the init container and the injection script for their agent to ensure that it is correct.

Additionally, logic may need to be added to the injection script to not install the agent if an agent is already installed in the customer’s application container(s). For most agents this will likely be done by looking for the presents of certain environment variables within the customer’s application container. For example, a new relic license key. (This is very TBD at the moment-we will likely have a dedicated discussion about this and how we can/want to detect this.) The goal here is simply to not automatically install an agent into a container in which an application already has an agent installed.

Acceptance Criteria

TBD

Design Consideration/Limitations

N/A

Dependencies

N/A

Additional context

N/A

workato-integration[bot] commented 4 weeks ago

https://new-relic.atlassian.net/browse/NR-260166

jasonjkeller commented 4 weeks ago

Operator scripts are in the following repo though I believe this repo is eventually going to be moved out of the newrelic-experimental group. https://github.com/newrelic-experimental/newrelic-agent-operator/tree/main/autoinstrumentation/java

jasonjkeller commented 5 days ago

I documented the process of using the k8s agent operator and verified that it auto-injected the java agent into a spring boot app. Details are here: https://github.com/jasonjkeller/new-relic-java-agent-docker/blob/k8s-operator/K8s-Agent-Operator-Readme.md

jasonjkeller commented 2 days ago

I tested with a dockerized java service that is installed in a k8s pod as a helm chart and starts up and attaches Java agent 8.7.0:

CMD ["/bin/sh" "-c" "java -javaagent:newrelic-agent-8.7.0.jar -jar spring-petclinic*.jar"]

When I also installed the newrelic-agent-operator and configured it to use an instrumentation package bundling Java agent 8.10.0, it ends up taking precedence and attaching 8.10.0 instead of 8.7.0. The Java agent logs the following when attempting to attach the second Java agent.

2024-05-13T22:06:30,784+0000 [7 1] com.newrelic WARN: New Relic Agent is already running! Check if more than one -javaagent switch is used on the command line.