Troubleshooting the Instana agent on Red Hat OpenShift
See the solutions to the common issues that are observed on the host agent on Red Hat OpenShift:
Agent reinstallation fails with error message
If the reinstallation fails with the following message, delete the agent's cluster level objects before you reinstall the agent:
installation Instana Agent failed: rendered manifests contain a resource that already exists. Unable to continue with install: ...
For more information about deleting the agent's cluster level objects, see Uninstalling the agent
Agent pods not scheduled
After you install the Instana agent Helm chart or operator, you might notice that the agent pods instana-agent-<xxxxx>
are not deployed as expected. This issue might be caused by missing permissions.
After the installation, a short delay is expected before the nodes are visible. This delay occurs because the agent need to start reporting. However, if the issue is caused by missing permissions, you can notice that the Infrastructure tab in the Kubernetes cluster does not show any nodes even after a few minutes of installation.
A problematic installation only schedules the k8sensor
pods and the agent pods are not visible.
$ kubectl get pods -n instana-agent
NAME READY STATUS RESTARTS AGE
controller-manager-5775896db6-v5qh7 1/1 Running 0 2m52s
controller-manager-5775896db6-zrd7l 1/1 Running 0 2m52s
instana-agent-k8sensor-76db46875c-px8cj 1/1 Running 0 2m48s
instana-agent-k8sensor-76db46875c-xknnw 1/1 Running 0 2m48s
instana-agent-k8sensor-76db46875c-zdrt9 1/1 Running 0 2m48s
You can describe the agent Daemonset to identify the issue. See the following example:
$ kubectl get ds -n instana-agent
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
instana-agent 3 0 0 0 0 <none> 3m11s
$ kubectl describe ds instana-agent -n instana-agent
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 7m27s (x3 over 7m27s) daemonset-controller Error creating: pods "instana-agent-" is forbidden: error looking up service account instana-agent/instana-agent: serviceaccount "instana-agent" not found
Warning FailedCreate 2m (x14 over 7m27s) daemonset-controller Error creating: pods "instana-agent-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used, provider restricted-v2: .spec.securityContext.hostPID: Invalid value: true: Host PID is not allowed to be used, spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[3]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[4]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[5]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[6]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, spec.volumes[7]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, provider restricted-v2: .containers[0].privileged: Invalid value: true: Privileged containers are not allowed, provider restricted-v2: .containers[0].hostNetwork: Invalid value: true: Host network is not allowed to be used, provider restricted-v2: .containers[0].containers[0].hostPort: Invalid value: 42699: Host ports are not allowed to be used, provider restricted-v2: .containers[0].containers[0].hostPort: Invalid value: 55680: Host ports are not allowed to be used, provider restricted-v2: .containers[0].containers[0].hostPort: Invalid value: 4317: Host ports are not allowed to be used, provider restricted-v2: .containers[0].containers[0].hostPort: Invalid value: 4318: Host ports are not allowed to be used, provider restricted-v2: .containers[0].hostPID: Invalid value: true: Host PID is not allowed to be used, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
To resolve the issue, add the security context constraint privileged
to the instana-agent
service account by running the following command:
oc adm policy add-scc-to-user privileged -z instana-agent -n instana-agent
Kubernetes attempts to schedule the failing pods periodically, and the agent pods are deployed on the following iterations. To accelerate this process, you can manually delete the agent DaemonSet, and the instana agent operator deploys a new DaemonSet. See the following example:
$ kubectl delete ds instana-agent -n instana-agent
daemonset.apps "instana-agent" deleted
$ kubectl get pods -n instana-agent
NAME READY STATUS RESTARTS AGE
controller-manager-5775896db6-v5qh7 1/1 Running 0 18m
controller-manager-5775896db6-zrd7l 1/1 Running 0 18m
instana-agent-5592d 1/1 Running 0 19s
instana-agent-8qh9g 1/1 Running 0 19s
instana-agent-k8sensor-76db46875c-px8cj 1/1 Running 0 18m
instana-agent-k8sensor-76db46875c-xknnw 1/1 Running 0 18m
instana-agent-k8sensor-76db46875c-zdrt9 1/1 Running 0 18m
instana-agent-rngh4 1/1 Running 0 19s
$ kubectl get ds -n instana-agent
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
instana-agent 3 3 3 3 3 <none> 24s
If this topic does not help you to resolve the agent installation or starting issue, contact the IBM Instana support team.
For troubleshooting information that is general to all host agents, see Managing host agents: Troubleshooting.