Enabling IBM Instana monitoring

Enable IBM Instana to get proactive monitoring of cluster-based metrics and operators in IBM Cloud Pak® for Integration.

For more information about how Instana Observability works, see Automatic discovery and monitoring.

Follow these steps, in the order given:

  1. Installing the Instana back end (on premises, only)

  2. Installing the Instana agent operator

  3. Creating an instance of the Instana agent

  4. Configuring the Instana agent for capabilities

  5. Confirming the connection of the capabilities is successful

  6. Enabling Instana monitoring links in the Platform UI

See Troubleshooting if you experience problems with the integration between Instana and Cloud Pak for Integration.

On-premises deployment versus SaaS deployment

Instana is available as an on-premises solution, or as a SaaS solution. If installing:

  • On premises, install both the Instana back end and the Instana agent operator.

  • As SaaS, install only the Instana agent operator. Skip the first section, "Installing the Instana back end" and begin with Installing the Instana agent operator.

The limited entitlement to Instana monitoring that is included with new purchases of Cloud Pak for Integration 2023.2 applies to on-premises deployments only. See Licensing for more information.

Installing the Instana back end

This is required for installing on-premises only. If you are installing Instana as a SaaS solution, skip this section.

Follow the steps in Installing and configuring a self-hosted Instana backend on Kubernetes or Red Hat OpenShift (on-premises) (in the Kubernetes documentation).

When completed, continue with the next section, Installing the Instana agent operator.

Tip: Because high load on applications can trigger high load on the Instana observability platform, consider installing Instana on different infrastructure from Cloud Pak for Integration. High load is of particular concern in production environments.

Installing the Instana agent operator

Before installing the Instana agent operator, you must first create a namespace and enable privileged security context for that namespace.

Create a namespace called instana-agent

You need to set up a namespace (project) for the Instana agent and configure its service account permissions.

Important: The namespace must be called instana-agent; if not, the creation process for the Instana agent fails.

Using the OpenShift web console:

  1. Log in to the OpenShift web console with administrator credentials.

  2. In the navigation menu, click Home > Projects.

  3. Click Create Project, enter the name for your new project (instana-agent), and click Create.

Using the CLI:

Run this command to create the namespace:

oc new-project instana-agent

Enable privileged security context for the instana-agent namespace:

The instana-agent service account is created by the operator.

Run the following command in the CLI to ensure that the instana-agent service account is in the privileged security context:

oc adm policy add-scc-to-user privileged -z instana-agent

Creating an instance of the Instana agent

The Instana agent must be deployed to monitor the cluster. Complete the following steps, in the order that is given, to deploy the agent.

Creating an opaque secret

The opaque secret contains the agent key (and also the download key, if your Instana installation is on premises).

For on premises installations, both keys are located in your settings.hcl file. The keys are stored in the opaque secret so that the credentials are hidden in the Instana agent custom resource.

Using the CLI

  1. Create a YAML file. For example, you could create a file called instana-secret.yaml with the following example configuration:

     apiVersion: v1
 kind: Secret
 metadata:
   name: instana-agent-key
   namespace: instana-agent
 type: Opaque
 stringData:
   key: <agent_key>
   downloadKey: <download_key_on_premises>

    Update these values:

    • data.key - the agent key.

    • (On premises only) data.downloadKey - the download key. Set this value only if you are installing Instana on premises.
      Tip: Using stringData in the YAML of kind: Secret automatically base 64-encodes your data. If you use another method to create your secret, or want to specify the encoded secret data directly in your YAML file, you can base 64-encode data.key and data.downloadKey by using a tool of your choice. In this scenario, use the data object instead of the stringData object in the YAML. For more information, see "Understanding secrets" in Providing sensitive data to pods (in the OpenShift docs).

  2. Apply the YAML file to the cluster:

    oc apply -f instana-secret.yaml

  3. To verify that the secret was created, run:

    oc get secret instana-agent-key -n instana-agent

Creating an instance of the Instana agent

Using the OpenShift web console

  1. In the navigation menu, click Operators > Installed Operators.

  2. Change Project to the instana-agent namespace. Click the drop-down arrow and select the name from the list.

  3. In the list on the Installed Operators panel, find and click Instana Agent Operator.

  4. Click the Instana Agent tab.

  5. Click Create InstanaAgent. The Create InstanaAgent panel opens.

  6. Click YAML view to configure the instance.

  7. Update these values:

    • spec.agent.endpointPort - Endpoint port of your Instana instance.

    • endpointHost - Endpoint of your Instana instance.

    • spec.agent.keysSecret - Name of the secret you created in Create an opaque secret, for example, instana-agent-key.

    • spec.zone.name - Zone name you want to associate with the nodes of your cluster. This name is used to customize the zone grouping that is displayed on the infrastructure map. It also sets the default name of the cluster.

    • spec.cluster.name - Identifier you want to assign to your cluster in Instana. You can use any name, but it needs to be consistent with the name you assign to this cluster in other Instana configurations.

  8. Click Create. You are redirected to the Instana Agent tab. The instance is added to the list of instances.

  9. To verify that the agent is being created, click the name of the instance created in the list. At the end of the page in the Conditions section, the Type should be Pending. When the agent is ready, this value changes to Ready.

Using the CLI

  1. Create an InstanaAgent YAML file. For example, create a file that is called instana-agent.yaml with the following example configuration:

    apiVersion: instana.io/v1
kind: InstanaAgent
metadata:
  name: instana-agent
  namespace: instana-agent
spec:
  agent:
    env: {}
    configuration_yaml: |
    endpointHost: <instana_endpoint>
    endpointPort: '<instana_endpoint_port>'
    keysSecret: <name_of_secret_storing_api_keys>
  cluster:
    name: <cluster_name>
  zone:
    name: <zone_name>

    For example:

    apiVersion: instana.io/v1
kind: InstanaAgent
metadata:
  name: instana-agent
  namespace: instana-agent
spec:
  agent:
    env: {}
    configuration_yaml: |
        com.instana.plugin.opentelemetry:
            enabled: true
    endpointHost: 'https://my_instana_url'
    endpointPort: '443'
    keysSecret: instana-agent-keys

    Update the following values:

    • agent.configuration_yaml - You can leave this field empty, or use it to configure your Instana agent. For more information, see Installing the host agent on kubernetes (in the Instana documentation).

    • spec.agent.endpointPort - Endpoint port of your Instana instance.

    • endpointHost - Endpoint of your Instana instance.

    • spec.agent.keysSecret - Name of the secret you created in Create an opaque secret, for example, instana-agent-key.

    • spec.zone.name - Zone name you want to associate with the nodes of your cluster. This name is used to customize the zone grouping that is displayed on the infrastructure map. It also sets the default name of the cluster.

    • spec.cluster.name - Identifier you want to assign to your cluster in Instana. You can use any name, but it needs to be consistent with the name you assign to this cluster in other Instana configurations.

  2. Apply the YAML file to the cluster:

    oc apply -f instana-agent.yaml

  3. To verify that the agent is being created run:

    oc get agent -n instana-agent

    When the agent is ready, this status changes to Ready.

  4. You can further customize the Instana agent to include additional back ends, and also modify proxy, TLS and update strategy settings. For more information, see Installing the host agent on Kubernetes (in the Instana documentation).

Configuring the Instana agent for capabilities

In Cloud Pak for Integration, Instana monitoring is supported for the following capabilities:

  • Integration tracing (IBM App Connect Enterprise)

  • Event streams (IBM Event Streams)

  • Messaging (IBM MQ)

  • Gateway (IBM DataPower)

Depending on your deployment, you may need to further configure the agent you created in the previous section. Configure the agent by using the CLI or the OpenShift web console.

Using the OpenShift web console

Add the configuration from the sensor guides in the agent.configuration_yaml section of the InstanaAgent custom resource.

  1. In the navigation menu, click Operators > Installed Operators.

  2. For Project, select the instana-agent namespace.

  3. Click the Instana Agent operator.

  4. Click the Instana Agent tab.

  5. Click your instance of instana-agent.

  6. Click YAML and edit the YAML. This is an example for a local DataPower instance:

    spec:
  agent:
    configuration_yaml: |
      com.instana.plugin.ibmdatapower:
        enabled: true
        poll_rate: 60
        instances:  
          local:
            port: '5554'       # DataPower instance REST management interface port (required)
            username: 'admin'  # User account to connect to DataPower (required)
            password: 'admin'  # User password to connect to DataPower (required)

Using the CLI

Add the configuration from the sensor guides to the agent.configuration_yaml section of the InstanaAgent custom resource that is located in the instana-agent namespace:

oc edit agent instana-agent -n instana-agent

This is an example for a local DataPower instance:

spec:
  agent:
    configuration_yaml: |
      com.instana.plugin.ibmdatapower:
        enabled: true
        poll_rate: 60
        instances:  
          local:
            port: '5554'       # DataPower instance REST management interface port (required)
            username: 'admin'  # User account to connect to DataPower (required)
            password: 'admin'  # User password to connect to DataPower (required)

Integration tracing and Event Streams

Instana automatically discovers IBM App Connect Enterprise and IBM Event Streams instances. However, if you make updates to the security configuration, you need to enable the Instana agent sensor. For more information, see the applicable task in the Instana documentation:

Messaging and gateway

Instana does not automatically discover IBM MQ and IBM DataPower instances, so you need to configure the Instana agent sensor. For more information, see the applicable task in the Instana documentation:

Confirming the connection of the capabilities is successful

If you configured the Instana agent in the previous step, confirm that the connection to Instana for MQ and DataPower is successful.

  1. Access Instana.

  2. Click the Infrastructure icon.

  3. Click the Entity Explorer tab.

  4. Click or search for the configured capability.

  5. Confirm that the capability appears:

    • For IBM MQ, the IBM MQ Queue Manager appears after the name of the underlying queue manager.

    • For IBM DataPower, the IBM DataPower appliances appear after the name of the DataPower host or IP address.

    • If the capability does not appear, refer to the Instana capability guides, or contact Instana support.

Enabling Instana monitoring links in the Platform UI

The Platform UI can link directly to Instana entities to provide easy access to monitoring data. The Platform UI must be configured with access to Instana to lookup entities.

If you do not have a deployed instance of the Platform UI, create one by following the instruction in Deploying the Platform UI.

Creating the API token and secret

  1. Instana requires an API token to generate monitoring links in the Platform UI. To create the token:

    1. Access Instana.

    2. Click the Settings icon.

    3. Click the Team Settings tab, then click API Tokens.

    4. Click Add API Token to create a new API token.

      Creation form yaml

      You do not need to select any permissions.

  2. Copy the token and use it to create a key-value secret with a key name of apiToken and a value of the Instana API token string.

    To create the secret by using the CLI, run:

    oc create secret generic <secret_name> \
  --from-literal=apiToken=<api_token_value>

    For example:

    oc create secret generic observabilitysecret \
  --from-literal=apiToken=545454aabbab

    This creates a secret named observabilitysecret.

    For more information, see Managing Secrets using kubectl (in the Kubernetes documentation).

Configuring the Platform UI custom resource

To enable Instana monitoring in the Platform UI, you must add the observability section to the Platform UI custom resource. This can be done by using the Platform UI or the CLI.

Using the Platform UI:

  1. Log into the Platform UI with your admin credentials.

  2. In the navigation panel, click Administration > Integration instances.

  3. In the list of instances, find the instances of type Platform UI.

  4. Click the overflow menu (three-dot icon), then click Edit.

  5. Click the YAML tab.

  6. Modify the instance by adding the following to the spec section:

    observability:
  authentication:
    secretName: <secret-name>
    apiToken: <api-token-key-name>
    caCertificate: <ca-certificate-key>
  url: <base-url> 
  clusterName: <cluster-name>

    Note these values for the example:

    • secretName - Name of the secret that contains the API token.

    • apiToken - Key name within the secret that contains the API token. Default is apiToken.

    • caCertificate - Key name within the secret that contains the CA certificate for your Instana solution. Set this value only when Instana is installed on premises.

    • clusterName - Name of the cluster given in the Instana agent.

    • url - Base URL of the tenant unit, for example, https://test-example.instana.io. This is the same URL that is used to access the Instana user interface.

Using the CLI:

  1. Log in to the OpenShift CLI.

  2. Change the project to the namespace of the Platform UI:

    oc project <namespace>

  3. Edit the resource by running this command, replacing with the name of your instance:

    oc edit pn <instance_name>

  4. Modify the PlatformNavigator custom resource by adding the following observability section to the spec section. For example:

    spec:
  observability:
    authentication:
      secretName: <secret-name>
     apiToken: <api-token-key-name>
     caCertificate: <ca-certificate-key>
   url: <base-url> 
   clusterName: <cluster-name>

    Update these values:

    • secretName - Name of the secret that contains the API token.

    • apiToken - The key name within the secret that contains the API token. Default is apiToken.

    • caCertificate - Key name within the secret that contains the CA certificate for your Instana solution. Set this value only if installing Instana on premises.

    • clusterName - This is the name of the cluster given in the Instana agent.

    • url - This is the base URL of the tenant unit, for example, https://test-example.instana.io. This is the same URL that is used to access the Instana user interface.

Accessing Instana monitoring in the Platform UI

To access Instana monitoring:

  1. Log in to the Platform UI.

  2. Click Integration Instances to get a list of available instances.

  3. Hover over the overflow menu (three-dot icon) for the instance you want and click Monitoring Creation form yaml.

Creation form yaml

Troubleshooting

Find solutions for issues that can arise when using Instana monitoring.

Clicking Instana Monitoring in UI returns "Entity not found"

Cause: To diagnose the issue, confirm there's a connection between the capability instance and the Instana agent.

  1. Sign in to the Instana user interface.

  2. Click Infrastructure > Entity Explore > Search/Find Capability > view capability instance. If you are unable to find the instance of the capability, there is an issue with the connection between the Instana agent (sensor) and the capability.

  3. Identify the nodes that the capability is running on, then find the instana-agent pods running on the same node. This allows you to get the sensor-related logs for the capability.

Solution: Review the Instana configuration for the instance and refer to the applicable configuration guide for the monitored capability.