newrelic/infrastructure repository overview

⁠New Relic Infrastructure

This Docker image contains the New Relic Infrastructure⁠ agent capable of monitoring an underlying Docker host.

Official documentation at: https://docs.newrelic.com/docs/infrastructure/new-relic-infrastructure/data-instrumentation/monitor-containers-underlying-hosts-coreos⁠

⁠Why

Many new operating systems don't provide package managers and exclusively utilize containers for application deployment. This Docker image allows you to deploy the Infrastructure⁠ agent as a container that will monitor its underlying host.

⁠Usage

⁠Pulling

docker pull newrelic/infrastructure:latest

⁠Simple Setup

1. Run the container with the required run flags⁠:

   docker run \
       -d \
       --name newrelic-infra \
       --network=host \
       --cap-add=SYS_PTRACE \
       -v "/:/host:ro" \
       -v "/var/run/docker.sock:/var/run/docker.sock" \
       -e NRIA_LICENSE_KEY="YOUR_LICENSE_KEY" \
       newrelic/infrastructure:latest
   

   Copy

   Replacing "YOUR_LICENSE_KEY" with your license key⁠.

⁠Custom Setup (Recommended)

It's recommended that you extend the newrelic/infrastructure image and provide your own newrelic-infra.yml agent config⁠ file.

⁠Building

1. Create your newrelic-infra.yml agent config file, ex.

   license_key: YOUR_LICENSE_KEY
   

   Copy

   See the Infrastructure config docs⁠ for more info.

2. Create your Dockerfile extending the newrelic/infrastructure image and add your config to /etc/newrelic-infra.yml, ex.

   FROM newrelic/infrastructure:latest
   ADD newrelic-infra.yml /etc/newrelic-infra.yml
   

   Copy

3. Build and tag your image, ex.

   docker build -t your-image .
   

   Copy

⁠Running

Run the container from the image you built with the required run flags⁠, ex.

docker run \
    -d \
    --name newrelic-infra \
    --net=host \
    --cap-add=SYS_PTRACE \
    -v "/:/host:ro" \
    -v "/var/run/docker.sock:/var/run/docker.sock" \
    your-image

Where your-image is the name you tagged your image with.

⁠Why the required container privileges?

Due to resource isolation from the host and other containers via Linux namespaces⁠, by default, a container has a very restricted view and control of its underlying host's resources. Without these extra privileges the Infrastructure⁠ agent would not be able to monitor the host and its containers.

The Infrastructure⁠ agent collects data about its host using system files and system calls. For more information about how the Infrastructure⁠ agent collects data see Infrastructure and security⁠.

⁠Required run flags

⁠--network=host

Sets the container's network namespace to the host's network namespace. This allows the agent to collect the network metrics about the host.

⁠-v "/:/host:ro"

Bind mounts the host's root volume to the container. This read-only access to the host's root allows the agent to collect process and storage metrics as well as Inventory⁠ data from the host.

⁠--cap-add=SYS_PTRACE

Adds the linux capability to trace system processes. This allows the agent to gather data about processes running on the host. Read more here⁠

⁠-v "/var/run/docker.sock:/var/run/docker.sock"

Bind mounts the host's Docker daemon socket to the container. This allows the agent to connect to the Engine API⁠ via the Docker daemon socket⁠ to collect the host's container data⁠.

⁠Base image

Since version 0.0.55 Alpine is used as the base image. This is the one pointed by latest tag.

Prior versions used Centos7 as base image. In order to keep using that legacy image some backports might be included there, you can point to latest-centos tag to fetch latest Centos7 based image.

⁠Additional Questions

Have more questions? View the public docs⁠