Application teams were unable to see the application data after deployment.
Consistently see the following messages in the logs for the caagent pod.
Errors below -
nsenter: cannot open /proc/6705/ns/net: Permission denied
nsenter: cannot open /proc/6705/ns/net: Permission denied
nsenter: cannot open /proc/6705/ns/net: Permission denied
nsenter: cannot open /proc/6650/ns/net: Permission denied
nsenter: cannot open /proc/6650/ns/net: Permission denied
nsenter: cannot open /proc/6650/ns/net: Permission denied
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
nsenter: reassociate to namespace 'ns/net' failed: Operation not permitted
1. A docker permission issue
2. Because the application is running inside of the container and is not managed by a supervisor, that handles the graceful exit/SIGHUP of containers.
Release : All Supported Releases.
Component : APM Agents
1. To resolve the Permission issue, please add the user to the Docker Admin group.
https://github.com/jpetazzo/nsenter/issues/44
https://github.com/jpetazzo/nsenter/issues/95
https://stackoverflow.com/questions/46714547/providing-shell-access-to-particular-docker-container-to-user-which-is-not-added
2. Best practice would be to use the supervisor inside of a container, make sure that all running applications are 'handled" by it.