Setup collection using Docker
- Linux 5.4 or newer.
- Docker or Podman.
Get an API token
To be able to send any data to Polar Signals Cloud, we're going to need an API token for the collection mechanism to authenticate with the Polar Signals API.
Please refer to the Generating Tokens documentation that has more details.
Run the container
Running the Polar Signals Agent using docker can be done easily with this command:
docker run --rm -it \
-p 7071:7071 \
--pid host \
-v /sys/fs/bpf:/sys/fs/bpf \
-v /run:/run \
-v /boot:/boot \
-v /lib/modules:/lib/modules \
-v /sys/kernel/debug:/sys/kernel/debug \
-v /sys/fs/cgroup:/sys/fs/cgroup \
-v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
Let's go one by one what each of these flags are for:
--privilegedThe Polar Signals Agent needs to be privileged in order for the Linux Kernel to allow it to load the eBPF-based profiler into the host.
--pid hostThe Polar Signals Agent needs to be in the host PID namespace to allow it to discover metadata about processes. Without this all you would see is process IDs as metadata which is very hard to reason with.
/sys/fs/bpfThis is required to be able to load the eBPF program which is essential for the whole agent to work.
/runThis volume is used for discovering metadata from docker, crio, or other CRI compatible container runtimes. Optional but strongly recommended.
/bootThis volume is used for discovering whether the Kernel is supported. Optional but strongly recommended.
/lib/modulesThis volume is used for symbolizing VDSO calls. Optional but strongly recommended.
/sys/kernel/debugThis not strictly necessary but this is required for logging to work with eBPF. Optional but strongly recommended.
/sys/fs/cgroupThis is required to discover metadata about processes running in containers/cgroups. Optional but strongly recommended.
/var/run/dbus/system_bus_socketThis is required to be able to discover systemd unit metadata. Optional but strongly recommended.
ghcr.io/parca-dev/parca-agent:...The container image.
/bin/parca-agentThe binary to run.
--remote-store-address=grpc.polarsignals.com:443Configuring the agent to send the profiling data to Polar Signals Cloud.
--remote-store-bearer-token=<your-token>Authentication with Polar Signals Cloud. The token you grabbed in the grab-a-token step.