Docker Deployment
The simplest way to run the FailZero agent. Works anywhere Docker runs.
Quick Start
docker run -d \
--name failzero-agent \
--restart unless-stopped \
-e FAILZERO_AGENT_TOKEN=fzat_your_token \
-e FAILZERO_API_URL=https://api.failzero.io \
-e PROVIDER_TYPE=gcp \
-e GCP_PROJECT_ID=your-project \
failzero/agent:latest
Environment Variables
Required
| Variable | Description |
|---|
FAILZERO_AGENT_TOKEN | Agent token from dashboard (fzat_...) |
FAILZERO_API_URL | FailZero API endpoint (https://api.failzero.io) |
PROVIDER_TYPE | Cloud provider: gcp or aws |
GCP
| Variable | Description |
|---|
GCP_PROJECT_ID | Your GCP project ID |
GCP_REGION | Region (default: us-west1) |
AWS
| Variable | Description |
|---|
AWS_ACCOUNT_ID | Your AWS account ID |
AWS_REGION | Region (default: us-east-1) |
Optional
| Variable | Description | Default |
|---|
HEALTH_CHECK_INTERVAL | Health check frequency (ms) | 30000 |
COMMAND_POLL_INTERVAL | Command poll frequency (ms) | 5000 |
Docker Compose
For local development or simple deployments:
version: '3.8'
services:
failzero-agent:
image: failzero/agent:latest
restart: unless-stopped
environment:
FAILZERO_AGENT_TOKEN: ${FAILZERO_AGENT_TOKEN}
FAILZERO_API_URL: https://api.failzero.io
PROVIDER_TYPE: gcp
GCP_PROJECT_ID: ${GCP_PROJECT_ID}
volumes:
# Mount GCP credentials (if not using metadata server)
- ~/.config/gcloud:/root/.config/gcloud:ro
When running outside GCP, mount your service account credentials or set GOOGLE_APPLICATION_CREDENTIALS.
Credentials
GCP
Inside GCP (recommended): The agent automatically uses the VM’s service account via metadata server. No configuration needed.
Outside GCP: Mount credentials or set environment variable:
docker run -d \
--name failzero-agent \
-v /path/to/service-account.json:/credentials.json:ro \
-e GOOGLE_APPLICATION_CREDENTIALS=/credentials.json \
-e FAILZERO_AGENT_TOKEN=fzat_your_token \
-e FAILZERO_API_URL=https://api.failzero.io \
-e PROVIDER_TYPE=gcp \
-e GCP_PROJECT_ID=your-project \
failzero/agent:latest
AWS
Inside AWS (recommended): The agent automatically uses the instance role or task role. No configuration needed.
Outside AWS: Set credentials via environment:
docker run -d \
--name failzero-agent \
-e AWS_ACCESS_KEY_ID=AKIA... \
-e AWS_SECRET_ACCESS_KEY=... \
-e FAILZERO_AGENT_TOKEN=fzat_your_token \
-e FAILZERO_API_URL=https://api.failzero.io \
-e PROVIDER_TYPE=aws \
-e AWS_ACCOUNT_ID=123456789012 \
failzero/agent:latest
Verify Deployment
Check agent status:
# View logs
docker logs failzero-agent
# Check running status
docker ps | grep failzero-agent
[Agent] Starting FailZero Agent...
[Agent] Registering with FailZero API...
[Agent] Registered successfully for organization: your-org
[Agent] Agent started successfully
Troubleshooting
Agent won’t start:
- Verify
FAILZERO_AGENT_TOKEN is correct
- Check network connectivity to
api.failzero.io
- Review logs:
docker logs failzero-agent
Authentication errors:
- Inside GCP/AWS: Verify IAM roles are attached
- Outside cloud: Check mounted credentials are valid
Health checks failing:
- Ensure agent can reach monitored endpoints
- Check firewall rules allow outbound HTTPS
Next Steps
