Skip to main content

Docker Deployment

The simplest way to run the FailZero agent. Works anywhere Docker runs.

Quick Start

Environment Variables

Required

GCP

AWS

Optional

Docker Compose

For local development or simple deployments:
When running outside GCP, mount your service account credentials or set GOOGLE_APPLICATION_CREDENTIALS.

Credentials

GCP

Inside GCP (recommended): The agent automatically uses the VM’s service account via metadata server. No configuration needed. Outside GCP: Mount credentials or set environment variable:

AWS

Inside AWS (recommended): The agent automatically uses the instance role or task role. No configuration needed. Outside AWS: Set credentials via environment:

Verify Deployment

Check agent status:
Expected log output:

Troubleshooting

Agent won’t start:
  • Verify FAILZERO_AGENT_TOKEN is correct
  • Check network connectivity to api.failzero.io
  • Review logs: docker logs failzero-agent
Authentication errors:
  • Inside GCP/AWS: Verify IAM roles are attached
  • Outside cloud: Check mounted credentials are valid
Health checks failing:
  • Ensure agent can reach monitored endpoints
  • Check firewall rules allow outbound HTTPS

Next Steps

IAM Setup

Configure GCP service account permissions

Example Plans

Real-world DR configurations