Docker Deployment

The simplest way to run the FailZero agent. Works anywhere Docker runs.

Quick Start

docker run -d \
  --name failzero-agent \
  --restart unless-stopped \
  -e FAILZERO_AGENT_TOKEN=fzat_your_token \
  -e FAILZERO_API_URL=https://api.failzero.io \
  -e PROVIDER_TYPE=gcp \
  -e GCP_PROJECT_ID=your-project \
  failzero/agent:latest

Environment Variables

Required

Variable	Description
`FAILZERO_AGENT_TOKEN`	Agent token from dashboard (`fzat_...`)
`FAILZERO_API_URL`	FailZero API endpoint (`https://api.failzero.io`)
`PROVIDER_TYPE`	Cloud provider: `gcp` or `aws`

GCP

Variable	Description
`GCP_PROJECT_ID`	Your GCP project ID
`GCP_REGION`	Region (default: `us-west1`)

AWS

Variable	Description
`AWS_ACCOUNT_ID`	Your AWS account ID
`AWS_REGION`	Region (default: `us-east-1`)

Optional

Variable	Description	Default
`HEALTH_CHECK_INTERVAL`	Health check frequency (ms)	`30000`
`COMMAND_POLL_INTERVAL`	Command poll frequency (ms)	`5000`

Docker Compose

For local development or simple deployments:

version: '3.8'
services:
  failzero-agent:
    image: failzero/agent:latest
    restart: unless-stopped
    environment:
      FAILZERO_AGENT_TOKEN: ${FAILZERO_AGENT_TOKEN}
      FAILZERO_API_URL: https://api.failzero.io
      PROVIDER_TYPE: gcp
      GCP_PROJECT_ID: ${GCP_PROJECT_ID}
    volumes:
      # Mount GCP credentials (if not using metadata server)
      - ~/.config/gcloud:/root/.config/gcloud:ro

When running outside GCP, mount your service account credentials or set GOOGLE_APPLICATION_CREDENTIALS.

Credentials

GCP

Inside GCP (recommended): The agent automatically uses the VM’s service account via metadata server. No configuration needed. Outside GCP: Mount credentials or set environment variable:

docker run -d \
  --name failzero-agent \
  -v /path/to/service-account.json:/credentials.json:ro \
  -e GOOGLE_APPLICATION_CREDENTIALS=/credentials.json \
  -e FAILZERO_AGENT_TOKEN=fzat_your_token \
  -e FAILZERO_API_URL=https://api.failzero.io \
  -e PROVIDER_TYPE=gcp \
  -e GCP_PROJECT_ID=your-project \
  failzero/agent:latest

AWS

Inside AWS (recommended): The agent automatically uses the instance role or task role. No configuration needed. Outside AWS: Set credentials via environment:

docker run -d \
  --name failzero-agent \
  -e AWS_ACCESS_KEY_ID=AKIA... \
  -e AWS_SECRET_ACCESS_KEY=... \
  -e FAILZERO_AGENT_TOKEN=fzat_your_token \
  -e FAILZERO_API_URL=https://api.failzero.io \
  -e PROVIDER_TYPE=aws \
  -e AWS_ACCOUNT_ID=123456789012 \
  failzero/agent:latest

Verify Deployment

Check agent status:

# View logs
docker logs failzero-agent

# Check running status
docker ps | grep failzero-agent

Expected log output:

[Agent] Starting FailZero Agent...
[Agent] Registering with FailZero API...
[Agent] Registered successfully for organization: your-org
[Agent] Agent started successfully

Troubleshooting

Agent won’t start:

Verify FAILZERO_AGENT_TOKEN is correct
Check network connectivity to api.failzero.io
Review logs: docker logs failzero-agent

Authentication errors:

Inside GCP/AWS: Verify IAM roles are attached
Outside cloud: Check mounted credentials are valid

Health checks failing:

Ensure agent can reach monitored endpoints
Check firewall rules allow outbound HTTPS

Next Steps

IAM Setup

Configure GCP service account permissions

Example Plans

Real-world DR configurations

Documentation Index

​Docker Deployment

​Quick Start

​Environment Variables

​Required

​GCP

​AWS

​Optional

​Docker Compose

​Credentials

​GCP

​AWS

​Verify Deployment

​Troubleshooting

​Next Steps

IAM Setup

Example Plans

Docker Deployment

Quick Start

Environment Variables

Required

GCP

AWS

Optional

Docker Compose

Credentials

GCP

AWS

Verify Deployment

Troubleshooting

Next Steps