Download PDF
Download page Deploy the Cluster Agent with Helm Charts.
Deploy the Cluster Agent with Helm Charts
This page includes details about using Helm charts to deploy the Cluster Agent. This is an alternative to using kubectl
as described in:
- Deploy the AppDynamics Operator on Kubernetes
- Deploy the AppDynamics Operator on Red Hat OpenShift
- Deploy the Cluster Agent on Kubernetes
- Deploy the Cluster Agent on Red Hat OpenShift
Helm is a package manager for Kubernetes. Helm charts are a collection of files that describe a set of Kubernetes resources. The Cluster Agent Helm chart is a convenient method to deploy the Cluster Agent Operator and Cluster Agent.
Requirements
- Cluster Agent version 20.6 and later
- Controller version 20.6 and later
Cluster Agent Helm charts are compatible with Helm 3.0
Deployment Modes for Cluster Agent Helm chart
You can use deploymentModes
configuration in a Cluster Agent Helm chart to support requests of multiple Cluster Agents in a cluster. The Cluster Agent Helm chart checks the configuration for issues and helps to avoid conflict when agents are not deployed in a consistent manner.
For example, if two Cluster Agents are deployed in a cluster, if one Cluster Agent is configured for auto-instrumentation, and the second Cluster Agent is not, there is a conflict. In this scenario, the second Cluster Agent checks for available namespaces. Because this second Cluster Agent is not configured to perform auto-instrumentation, the second Cluster Agent attempts to uninstrument the deployment that the first Cluster Agent is auto-instrumenting. This scenario results in an infinite loop.
The solution to this scenario is to provide update permissions to only one Cluster Agent in the cluster and provide read permissions to all the other Cluster Agents in the cluster. This enables all the agents to monitor the cluster, while a single Cluster Agent performs auto-instrumentation, without conflict.
You can deploy the Cluster Agent in two deployment modes:
MASTER
NAMESPACED
Master Deployment Mode for Cluster Agent Helm Chart
The MASTER
deployment mode is the same as a normal Cluster Agent deployment using YAML files. Auto-instrumentation can only be enabled in the Master
mode.
The deploymentMode
for the first installation using the Helm chart must be MASTER
. The MASTER
mode is used to create all Custom Resources Definitions, (CRD), ClusterRoles
, to install any sub-charts like metrics-server
, and so on. These properties are not allowed in NAMESPACED
mode. The MASTER
mode is the default deployment mode and there can only be one MASTER
Helm chart deployment.
The Cluster Agent Helm chart creates the following resources in MASTER
mode:
- Operator
- Agent
- ServiceAccounts (Optional)
- Binds agent to read cluster role
- Binds agent to update cluster role (If instrumentation is enabled)
- Binds operator to namespace wide role
- Secrets used by the agent
Namespaced Deployment Mode for Cluster Agent Helm Chart
The Cluster Agent monitors 1500 pods and 3000 containers (for 2 containers per pod) or 2250 pods and 2250 containers (for 1 container per pod). If you need to monitor more than the limit, you can deploy another Cluster Agent using the NAMESPACED
mode. The NAMESPACED
Deployment mode is the same as the MASTER
deployment mode except that auto-instrumentation cannot be enabled in the NAMESPACED
mode. The Helm chart displays an error if auto-instrumentation is enabled in the Namespaced
mode.
The NAMESPACED
mode can be used when one Cluster Agent has a different configuration than the other Cluster Agent such as, podFilter properties. The value of namespace configuration property should be different than the configuration property in MASTER
or the other NAMESPACED
mode.
The Helm chart creates the following resources in the NAMESPACED
mode:
- Operator
- Agent
- ServiceAccounts (Optional)
- Binds agent to read cluster role
- Binds operator to namespace wide role
- Secrets used by the agent
Default Configuration Option
The Helm chart uses a values.yaml
file to get default values for the Cluster Agent and Operator. You can override these values included as an argument to the Helm install/update commands. Here is an example configuration supported by Helm chart:
values.yaml
# Cluster agent deployment mode (MASTER | NAMESPACED)
deploymentMode: MASTER
# Docker images
imageInfo:
agentImage: docker.io/appdynamics/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: 0.5.2
imagePullPolicy: Always # used for operator pod
# AppDynamics controller info (null VALUES TO BE PROVIDED BY THE USER)
controllerInfo:
url: null
account: null
username: null
password: null
accessKey: null
# SSL properties
customSSLCert: null
# Proxy config
authenticateProxy: false
proxyUrl: null
proxyUser: null
proxyPassword: null
# RBAC config
createServiceAccount: true
agentServiceAccount: appdynamics-cluster-agent
operatorServiceAccount: appdynamics-operator
# Cluster agent config
clusterAgent:
nsToMonitor:
- default
clusterMetricsSyncInterval: 60
metadataSyncInterval: 60
eventUploadInterval: 10
httpClientTimeout: 30
podBatchSize: 6
imagePullSecret: ""
containerProperties:
containerBatchSize: 5
containerParallelRequestLimit: 1
containerRegistrationInterval: 120
logProperties:
logFileSizeMb: 5
logFileBackups: 3
logLevel: INFO
metricProperties:
metricsSyncInterval: 30
metricUploadRetryCount: 2
metricUploadRetryIntervalMilliSeconds: 5
# Pod filter config
podFilter: {}
# Instrumentation config
instrumentationConfig:
enabled: false
# Agent pod specific properties
agentPod:
nodeSelector: {}
tolerations: []
resources:
limits:
cpu: "1250m"
memory: "300Mi"
requests:
cpu: "750m"
memory: "150Mi"
# Operator pod specific properties
operatorPod:
nodeSelector: {}
tolerations: []
resources:
limits:
cpu: 200m
memory: 128Mi
requests:
cpu: 100m
memory: 64Mi
# Subcharts boolean install switches
install:
metrics-server: false
Configuration Options
Config option | Description | Required |
---|---|---|
deploymentMode | Used for multiple cluster agent deployment in a single cluster | Optional |
Image config options (Config options under imageInfo key in values.yaml ) | ||
imageInfo.agentImage | Cluster agent image address in format <registryUrl>/<registryAccount>/<project> | Optional (Defaults to the Docker Hub image) |
imageInfo.agentTag | Cluster agent image tag/version | Optional (Defaults to latest) |
imageInfo.operatorImage | Operator image address in format <registryUrl>/<registryAccount>/<project> | Optional (Defaults to the Docker Hub image) |
imageInfo.operatorTag | Operator image tag/version | Optional (Defaults to latest) |
imageInfo.imagePullPolicy | Image pull policy for the operator pod | Optional |
Controller config options (Config options under controllerInfo key in values.yaml ) | ||
controllerInfo.accessKey | AppDynamics Controller accessKey | Required |
controllerInfo.account | AppDynamics Controller account | Required |
controllerInfo.authenticateProxy | true/false if the proxy requires authentication | Optional |
controllerInfo.customSSLCert | Base64 encoding of PEM formatted SSL certificate | Optional |
controllerInfo.password | AppDynamics Controller password | Required only when auto-instrumentation is enabled. |
controllerInfo.proxyPassword | Password for proxy authentication | Optional |
controllerInfo.proxyUrl | Proxy URL if the Controller is behind some proxy | Optional |
controllerInfo.proxyUser | Username for proxy authentication | Optional |
controllerInfo.url | AppDynamics Controller URL | Required |
controllerInfo.username | AppDynamics Controller username | Required only when auto-instrumentation is enabled. |
RBAC config | ||
| Service account to be used by the Cluster Agent | Optional |
| Set to true if ServiceAccounts mentioned are to be created by Helm | Optional |
| Service account to be used by the AppDynamics Operator | Optional |
Agent pod config | ||
agentPod.nodeSelector | Kubernetes node selector field in the Cluster Agent pod spec | Optional |
agentPod.tolerations | Kubernetes tolerations field in the Cluster Agent pod spec | Optional |
agentPod.resources | Kubernetes CPU and memory resources in the Cluster Agent pod spec | Optional |
Operator pod config | ||
operatorPod.nodeSelector | Kubernetes node selector field in the AppDynamics Operator pod spec | Optional |
operatorPod.tolerations | Kubernetes tolerations field in the AppDynamics Operator pod spec | Optional |
operatorPod.resources | Kubernetes CPU and memory resources in the AppDynamics Operator pod spec | Optional |
Install switches | ||
install.metrics-server | True if metrics are to be installed. Metrics-server is installed in the same namespace as the agent. | Optional |
Cluster Agent configuration, listed as Config
under the clusterAgent
key in values.yaml
) and the Pod filter configuration listed as Config
under the podFilter
key in values.yaml
) parameters are the same parameters mentioned in the Cluster Agent YAML file. See Configure the Cluster Agent.
The Instrumentation configuration options under instrumentationConfig key
in the values.yaml
parameters are the same parameters mentioned in Cluster Agent Configuration for Auto-Instrumentation.
Sensitive Values
These onfiguration options include sensitive data:
controllerInfo.password
controllerInfo.accessKey
controllerInfo.customSSLCert
controllerInfo.proxyPassword
Install the Cluster Agent using Helm Chart
Add the chart repository to Helm:
helm repo add appdynamics-charts https://appdynamics.github.io/appdynamics-charts
BASHCreate a configuration
.yaml
file. This YAML file overrides the default values invalues.yaml
and is used to install the agent inMASTER
mode. For example:user-values.yaml
deploymentMode: MASTER imageInfo: agentImage: dtr.corp.appdynamics.com/sim/cluster-agent agentTag: latest operatorImage: docker.io/appdynamics/cluster-agent-operator operatorTag: latest imagePullPolicy: Always controllerInfo: url: https://<controller-url>:443 account: <appdynamics-controller-account> username: <appdynamics-controller-username> password: <appdynamics-controller-password> accessKey: <appdynamics-controller-access-key> agentServiceAccount: appdynamics-cluster-agent operatorServiceAccount: appdynamics-operator
YMLCreate a namespace. In this case, we're using
ca-appdynamics:
kubectl create ns ca-appdynamics
BASHDeploy Cluster Agent
helm install -f ./user-values.yaml "cluster-agent-1" appdynamics-charts/cluster-agent --namespace=ca-appdynamics
BASHInstall another Cluster Agent in the namespace
ca2-appdynamics
kubectl create ns ca2-appdynamics
BASHCreate another configuration file or re-use the existing file
user-values-2.yaml
deploymentMode: NAMESPACED imageInfo: agentImage: dtr.corp.appdynamics.com/sim/cluster-agent agentTag: latest operatorImage: docker.io/appdynamics/cluster-agent-operator operatorTag: latest imagePullPolicy: Always controllerInfo: url: https://<controller-url>:443 account: <appdynamics-controller-account> username: <appdynamics-controller-username> password: <appdynamics-controller-password> accessKey: <appdynamics-controller-access-key> agentServiceAccount: appdynamics-cluster-agent operatorServiceAccount: appdynamics-operator podFilter: blacklistedLabels: - l1: v1 - l2: v2 whitelistedLabels: - l1: v1 - l2: v2
YMLInstall a second Cluster Agent
helm install -f ./user-values-2.yaml "cluster-agent-2" appdynamics-charts/cluster-agent --namespace=ca2-appdynamics
BASH
Examples
These examples display various features of this Helm chart:
Use the Cluster Agent Helm Chart to Enable Custom SSL
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
#=====
customSSLCert: "<base64 of PEM formatted cert>"
#=====
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
helm install -f ./user-values.yaml "cluster-agent-custom-ssl" appdynamics-charts/cluster-agent --namespace ca-appdynamics
Use the Cluster Agent Helm Chart to Enable Instrumentation
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
customSSLCert: "<base64 of PEM formatted cert>"
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
#=====
instrumentationConfig:
enabled: true
defaultEnv: JAVA_TOOL_OPTIONS
instrumentationMethod: Env
nsToInstrumentRegex: apm1
defaultAppName: sample-app
defaultCustomConfig: "-Dhello -Dhi -Daloha"
numberOfTaskWorkers: 3
imagePullPolicy: Always
netvizInfo:
bciEnabled: true
port: 3892
instrumentationRules:
- matchString: npm-demo
namespaceRegex: apm
appNameLabel: hello
customAgentConfig: "-Dhola"
appName: sample-app-rule
tierName: TIER_ONE
env: JAVA_OPTS
instrumentContainer: first
runAsUser: 100
runAsGroup: 100
netvizInfo:
bciEnabled: false
port: 3000
- namespaceRegex: books
matchString: openmct
language: nodejs
imageInfo:
image: "docker.io/appdynamics/nodejs:20.6.0"
agentMountPath: /opt/appdynamics
analyticsHost: <hostname of the Analytics Agent>
analyticsPort: 443
analyticsSslEnabled: true
#=====
helm install -f ./user-values.yaml "cluster-agent-instrumentation" appdynamics-charts/cluster-agent --namespace ca-appdynamics
Use the Cluster Agent Helm Chart to Enable the Proxy Controller
Without authentication:
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
#=====
proxyUrl: http://proxy-url.appd-controller.com
#=====
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
helm install -f ./user-values.yaml "cluster-agent" appdynamics-charts/cluster-agent --namespace ca-appdynamics
With authentication:
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
#=====
authenticateProxy: true
proxyUrl: http://proxy-url.appd-controller.com
proxyUser: hello
proxyPassword: world
#=====
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
Use the Cluster Agent Helm Chart to Install metrics-server
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
#=====================
install:
metrics-server: true
#=====================
helm install -f ./user-values.yaml "cluster-agent" appdynamics-charts/cluster-agent --namespace ca-appdynamics
Setting install.metrics-server
installs metrics-server in the namespace with the --namespace
flag, which is in the same namespace as that of Cluster Agent. By default, metrics-server is not installed.
Use the Cluster Agent Helm Chart to add nodeSelector and tolerations
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
#=====================
agentPod:
nodeSelector:
nodeLabelKey: nodeLabelValue
tolerations:
- effect: NoExecute
operator: Equal
key: key1
value: val1
tolerationSeconds: 11
operatorPod:
nodeSelector:
nodeLabelKey: nodeLabelValue
anotherNodeLabel: anotherNodeLabel
tolerations:
- operator: Exists
key: key1
#=====================
helm install -f ./user-values.yaml "cluster-agent" appdynamics-charts/cluster-agent --namespace ca-appdynamics
Update the Cluster Agent
# You can edit the configuration file or pass the parameters directly through CLI using --set
# For example:
helm upgrade -f ./<updated config file>.yaml "cluster-agent" appdynamics-charts/cluster-agent --set imageInfo.agentTag=20.6.0 --namespace=ca-appdynamics
# imageInfo.agentTag can also be updated in the values yaml file instead of passing via CLI
Best practices
We recommend using multiple values.yaml
files for sensitive values. Each values file follows the structure of the default values.yaml
to easily share files with non-sensitive configuration properties and keep sensitive values safe. Here is a default example for values.yaml
file:
User-values.yaml file example
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
user-values-sensitive.yaml
controllerInfo:
password: welcome
accessKey: abc-def-ghi-1516
helm install -f ./user-values.yaml -f ./user-values-sensitive.yaml "cluster-agent" appdynamics-charts/cluster-agent --namespace ca-appdynamics