Download PDF
Download page Deploy the Cluster Agent with Helm Charts.
Deploy the Cluster Agent with Helm Charts
This page includes details about using Helm charts to deploy the Cluster Agent. This is an alternative to using kubectl as described in:
- Deploy the AppDynamics Operator on Kubernetes
- Deploy the AppDynamics Operator on Red Hat OpenShift
- Deploy the Cluster Agent on Kubernetes
- Deploy the Cluster Agent on Red Hat OpenShift
Helm is a package manager for Kubernetes. Helm charts are a collection of files that describe a set of Kubernetes resources. The Cluster Agent Helm chart is a convenient method to deploy the Cluster Agent Operator and Cluster Agent.
Requirements
- Cluster Agent version 20.6 and later
- Controller version 20.6 and later
Cluster Agent Helm charts are compatible with Helm 3.0
Deployment Modes for Cluster Agent Helm chart
You can use deploymentModes configuration in a Cluster Agent Helm chart to support requests of multiple Cluster Agents in a cluster. The Cluster Agent Helm chart checks the configuration for issues and helps to avoid conflict when agents are not deployed in a consistent manner.
For example, if two Cluster Agents are deployed in a cluster, if one Cluster Agent is configured for auto-instrumentation, and the second Cluster Agent is not, there is a conflict. In this scenario, the second Cluster Agent checks for available namespaces. Because this second Cluster Agent is not configured to perform auto-instrumentation, the second Cluster Agent attempts to uninstrument the deployment that the first Cluster Agent is auto-instrumenting. This scenario results in an infinite loop.
The solution to this scenario is to provide update permissions to only one Cluster Agent in the cluster and provide read permissions to all the other Cluster Agents in the cluster. This enables all the agents to monitor the cluster, while a single Cluster Agent performs auto-instrumentation, without conflict.
You can deploy the Cluster Agent in two deployment modes:
MASTERNAMESPACED
Master Deployment Mode for Cluster Agent Helm Chart
The MASTER deployment mode is the same as a normal Cluster Agent deployment using YAML files. Auto-instrumentation can only be enabled in the Master mode.
The deploymentMode for the first installation using the Helm chart must be MASTER. The MASTER mode is used to create all Custom Resources Definitions, (CRD), ClusterRoles, to install any sub-charts like metrics-server, and so on. These properties are not allowed in NAMESPACED mode. The MASTER mode is the default deployment mode and there can only be one MASTER Helm chart deployment.
The Cluster Agent Helm chart creates the following resources in MASTER mode:
- Operator
- Agent
- ServiceAccounts (Optional)
- Binds agent to read cluster role
- Binds agent to update cluster role (If instrumentation is enabled)
- Binds operator to namespace wide role
- Secrets used by the agent
Namespaced Deployment Mode for Cluster Agent Helm Chart
The Cluster Agent monitors 1500 pods and 3000 containers (for 2 containers per pod) or 2250 pods and 2250 containers (for 1 container per pod). If you need to monitor more than the limit, you can deploy another Cluster Agent using the NAMESPACED mode. The NAMESPACED Deployment mode is the same as the MASTER deployment mode except that auto-instrumentation cannot be enabled in the NAMESPACED mode. The Helm chart displays an error if auto-instrumentation is enabled in the Namespaced mode.
The NAMESPACED mode can be used when one Cluster Agent has a different configuration than the other Cluster Agent such as, podFilter properties. The value of namespace configuration property should be different than the configuration property in MASTER or the other NAMESPACED mode.
The Helm chart creates the following resources in the NAMESPACED mode:
- Operator
- Agent
- ServiceAccounts (Optional)
- Binds agent to read cluster role
- Binds operator to namespace wide role
- Secrets used by the agent
Default Configuration Option
The Helm chart uses a values.yaml file to get default values for the Cluster Agent and Operator. You can override these values included as an argument to the Helm install/update commands. Here is an example configuration supported by Helm chart:
values.yaml
# Cluster agent deployment mode (MASTER | NAMESPACED)
deploymentMode: MASTER
# Docker images
imageInfo:
agentImage: docker.io/appdynamics/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: 0.5.2
imagePullPolicy: Always # used for operator pod
# AppDynamics controller info (null VALUES TO BE PROVIDED BY THE USER)
controllerInfo:
url: null
account: null
username: null
password: null
accessKey: null
# SSL properties
customSSLCert: null
# Proxy config
authenticateProxy: false
proxyUrl: null
proxyUser: null
proxyPassword: null
# RBAC config
createServiceAccount: true
agentServiceAccount: appdynamics-cluster-agent
operatorServiceAccount: appdynamics-operator
# Cluster agent config
clusterAgent:
nsToMonitor:
- default
clusterMetricsSyncInterval: 60
metadataSyncInterval: 60
eventUploadInterval: 10
httpClientTimeout: 30
podBatchSize: 6
imagePullSecret: ""
containerProperties:
containerBatchSize: 5
containerParallelRequestLimit: 1
containerRegistrationInterval: 120
logProperties:
logFileSizeMb: 5
logFileBackups: 3
logLevel: INFO
metricProperties:
metricsSyncInterval: 30
metricUploadRetryCount: 2
metricUploadRetryIntervalMilliSeconds: 5
# Pod filter config
podFilter: {}
# Instrumentation config
instrumentationConfig:
enabled: false
# Agent pod specific properties
agentPod:
nodeSelector: {}
tolerations: []
resources:
limits:
cpu: "1250m"
memory: "300Mi"
requests:
cpu: "750m"
memory: "150Mi"
# Operator pod specific properties
operatorPod:
nodeSelector: {}
tolerations: []
resources:
limits:
cpu: 200m
memory: 128Mi
requests:
cpu: 100m
memory: 64Mi
# Subcharts boolean install switches
install:
metrics-server: false
Configuration Options
| Config option | Description | Required |
|---|---|---|
deploymentMode | Used for multiple cluster agent deployment in a single cluster | Optional |
Image config options (Config options under imageInfo key in values.yaml) | ||
imageInfo.agentImage | Cluster agent image address in format <registryUrl>/<registryAccount>/<project> | Optional (Defaults to the Docker Hub image) |
imageInfo.agentTag | Cluster agent image tag/version | Optional (Defaults to latest) |
imageInfo.operatorImage | Operator image address in format <registryUrl>/<registryAccount>/<project> | Optional (Defaults to the Docker Hub image) |
imageInfo.operatorTag | Operator image tag/version | Optional (Defaults to latest) |
imageInfo.imagePullPolicy | Image pull policy for the operator pod | Optional |
Controller config options (Config options under controllerInfo key in values.yaml) | ||
controllerInfo.accessKey | AppDynamics Controller accessKey | Required |
controllerInfo.account | AppDynamics Controller account | Required |
controllerInfo.authenticateProxy | true/false if the proxy requires authentication | Optional |
controllerInfo.customSSLCert | Base64 encoding of PEM formatted SSL certificate | Optional |
controllerInfo.password | AppDynamics Controller password | Required only when auto-instrumentation is enabled. |
controllerInfo.proxyPassword | Password for proxy authentication | Optional |
controllerInfo.proxyUrl | Proxy URL if the Controller is behind some proxy | Optional |
controllerInfo.proxyUser | Username for proxy authentication | Optional |
controllerInfo.url | AppDynamics Controller URL | Required |
controllerInfo.username | AppDynamics Controller username | Required only when auto-instrumentation is enabled. |
| RBAC config | ||
| Service account to be used by the Cluster Agent | Optional |
| Set to true if ServiceAccounts mentioned are to be created by Helm | Optional |
| Service account to be used by the AppDynamics Operator | Optional |
| Agent pod config | ||
agentPod.nodeSelector | Kubernetes node selector field in the Cluster Agent pod spec | Optional |
agentPod.tolerations | Kubernetes tolerations field in the Cluster Agent pod spec | Optional |
agentPod.resources | Kubernetes CPU and memory resources in the Cluster Agent pod spec | Optional |
| Operator pod config | ||
operatorPod.nodeSelector | Kubernetes node selector field in the AppDynamics Operator pod spec | Optional |
operatorPod.tolerations | Kubernetes tolerations field in the AppDynamics Operator pod spec | Optional |
operatorPod.resources | Kubernetes CPU and memory resources in the AppDynamics Operator pod spec | Optional |
| Install switches | ||
install.metrics-server | True if metrics are to be installed. Metrics-server is installed in the same namespace as the agent. | Optional |
Cluster Agent configuration, listed as Config under the clusterAgent key in values.yaml) and the Pod filter configuration listed as Config under the podFilter key in values.yaml) parameters are the same parameters mentioned in the Cluster Agent YAML file. See Configure the Cluster Agent.
The Instrumentation configuration options under instrumentationConfig key in the values.yaml parameters are the same parameters mentioned in Cluster Agent Configuration for Auto-Instrumentation.
Sensitive Values
These onfiguration options include sensitive data:
controllerInfo.passwordcontrollerInfo.accessKeycontrollerInfo.customSSLCertcontrollerInfo.proxyPassword
Install the Cluster Agent using Helm Chart
Add the chart repository to Helm:
helm repo add appdynamics-charts https://appdynamics.github.io/appdynamics-chartsBASHCreate a configuration
.yamlfile. This YAML file overrides the default values invalues.yamland is used to install the agent inMASTERmode. For example:user-values.yaml
deploymentMode: MASTER imageInfo: agentImage: dtr.corp.appdynamics.com/sim/cluster-agent agentTag: latest operatorImage: docker.io/appdynamics/cluster-agent-operator operatorTag: latest imagePullPolicy: Always controllerInfo: url: https://<controller-url>:443 account: <appdynamics-controller-account> username: <appdynamics-controller-username> password: <appdynamics-controller-password> accessKey: <appdynamics-controller-access-key> agentServiceAccount: appdynamics-cluster-agent operatorServiceAccount: appdynamics-operatorYMLCreate a namespace. In this case, we're using
ca-appdynamics:kubectl create ns ca-appdynamicsBASHDeploy Cluster Agent
helm install -f ./user-values.yaml "cluster-agent-1" appdynamics-charts/cluster-agent --namespace=ca-appdynamicsBASHInstall another Cluster Agent in the namespace
ca2-appdynamicskubectl create ns ca2-appdynamicsBASHCreate another configuration file or re-use the existing file
user-values-2.yaml
deploymentMode: NAMESPACED imageInfo: agentImage: dtr.corp.appdynamics.com/sim/cluster-agent agentTag: latest operatorImage: docker.io/appdynamics/cluster-agent-operator operatorTag: latest imagePullPolicy: Always controllerInfo: url: https://<controller-url>:443 account: <appdynamics-controller-account> username: <appdynamics-controller-username> password: <appdynamics-controller-password> accessKey: <appdynamics-controller-access-key> agentServiceAccount: appdynamics-cluster-agent operatorServiceAccount: appdynamics-operator podFilter: blacklistedLabels: - l1: v1 - l2: v2 whitelistedLabels: - l1: v1 - l2: v2YMLInstall a second Cluster Agent
helm install -f ./user-values-2.yaml "cluster-agent-2" appdynamics-charts/cluster-agent --namespace=ca2-appdynamicsBASH
Examples
These examples display various features of this Helm chart:
Use the Cluster Agent Helm Chart to Enable Custom SSL
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
#=====
customSSLCert: "<base64 of PEM formatted cert>"
#=====
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name helm install -f ./user-values.yaml "cluster-agent-custom-ssl" appdynamics-charts/cluster-agent --namespace ca-appdynamicsUse the Cluster Agent Helm Chart to Enable Instrumentation
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
customSSLCert: "<base64 of PEM formatted cert>"
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
#=====
instrumentationConfig:
enabled: true
defaultEnv: JAVA_TOOL_OPTIONS
instrumentationMethod: Env
nsToInstrumentRegex: apm1
defaultAppName: sample-app
defaultCustomConfig: "-Dhello -Dhi -Daloha"
numberOfTaskWorkers: 3
imagePullPolicy: Always
netvizInfo:
bciEnabled: true
port: 3892
instrumentationRules:
- matchString: npm-demo
namespaceRegex: apm
appNameLabel: hello
customAgentConfig: "-Dhola"
appName: sample-app-rule
tierName: TIER_ONE
env: JAVA_OPTS
instrumentContainer: first
runAsUser: 100
runAsGroup: 100
netvizInfo:
bciEnabled: false
port: 3000
- namespaceRegex: books
matchString: openmct
language: nodejs
imageInfo:
image: "docker.io/appdynamics/nodejs:20.6.0"
agentMountPath: /opt/appdynamics
analyticsHost: <hostname of the Analytics Agent>
analyticsPort: 443
analyticsSslEnabled: true
#=====helm install -f ./user-values.yaml "cluster-agent-instrumentation" appdynamics-charts/cluster-agent --namespace ca-appdynamicsUse the Cluster Agent Helm Chart to Enable the Proxy Controller
Without authentication:
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
#=====
proxyUrl: http://proxy-url.appd-controller.com
#=====
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name helm install -f ./user-values.yaml "cluster-agent" appdynamics-charts/cluster-agent --namespace ca-appdynamicsWith authentication:
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
#=====
authenticateProxy: true
proxyUrl: http://proxy-url.appd-controller.com
proxyUser: hello
proxyPassword: world
#=====
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name Use the Cluster Agent Helm Chart to Install metrics-server
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
#=====================
install:
metrics-server: true
#===================== helm install -f ./user-values.yaml "cluster-agent" appdynamics-charts/cluster-agent --namespace ca-appdynamicsSetting install.metrics-server installs metrics-server in the namespace with the --namespace flag, which is in the same namespace as that of Cluster Agent. By default, metrics-server is not installed.
Use the Cluster Agent Helm Chart to add nodeSelector and tolerations
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid name
#=====================
agentPod:
nodeSelector:
nodeLabelKey: nodeLabelValue
tolerations:
- effect: NoExecute
operator: Equal
key: key1
value: val1
tolerationSeconds: 11
operatorPod:
nodeSelector:
nodeLabelKey: nodeLabelValue
anotherNodeLabel: anotherNodeLabel
tolerations:
- operator: Exists
key: key1
#===================== helm install -f ./user-values.yaml "cluster-agent" appdynamics-charts/cluster-agent --namespace ca-appdynamicsUpdate the Cluster Agent
# You can edit the configuration file or pass the parameters directly through CLI using --set
# For example:
helm upgrade -f ./<updated config file>.yaml "cluster-agent" appdynamics-charts/cluster-agent --set imageInfo.agentTag=20.6.0 --namespace=ca-appdynamics
# imageInfo.agentTag can also be updated in the values yaml file instead of passing via CLI Best practices
We recommend using multiple values.yaml files for sensitive values. Each values file follows the structure of the default values.yaml to easily share files with non-sensitive configuration properties and keep sensitive values safe. Here is a default example for values.yaml file:
User-values.yaml file example
user-values.yaml
deploymentMode: MASTER
imageInfo:
agentImage: dtr.corp.appdynamics.com/sim/cluster-agent
agentTag: latest
operatorImage: docker.io/appdynamics/cluster-agent-operator
operatorTag: latest
imagePullPolicy: Always
controllerInfo:
url: https://<controller-url>:443
account: <appdynamics-controller-account>
username: <appdynamics-controller-username>
password: <appdynamics-controller-password>
accessKey: <appdynamics-controller-access-key>
agentServiceAccount: appdynamics-cluster-agent-ssl # Can be any valid name
operatorServiceAccount: appdynamics-operator-ssl # Can be any valid nameuser-values-sensitive.yaml
controllerInfo:
password: welcome
accessKey: abc-def-ghi-1516helm install -f ./user-values.yaml -f ./user-values-sensitive.yaml "cluster-agent" appdynamics-charts/cluster-agent --namespace ca-appdynamics