Download PDF
Download page Set up PSA in Red Hat OpenShift.
Set up PSA in Red Hat OpenShift
To deploy the Web Monitoring PSA and API Monitoring PSA in OpenShift, you must create OpenShift clusters in Amazon EKS or Azure AKS. You can set up the PSA in one of the following ways:
Deploy Manually | Deploy Using the Automation Script |
---|---|
This document contains links to AWS CLI documentation. AppDynamics makes no representation as to the accuracy of AWS CLI documentation because AWS CLI controls its own documentation.
If you use the automated script, you must manually set up the OpenShift cluster and nodes and log in to container registries before deploying PSA.
Build and Customise the Docker Image
(Optional) Configure Proxy Server
When you configure a proxy server, it applies to all the domains.
Configure a proxy server by specifying the proxy server address on the values.yaml
file. See Key-Value Pairs Configuration.
If you make any changes to the bypass_list
after building the docker image, you must rebuild the docker image.
To bypass any domains from the proxy server, perform the following steps:
Configuring the bypass list is supported only on Web Monitoring PSA.
- Navigate to the
sum-chrome-agent/agent
directory. - Open the
chrome.py
file. Navigate to the following string:
if self._proxy_server: chrome_options.add_argument('--proxy-server={}'.format(self._proxy_server))
CODEAppend the following details:
bypass_list = ["*abc.com", "*xyz1.com", "*xyz2.com"] chrome_options.add_argument('--proxy-bypass-list=%s' % ";".join(bypass_list))
CODEDomain URLs that you specify in
bypass_list
are not redirected to the proxy server. You can add any number of domains in thebypass_list
. All other unspecified domain URLs are redirected to the proxy server.If you make any changes to the
bypass_list
after building the docker image, you must rebuild the docker image.
Build and Customise the PSA Docker Image
You can download the zip file for Simple Synth PSA installation from the Appdynamics Downloads Portal or from the beta upload tool.
This file contains Dockerfiles to install the agents and set up monitoring:
- Web Monitoring PSA: Dockerfiles for sum-chrome-agent, sum-heimdall, and Helm charts
- API Monitoring PSA: Dockerfiles for sum-api-monitoring-agent, sum-heimdall, and Helm charts
To build an image for sum-chrome-agent, sum-api-monitoring-agent, and sum-heimdall, ensure that Docker is installed. If it is not installed, you can download and install Docker from here.
For sum-chrome-agent:
- Unzip the zip file to access the sum-chrome-agent directory.
Navigate to the directory and run the following command:
docker build -f Dockerfile-PSA-Openshift -t sum-chrome-agent:<agent-tag> .
CODE
For sum-api-monitoring-agent:
- Unzip the zip file to access the sum-api-monitoring-agent directory.
Navigate to the directory and run the following command:
docker build -f Dockerfile-PSA-Openshift -t sum-api-monitoring-agent:<agent-tag> .
CODE
For sum-heimdall:
- Unzip the zip file to access the sum-heimdall directory.
Navigate to the Openshift-PSA directory and run the following command:
docker build -f Dockerfile-PSA-Openshift -t sum-heimdall:<heimdall-tag> .
CODE
You can use any value for <heimdall-tag> and <agent-tag>, but ensure that you use the same value in the subsequent steps.
You must build the images on the host with the same OS type of Kubernetes cluster nodes. For example, if you are pushing the image to AWS, then run the following command:
sum-chrome-agent
docker buildx build -f Dockerfile-PSA-Openshift --platform=linux/amd64 -t sum-chrome-agent:<agent-tag> .
sum-heimdall
docker buildx build -f Dockerfile-PSA-Openshift --platform=linux/amd64 -t sum-heimdall:<heimdall-tag> .
sum-api-monitoring-agent
docker buildx build -f Dockerfile-PSA-Openshift --platform=linux/amd64 -t sum-api-monitoring-agent:<api-tag> .
(Optional) Add Custom Python Libraries
This section is applicable only for Web Monitoring PSA.
In addition to the available standard set of libraries, you can add custom Python libraries to the agent to use in scripted measurements. You build a new image based on the image you loaded as the base image.
Create a Dockerfile and then create
RUN
directives to runpython
pip
. For example, to install the libraryalgorithms
you can create a Dockerfile:# Use the sum-chrome-agent image we just loaded as the base image FROM sum-chrome-agent:<agent-tag> # Install algorithm for python3 on top of that RUN python3 -m pip install algorithms==0.1.4 # We can add more RUN directives for installing more libraries # RUN python3 -m pip install ...
CODEYou can create any number of
RUN
directives to install the required libraries.To build the new image, enter:
docker build -t sum-chrome-agent:<agent-tag> - < Dockerfile
CODEThe newly built agent image contains the required libraries.
Tag and Push Images to the Registry
You must tag and push the images to a registry for the cluster to access it. The Amazon EKS clusters pull the images from Elastic Container Registry (ECR), which is the managed registry provided by AWS.
To tag the images, enter:
Web Monitoring PSA:
docker tag sum-heimdall:<heimdall-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker tag sum-chrome-agent:<agent-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-chrome-agent:<agent-tag>
API Monitoring PSA:
docker tag sum-heimdall:<heimdall-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker tag sum-api-monitoring-agent:<agent-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-api-monitoring-agent:<agent-tag>
You need to replace <aws_account_id>
& <region>
with your account id and region values.
To create repositories, enter:
Web Monitoring PSA:
aws ecr create-repository --repository-name sum/sum-heimdall
aws ecr create-repository --repository-name sum/sum-chrome-agent
API Monitoring PSA:
aws ecr create-repository --repository-name sum/sum-heimdall
aws ecr create-repository --repository-name sum/sum-api-monitoring-agent
To push the images, enter:
Web Monitoring PSA:
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-chrome-agent:<agent-tag>
API Monitoring PSA:
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-api-monitoring-agent:<agent-tag>
Deploy PSA in OpenShift Manually
Ensure that you follow the applicable sequence of steps when installing Web Monitoring PSA and API Monitoring PSA, respectively; some steps are common for both procedures.
The application is deployed to the cluster after the images are in the Registry. You use the Helm chart to deploy and create all Kubernetes resources in the required order.
Install Helm following these instructions.
Create a new
measurement
namespace to run the Apache Ignite pods.- Ensure that you first run the Apache Ignite commands and then run the Heimdall commands.
From PSA 23.12 onwards, you must deploy Ignite and Heimdall in a single namespace named
measurement
.
To create a new
measurement
namespace, enter:kubectl create namespace measurement
CODEBefore you deploy Apache Ignite, you must set some configuration options. To view the configuration options, navigate to the previously downloaded
ignite-psa.tgz
file and enter:helm show values ignite-psa.tgz > values-ignite.yaml
CODEIf you want to enable persistence, set
persistence > enabled
. This is an optional configuration.To deploy the Helm chart using the above-mentioned configuration, navigate to the previously downloaded
ignite-psa.tgz
file and enter:helm install synth ignite-psa.tgz --values values-ignite.yaml --namespace measurement
CODEAll the Kubernetes resources are created in the cluster, and you can use Apache Ignite. After a few seconds, Apache Ignite initializes and is visible in the Controller.
To verify if the pods are running, enter:
kubectl get pods --namespace measurement
CODEProceed to the next steps only after the Apache Ignite pods run successfully.
Using a single command, you can deploy the Helm chart, which contains the deployment details. To deploy the agent, use the Helm chart
sum-psa-heimdall.tgz
in the zip file that you downloaded previously. Before you deploy the Private Synthetic Agent, you must set some configuration options. To view the configuration options, navigate to the previously downloadedsum-psa-heimdall.tgz
file and enter:helm show values sum-psa-heimdall.tgz > values.yaml
CODEThese are the configuration key-value pairs that you need to edit in the
values.yaml
file:Web Monitoring PSA:
Configuration Key
Value
heimdall > repository
<aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall
heimdall > tag
<heimdall-tag>
heimdall > pullPolicy
Always
chromeAgent > repository
<aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-chrome-agent
chromeAgent > tag
<agent-tag>
shepherd > url
Shepherd URL
shepherd > credentials
credentials
shepherd > location
agent location
API Monitoring PSA:
Configuration Key
Value
heimdall > repository
<aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall
heimdall > tag
<heimdall-tag>
heimdall > pullPolicy
Always
apiMonitoringAgent > repository
<aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-api-monitoring-agent
apiMonitoringAgent > tag
<agent-tag>
ingressBandwidth
1024k or more, based on your requirements. egressBandwidth
1024k or more, based on your requirements. shepherd > url
Shepherd URL
shepherd > credentials
credentials
shepherd > location
agent location
You can leave the rest of the values set to their defaults or configure them based on your requirements. See Configure Web Monitoring PSA and API Monitoring PSA for details on shepherd URL, credentials, location, and optional key-value pairs.
If the Kubernetes cluster is locked down, and you cannot make cluster-wide configuration, you can make pod-level changes.
For example, if you want to change the pod-level DNS server setting to use your internal nameservers for DNS name resolution, specify the following details in the
values.yaml
file:agentDNSConfig: enabled: true dnsPolicy: "None" dnsConfig: nameservers: ["4.4.4.4"] searches: ["svc.cluster.local", "cluster.local"]
CODEIf you need to add multiple nameservers, do the following:
Set
dnsPolicy
to"None"
in thevalues.yaml
file.agentDNSConfig: enabled: true dnsPolicy: "None" dnsConfig: nameservers: ["1.1.1.1", "2.2.2.2", "3.3.3.3"] searches: ["measurement.svc.cluster.local", "svc.cluster.local", "cluster.local"]
CODEEnsure that the first nameserver specified under
nameservers
is thecluster-default
nameserver.- Set Upstream
coredns
policy tosequential.
For more information, see coredns.
To deploy the Helm chart using the above-mentioned configuration, navigate to the previously downloaded
sum-psa-heimdall.tgz
file and enter:helm install heimdall-onprem sum-psa-heimdall.tgz --values values.yaml --namespace measurement
CODEAll the Kubernetes resources are created in the cluster, and you can use Heimdall. After a few seconds, Heimdall initializes and is visible in the Controller.
To verify if the pods are running, enter:
kubectl get pods --namespace measurement
CODETo make any changes to
values.yaml
after the initial deployment, navigate to the previously downloadedsum-psa-heimdall.tgz
file and enter:helm upgrade heimdall-onprem sum-psa-heimdall.tgz --values values.yaml --namespace measurement
CODETo remove the deployment:
helm uninstall heimdall-onprem --namespace measurement
CODEThis is not recommended unless it is required.
Deploy PSA in OpenShift Using the Automation Script
Prerequisite
Before running the PSA installation script:
- Create an OpenShift cluster and configure the cluster in Kubeconfig.
- Log in to the image registry.
- Download the
pyyaml
package v6.01.
Perform the following steps to install PSA:
- Unzip the PSA installation zip file.
Run the following command to install PSA :
./install_psa -e openshift -l -v -u <Shepherd-URL> -a <EUM-account> -k <EUM-key> -c <location-code> -d <location-description> -t <location-name> -s <location-state> -o <location-country> -i <location-latitude> -g <location-longitude> -p <PSA-tag> -r <heimdall-replica-count> -z <agent-type> -m <chrome-agent_min/max-memory> -n <API-agent_min/max-memory> -x <chrome-agent_min/max-CPU> -y <API-agent_min/max-CPU> -b <heimdall_min/max-memory> -f <heimdall_min/max-CPU> -q <ignite-persistence> -j <ingress_and_egress_bandwidth> -w <heimdall_proxy_server>~<api_monitoring_proxy_server>~<web_monitoring_proxy_server>
CODEA sample installation command looks like this:
./install_psa -e openshift -u <Shepherd-URL> -a <EUM-account> -k <EUM-key> -c DEL -d Delhi -t Delhi -s DEL -o India -i 28.70 -g 77.10 -p 23.5 -r 1 -z all -m 100Mi/500Mi -n 100Mi/100Mi -x 0.5/1.5 -y 0.1/0.1 -b 2Gi/2Gi -f 2/2 -q true -j 2048k -w 127.0.0.1:8887~127.0.0.1:8888~127.0.0.1:8889
CODEThe following table describes the usage of the flags in the command. Asterisk (*) on the description denotes mandatory parameters.
Flag Description -e *Environment
For example, Docker, Minikube, or Kubernetes.
-l Load images to the Minkube environment -v Debug mode -u *Shepherd URL
-a *EUM Account
-k *EUM Key
-c *Location Code
For example,
DEL
for Delhi,NY
for New York-d *Location Description
For example,
'Delhi, 100001'
-t *Location City
For example, Delhi
-s *Location State
For example,
CA
for California-o *Location Country
For example, India, United States
-i Location Latitude
For example,
28.70
for Delhi-g Location Longitude
For example,
77.10
for Delhi-p *PSA release tag
For example,
23.12
-r *Heimdall replica count -z *Agent type
For example, web, api, or all
-m
*Minimum/Maximum memory in Mi/Gi for sum-chrome-agent
-n *Minimum/Maximum memory in Mi/Gi for sum-api-monitoring-agent
-x *Minimum/Maximum CPU for sum-chrome-agent
-y *Minimum/Maximum CPU for sum-api-monitoring-agent
-b *Minimum/Maximum memory in Mi/Gi for sum-heimdall
-f *Minimum/Maximum CPU for sum-heimdall
-q Specify true
orfalse
to enable or disable Ignite Persistence.-j Specify a single value for the API monitoring agent's ingress and egress bandwidth. The default value for OpenShift is 1024k. AppDynamics recommends keeping a value greater than or equal to that for OpenShift deployments. -w Specify the proxy servers for Heimdall, API, and Web monitoring, separated by a tilde(~).
If you do not need to set up any proxy server, you can leave it blank.
- Specify the Docker registry URL when prompted.
Troubleshoot
You may encounter certain issues if the pod configurations are incorrect. The following table lists the issues and the steps you can follow to resolve them:
Issue | Resolution |
---|---|
PodSecurity violation due to Warning Message
CODE
| Perform the following steps:
|
The Warning Message
CODE
| Modify the
|
Monitor the Kubernetes Cluster
The Helm chart sum-psa-monitoring.tgz
in the zip you downloaded installs the monitoring stack. This Helm chart installs kube-prometheus-stack along with a custom Grafana dashboard to monitor the Private Simple Synthetic Agent.
Monitoring the deployment is optional; however, we highly recommend that you monitor the cluster to check its health periodically.
Install the Monitoring Stack
To create a separate
monitoring
namespace, enter:kubectl create namespace monitoring
CODETo review configuration options, enter:
helm show values sum-psa-monitoring.tgz > values-monitoring.yaml
CODEThis generates a
values-monitoring.yaml
file that contains all the configuration options. To modify and pass the generatedvalues-monitoring
.yaml
file while installing the Helm chart, enter:oc adm policy add-scc-to-group anyuid system:authenticated
CODEhelm install psa-monitoring sum-psa-monitoring.tgz --values values-monitoring.yaml --namespace monitoring
CODEAfter the monitoring stack is installed, you can Launch Grafana (which runs inside the cluster) to view the dashboard. To access Grafana from outside the cluster, you can configure port forwarding or set up Ingress. To configure port forward to access it locally, enter:
kubectl port-forward svc/psa-monitoring-grafana 3000:80 --namespace monitoring
CODELaunch localhost:3000 from the browser and log in using the default credentials with username as admin and password as
prom-operator.
A dashboard named Private Simple Synthetic Agent displays and provides details about the Kubernetes cluster, Apache Ignite, Heimdall, and running measurements.
Uninstall PSA
To uninstall PSA, run the following command:
./uninstall_psa -e openshift -p