Set up PSA in Amazon EKS

Set up the Web Monitoring PSA and API Monitoring PSA in Amazon Elastic Kubernetes Service (Amazon EKS) as follows. If you want to set up PSA in an existing Kubernetes cluster, skip the Create the Kubernetes Cluster section.

This document contains links to AWS CLI documentation. Splunk AppDynamics makes no representation as to the accuracy of AWS CLI documentation because AWS CLI controls its own documentation.

You can deploy PSA on an existing Kubernetes cluster in public or private clouds. The automation scripts do not support Kubernetes cluster creation. 

• If you use the automated script, you must manually set up the Kubernetes cluster and nodes and log in to container registries before deploying PSA.
• If you use a separate registry, specify the registry in the automated script before deploying PSA:

  1. Open the install_psa file and go to the push_images_to_docker_registry() function.

  2. Under that function, after ${DOCKER_REGISTRY_URL}/, specify the registry names of sum-chrome-agent, sum-api-monitoring-agent, and sum-heimdall.

  3. Under the generate_psa_k8s_deployment() function, update the repository names on the YAML values. 

• You must build the images on the host with the same OS type of Kubernetes cluster nodes.

Create the Kubernetes Cluster

To create a Kubernetes cluster in Amazon EKS:

1. Install and configure AWS CLI.

2. Based on your platform, install eksctl following the installation instructions.

3. To create a Kubernetes cluster, enter:

   EKSCTL_CLUSTER_NAME=eks-heimdall-onprem-cluster
   EKSCTL_NODEGROUP_NAME=eks-heimdall-onprem-worker-nodes
   EKSCTL_KUBERNETES_VERSION=1.x.x
    
    
   eksctl create cluster \
   --name ${EKSCTL_CLUSTER_NAME} \
   --version ${EKSCTL_KUBERNETES_VERSION} \
   --region us-west-2 \
   --zones us-west-2a,us-west-2b,us-west-2c \
   --nodegroup-name ${EKSCTL_NODEGROUP_NAME} \
   --node-type t3.2xlarge \
   --nodes 4 \
   --nodes-min 2 \
   --nodes-max 6 \
   --ssh-access \
   --ssh-public-key ~/.ssh/id_rsa.pub \
   --managed \
   --vpc-nat-mode Disable

   CODE
   

   Replace the EKSCTL_KUBERNETES_VERSION with one of the EKS Kubernetes versions. 

   

   The node-type, nodes, nodes-min, and nodes-max in the code snippet are selected based on the recommended configuration type. You can specify a configuration of your choice with a different type and number of nodes. See EC2 instance types.

Access the Cluster

To access the Kubernetes cluster, follow these instructions to install kubectl, a utility to interact with the cluster.

To verify that the cluster is running, enter:

kubectl get nodes

(Optional) Configure Proxy Server 

When you configure a proxy server, it applies to all the domains. Configure a proxy server by specifying the proxy server address on the values.yaml file. See Key-Value Pairs Configuration.

To bypass any domains from the proxy server, perform the following steps:

Configuring the bypass list is supported only on Web Monitoring PSA.

1. Open the values.yaml file.

2. Add the domain URLs in the bypassList field under browserMonitoringAgent:

   browserMonitoringAgent:
     enabled: true
     server: "<proxy server address>"
     bypassList: "<specify the domain URLs that you want to bypass separated by semicolon>"

   CODE

   For example, bypassList: "*abc.com;*xyz1.com;*xyz2.com"

   Domain URLs that you specify in bypassList are not redirected to the proxy server. You can add any number of domains in the bypassList. All other unspecified domain URLs are redirected to the proxy server.

Pull the Docker Image

Pull the pre-built docker images for sum-chrome-agent, sum-api-monitoring-agent, and sum-heimdall from DockerHub. The pre-built images include the dependent libraries, so you can use these images even when you do not have access to the Internet.

Run the following commands to pull the agent images:

docker pull appdynamics/heimdall-psa

docker pull appdynamics/chrome-agent-psa

docker pull appdynamics/api-monitoring-agent-psa

(Optional) Add Custom Python Libraries 

In addition to the available standard set of libraries, you can add custom Python libraries to the agent to use in scripted measurements. You build a new image based on the image you loaded as the base image.

You do not require these steps if you are using pre-built image from the DockerHub repository.

1. Create a Dockerfile and then create RUN directives to run python pip. For example, to install the library algorithms you can create a Dockerfile: 

   # Use the sum-chrome-agent image you just loaded as the base image
   FROM appdynamics/chrome-agent-psa:<agent-tag>
   
   USER root
   RUN apk add py3-pip
   USER appdynamics
     
   # Install algorithm for python3 on top of that
   RUN python3 -m pip install algorithms==0.1.4 --break-system-packages

   CODE
   

   You can create any number of RUN directives to install the required libraries.

2. To build the new image, enter: 

   docker build -t sum-chrome-agent:<agent-tag> - < Dockerfile

   CODE

   The newly built agent image contains the required libraries. 

Tag and Push Images to the Registry

You must tag and push the images to a registry for the cluster to access it. The Amazon EKS clusters pull the images from Elastic Container Registry (ECR), which is the managed registry provided by AWS. 

Tag the Images

docker tag appdynamics/heimdall-psa:<heimdall-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker tag appdynamics/chrome-agent-psa:<agent-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-chrome-agent:<agent-tag>
docker tag appdynamics/api-monitoring-agent-psa:<agent-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-api-monitoring-agent:<agent-tag>

You need to replace <aws_account_id> & <region> with your account id and region values. 

To create repositories, enter: 

aws ecr create-repository --repository-name sum/sum-heimdall
aws ecr create-repository --repository-name sum/sum-chrome-agent

Push the Images

aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-chrome-agent:<agent-tag>
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-api-monitoring-agent:<agent-tag>

Deploy PSA Manually

The application is deployed to the cluster after the images are in the Registry. You use the Helm chart to deploy and create all Kubernetes resources in the required order. 

1. Install Helm following these instructions.

2. Create a new namespace to run the Apache Ignite pods.
   

   

   Ensure that you first run the Apache Ignite commands and then run the Heimdall commands.

   To create a new namespace for Ignite, enter:

   kubectl create namespace measurement

   CODE

   Before you deploy Apache Ignite, you must set some configuration options. To view the configuration options, navigate to the previously downloaded ignite-psa.tgz file and enter: 

   helm show values ignite-psa.tgz > values-ignite.yaml

   CODE
   

   If you want to enable persistence, set persistence > enabled. This is an optional configuration.

3. To deploy the Helm chart using the above-mentioned configuration, navigate to the previously downloaded ignite-psa.tgz file and enter: 

   helm install synth ignite-psa.tgz --values values-ignite.yaml --namespace measurement

   CODE

   All the Kubernetes resources are created in the cluster, and you can use Apache Ignite. After a few seconds, Apache Ignite initializes and is visible in the Controller.

4. To verify if the pods are running, enter:

   kubectl get pods --namespace measurement

   CODE

   Proceed to the next steps only after the Apache Ignite pods run successfully.

   Using a single command, you can deploy the Helm chart, which contains the deployment details. To deploy the agent, use the Helm chart sum-psa-heimdall.tgz in the zip file that you downloaded previously. Before you deploy the Private Synthetic Agent, you must set some configuration options. To view the configuration options, navigate to the previously downloaded sum-psa-heimdall.tgz file and enter: 

   helm show values sum-psa-heimdall.tgz > values.yaml

   CODE

   These are the configuration key-value pairs that you need to edit in the values.yaml file:
   

   Configuration Key	Value
   heimdall > repository	<aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall
   heimdall > tag	<heimdall-tag>
   heimdall > pullPolicy	Always
   chromeAgent > repository	<aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-chrome-agent
   chromeAgent > tag	<agent-tag>
   shepherd > url	Shepherd URL
   shepherd > credentials	credentials
   shepherd > location	agent location

   
   

   You can leave the rest of the values set to their defaults or configure them based on your requirements. See Configure Web Monitoring PSA and API Monitoring PSA for details on shepherd URL, credentials, location, and optional key-value pairs.

   

   If the Kubernetes cluster is locked down, and you cannot make cluster-wide configuration, you can make pod-level changes.

   For example, if you want to change the pod-level DNS server setting to use your internal nameservers for DNS name resolution, specify the following details in the values.yaml file:

   Configuration Key	Value
   agentDNSConfig:
   enabled:	true
   dnsConfig:
   nameservers:	["4.4.4.4"]
   searches:	["svc.cluster.local", "cluster.local"]

5. To deploy the Helm chart using the above-mentioned configuration, navigate to the previously downloaded sum-psa-heimdall.tgz file and enter: 

   helm install heimdall-onprem sum-psa-heimdall.tgz --values values.yaml --namespace measurement

   CODE

   All the Kubernetes resources are created in the cluster, and you can use Heimdall. After a few seconds, Heimdall initializes and is visible in the Controller.

6. To verify if the pods are running, enter: 

   kubectl get pods --namespace measurement

   CODE

   To make any changes to values.yaml after the initial deployment, navigate to the previously downloaded sum-psa-heimdall.tgz file and enter: 

   helm upgrade heimdall-onprem sum-psa-heimdall.tgz --values values.yaml --namespace measurement

   CODE
   

   To remove the deployment:

   helm uninstall heimdall-onprem --namespace measurement

   CODE

   This is not recommended unless it is required.

Deploy PSA Using the Automation Script

Download the PSA installation zip file from the Cisco AppDynamics Download Center or from the beta upload tool. This file contains Docker files for sum-chrome-agent, sum-api-monitoring-agent, sum-heimdall, Helm charts, and automation scripts. To build an image for sum-chrome-agent, sum-api-monitoring-agent, and sum-heimdall, ensure that Docker is installed. You can download and install Docker from here if it is not installed.

Perform the following steps to install PSA:

1. Unzip the PSA installation zip file.

2. Run the following command to install PSA in EKS:
   

   ./install_psa -e kubernetes -l -v -u <Shepherd-URL> -a <EUM-account> -k <EUM-key> -c <location-code> -d <location-description> -t <location-name> -s <location-state> -o <location-country> -i <location-latitude> -g <location-longitude> -p <PSA-tag> -r <heimdall-replica-count> -z <agent-type> -m <chrome-agent_min/max-memory> -n <API-agent_min/max-memory> -x <chrome-agent_min/max-CPU> -y <API-agent_min/max-CPU> -b <heimdall_min/max-memory> -f <heimdall_min/max-CPU> -q <ignite-persistence> -w <heimdall_proxy_server>~<api_monitoring_proxy_server>~<web_monitoring_proxy_server> -B <"bypassURL1;bypassURL2;bypassURL3">

   CODE

   A sample installation command looks like this: 
   

   ./install_psa -e kubernetes -u <Shepherd-URL> -a <EUM-account> -k <EUM-key> -c DEL -d Delhi -t Delhi -s DEL -o India -i 28.70 -g 77.10 -p 23.5 -r 1 -z all -m 100Mi/500Mi -n 100Mi/100Mi -x 0.5/1.5 -y 0.1/0.1 -b 2Gi/2Gi -f 2/2 -q true -w 127.0.0.1:8887~127.0.0.1:8888~127.0.0.1:8889 -B "*abc.com;*xyz1.com;*xyz2.com"

   CODE

The following table describes the usage of the flags in the command. Asterisk (*) on the description denotes mandatory parameters.

Monitor the Kubernetes Cluster

The Helm chart sum-psa-monitoring.tgz in the zip you downloaded installs the monitoring stack. This Helm chart installs kube-prometheus-stack along with a custom Grafana dashboard to monitor the Private Simple Synthetic Agent.

Monitoring the deployment is optional; however, we highly recommend that you monitor the cluster to check its health periodically.  

Install the Monitoring Stack

1. To create a separate monitoring namespace, enter:  

   kubectl create namespace monitoring

   CODE

   To review configuration options, enter: 

   helm show values sum-psa-monitoring.tgz > values-monitoring.yaml

   CODE

   This generates a values-monitoring.yaml file that contains all the configuration options. To modify and pass the generated values-monitoring.yaml file while installing the Helm chart, enter:

   helm install psa-monitoring sum-psa-monitoring.tgz --values values-monitoring.yaml --namespace monitoring

   CODE

2. After the monitoring stack is installed, you can Launch Grafana (which runs inside the cluster) to view the dashboard. To access Grafana from outside of the cluster, you can configure port forwarding or set up Ingress. To configure port forward to access it locally, enter:

   kubectl port-forward svc/psa-monitoring-grafana 3000:80 --namespace monitoring

   CODE

3. Launch localhost:3000 from the browser and log in using the default credentials with username as admin and password as prom-operator. A dashboard named Private Simple Synthetic Agent displays and provides details about the Kubernetes cluster, Apache Ignite, Heimdall, and running measurements.

Uninstall PSA

To uninstall PSA, run the following command:

./uninstall_psa -e kubernetes -p