This page explains the parameters used in the helm file with examples. If you change the default configuration, you require to update the helm file before installing the services. For example, to use different CA certificates for the communication among components, you must update the helm file. 

You can refer to the examples and edit the following file to provide custom values:

Edit the globals.yaml.gotmpl file

Run the following command to edit the globals.yaml.gotmpl file:

vi globals.yaml.gotmpl
CODE


Parameter NameDescriptionExample
dnsDomain

Domain name of the cluster.

dnsDomain: appd.example.com
CODE
dnsNames

List the Ingress domain names that you require to configure for the Virtual Appliance.

You must include local host for appdcli to access the cluster. If the domain names are unavailable, specify <nodeip>.nip.io for each cluster. You must also include the dnsDomain as a value, in addition to other specified values. 

dnsNames: &dnsNames
  - localhost
  - 10.0.0.1.nip.io
  - 10.0.0.2.nip.io
  - 10.0.0.3.nip.io
  - appd.example.com
{{ range split " " $internalIPs }} {{ printf " - %s.%s" . "nip.io" }}
{{ end }}
CODE
license

Specify the license file that you require to apply on your Virtual Appliance.

Copy the license files as the license.lic file to the node in /var/appd/config/

By default, the globals.yaml.gotmpl file has random UUIDs for controllerKey and eumKey. In case, you wish to generate new UUIDs for controllerkey and eumkey, run the gen-uuid.sh script from the helm charts folder (/home/appduser/appd-charts/utils).

Specify the generated UUIDs in the license section for service and agent authorization.

license:
  file: |
{{ if isFile "/var/appd/config/license.lic" }}
{{ readFile "/var/appd/config/license.lic" | indent 4 }}
{{ end }}
  controllerKey: &controllerKey 4f612930-c51e-490d-9ade-ef789bf4da6f
  eumKey: dcdf8fae-809b-44a5-870e-07c829efc704
CODE
appdController

Specify the Controller details that you want to bootstrap during deployment.

  • tenantAccountName: Specify the default account name (customer1). The Controller uses this name to create an account.
  • nodeLocked: Set this field to True if you require to apply the MAC address-based license on a specific node in the cluster.
  • nodeName: Specify the name of the node if the nodeLocked is set to True. The Controller is bound to this node.
  • customCaCerts: Specify additional CA certs for outbound API calls from the Controller. By default, the Controller specifies the common CA certs.
appdController:
  tenantAccountName: &account customer1
  nodeLocked: false
  nodeName: "appd-node-1"
  customCaCerts: false
{{ if isFile "/var/appd/config/cacert-extras.jks" }}
  caCertsFile: {{ readFile "/var/appd/config/cacert-extras.jks" | b64enc | quote }}
{{ end }}
CODE
eumSpecify the external EUM URL. Ingress is configured for the Virtual Appliance. Therefore, this URL is set up with one of the dnsNames.
eum:
  externalUrl: <URL_of_EUM>
CODE
events

Specify the external events URL for Analytics Agent. This uses the node port as 32105.

  • enableSsl: TLS is enabled for the events endpoint. The default value is true.
  • externalUrl: Events service external URL.

Ensure to open the 32105 port in the cluster firewall to connect with the Analytics Agent.

sudo ufw allow 32105/tcp
CODE 


events:
  enableSsl: true
  externalUrl: <URL_of_Events_Service>
CODE
aiopsSpecify the external AIOps URL. This is set with one of dnsNames because Ingress is configured for the Virtual Appliance.
aiops:
  externalUrl: <URL_of_AIOps>
CODE
ingress

Configure SSL for the Ingress controller. By default, Ingress endpoint has self-signed certificates enabled.

  • defaultCert: Set to true to use self-signed certificates, which are auto-generated. Set to false if CA certs are provided.
  • keyFile: Specify the private key from the CA provider to be used for Ingress in /var/appd/config/ingress.key.
  • certFile: Specify the public key (PEM file) from the CA provider to be used for Ingress in /var/appd/config/ingress.crt.
ingress:
  defaultCert: true
{{ if isFile "/var/appd/config/ingress.key" }}
  keyFile: {{ readFile "/var/appd/config/ingress.key" | b64enc | quote }}
{{ end }}
{{ if isFile "/var/appd/config/ingress.crt" }}
  certFile: {{ readFile "/var/appd/config/ingress.crt" | b64enc | quote }}
{{ end }}
YML
enableClusterAgentEnable or disable self-monitoring for the controller. It requires a boolean value.
enableClusterAgent: false
CODE


hybrid

By default, this parameter is set to false.

Enable this parameter to true to leverage your current Controller, Events Service, and End User Monitoring components from Splunk AppDynamics On-Premises while installing Anomaly Detection and Cisco Secure Application Services in your Kubernetes cluster.

When set to true, the Controller and MySQL settings refer to an existing deployment of Controller.

  • Set the Controller domain name.
  • Configure the port to access the standalone Controller.
  • If the TLS is enabled in the Controller
    • Set the sslEnabled field to true.
    • Upload the Controller CA certificates for the standalone Controller in /var/appd/config/hybrid-controller-ca.crt.
  • Configure the MySQL host. It is the same host as the Controller domain.
  • Configure a port for the standalone Controller database.
  • Update the MySQL CA certificates.
  • Update CA certificates for Kafka.

    When you generate the CA certificates for Kafka, ensure to specify the Kafka IP addresses. These IP addresses are the same node IP addresses.

    Example IP Addresses

    ipAddresses:
    - 10.0.0.1
    - 10.0.0.2
    - 10.0.0.3
    CODE 


hybrid:
  enable: false
  controller:
    domainName: controller.nip.io
    port: 8181
    sslEnabled: true
{{ if isFile "/var/appd/config/hybrid-controller-ca.crt" }}
    controllerCaCertsFile: {{ readFile "/var/appd/config/hybrid-controller-ca.crt" | b64enc | quote }}
{{ end }}
  mysql:
    dbHost: controller.nip.io
    dbPort: 3388
{{ if isFile "/var/appd/config/hybrid-mysql-ca.crt" }}
    mysqlCaCertsFile: {{ readFile "/var/appd/config/hybrid-mysql-ca.crt" | b64enc | quote }}
{{ end }}
  kafka:
    defaultCert: true
{{ if isFile "/var/appd/config/hybrid-kafka.key" }}
    keyFile: {{ readFile "/var/appd/config/hybrid-kafka.key" | b64enc | quote }}
{{ end }}
{{ if isFile "/var/appd/config/hybrid-kafka.crt" }}
    certFile: {{ readFile "/var/appd/config/hybrid-kafka.crt" | b64enc | quote }}
{{ end }}
  schemaregistry:
    externalUrl: https://<domain_name>/schemaregistry
CODE

Edit the secrets.yaml File.

Run the following command to edit the secrets.yaml.encrypted file:

helm secrets edit <path_to_secrets.yaml.encrypted>
CODE

By default, the location of the file is /var/appd/config/secrets.yaml.encrypted.


Parameter NameDescriptionExample
appdCcontroller
  • rootPassword: Reset the Root password to access Controller administration page. Default value is welcome.
  • adminUsername: create and specify the administrator username. Default value is admin.
  • adminPassword: create and specify the password for the admin user. Default value is welcome.
appdController:
    rootUsername: root
    rootPassword: welcome
    rootAccountname: system
    adminUsername: admin
    adminPassword: welcome
CODE
mysqlSpecify the MySQL bootstrap configuration. This includes the root user and EUM user configuration. 
mysql:
    secret:
        rootUser: root
        rootPassword: <Password>
        rootHost: '%'
        eumDb: eum_db
        eumDbUser: eum_user
        eumDbPassword: <Password>
YML
tls

Specify the password to protect the keystore used by the Virtual Appliance services.


tls:
  keyStorePassword: changeit
CODE
hybridIf you are using the hybrid deployment, provide the Controller and MySQL credentials.
hybrid:
    controller:
        controllerKey: <Controller-Key-Value>
        tenantAccountName: customer1
        rootUsername: root
        rootPassword: welcome
        rootAccountname: system
        adminUsername: admin
        adminPassword: welcome 
    mysql:
        dbUser: secapp
        dbPassword: changeit
CODE