Customize the Helm File

This page explains the parameters used in the helm file with examples. If you change the default configuration, you require to update the helm file before installing the services. For example, to use different CA certificates for the communication among components, you must update the helm file.

You can refer to the examples and edit the following file to provide custom values:

globals.yaml.gotmpl
secrets.yaml.encrypted

During service installation, special characters are escaped using entities, unicodes, or quotes. Therefore, do not use special characters in the helm files.

Special Characters

, { } [ ] &  *  #  ? | --  <  >  = !  % @ {}

CODE

Edit the `globals.yaml.gotmpl` file

Run the following command to edit the globals.yaml.gotmpl file:

vi globals.yaml.gotmpl

CODE

Parameter Name	Description	Example
`dnsDomain`	Domain name of the cluster.	`dnsDomain: appd.example.com` CODE
`dnsNames`	List the Ingress domain names that you require to configure for the Virtual Appliance. You must include local host for `appdcli` to access the cluster. If the domain names are unavailable, specify `<nodeip>.nip.io` for each cluster. You must also include the `dnsDomain` as a value, in addition to other specified values.	`dnsNames: &dnsNames - localhost - 10.0.0.1.nip.io - 10.0.0.2.nip.io - 10.0.0.3.nip.io - appd.example.com {{ range split " " $internalIPs }} {{ printf " - %s.%s" . "nip.io" }} {{ end }}` CODE
`license`	Specify the license file that you require to apply on your Virtual Appliance. Copy the license files as the `license.lic` file to the node in `/var/appd/config/`. By default, the `globals.yaml.gotmpl` file has random UUIDs for `controllerKey` and `eumKey`. In case, you wish to generate new UUIDs for `controllerkey` and `eumkey`, run the `gen-uuid.sh` script from the helm charts folder (`/home/appduser/appd-charts/utils`). Specify the generated UUIDs in the license section for service and agent authorization.	`license: file: \| {{ if isFile "/var/appd/config/license.lic" }} {{ readFile "/var/appd/config/license.lic" \| indent 4 }} {{ end }} controllerKey: &controllerKey 4f612930-c51e-490d-9ade-ef789bf4da6f eumKey: dcdf8fae-809b-44a5-870e-07c829efc704` CODE
`appdController`	Specify the Controller details that you want to bootstrap during deployment. `tenantAccountName`: Specify the default account name (`customer1`). The Controller uses this name to create an account. `nodeLocked`: Set this field to `True` if you require to apply the MAC address-based license on a specific node in the cluster. `nodeName`: Specify the name of the node if the `nodeLocked` is set to `True`. The Controller is bound to this node. `customCaCerts`: Specify additional CA certs for outbound API calls from the Controller. By default, the Controller specifies the common CA certs.	`appdController: tenantAccountName: &account customer1 nodeLocked: false nodeName: "appd-node-1" customCaCerts: false {{ if isFile "/var/appd/config/cacert-extras.jks" }} caCertsFile: {{ readFile "/var/appd/config/cacert-extras.jks" \| b64enc \| quote }} {{ end }}` CODE
`eum`	Specify the external EUM URL. Ingress is configured for the Virtual Appliance. Therefore, this URL is set up with one of the `dnsNames`.	`eum: externalUrl: <URL_of_EUM>` CODE
`events`	Specify the external events URL for Analytics Agent. This uses the node port as `32105`. `enableSsl`: TLS is enabled for the events endpoint. The default value is `true`. `externalUrl`: Events service external URL. Ensure to open the `32105` port in the cluster firewall to connect with the Analytics Agent. `sudo ufw allow 32105/tcp` CODE	`events: enableSsl: true externalUrl: <URL_of_Events_Service>` CODE
`aiops`	Specify the external AIOps URL. This is set with one of `dnsNames` because Ingress is configured for the Virtual Appliance.	`aiops: externalUrl: <URL_of_AIOps>` CODE
`ingress`	Configure SSL for the Ingress controller. By default, Ingress endpoint has self-signed certificates enabled. `defaultCert`: Set to `true` to use self-signed certificates, which are auto-generated. Set to `false` if CA certs are provided. `keyFile`: Specify the private key from the CA provider to be used for Ingress in `/var/appd/config/ingress.key`. `certFile`: Specify the public key (PEM file) from the CA provider to be used for Ingress in `/var/appd/config/ingress.crt`. Ensure the `ingess.key` is in PEM plain text format. The SAN of the server certificate in `ingress.crt` must include all the hostnames that are defined in the `dnsNames` section.	`{{ ingress: defaultCert: true {{ if isFile "/var/appd/config/ingress.key"}} keyFile: {{ readFile "/var/appd/config/ingress.key" \| b64enc \| quote }} {{ end }} {{ if isFile "/var/appd/config/ingress.crt" }} certFile: {{ readFile "/var/appd/config/ingress.crt" \| b64enc \| quote }} {{ end }}}}` YML
`enableClusterAgent`	Enable or disable self-monitoring for the controller. It requires a boolean value.	`enableClusterAgent: false` CODE
`hybrid`	By default, this parameter is set to `false`. Enable this parameter to `true` to leverage your current Controller, Events Service, and End User Monitoring components from Splunk AppDynamics On-Premises while installing Anomaly Detection and Cisco Secure Application Services in your Kubernetes cluster. When set to `true`, the Controller and MySQL settings refer to an existing deployment of Controller. Set the Controller domain name. Configure the port to access the standalone Controller. If the TLS is enabled in the Controller Set the `sslEnabled` field to `true`. Upload the Controller CA certificates for the standalone Controller in `/var/appd/config/hybrid-controller-ca.crt`. Configure the MySQL host. It is the same host as the Controller domain. Configure a port for the standalone Controller database. Update the MySQL CA certificates. Update CA certificates for Kafka. When you generate the CA certificates for Kafka, ensure to specify the Kafka IP addresses. These IP addresses are the same node IP addresses. Example IP Addresses `ipAddresses: - 10.0.0.1 - 10.0.0.2 - 10.0.0.3` CODE	hybrid: enable: false controller: domainName: controller.nip.io port: 8181 sslEnabled: true {{ if isFile "/var/appd/config/hybrid-controller-ca.crt" }} controllerCaCertsFile: {{ readFile "/var/appd/config/hybrid-controller-ca.crt" \| b64enc \| quote }} {{ end }} mysql: dbHost: controller.nip.io dbPort: 3388 {{ if isFile "/var/appd/config/hybrid-mysql-ca.crt" }} mysqlCaCertsFile: {{ readFile "/var/appd/config/hybrid-mysql-ca.crt" \| b64enc \| quote }} {{ end }} kafka: defaultCert: true {{ if isFile "/var/appd/config/hybrid-kafka.key" }} keyFile: {{ readFile "/var/appd/config/hybrid-kafka.key" \| b64enc \| quote }} {{ end }} {{ if isFile "/var/appd/config/hybrid-kafka.crt" }} certFile: {{ readFile "/var/appd/config/hybrid-kafka.crt" \| b64enc \| quote }} {{ end }} schemaregistry: externalUrl: https://<domain_name>/schemaregistry CODE
`nfs`	If you enable the NFS server to back up and restore, update the NFS parameters.	`# NFS parameters nfs: enabled: false server: nfs-server path: /mnt/nfs_share` CODE
`backup`	You can back up and restore Elasticsearch, PostgreSQL, and MySQL by the MinIO and NFS server. Update the backup section based on the approach. For more information, see Backup an Restore Virtual Appliance.	# Backup config for datastores backup: elasticsearch: s3: enabled: false repoName: repo2 endpoint: https://s3-endpoint protocol: https bucket: es-bucket region: us-east-1 {{ if isFile "/var/appd/config/es-s3-ca.jks" }} certFile: {{ readFile "/var/appd/config/es-s3-ca.jks" \| b64enc \| quote }} {{ end }} fs: enabled: false repoName: repo3 storage: 5Gi postgresql: s3: enabled: false repoName: repo2 endpoint: https://s3-endpoint bucket: postgresql-bucket region: us-east-1 {{ if isFile "/var/appd/config/postgres-s3-ca.crt" }} certFile: {{ readFile "/var/appd/config/postgres-s3-ca.crt" \| b64enc \| quote }} {{ end }} fs: enabled: false repoName: repo3 storage: 5Gi mysql: s3: enabled: false repoName: repo2 endpoint: https://s3-endpoint bucket: mysql-bucket region: us-east-1 {{ if isFile "/var/appd/config/mysql-s3-ca.crt" }} certFile: {{ readFile "/var/appd/config/mysql-s3-ca.crt" \| b64enc \| quote }} {{ end }} fs: enabled: false repoName: repo3 storage: 5Gi CODE

Edit the `secrets.yaml` File

Run the following command to edit the secrets.yaml.encrypted file:

helm secrets edit /var/appd/config/secrets.yaml.encrypted

CODE

Initially, the secrets.yaml file is at /var/appd/config/secrets.yaml, but after installing the Splunk AppDynamics services, the file is automatically encrypted and moved to /var/appd/config/secrets.yaml.encrypted.

Parameter Name	Description	Example
`appdController`	`rootPassword`: Reset the `Root` password to access Controller administration page. Default value is `welcome`. `adminUsername`: create and specify the administrator username. Default value is `admin`. `adminPassword`: create and specify the password for the admin user. Default value is `welcome`.	`appdController: rootUsername: root rootPassword: welcome rootAccountname: system adminUsername: admin adminPassword: welcome` CODE
`mysql`	Specify the MySQL bootstrap configuration. This includes the root user and EUM user configuration.	`mysql: secret: rootUser: root rootPassword: <Password> rootHost: '%' eumDb: eum_db eumDbUser: eum_user eumDbPassword: <Password>` YML
`tls`	Specify the password to protect the keystore used by the Virtual Appliance services.	`tls: keyStorePassword: changeit` CODE
`hybrid`	If you are using the hybrid deployment, provide the Controller and MySQL credentials.	`hybrid: controller: controllerKey: <Controller-Key-Value> tenantAccountName: customer1 rootUsername: root rootPassword: welcome rootAccountname: system adminUsername: admin adminPassword: welcome mysql: dbUser: secapp dbPassword: changeit` CODE

Edit the globals.yaml.gotmpl file

Edit the secrets.yaml File

Edit the `globals.yaml.gotmpl` file

Edit the `secrets.yaml` File