Download PDF
Download page Configure Cisco AppDynamics Kubernetes Collectors.
Configure Cisco AppDynamics Kubernetes Collectors
The Cisco Cloud Observability Kubernetes Collectors (appdynamics-collectors
) chart can be used to deploy the following collectors:
- Cluster Collector
- Infrastructure Collector
- Log Collector
- Cisco AppDynamics Distribution of OpenTelemetry Collector
The appdynamics-collectors
chart includes the following sub-charts:
appdynamics-otel-collector
includes the settings for the:- Cisco AppDynamics Distribution of OpenTelemetry Collector
appdynamics-cloud-k8s-monitoring
includes the settings for these collectors:- Cluster Collector
- Infrastructure Collector
- Log Collector
Global Settings
You can specify the following global parameters within the collectors-values.yaml
file:
Name | Type | Description | Required |
---|---|---|---|
| object | Contains the global settings for the Cisco Cloud Observability Kubernetes Collectors. | No |
global
You can specify the following global parameters under the global
key within the collectors-values.yaml
file:
Parameter | Type | Description | Required | Default | Reinstall Required |
---|---|---|---|---|---|
tls | object | Used to enable tls for collectors. See Configure mTLS. | No |
YML
| No |
clusterName | string | The name of the cluster that is displayed in the UI. | Yes | null | No |
clusterId | string | The unique Id of the cluster. The value of this parameter is the uid of the Kubernetes namespace. To get this value, run the following command in your Kubernetes cluster:
CODE
| No | null | Yes |
oauth | object | This is required during the collectors installation for Agent Management and establish the connection to Cisco Cloud Observability. You must specify the following parameters within the oauth parameter:
| Yes |
CODE
CODE
| Yes |
agentManagementProxy | object | This is required only if you have a proxy to send the data to the Cloud Observability Platform. This is used when Agent Management is behind a proxy. | No |
CODE
| Yes |
global.tls
global.tls
contains the TLS settings for Cisco AppDynamics Collectors and the Cisco AppDynamics Distribution of OpenTelemetry Collector receiver and exporter.
Name | Type | Description | Required |
---|---|---|---|
| object | TLS settings for Cisco AppDynamics Collectors (to communicate with the Cisco AppDynamics Distribution of OpenTelemetry Collector service). | No |
otelReceiver | object | TLS settings for otlp receiver. | No |
otelExporter | object | TLS settings for otlp exporter. | No |
global.tls.appdCollectors
global.tls.appdCollectors
contains the TLS settings for Cisco AppDynamics Collectors.
Name | Type | Description | Required |
---|---|---|---|
secret | object | TLS certificates secret for Cisco AppDynamics Collectors. | No |
enabled | boolean | Enable TLS for communication between Cisco AppDynamics Collectors and the Cisco AppDynamics Distribution of OpenTelemetry Collector (service). | No |
global.tls.appdCollectors.secret
global.tls.appdCollectors.secret
configures the TLS certificate secret for Cisco AppDynamics Collectors.
Name | Type | Description | Required |
---|---|---|---|
secretName | string | The name of the Kubernetes secret that holds the certificates. | Yes |
secretKeys | object | The secret keys for specifying TLS certificate, key, and CA certificate. | Yes |
global.tls.appdCollectors.secret.secretKeys
global.tls.appdCollectors.secret.secretKeys
configures the secret keys for specifying TLS certificate, key, and CA certificate for Cisco AppDynamics Collectors.
Name | Type | Description | Required |
---|---|---|---|
caCert | string | The Kubernetes secret key name that points to the CA certificate. | Yes |
tlsCert | string | The Kubernetes secret key name that points to the TLS certificate. | Yes |
tlsKey | string | The Kubernetes secret key name that points to the TLS key. | Yes |
global.tls.otelExporter
global.tls.otelExporter
contains the TLS settings for the otlp exporter.
Name | Type | Description | Required |
---|---|---|---|
secret | object | TLS certificates secret for otlp exporter. | No |
settings | object | Client TLS settings for the Cisco AppDynamics Distribution of OpenTelemetry Collector. | No |
global.tls.otelExporter.secret
global.tls.otelExporter.secret
configures the TLS certificates secret for otlp exporter.
Name | Type | Description | Required |
---|---|---|---|
secretName | string | The name of the Kubernetes secret that holds the certificate secret. | Yes |
secretKeys | object | The secret keys for specifying TLS certificate, key, and certification authority (CA). | Yes |
global.tls.otelExporter.secret.secretKeys
global.tls.otelExporter.secret.secretKeys
configures the secret keys for specifying TLS certificate, key, and the CA for the otlp exporter.
Name | Type | Description | Required |
---|---|---|---|
caCert | string | The Kubernetes secret key name that points to the CA certificate. | Yes |
tlsCert | string | The Kubernetes secret key name that points to the TLS certificate. | Yes |
tlsKey | string | The Kubernetes secret key name that points to the TLS key. | Yes |
global.tls.otelExporter.settings
global.tls.otelExporter.secret.settings
defines client TLS settings for the Cisco AppDynamics Distribution of OpenTelemetry Collector.
Name | Type | Description | Required |
---|---|---|---|
ca_file | string | Path to the CA cert. For a client this verifies the server certificate. For a server this verifies client certificates. If empty uses system root CA. Should only be used if insecure is set to false. | No |
cert_file | string | Path to the TLS cert to use for TLS required connections. Should only be used if insecure is set to false. | No |
insecure | boolean | (default = false): whether to enable client transport security for the exporter's gRPC connection. See grpc.WithInsecure(). | No |
insecure_skip_verify | boolean | (default = false): configure TLS to be enabled but skip verifying the server's certificate chain. This cannot be combined with insecure since insecure won't use TLS at all. | No |
key_file | string | Path to the TLS key to use for TLS required connections. Should only be used if insecure is set to false. | No |
max_version | string |
| No |
min_version | string |
| No |
reload_interval | string | Specifies the duration after which the certificate will be reloaded. If not set, it will never be reloaded. | No |
global.tls.otelReceiver
global.tls.otelReceiver
contains the TLS settings for the otlp receiver.
Name | Type | Description | Required |
---|---|---|---|
secret | object | TLS certificates secret for otlp receiver. | No |
settings | object | Server TLS settings for the Cisco AppDynamics Distribution of OpenTelemetry Collector service. | No |
mtlsEnabled | boolean | A shortcut to enable mTLS for otlp receiver. If true, the receiver will use appdynamics-otel-collector.global.tls.otelReceiver.secret.secretKeys.caCert for authenticating with the client. Enabling mTLS can also be enabled by configuring appdynamics-otel-collector.global.tls.otelReceiver.settings directly. | No |
global.tls.otelReceiver.secret
global.tls.otelReceiver.secret
configures the TLS certificates secret for the otlp receiver.
Name | Type | Description | Required |
---|---|---|---|
secretName | string | The name of the Kubernetes secret that holds the certificates. | Yes |
secretKeys | object | The secret keys for specifying TLS certificate, key, and CA. | Yes |
global.tls.otelReceiver.secret.secretKeys
global.tls.otelReceiver.secret.secretKeys
configures the secret keys for specifying TLS certificate, key, and CA for the otlp receiver.
Name | Type | Description | Required |
---|---|---|---|
caCert | string | The Kubernetes secret key name that points to the CA certificate. | Yes |
tlsCert | string | The Kubernetes secret key name that points to the TLS certificate. | Yes |
tlsKey | string | The Kubernetes secret key name that points to the TLS key. | Yes |
global.tls.otelReceiver.settings
global.tls.otelReceiver.secret.settings
defines server TLS settings for the Cisco AppDynamics Distribution of OpenTelemetry Collector service.
Name | Type | Description | Required |
---|---|---|---|
ca_file | string | Path to the CA. For a client this verifies the server certificate. For a server this verifies client certificates. If empty uses system root CA. Should only be used if insecure is set to false. | No |
cert_file | string | Path to the TLS cert to use for TLS required connections. Should only be used if insecure is set to false. | No |
client_ca_file | string | Path to the TLS cert to use by the server to verify a client certificate. (optional) This sets the ClientCAs and ClientAuth to RequireAndVerifyClientCert in the TLSConfig. For details, see https://godoc.org/crypto/tls#Config. | No |
key_file | string | Path to the TLS key to use for TLS required connections. Should only be used if insecure is set to false. | No |
max_version | string |
| No |
min_version | string |
| No |
reload_interval | string | Specifies the duration after which the certificate will be reloaded. If not set, it will never be reloaded. | No |
Configure mTLS
You can configure mTLS
for the appdynamics-otel-collector
to communicate with the appdynamics-collectors
inside the cluster. You can use cert-manager to create the required certificate secrets.
Perform these steps if you are using cert-manager:
Install cert-manager, if not already installed:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
CODECreate
cert.yaml
per the following example. This file provides configuration to create server-cert and client-cert certificates which are specified during the collector's configuration:cert.yaml
apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: selfsigned-issuer spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: my-selfsigned-ca namespace: appdynamics spec: isCA: true commonName: my-selfsigned-ca secretName: root-secret privateKey: algorithm: ECDSA size: 256 issuerRef: name: selfsigned-issuer kind: ClusterIssuer group: cert-manager.io --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: ca-cert namespace: appdynamics spec: ca: secretName: root-secret --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: server-cert namespace: appdynamics spec: secretName: server-secret issuerRef: name: ca-cert kind: Issuer commonName: clustermon-service dnsNames: - appdynamics-otel-collector-service - appdynamics-otel-collector-service.appdynamics.svc.cluster.local --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: client-cert namespace: appdynamics spec: secretName: client-secret issuerRef: name: ca-cert kind: Issuer commonName: client
YMLDeploy the cert-manager resources:
create certs
kubectl apply -f cert.yaml
BASHThis results in the creation of certificates as Kubernetes® secrets for server and clients with secret names
server-secret
andclient-secret
in theappdynamics
namespace.Use these values in the
collectors-values.yaml
as configuration to mount the certificates and use them for mTLS:tls configuration
global: clusterName: <cluster-name> tls: appdCollectors: enabled: true secret: secretName: client-secret secretKeys: caCert: ca.crt tlsCert: tls.crt tlsKey: tls.key otelReceiver: mtlsEnabled: true secret: secretName: server-secret secretKeys: caCert: ca.crt tlsCert: tls.crt tlsKey: tls.key settings: min_version: 1.2 max_version: 1.3
YMLIf using only TLS, remove
mtlsEnabled: true
from theotelReceiver
parameter.The following is an example
collectors-values.yaml
file including access key information:collectors-values.yaml
global: clusterName: <cluster-name> tls: appdCollectors: enabled: true secret: secretName: client-secret secretKeys: caCert: ca.crt tlsCert: tls.crt tlsKey: tls.key otelReceiver: mtlsEnabled: true secret: secretName: server-secret secretKeys: caCert: ca.crt tlsCert: tls.crt tlsKey: tls.key settings: min_version: 1.2 max_version: 1.3 # can be obtained from the onboarding page appdynamics-otel-collector: clientId: <id> clientSecret: <oauth-client-secret> tokenUrl: <token-url> endpoint: <endpoint>
YML- Install the Cisco AppDynamics Collectors with the preceding
collectors-values.yaml
file. See Install Kubernetes and App Service Monitoring.
- To customize the
appdynamics-otel-collector
sub-chart, see Advanced Settings for the Cisco AppDynamics Distribution of OpenTelemetry Collector. - To customize the
appdynamics-cloud-k8s-monitoring
sub-chart, see Cisco AppDynamics Collectors Settings.
OpenTelemetry™ and Kubernetes® (as applicable) are trademarks of The Linux Foundation®.
Third party names, logos, marks, and general references used in these materials are the property of their respective owners or their affiliates in the United States and/or other countries. Inclusion of such references are for informational purposes only and are not intended to promote or otherwise suggest a relationship between Cisco AppDynamics and the third party.