The Cisco Cloud Observability Kubernetes Collectors (appdynamics-collectors) chart can be used to deploy the following collectors:

  • Cluster Collector
  • Infrastructure Collector
  • Log Collector
  • Cisco AppDynamics Distribution of OpenTelemetry Collector

The appdynamics-collectors chart includes the following sub-charts:

  • appdynamics-otel-collector includes the settings for the:
    • Cisco AppDynamics Distribution of OpenTelemetry Collector
  • appdynamics-cloud-k8s-monitoring includes the settings for these collectors:
    • Cluster Collector
    • Infrastructure Collector
    • Log Collector

Global Settings

You can specify the following global parameters within the collectors-values.yaml file:

NameTypeDescriptionRequired

global

object

Contains the global settings for the Cisco Cloud Observability Kubernetes Collectors. 

No

global

↩ Parent

You can specify the following global parameters under the global key within the collectors-values.yaml file:

ParameterTypeDescriptionRequiredDefaultReinstall Required
tlsobjectUsed to enable tls for collectors. See Configure mTLS.No
tls:
    appdCollectors:
      enabled: true
YML
No
clusterNamestringThe name of the cluster that is displayed in the UI.YesnullNo
clusterIdstring

The unique Id of the cluster. 

The value of this parameter is the uid of the Kubernetes namespace. To get this value, run the following command in your Kubernetes cluster:

kubectl get ns kube-system -o=jsonpath='{.metadata.uid}' 
CODE
  • You must specify this parameter if helm lookup is unsupported such as, when using Argo CD™, helm template, or helm install --dry-run.
  • If helm lookup functions are supported, the clusterId is read directly from the kube-system namespace and the value provided for this parameter is ignored.
NonullYes
oauthobject

This is required during the collectors installation for Agent Management and establish the connection to Cisco Cloud Observability.

You must specify the following parameters within the oauth parameter:

  • clientId: A string value that defines the client ID for authenticating with Cisco Cloud Observability.

  • clientSecret: a string value that defines the secret string in plaintext for authenticating with Cisco Cloud Observability.
    or
    clientSecretEnvVar: an object type value that defines the secret string in environment variable form for authenticating with Cisco Cloud Observability.
  • endpoint: a string value that defines the endpoint the collector sends data to.
  • tokenUrl: a string value that defines the URL for obtaining an authentication token from Cisco Cloud Observability.
Yes
oauth:
  clientId: ""
  clientSecret: ""
  endpoint: ""
  tokenUrl: ""
CODE



clientSecretEnvVar:
   valueFrom:
       secretKeyRef:
           name: ""
           key: "" 
CODE
Yes
agentManagementProxyobject

This is required only if you have a proxy to send the data to the Cloud Observability Platform.

This is used when Agent Management is behind a proxy.


No
agentManagementProxy:
    httpProxy: http://example-proxy.com
    httpsProxy: https://example-proxy.com
    noProxy:
     - http://example-dont-use-for-url1.com
     - https://example-dont-use-for-url2.com  
CODE
Yes

global.tls

↩ Parent

global.tls contains the TLS settings for Cisco AppDynamics Collectors and the Cisco AppDynamics Distribution of OpenTelemetry Collector receiver and exporter.

NameTypeDescriptionRequired

appdCollectors

object

TLS settings for Cisco AppDynamics Collectors (to communicate with the Cisco AppDynamics Distribution of OpenTelemetry Collector service).

No
otelReceiverobjectTLS settings for otlp receiver.No
otelExporterobjectTLS settings for otlp exporter.No

global.tls.appdCollectors

↩ Parent

global.tls.appdCollectors contains the TLS settings for Cisco AppDynamics Collectors.

NameTypeDescriptionRequired
secretobject

TLS certificates secret for Cisco AppDynamics Collectors.

No
enabledboolean

Enable TLS for communication between Cisco AppDynamics Collectors and the Cisco AppDynamics Distribution of OpenTelemetry Collector (service).

No

global.tls.appdCollectors.secret

↩ Parent

global.tls.appdCollectors.secret configures the TLS certificate secret for Cisco AppDynamics Collectors.

NameTypeDescriptionRequired
secretNamestringThe name of the Kubernetes secret that holds the certificates.Yes
secretKeysobjectThe secret keys for specifying TLS certificate, key, and CA certificate.Yes

global.tls.appdCollectors.secret.secretKeys

↩ Parent

global.tls.appdCollectors.secret.secretKeys configures the secret keys for specifying TLS certificate, key, and CA certificate for Cisco AppDynamics Collectors.

NameTypeDescriptionRequired
caCertstringThe Kubernetes secret key name that points to the CA certificate.Yes
tlsCertstringThe Kubernetes secret key name that points to the TLS certificate. Yes
tlsKeystring The Kubernetes secret key name that points to the TLS key. Yes

global.tls.otelExporter

↩ Parent

global.tls.otelExporter contains the TLS settings for the otlp exporter.

NameTypeDescriptionRequired
secretobjectTLS certificates secret for otlp exporter.No
settingsobject

Client TLS settings for the Cisco AppDynamics Distribution of OpenTelemetry Collector.

No

global.tls.otelExporter.secret

↩ Parent

global.tls.otelExporter.secret configures the TLS certificates secret for otlp exporter. 

NameTypeDescriptionRequired
secretNamestringThe name of the Kubernetes secret that holds the certificate secret.Yes
secretKeysobjectThe secret keys for specifying TLS certificate, key, and certification authority (CA).Yes

global.tls.otelExporter.secret.secretKeys

↩ Parent

global.tls.otelExporter.secret.secretKeys configures the secret keys for specifying TLS certificate, key, and the CA for the otlp exporter.

NameTypeDescriptionRequired
caCertstringThe Kubernetes secret key name that points to the CA certificate.Yes
tlsCertstringThe Kubernetes secret key name that points to the TLS certificate. Yes
tlsKeystring The Kubernetes secret key name that points to the TLS key. Yes

global.tls.otelExporter.settings

↩ Parent

global.tls.otelExporter.secret.settings defines client TLS settings for the Cisco AppDynamics Distribution of OpenTelemetry Collector.

NameTypeDescriptionRequired
ca_filestringPath to the CA cert. For a client this verifies the server certificate. For a server this verifies client certificates. If empty uses system root CA. Should only be used if insecure is set to false.No
cert_filestringPath to the TLS cert to use for TLS required connections. Should only be used if insecure is set to false.No
insecureboolean(default = false): whether to enable client transport security for the exporter's gRPC connection. See grpc.WithInsecure().No
insecure_skip_verifyboolean(default = false): configure TLS to be enabled but skip verifying the server's certificate chain. This cannot be combined with insecure since insecure won't use TLS at all.No
key_filestringPath to the TLS key to use for TLS required connections. Should only be used if insecure is set to false.No
max_versionstring

max_version (default = "1.2"): Maximum acceptable TLS version.

No
min_versionstring

min_version (default = "1.2"): Minimum acceptable TLS version. It's recommended to use at least 1.2 as the minimum version.

No
reload_intervalstringSpecifies the duration after which the certificate will be reloaded. If not set, it will never be reloaded.No

global.tls.otelReceiver

↩ Parent

global.tls.otelReceiver contains the TLS settings for the otlp receiver.

NameTypeDescriptionRequired
secretobjectTLS certificates secret for otlp receiver.No
settingsobject

Server TLS settings for the Cisco AppDynamics Distribution of OpenTelemetry Collector service.

No
mtlsEnabledbooleanA shortcut to enable mTLS for otlp receiver. If true, the receiver will use  appdynamics-otel-collector.global.tls.otelReceiver.secret.secretKeys.caCert for authenticating with the client. Enabling mTLS can also be enabled by configuring appdynamics-otel-collector.global.tls.otelReceiver.settings directly.No

global.tls.otelReceiver.secret

↩ Parent

global.tls.otelReceiver.secret configures the TLS certificates secret for the otlp receiver. 

NameTypeDescriptionRequired
secretNamestringThe name of the Kubernetes secret that holds the certificates.Yes
secretKeysobjectThe secret keys for specifying TLS certificate, key, and CA.Yes

global.tls.otelReceiver.secret.secretKeys

↩ Parent

global.tls.otelReceiver.secret.secretKeys configures the secret keys for specifying TLS certificate, key, and CA for the otlp receiver.

NameTypeDescriptionRequired
caCertstringThe Kubernetes secret key name that points to the CA certificate.Yes
tlsCertstringThe Kubernetes secret key name that points to the TLS certificate. Yes
tlsKeystring The Kubernetes secret key name that points to the TLS key. Yes

global.tls.otelReceiver.settings

↩ Parent

global.tls.otelReceiver.secret.settings defines server TLS settings for the Cisco AppDynamics Distribution of OpenTelemetry Collector service.

NameTypeDescriptionRequired
ca_filestringPath to the CA. For a client this verifies the server certificate. For a server this verifies client certificates. If empty uses system root CA. Should only be used if insecure is set to false.No
cert_filestringPath to the TLS cert to use for TLS required connections. Should only be used if insecure is set to false.No
client_ca_filestringPath to the TLS cert to use by the server to verify a client certificate. (optional) This sets the ClientCAs and ClientAuth to RequireAndVerifyClientCert in the TLSConfig. For details, see https://godoc.org/crypto/tls#Config.No
key_filestringPath to the TLS key to use for TLS required connections. Should only be used if insecure is set to false.No
max_versionstring

max_version (default = "1.2"): Maximum acceptable TLS version.

No
min_versionstring

min_version (default = "1.2"): Minimum acceptable TLS version. It's recommended to use at least 1.2 as the minimum version.

No
reload_intervalstringSpecifies the duration after which the certificate will be reloaded. If not set, it will never be reloaded.No

Configure mTLS

You can configure mTLS for the appdynamics-otel-collector to communicate with the appdynamics-collectors inside the cluster. You can use cert-manager to create the required certificate secrets.

Perform these steps if you are using cert-manager:

  1. Install cert-manager, if not already installed:

    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
    CODE
  2. Create cert.yaml per the following example. This file provides configuration to create server-cert and client-cert certificates which are specified during the collector's configuration:

    cert.yaml

    apiVersion: cert-manager.io/v1
    kind: ClusterIssuer
    metadata:
      name: selfsigned-issuer
    spec:
      selfSigned: {}
    ---
    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      name: my-selfsigned-ca
      namespace: appdynamics
    spec:
      isCA: true
      commonName: my-selfsigned-ca
      secretName: root-secret
      privateKey:
        algorithm: ECDSA
        size: 256
      issuerRef:
        name: selfsigned-issuer
        kind: ClusterIssuer
        group: cert-manager.io
    ---
    apiVersion: cert-manager.io/v1
    kind: Issuer
    metadata:
      name: ca-cert
      namespace: appdynamics
    spec:
      ca:
        secretName: root-secret
    ---
    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      name: server-cert
      namespace: appdynamics
    spec:
      secretName: server-secret
      issuerRef:
        name: ca-cert
        kind: Issuer
      commonName: clustermon-service
      dnsNames:
        - appdynamics-otel-collector-service
        - appdynamics-otel-collector-service.appdynamics.svc.cluster.local
    ---
    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      name: client-cert
      namespace: appdynamics
    spec:
      secretName: client-secret
      issuerRef:
        name: ca-cert
        kind: Issuer
      commonName: client
    YML
  3. Deploy the cert-manager resources:

    create certs

    kubectl apply -f cert.yaml
    BASH

    This results in the creation of certificates as Kubernetes® secrets for server and clients with secret names server-secret  and client-secret in the appdynamics namespace.

  4. Use these values in the collectors-values.yaml as configuration to mount the certificates and use them for mTLS:

    tls configuration

    global:
      clusterName: <cluster-name>
      tls:
        appdCollectors:
          enabled: true
          secret:
            secretName: client-secret
            secretKeys:
              caCert: ca.crt
              tlsCert: tls.crt
              tlsKey: tls.key
        otelReceiver:
          mtlsEnabled: true
          secret:
            secretName: server-secret
            secretKeys:
              caCert: ca.crt
              tlsCert: tls.crt
              tlsKey: tls.key
          settings:
            min_version: 1.2
            max_version: 1.3
    
    YML

    If using only TLS, remove mtlsEnabled: true from the otelReceiver parameter.

    The following is an example collectors-values.yaml  file including access key information:

    collectors-values.yaml

    global:
      clusterName: <cluster-name>
      tls:
        appdCollectors:
          enabled: true
          secret:
            secretName: client-secret
            secretKeys:
              caCert: ca.crt
              tlsCert: tls.crt
              tlsKey: tls.key
        otelReceiver:
          mtlsEnabled: true
          secret:
            secretName: server-secret
            secretKeys:
              caCert: ca.crt
              tlsCert: tls.crt
              tlsKey: tls.key
          settings:
            min_version: 1.2
            max_version: 1.3  
    
    # can be obtained from the onboarding page
    appdynamics-otel-collector:
      clientId: <id>
      clientSecret: <oauth-client-secret>
      tokenUrl: <token-url>
      endpoint: <endpoint>
    
    YML
  5. Install the Cisco AppDynamics Collectors with the preceding collectors-values.yaml file. See Install Kubernetes and App Service Monitoring.


OpenTelemetry™ and Kubernetes® (as applicable) are trademarks of The Linux Foundation®.

Third party names, logos, marks, and general references used in these materials are the property of their respective owners or their affiliates in the United States and/or other countries. Inclusion of such references are for informational purposes only and are not intended to promote or otherwise suggest a relationship between Cisco AppDynamics and the third party.