Edit the globals.yaml.gotmplfile

Run the following command to edit the globals.yaml.gotmpl file:

vi globals.yaml.gotmpl

This page explains the parameters in the globals.yaml.gotmpl.

dnsDomain

Domain name of the cluster.
dnsDomain: appd.example.com

dnsNames

List the Ingress domain names that you require to configure for the Virtual Appliance.

Note:

Include local host for appdcli to access the cluster. If the domain names are unavailable, specify <nodeip>.nip.io for each cluster. You must also include the dnsDomain as a value, in addition to other specified values.

dnsNames: &dnsNames
  - localhost
  - 10.0.0.1.nip.io
  - 10.0.0.2.nip.io
  - 10.0.0.3.nip.io
  - appd.example.com
{{ range split " " $internalIPs }} {{ printf " - %s.%s" . "nip.io" }}
{{ end }}

license

Specify the license file that you require to apply on your Virtual Appliance.

By default, the globals.yaml.gotmpl file has random UUIDs for controllerKey and eumKey. In case, you wish to generate new UUIDs for controllerkey and eumkey, run the gen-uuid.sh script from the helm charts folder (/home/appduser/appd-charts/utils).

Specify the generated UUIDs in the license section for service and agent authorization.

license:
	file: |
{{ if isFile "/var/appd/config/license.lic" }}
{{ readFile "/var/appd/config/license.lic" | indent 4 }}
{{ end }}
	controllerKey: &controllerKey 4f612930-c51e-490d-9ade-ef789bf4da6f
	eumKey: dcdf8fae-809b-44a5-870e-07c829efc704

appdController

Specify the Controller details that you want to bootstrap during deployment.

  • tenantAccountName : Specify the default account name (customer1). The Controller uses this name to create an account.
  • nodeLocked : Set this field to True if you require to apply the MAC address-based license on a specific node in the cluster.
  • nodeName : Specify the name of the node if the nodeLocked is set to True . The Controller is bound to this node.
  • customCaCerts
appdController:
  tenantAccountName: &account customer1
  nodeLocked: false
  nodeName: "appd-node-1"
  customCaCerts: false
{{ if isFile "/var/appd/config/cacert-extras.jks" }}
  caCertsFile: {{ readFile "/var/appd/config/cacert-extras.jks" | b64enc | quote }}
{{ end }}

eum

Specify the external EUM URL. Ingress is configured for the Virtual Appliance. Therefore, this URL is set up with one of the dnsNames .

eum:
	externalUrl: <URL_of_EUM>

events

Specify the external events URL for Analytics Agent. This uses the node port as 32105

  • enableSsl : TLS is enabled for the events endpoint. The default value is true .
  • externalUrl : Events service external URL.
Note: Ensure to open the 32105 port in the cluster firewall to connect with the Analytics Agent.
sudo ufw allow 32105/tcp
events:
	enableSsl: true
	externalUrl: <URL_of_Events_Service>

aiops

Specify the external AIOps URL. This is set with one of dnsNames because Ingress is configured for the Virtual Appliance.

aiops:
	externalUrl: <URL_of_AIOps>

ingress

Configure SSL for the Ingress controller. By default, Ingress endpoint has self-signed certificates enabled.

  • defaultCert : Set to true to use self-signed certificates, which are auto-generated. Set to false if CA certs are provided.
  • keyFile : Specify the private key from the CA provider to be used for Ingress in /var/appd/config/ingress.key .
  • certFile : Specify the public key (PEM file) from the CA provider to be used for Ingress in /var/appd/config/ingress.crt .
Note:
  • Ensure the ingess.key is in PEM plain text format.
  • The SAN of the server certificate in ingress.crt must include all the hostnames that are defined in the dnsNames section.
{{
ingress:
	defaultCert: true
{{ if isFile "/var/appd/config/ingress.key"}}
	keyFile: {{ readFile "/var/appd/config/ingress.key" | b64enc | quote }}
{{ end }}
{{ if isFile "/var/appd/config/ingress.crt" }}
	certFile: {{ readFile "/var/appd/config/ingress.crt" | b64enc | quote }}
{{ end }}}}

enableClusterAgent

Enable or disable self-monitoring for the controller. It requires a boolean value.

enableClusterAgent: false

hybrid

By default, this parameter is set to false.

Enable this parameter to true to leverage your current Controller, Events Service, and End User Monitoring components from Splunk AppDynamics On-Premises while installing Anomaly Detection and Secure Application Services in your Kubernetes cluster.

When set to true, the Controller and MySQL settings refer to an existing deployment of Controller.

  • Set the Controller domain name.
  • Configure the port to access the standalone Controller.
  • If the TLS is enabled in the Controller
    • Set the sslEnabled field to true .
    • Upload the Controller CA certificates for the standalone Controller in /var/appd/config/hybrid-controller-ca.crt .
  • Configure the MySQL host. It is the same host as the Controller domain.
  • Configure a port for the standalone Controller database.
  • Update the MySQL CA certificates.
  • Update CA certificates for Kafka.
    Note:

    When you generate the CA certificates for Kafka, ensure to specify the Kafka IP addresses. These IP addresses are the same node IP addresses.

    Example IP Addresses:

    ipAddresses:
- 10.0.0.1
- 10.0.0.2
- 10.0.0.3
hybrid:
	enable: false
	controller:
	domainName: controller.nip.io
	port: 8181
sslEnabled: true
{{ if isFile "/var/appd/config/hybrid-controller-ca.crt" }}
	controllerCaCertsFile: {{ readFile "/var/appd/config/hybrid-controller-ca.crt" | b64enc | quote }}
{{ end }}
mysql:
	dbHost: controller.nip.io
	dbPort: 3388
{{ if isFile "/var/appd/config/hybrid-mysql-ca.crt" }}
	mysqlCaCertsFile: {{ readFile "/var/appd/config/hybrid-mysql-ca.crt" | b64enc | quote }}
{{ end }}
kafka:
defaultCert: true
{{ if isFile "/var/appd/config/hybrid-kafka.key" }}
	keyFile: {{ readFile "/var/appd/config/hybrid-kafka.key" | b64enc | quote }}
{{ end }}
{{ if isFile "/var/appd/config/hybrid-kafka.crt" }}
	certFile: {{ readFile "/var/appd/config/hybrid-kafka.crt" | b64enc | quote }}
{{ end }}
schemaregistry:
	externalUrl: https://<domain_name>/schemaregistry

nfs

If you enable the NFS server to back up and restore, update the NFS parameters.

# NFS parameters
nfs:
	enabled: false
	server: nfs-server
	path: /mnt/nfs_share

backup

You can back up and restore Elasticsearch, PostgreSQL, and MySQL by the MinIO and NFS server.

Update the backup section based on the approach. For more information, see Backup an Restore Virtual Appliance.

# Backup config for datastores
backup:
	elasticsearch:
s3:
	enabled: false
	repoName: repo2
	endpoint: https://s3-endpoint
	protocol: https
	bucket: es-bucket
	region: us-east-1
{{ if isFile "/var/appd/config/es-s3-ca.jks" }}
	certFile: {{ readFile "/var/appd/config/es-s3-ca.jks" | b64enc | quote }}
{{ end }}
fs:
	enabled: false
	repoName: repo3
	storage: 5Gi
	postgresql:
s3:
	enabled: false
	repoName: repo2
	endpoint: https://s3-endpoint
	bucket: postgresql-bucket
region: us-east-1
{{ if isFile "/var/appd/config/postgres-s3-ca.crt" }}
	certFile: {{ readFile "/var/appd/config/postgres-s3-ca.crt" | b64enc | quote }}
{{ end }}
fs:
	enabled: false
	repoName: repo3
	storage: 5Gi
mysql:
s3:
	enabled: false
	repoName: repo2
	endpoint: https://s3-endpoint
	bucket: mysql-bucket
region: us-east-1
{{ if isFile "/var/appd/config/mysql-s3-ca.crt" }}
	certFile: {{ readFile "/var/appd/config/mysql-s3-ca.crt" | b64enc | quote }}
{{ end }}
fs:
	enabled: false
	repoName: repo3
	storage: 5Gi