Edit the globals.yaml.gotmplfile

Run the following command to edit the globals.yaml.gotmpl file which is at /var/appd/config:

vi globals.yaml.gotmpl

This page explains the parameters in the globals.yaml.gotmpl.

dnsDomain

Domain name of the cluster.
dnsDomain: appd.example.com

dnsNames

List the Ingress domain names that you require to configure for the Virtual Appliance.

Note:
  • Include local host for appdcli to access the cluster. If the domain names are unavailable, specify <nodeip>.nip.io for each cluster. You must also include the dnsDomain as a value, in addition to other specified values.
  • Some network policies might block the IP address that contains x.x.x.x.nip.io. In such scenarios, update the /etc/hosts file. See, Update DNS Configuration for an Air-Gapped Environment.
  • If you are using domain names for your Virtual Appliance, comment or delete the range split function. And, comment the localhost.
dnsNames: &dnsNames
# - localhost
  - 10.0.0.1.nip.io
  - 10.0.0.2.nip.io
  - 10.0.0.3.nip.io
  - appd.example.com
# If you are using Virtual IP address for your standalone Controller, comment or delete the range split function.
{{ range split " " $internalIPs }} {{ printf " - %s.%s" . "nip.io" }}
{{ end }}

license

Specify the license file that you require to apply on your Virtual Appliance.

By default, the globals.yaml.gotmpl file has random UUIDs for controllerKey and eumKey. In case of Standard deployment, if you wish to generate new UUIDs for controllerkey and eumkey, run the gen-uuid.sh script from the helm charts folder (/home/appduser/appd-charts/utils).

Specify the generated UUIDs in the license section for service and agent authorization.

license:
	file: |
{{ if isFile "/var/appd/config/license.lic" }}
{{ readFile "/var/appd/config/license.lic" | indent 4 }}
{{ end }}
	controllerKey: <Controller Key>
	eumKey: <EUM Key>

appdController

Specify the Controller details that you want to bootstrap during deployment.

  • tenantAccountName : Specify the default account name (customer1). The Controller uses this name to create an account.
  • nodeLocked : (Only for standard deployment) Set this field to True if you require to apply the MAC address-based license on a specific node in the cluster.
  • nodeName : (Only for standard deployment) Specify the name of the node if the nodeLocked is set to True . The Controller is bound to this node.
  • customCaCerts: (Only for standard deployment) Specify additional CA certs for outbound API calls from the Controller. By default, the Controller specifies the common CA certs.
appdController:
  tenantAccountName: &account customer1
  nodeLocked: false
  nodeName: "appd-node-1"
  customCaCerts: false
{{ if isFile "/var/appd/config/cacert-extras.jks" }}
  caCertsFile: {{ readFile "/var/appd/config/cacert-extras.jks" | b64enc | quote }}
{{ end }}

eum

Specify the external EUM URL. Ingress is configured for the Virtual Appliance. Therefore, this URL is set up with one of the dnsNames .

eum:
	externalUrl: <URL_of_EUM>

events

Specify the external events URL for Analytics Agent. This uses the node port as 32105

  • enableSsl : TLS is enabled for the events endpoint. The default value is true .
  • externalUrl : Events service external URL.
Note: Ensure to open the 32105 port in the cluster firewall to connect with the Analytics Agent.
sudo ufw allow 32105/tcp
events:
	enableSsl: true
	externalUrl: <URL_of_Events_Service>

aiops

Specify the external AIOps URL. This is set with one of dnsNames because Ingress is configured for the Virtual Appliance.

aiops:
	externalUrl: <URL_of_AIOps>

ingress

Configure SSL for the Ingress controller. By default, Ingress endpoint has self-signed certificates enabled.

  • defaultCert : Set to true to use self-signed certificates, which are auto-generated. Set to false if CA certs are provided.
  • keyFile : Specify the private key from the CA provider to be used for Ingress in /var/appd/config/ingress.key .
  • certFile : Specify the public key (PEM file) from the CA provider to be used for Ingress in /var/appd/config/ingress.crt .
Note:
  • Ensure the ingess.key is in PEM plain text format.
  • The SAN of the server certificate in ingress.crt must include all the hostnames that are defined in the dnsNames section.
{{
ingress:
	defaultCert: true
{{ if isFile "/var/appd/config/ingress.key"}}
	keyFile: {{ readFile "/var/appd/config/ingress.key" | b64enc | quote }}
{{ end }}
{{ if isFile "/var/appd/config/ingress.crt" }}
	certFile: {{ readFile "/var/appd/config/ingress.crt" | b64enc | quote }}
{{ end }}}}

enableClusterAgent

By default, this parameter is set to true. This setting helps you monitor the CPU, Memory, and Network usage of your cluster nodes. See View Container Details

To disable self-monitoring capabilities, set this parameter to false.
enableClusterAgent: false
Note: After you enable or disable self-monitoring capabilities, you must restart the Virtual Appliance services to take effect.

hybrid

By default, this parameter is set to false.

Enable this parameter to true to leverage your current Controller, Events Service, and End User Monitoring components from Splunk AppDynamics On-Premises while installing Anomaly Detection and Secure Application Services in your Kubernetes cluster.

When set to true, the Controller and MySQL settings refer to an existing deployment of Controller.

  • Set the Controller domain name.
    Note:

    • If you have set up the Virtual Appliance without a load-balancer or virtual IP address, the connection will not automatically switch to the active node during high-availability failover.

      Therefore, update the IP address, edit hybrid.controller.domainName and hybrid.mysql.dbhost in the global.yaml.gotmpl file after failover.

    • If you have set up the Virtual Appliance with a load-balancer (virtual IP address), enter the load-balancer's domain name and port in the hybrid.controller.domainName, hybrid.controller.port, and hybrid.mysql.dbhost sections of the global.yaml.gotmpl file.

      This domain name should resolve to the load-balancer's virtual IP address.

  • Configure the port to access the standalone Controller.
  • If the TLS is enabled in the Controller
    • Set the sslEnabled field to true .
    • Upload the Controller CA certificates for the standalone Controller in /var/appd/config/hybrid-controller-ca.crt if it is absent.
  • Configure the MySQL host. It is the same host as the Controller domain.
  • Configure a port for the standalone Controller database.
  • Enter the MySQL CA certificates that you copied from the On-Premises Classic deployment.
    Note: Ensure that the filename is correct in hybrid.mysql.mysqlCaCertsFile parameter.
  • (Optional) Enter CA certificates for Kafka services.
    Note:

    Ensure that the filename is correct in hybrid.kafka.certFile parameter.

    When you generate the CA certificates for Kafka, ensure to specify the Kafka IP addresses. These IP addresses are the same node IP addresses.

    Example IP Addresses:

    ipAddresses:
- 10.0.0.1
- 10.0.0.2
- 10.0.0.3
hybrid:
	enable: false
	controller:
		domainName: controller.nip.io
		port: 8181
		sslEnabled: true
{{ if isFile "/var/appd/config/hybrid-controller-ca.crt" }}
	controllerCaCertsFile: {{ readFile "/var/appd/config/hybrid-controller-ca.crt" | b64enc | quote }}
{{ end }}
mysql:
	dbHost: controller.nip.io
	dbPort: 3388
{{ if isFile "/var/appd/config/hybrid-mysql-ca.crt" }}
	mysqlCaCertsFile: {{ readFile "/var/appd/config/hybrid-mysql-ca.crt" | b64enc | quote }}
{{ end }}
kafka:
defaultCert: true
{{ if isFile "/var/appd/config/hybrid-kafka.key" }}
	keyFile: {{ readFile "/var/appd/config/hybrid-kafka.key" | b64enc | quote }}
{{ end }}
{{ if isFile "/var/appd/config/hybrid-kafka.crt" }}
	certFile: {{ readFile "/var/appd/config/hybrid-kafka.crt" | b64enc | quote }}
{{ end }}
schemaregistry:
	externalUrl: https://<domain_name>/schemaregistry

nfs

If you enable the NFS server to back up and restore, update the NFS parameters.

# NFS parameters
nfs:
	enabled: false
	server: nfs-server
	path: /mnt/nfs_share

backup

You can back up and restore Elasticsearch, PostgreSQL, and MySQL by the MinIO and NFS server.

Update the backup section based on the approach. For more information, see Backup and Restore Virtual Appliance.

# Backup config for datastores
backup:
	elasticsearch:
s3:
	enabled: false
	repoName: repo2
	endpoint: https://s3-endpoint
	protocol: https
	bucket: es-bucket
	region: us-east-1
{{ if isFile "/var/appd/config/es-s3-ca.jks" }}
	certFile: {{ readFile "/var/appd/config/es-s3-ca.jks" | b64enc | quote }}
{{ end }}
fs:
	enabled: false
	repoName: repo3
	storage: 5Gi
	postgresql:
s3:
	enabled: false
	repoName: repo2
	endpoint: https://s3-endpoint
	bucket: postgresql-bucket
region: us-east-1
{{ if isFile "/var/appd/config/postgres-s3-ca.crt" }}
	certFile: {{ readFile "/var/appd/config/postgres-s3-ca.crt" | b64enc | quote }}
{{ end }}
fs:
	enabled: false
	repoName: repo3
	storage: 5Gi
mysql:
s3:
	enabled: false
	repoName: repo2
	endpoint: https://s3-endpoint
	bucket: mysql-bucket
region: us-east-1
{{ if isFile "/var/appd/config/mysql-s3-ca.crt" }}
	certFile: {{ readFile "/var/appd/config/mysql-s3-ca.crt" | b64enc | quote }}
{{ end }}
fs:
	enabled: false
	repoName: repo3
	storage: 5Gi