Amazon EC2 を使用したベアメタル K8s での PSA の設定

次のように、Amazon EC2 を使用して、ベアメタル K8s での Web モニタリング PSA と API モニタリング PSA を設定します。既存の Kubernetes クラスタで PSA を設定する場合は、「Kubernetes クラスタの作成」セクションをスキップします。

Kubernetes クラスタを作成します。
Docker イメージをプルします。
Minikube の Docker デーモンにイメージを保存します。
Web モニタリング PSA と API モニタリング PSA を展開します。
Kubernetes クラスタをモニターします。

注: ほとんどの手順は、Web モニタリング PSA と API モニタリング PSA の両方に共通です。該当する場合は、手順の違いが強調表示されています。

警告: このページには、AWS CLI のマニュアルへのリンクが含まれています。AWS CLI で自身のマニュアルを管理しているため、Splunk AppDynamics では AWS CLI のマニュアルの精度については一切保証しません。

Create the Kubernetes Cluster

注: You can use kops to create your own managed Kubernetes cluster on AWS. If you want to create self-managed cluster on a different cloud or your own datacenter, you might want to look into other tools like Kubeadm or Kubespray. See installing Kubernetes with deployment tools.

To create a Kubernetes cluster in Bare Metal K8s:

Install and configure AWS CLI.

To create IAM Role, enter.

aws iam create-group --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess --group-name kops
aws iam create-user --user-name kops
aws iam add-user-to-group --user-name kops --group-name kops
aws iam create-access-key --user-name kops

Configure AWS CLI credentials using aws configure with the access key obtained in the previous step.
Based on your platform, install kops following these instructions.

To create S3 bucket, enable versioning by entering:

bucket_name=heimdall-onprem-kops-state-store
aws s3api create-bucket \
--bucket ${bucket_name} \
--create-bucket-configuration LocationConstraint=us-west-2
aws s3api put-bucket-versioning --bucket ${bucket_name} --versioning-configuration Status=Enabled

To create cluster, enter:

export KOPS_CLUSTER_NAME=heimdall-onprem.k8s.local
export KOPS_STATE_STORE=s3://${bucket_name}
export KOPS_KUBERNETES_VERSION=1.x.x
kops create cluster \
--node-count=4 \
--node-size=t3.2xlarge \
--zones=us-west-2a \
--kubernetes-version=${KOPS_KUBERNETES_VERSION} \
--name=${KOPS_CLUSTER_NAME}
kops update cluster --name ${KOPS_CLUSTER_NAME} --yes

注: Specify the KOPS_KUBERNETES_VERSION from one of the compatible versions.

注: The node-size and node-count in the above code snippet are selected according to recommended configuration type. You can specify a configuration of your choice with a different type and number of nodes. See EC2 instance types.

To validate if the cluster is running (might take some time for cluster to set up and run), enter:
```
kops validate cluster
```

Access the Cluster

To access the Kubernetes cluster, follow these instructions to install kubectl, a utility to interact with the cluster.

To verify that the cluster is running, enter:

kubectl get nodes

（オプション）プロキシサーバーの設定

プロキシサーバーを設定すると、すべてのドメインに適用されます。values.yaml ファイルにプロキシサーバーアドレスを指定して、プロキシサーバーを設定します。「キーと値のペアの設定」を参照してください。

プロキシサーバーからドメインをバイパスするには、次の手順を実行します。

注: バイパスリストの設定は、Web モニタリング PSA でのみサポートされています。

values.yaml ファイルを開きます。
[browserMonitoringAgent] の [bypassList] フィールドにドメイン URL を追加します。
```
browserMonitoringAgent:
enabled: true
server: "<proxy server address>"
bypassList: "<specify the domain URLs that you want to bypass separated by semicolon>"
```
たとえば、 bypassList: "*abc.com;*xyz1.com;*xyz2.com"
bypassList で指定したドメイン URL は、プロキシサーバーにリダイレクトされません。bypassList に任意の数のドメインを追加できます。他のすべての指定されていないドメイン URL は、プロキシサーバーにリダイレクトされます。

Configure Proxy Server at a Job Level

You can configure a proxy server and a bypass list for a particular job. Any proxy server URL and bypass list configured at the agent level gets overridden by the proxy server URL and bypass list configured at the job level. Perform the following steps to configure a proxy server at the job level:

Create or edit a Synthetic job.
Select the Run a script option.

Add the following details in the beginning the script:

'''yml
jobLevelProxyConfig:
  proxyServer: "<proxy-server-address>"
  bypassProxyList: "<list of URLs that you want to bypass, separated by semi-colon>"
'''

Example:

'''yml
jobLevelProxyConfig：
  proxyServer: "http://tinyproxy: tinyproxy.svc.cluster.local:8888"
  bypassProxyList: "*abc.com;*xyz1.com;*xyz2.com"
'''

pageUrl = "https://help.splunk.com/en"
driver.get(pageUrl)
assert "Splunk" in driver.title, "Title should contain Splunk"

Pull the Docker Image

Pull the pre-built docker images for sum-chrome-agent, sum-api-monitoring-agent, and sum-heimdall from DockerHub. The pre-built images include the dependent libraries, so you can use these images even when you do not have access to the Internet.

Run the following commands to pull the agent images:

docker pull appdynamics/heimdall-psa
docker pull appdynamics/chrome-agent-psa
docker pull appdynamics/api-monitoring-agent-psa

Alternatively, you can also download the .tar file from the Splunk AppDynamics Download Center. This file includes pre-built docker images for sum-chrome-agent, sum-api-monitoring-agent, sum-heimdall, ignite, and the dependent libraries. So, you can use these images when you do not have access to the Internet and DockerHub.

Unzip the .tar file and load the images using the following commands:

sum-chrome-agent:
```
docker load < ${webAgentTag}
```
sum-api-monitoring-agent:
```
docker load < ${apiAgentTag}
```
sum-heimdall:
```
docker load < ${heimdallTag}
```
ignite:
```
docker load < ${igniteTag}
```

For example:

# Load all Docker images
docker load -i heimdall-25.7.3098.tar
docker load -i api-monitoring-agent-1.0-415.tar
docker load -i chrome-agent-1.0-1067.tar
docker load -i ignite-2.16.0-jdk11.tar

Verify that all the images are loaded:

docker images | grep -E "(heimdall|api-monitoring|chrome-agent|ignite)"

When the images are loaded successfully, an output similar to the following is displayed:

```
829771730735.dkr.ecr.us-west-2.amazonaws.com/sum/heimdall                   25.7.3098    abc123def456   2 hours ago     500MB
829771730735.dkr.ecr.us-west-2.amazonaws.com/sum/api-monitoring-agent       1.0-415      def456ghi789   2 hours ago     300MB
829771730735.dkr.ecr.us-west-2.amazonaws.com/sum/chrome-agent               1.0-1067     ghi789jkl012   2 hours ago     800MB
apacheignite/ignite                                                         2.16.0       jkl012mno345   2 hours ago     400MB
```

(Optional) Add Custom Python Libraries

注: This section is applicable only for Web Monitoring PSA.

In addition to the available standard set of libraries, you can add custom Python libraries to the agent to use in scripted measurements. You build a new image based on the image you loaded as the base image

Create a Dockerfile and create RUN directives to run python pip. For example, to install the library algorithms you can create a Dockerfile:

# Use the sum-chrome-agent image you just loaded as the base image
FROM appdynamics/chrome-agent-psa:<agent-tag>
USER root
RUN apk add py3-pip
USER appdynamics
# Install algorithm for python3 on top of that
RUN python3 -m pip install algorithms==0.1.4 --break-system-packages

注: You can create any number of RUN directives to install the required libraries.

To build the new image, enter:
```
docker build -t sum-chrome-agent:<agent-tag> - < Dockerfile
```
The newly built agent image contains the required libraries.

イメージのタグ付けとレジストリへのプッシュ

クラスタがアクセスできるように、イメージにタグを付けてレジストリにプッシュする必要があります。これは、次の方法で実行できます。

EC2 を使用した Bare Metal K8S

Vanilla K8S は AWS インフラストラクチャで動作します。kops は適切なロールを作成してクラスタノードに割り当てるため、他の設定なしで Elastic Container Registry（ECR）に直接アクセスできます。

イメージにタグを付けるには、次のように入力します。

Web Monitoring PSA:

docker tag sum-heimdall:<heimdall-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker tag sum-chrome-agent:<agent-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-chrome-agent:<agent-tag>

API Monitoring PSA:

docker tag sum-heimdall:<heimdall-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker tag sum-api-monitoring-agent:<agent-tag> <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-api-monitoring-agent:<agent-tag>

<aws_account_id> と <region> をアカウントとリージョンの値に置き換えます。

リポジトリを作成するには、次のように入力します。

Web Monitoring PSA:

aws ecr create-repository --repository-name sum/sum-heimdall
aws ecr create-repository --repository-name sum/sum-chrome-agent

API Monitoring PSA:

aws ecr create-repository --repository-name sum/sum-heimdall
aws ecr create-repository --repository-name sum/sum-api-monitoring-agent

イメージをプッシュするには、次のように入力します。

Web Monitoring PSA:

aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-chrome-agent:<agent-tag>

API Monitoring PSA:

aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-heimdall:<heimdall-tag>
docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/sum/sum-api-monitoring-agent:<agent-tag>

プライベートレジストリを使用した Bare Metal K8S

注: AWS 上にない独自の Kubernetes クラスタを管理している場合は、独自のレジストリサーバを展開する必要があります。「Deploy a registry server」を参照してください。「レジストリサーバーの展開」を参照してください。

イメージにタグを付けるには、次のように入力します。

Web Monitoring PSA:

docker tag sum-heimdall:<heimdall-tag> <REGISTRY_HOST>:<REGISTRY_PORT>/sum-heimdall:<heimdall-tag>
docker tag sum-chrome-agent:<agent-tag> <REGISTRY_HOST>:<REGISTRY_PORT>/sum-chrome-agent:<agent-tag>

API Monitoring PSA:

docker tag sum-heimdall:<heimdall-tag> <REGISTRY_HOST>:<REGISTRY_PORT>/sum-heimdall:<heimdall-tag>
docker tag sum-api-monitoring-agent:<agent-tag> <REGISTRY_HOST>:<REGISTRY_PORT>/sum-api-monitoring-agent:<agent-tag>

<REGISTRY_HOST> および <REGISTRY_PORT> をレジストリの展開時に設定した値に置き換えます。

イメージをプッシュするには、次のように入力します。

Web Monitoring PSA:

docker login <REGISTRY_HOST>:<REGISTRY_PORT>
docker push <REGISTRY_HOST>:<REGISTRY_PORT>/sum-heimdall:<heimdall-tag>
docker push <REGISTRY_HOST>:<REGISTRY_PORT>/sum-chrome-agent:<agent-tag>

API Monitoring PSA:

docker login <REGISTRY_HOST>:<REGISTRY_PORT>
docker push <REGISTRY_HOST>:<REGISTRY_PORT>/sum-heimdall:<heimdall-tag>
docker push <REGISTRY_HOST>:<REGISTRY_PORT>/sum-api-monitoring-agent:<agent-tag>

Deploy the Web Monitoring PSA and API Monitoring PSA

注: Ensure that you follow the applicable sequence of steps when installing Web Monitoring PSA and API Monitoring PSA, respectively; some steps are common for both procedures.

The application is deployed to the cluster after the images are in the Registry. You use the Helm chart to deploy and create all Kubernetes resources in the required order.

注: Starting from PSA 23.12 release, you must deploy both Ignite and Heimdall in a single namespace named "measurement."

Install Helm following these instructions.
Create a new measurement namespace to run Apache Ignite pods.
警告: Ensure that you first run the Apache Ignite commands and then run the Heimdall commands.
To create a new measurement namespace, enter:
```
kubectl create namespace measurement
```
Before you deploy Apache Ignite, you must set some configuration options. To view the configuration options, navigate to the previously downloaded ignite-psa.tgz file and enter:
```
helm show values ignite-psa.tgz > values-ignite.yaml
```
注: If you want to enable persistence, set persistence > enabled. This is an optional configuration
To deploy the Helm chart using the above-mentioned configuration, navigate to the previously downloaded ignite-psa.tgz file and enter:
```
helm install synth ignite-psa.tgz --values values-ignite.yaml --namespace ignite
```
All the Kubernetes resources are created in the cluster, and you can use Apache Ignite. After a few seconds, Apache Ignite initializes and is visible in the Controller.
To verify if the pods are running, enter:
```
kubectl get pods --namespace measurement
```
Proceed to the next steps only after the Apache Ignite pods run successfully.

Using a single command, you can deploy the Helm chart, which contains the deployment details. To deploy the agent, use the Helm chart sum-psa-heimdall.tgz in the zip file that you downloaded previously. Before you deploy the Private Synthetic Agent, you must set some configuration options. To view the configuration options, navigate to the previously downloaded sum-psa-heimdall.tgz file and enter:

helm show values sum-psa-heimdall.tgz > values.yaml

These are the configuration key-value pairs that you need to edit in the values.yaml file:

Web Monitoring PSA Using EC2:


Configuration Key	Value
`heimdall > repository`	`<aws_account_id>.dkr.ecr.<region>. amazonaws.com/sum/sum-heimdall`
`heimdall > tag`	`<heimdall-tag>`
`heimdall > pullPolicy`	`always`
`chromeAgent > repository`	`<aws_account_id>.dkr.ecr.<region>. amazonaws.com/sum/sum-chrome-agent`
`chromeAgent > tag`	`<agent-tag>`
`shepherd > url`	`Shepherd URL`
`shepherd > credentials`	`credentials`
`shepherd > location`	`agent location`

API Monitoring PSA Using EC2:


Configuration Key	Value
`heimdall > repository`	`<aws_account_id>.dkr.ecr.<region>. amazonaws.com/sum/sum-heimdall`
`heimdall > tag`	`<heimdall-tag>`
`heimdall > pullPolicy`	`always`
`apiMonitoringAgent > repository`	`<aws_account_id>.dkr.ecr.<region>. amazonaws.com/sum/sum-api-monitoring-agent`
`apiMonitoringAgent > tag`	`<agent-tag>`
`shepherd > url`	`Shepherd URL`
`shepherd > credentials`	`credentials`
`shepherd > location`	`agent location`

Web Monitoring PSA Using Private Registry:


Configuration Key	Value
`heimdall > repository`	`<REGISTRY_HOST>:<REGISTRY_PORT>/sum-heimdall`
`heimdall > tag`	`<heimdall-tag>`
`heimdall > pullPolicy`	`always`
`chromeAgent > repository`	`<REGISTRY_HOST>:<REGISTRY_PORT>/sum-chrome-agent`
`chromeAgent > tag`	`<agent-tag>`
`privateRegistry`	`true`
`shepherd > url`	`Shepherd URL`
`shepherd > credentials`	`credentials`
`shepherd > location`	`agent location`

API Monitoring PSA Using Private Registry:


Configuration Key	Value
`heimdall > repository`	`<REGISTRY_HOST>:<REGISTRY_PORT>/sum-heimdall`
`heimdall > tag`	`<heimdall-tag>`
`heimdall > pullPolicy`	`always`
`apiMonitoringAgent > repository`	`<REGISTRY_HOST>:<REGISTRY_PORT>/sum-api-monitoring-agent`
`apiMonitoringAgent > tag`	`<agent-tag>`
`privateRegistry`	`true`
`shepherd > url`	`Shepherd URL`
`shepherd > credentials`	`credentials`
`shepherd > location`	`agent location`

注: After configuring using Private Registry

Create registry credentials:

kubectl create secret docker-registry regcred --docker-server=<REGISTRY_HOST>:<REGISTRY_PORT> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email> --namespace measurement

Patch the default service account of the measurement namespace to use the regcred registry credentials:

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}' --namespace measurement

You can leave the rest of the values set to their defaults or configure them based on your requirements. See Configure Web Monitoring PSA and API Monitoring PSA for details on shepherd URL, credentials, location, and optional key-value pairs.

注: You need to replace <aws_account_id> and <region> with your account and region values.

注:

If the Kubernetes cluster is locked down, and you cannot make cluster-wide configuration, you can make pod-level changes.

For example, if you want to change the pod-level DNS server setting to use your internal nameservers for DNS name resolution, specify the following details in the values.yaml file:


Configuration Key	Value
`agentDNSConfig:`
`enabled:`	`true`
`dnsConfig:`
`nameservers:`	`["4.4.4.4"]`
`searches:`	`["svc.cluster.local", "cluster.local"]`

To deploy the Helm chart using the above-mentioned configuration, navigate to the previously downloaded sum-psa-heimdall.tgz file and enter:
```
helm install heimdall-onprem sum-psa-heimdall.tgz --values values.yaml --namespace measurement
```
All the Kubernetes resources are created in the cluster, and you can use Heimdall. After a few seconds, Heimdall initializes and is visible in the Controller.
To verify if the pods are running, enter:
```
kubectl get pods --namespace measurement
```
To make any changes to the values.yaml after the initial deployment, navigate to the previously downloaded sum-psa-heimdall.tgz file and enter:
```
helm upgrade heimdall-onprem sum-psa-heimdall.tgz --values values.yaml --namespace measurement
```
警告:
To remove the deployment:

helm uninstall heimdall-onprem --namespace measurement

This is not recommended unless it is required.

Kubernetes クラスタのモニタリング

ダウンロードした zip 内の Helm チャート sum-psa-monitoring.tgz により、モニタリングスタックがインストールされます。この Helm チャートは、Private Simple Synthetic Agent をモニタするためのカスタム Grafana ダッシュボードとともに kube-prometheus-stack をインストールします。

注: この展開のモニタリングはオプションです。ただし、クラスタをモニターして正常性を定期的に確認することを強く推奨します。

モニタリングスタックのインストール

別のモニタリングを作成するには、次のように入力します。
```
kubectl create namespace monitoring
```
設定オプションを確認するには、次のように入力します。
```
helm show values sum-psa-monitoring.tgz > values-monitoring.yaml
```
これにより、すべての設定オプションを含む values-monitoring.yaml ファイルが生成されます。Helm チャートのインストール中に生成された values-monitoring.yaml ファイルを変更して渡すには、次のように入力します。
```
helm install psa-monitoring sum-psa-monitoring.tgz --values values-monitoring.yaml --namespace monitoring
```
モニタリングスタックをインストールした後、（クラスタ内で実行される）Grafana を起動してダッシュボードを表示できます。クラスタの外部から Grafana にアクセスするには、ポートフォワーディングを設定するか、Ingress を設定します。ローカルにアクセスするようにポートフォワーディングを設定するには、次のように入力します。
```
kubectl port-forward svc/psa-monitoring-grafana 3000:80 --namespace monitoring
```
ブラウザから localhost:3000 を起動し、デフォルトのログイン情報（ユーザー名：admin、パスワード：prom-operator）を使用してログインします。Private Simple Synthetic Agent という名前のダッシュボードに、Kubernetes クラスタ、Apache Ignite、Heimdall、および実行中の測定に関する詳細が表示されます。

Bare Metal K8s での Private Synthetic Agent のアップグレード

プライベート合成エージェントのアップグレード

PSA をアップグレードするには、次の手順を実行します。

Pull the Docker Image

Run the following commands to pull the agent images:

docker pull appdynamics/heimdall-psa
docker pull appdynamics/chrome-agent-psa
docker pull appdynamics/api-monitoring-agent-psa

Add Custom Python Libraries

This is an optional step. In addition to the available standard set of libraries, you can add custom Python libraries to the agent to use in scripted measurements. You build a new image based on the image you loaded as the base image.

Create a Dockerfile and then create RUN directives to run pythonpip. For example, to install the library algorithms you can create a Dockerfile:

# Use the sum-chrome-agent image you just loaded as the base image
FROM appdynamics/chrome-agent-psa:<agent-tag>
USER root
RUN apk add py3-pip
USER appdynamics
# Install algorithm for python3 on top of that
RUN python3 -m pip install algorithms==0.1.4 --break-system-packages

Note: You can create any number of RUN directives to install the required libraries.

To build the new image, run the following commands:
Web Monitoring PSA:
```
docker build -t sum-chrome-agent:<agent-tag> - < Dockerfile
```
API Monitoring PSA:
```
docker build -f Dockerfile-PSA -t sum-api-monitoring-agent:<agent-tag> .
```
You must build the images on the host with the same OS type of Kubernetes cluster nodes. For example, if you are pushing the image to AWS, then run the following command:
```
docker buildx build -f Dockerfile-PSA --platform=linux/amd64 -t sum-api-monitoring-agent:<api-tag> .
```
The newly built agent image contains the required libraries.

Tag and Push Images to the Registry

If you are managing your own Kubernetes cluster, then you must deploy your own registry server. For more details, see Deploy a Registry Server. After deploying the registry, tag and push the images.

Note: Replace <REGISTRY_HOST> and <REGISTRY_PORT> with the values that you used while deploying the registry.

To tag the images, enter:

docker tag sum-heimdall:<heimdall-tag> <REGISTRY_HOST>:<REGISTRY_PORT>/sum-heimdall:<heimdall-tag>
docker tag sum-chrome-agent:<agent-tag> <REGISTRY_HOST>:<REGISTRY_PORT>/sum-chrome-agent:<agent-tag>
docker tag sum-api-monitoring-agent:<agent-tag> <REGISTRY_HOST>:<REGISTRY_PORT>/sum-api-monitoring-agent:<agent-tag>

To push the images, enter:

docker login <REGISTRY_HOST>:<REGISTRY_PORT> docker push <REGISTRY_HOST>:<REGISTRY_PORT>/sum-heimdall:<heimdall-tag>
docker push <REGISTRY_HOST>:<REGISTRY_PORT>/sum-chrome-agent:<agent-tag>
docker push <REGISTRY_HOST>:<REGISTRY_PORT>/sum-api-monitoring-agent:<agent-tag>

Update the Helm Chart

Follow these steps and update the configuration key value pairs in the values.yaml file:

Upgrade the PSA

Note: From PSA 23.12 onwards, you must deploy Ignite and Heimdall in a single namespace named measurement.

Navigate to the new Linux distribution folder and run the following command:

helm install synth ignite-psa.tgz --values values-ignite.yaml --namespace measurement

Wait until the status of Ignite pods changes to running. Then, run the following command:

helm upgrade heimdall-onprem sum-psa-heimdall.tgz --values values.yaml --namespace measurement

After the status of the new Heimdall and Ignite pods changes to running, uninstall the old Ignite namespace:
```
helm uninstall synth -n ignite
```