Deploying the agent a Kubernetes or OpenShift cluster that is not part of IBM Cloud
In addition to its ability to run in IBM Cloud®, the centralized monitoring that IBM Cloud Monitoring provides can also be run in other clouds and on premises by using Helm charts to install the monitoring agent onto Kubernetes or OpenShift clusters.
Before you begin
-
Install the latest release of the version 3 Helm CLI on your local machine.
Helm 3.6 or later is required.
Helm is a Kubernetes package manager that uses Helm charts to define, install, and upgrade complex Kubernetes apps in your cluster. Helm charts package the specifications to generate YAML files for Kubernetes resources that build your app. These Kubernetes resources are automatically applied in your cluster and assigned a version by Helm. You can also use Helm to specify and package your own app and let Helm generate the YAML files for your Kubernetes resources.
-
Check that you have access and permissions to deploy the IBM Cloud Monitoring agent on the cluster.
-
Verify the
ibm-observenamespace is available in your cluster. The agent is deployed in this namespace.You can run the following command to create the namespace:
kubectl create namespace ibm-observeIf you are connecting a Kubernetes or OpenShift cluster with IBM Cloud Monitoring and IBM Cloud Security and Compliance Center Workload Protection see Deploying the agent in an outside Kubernetes or OpenShift cluster in the IBM Cloud Security and Compliance Center Workload Protection documentation and follow the instructions.
Deploy an agent
Complete the following steps to deploy an agent by using Helm:
Step 1. Setup the Sysdig Helm repository
Add the IBM Cloud Monitoring Helm repository to your Helm instance.
Complete the following steps:
-
Set the cluster context.
ibmcloud ks cluster config --cluster <CLUSTER_NAME> -
Add the Helm repository.
helm repo add sysdig https://charts.sysdig.comIf you get the following error:
helm repo add sysdig https://charts.sysdig.com --debug Error: context deadline exceeded helm.go:84: [debug] context deadline exceededRun the following command and retry adding the Helm repository.
rm $HOME/Library/Preferences/helm/repositories.lock -
Update the repos to retrieve the latest versions of all Helm charts.
helm repo update -
List the Helm charts that are currently available for the
sysdigrepo.helm search repo sysdig -
Verify the Helm chart
sysdig/sysdig-deployis listed.
Step 2. Create the values yaml file
Define a yaml file and include the values to deploy the IBM Cloud Monitoring agent that you plan to deploy. For example, name the file agent-values-monitor.yaml.
The following yaml is a template that you can use to configure the IBM Cloud Monitoring agent.
global:
clusterConfig:
name: CLUSTER_NAME
sysdig:
accessKey: SERVICE_ACCESS_KEY
agent:
collectorSettings:
collectorHost: INGESTION_ENDPOINT
nodeAnalyzer:
enabled: false
Where
CLUSTER_NAMEis the name of the cluster where you are deploying the agent.SERVICE_ACCESS_KEYis the IBM Cloud Monitoring instance access key.INGESTION_ENDPOINTis the instance's ingestion endpoint. For example,ingest.us-east.monitoring.cloud.ibm.com
You can find here all available options to configure the IBM Cloud Monitoring agent.
Step 3. Install the Helm chart
To deploy the agent you must install the sysdig/sysdig-deploy chart. You can install the chart by using a variables yaml file like the one that you configured in the previous step, or you can configure the variables directly.
Run the following command to install the agent by using the Helm chart and the variables yaml file:
helm install -n ibm-observe sysdig-agent sysdig/sysdig-deploy -f agent-values-monitor.yaml
If you are not using the Helm values file, you can run the following command to install the agent by using the Helm chart and setting the variables:
helm install sysdig-agent sysdig/sysdig-deploy --namespace ibm-observe --create-namespace\
--set global.sysdig.accessKey=<SERVICE_ACCESS_KEY> \
--set agent.collectorSettings.collectorHost=<INGESTION_ENDPOINT> \
--set nodeAnalyzer.enabled=false \
--set global.clusterConfig.name=<CLUSTER_NAME>
Where
CLUSTER_NAMEis the name of the cluster where you are deploying the agent.SERVICE_ACCESS_KEYis the IBM Cloud Monitoring instance access key.INGESTION_ENDPOINTis the instance's ingestion endpoint.
For example, for the us-east region, a sample Helm install is similar to the follows:
helm install sysdig-agent sysdig/sysdig-deploy --namespace ibm-observe \
--set global.sysdig.accessKey=<ENTER_YOUR_ACCESS_KEY> \
--set agent.collectorSettings.collectorHost=ingest.us-east.monitoring.cloud.ibm.com \
--set nodeAnalyzer.enabled=false \
--set global.clusterConfig.name=mycluster
If you encounter the following error: Error: INSTALLATION FAILED: Kubernetes cluster unreachable: xxxxxx failed to refresh token: oauth2: cannot fetch token: 400 Bad Request, set your cluster context and try again.
Updating an agent
To update the agent version by using Helm, complete the following steps:
-
Update the chart.
helm repo update -
Upgrade the agent.
helm upgrade -n ibm-observe sysdig-agent sysdig/sysdig-deploy -f agent-values-monitor.yaml
These steps install latest available version in your cluster.
Removing an agent
To delete the agent by using Helm, you must uninstall the chart.
Complete the following steps:
-
List the charts that are installed.
helm list -n ibm-observeThe output of the command lists charts as follows:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION sysdig-agent ibm-observe 1 2023-03-24 15:02:58.408108 +0100 CET deployed sysdig-deploy-1.6.3 -
Uninstall the chart.
helm delete sysdig-agent -n ibm-observeIn terms of Helm,
sysdig-agentis the name of the release.If you forget to include the namespace in the command, you get the following error:
Error: uninstall: Release not loaded: sysdig-agent: release: not found.