Overview
The purpose of the document is to list the steps required to install a Traceable Platform Agent in a K8S environment and configure it to report into a Traceable Platform installed on-premise.
Prerequisites
- Successfully installed and running Traceable Platform
- Public Certificate of the Root Certificate Authority to be trusted by the TPA installation
- Access/Refresh Token from the Traceable Platform:
Network Connection Requirements
Inbound port requirements
The typical listening port signature of the TPA will look like:
% kubectl get services -n traceableai |
The TPA will listen on the following ports and the service agent will expose the following ports on the Cluster IP Address:
- 5443/TCP
- 5441/TCP
- 5442/TCP
- 8181/TCP
- 4317/TCP
- 4318/TCP
- 55678/TCP
- 9411/TCP
- 14250/TCP
- 14268/TCP
- 8889/TCP
Outbound Connection Requirement
The TPA will make an outbound connection to the Traceable Platform to report the collected information on the api end-point. By default the TPA tries to reach the api endpoint on the Secure TLS Connection on the TCP port (defaults to 443). As mentioned in the document ahead, this end-point is specified in the values.yaml file as:
endpoint: api.yourdomain.com |
The exact API end-point of the platform can be looked up in the Platform Installation tool:
Steps to Install TPA on K8S
Customize values.yaml file
To customize installation parameters, it is recommended to use the helm installation mechanism where we can use a values.yaml file to provide customized parameters for the installation.
In this case we would need the following parameters set in the values.yaml file:
- token:
Provide the Traceable Platform Access Token in this parameter (3rd steps from the Prerequisite section).
2. environment:
Provide the name of the environment that will be reported into the Traceable Platform
3. endpoint:
Provide the DNS end-point name of the Traceable Platform Service (eg. api.traceable.mycompany.com). Make sure it’s the host name or one of the alternate names in your certificate.
4. remoteCaBundle:
The base64 encoded CA Certificate(s) to be trusted by the Traceable Platform Agent.
If you have the Root CA certificate pem/crt file containing the Public Certificate of the Certificate Authority, you can convert it using the steps below:
% cat rootCA.crt % cat rootCA.crt | base64 |
The resulting base64 value can be used as the value to the remoteCaBundle parameter.
5. injector.propagationFormats:
Use this specific value if planning to instrumenting an istio service mesh or if integrating with an existing Tracing Soution, in which case set this value to {B3}.
Eg:
injector: propagationFormats: - B3
If not instrumenting Istio, or not integrating with an existing tracing solution, do not include this property in the yaml file For more information about the B3 Propagation headers please refer to this.
Sample values.yaml file
A sample values.yaml file pointing to the on-premise Traceable Platform will look something like this:
% cat values.yaml token: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlYjExZjhjNy01MjIwLTRiZDktYTc5ZC05MDZmZDFjNWY5NzYifQ.eyJpYXQiOjE2NDk5MDA3ODEsImp0aSI6IjQxMTg4NDg2LTBjODYtNDdiZC05NjQ0LWM2YjJmNmE3OGQ1NyIsImlzcyI6Imh0dHBzOi8va2V5Y2xvYWsubXZrNC55b3VyZG9tYWluLmNvbS9hdXRoL3JlYWxtcy90cmFjZWFibGUiLCJhdWQiOiJodHRwczovL2tleWNsb2FrLm12azQueW91cmRvbWFpbi5jb20vYXV0aC9yZWFsbXMvdHJhY2VhYmxlIiwic3ViIjoiYjY4OTRjMmYtMWEwYy00OTM5LTk3N2MtNjBkZjNhZTZjNjRjIiwidHlwIjoiT2ZmbGluZSIsImF6cCI6ImlhbS1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiYjZlODk5ZTgtMTY4Mi00ZDA0LTkzNmYtMGM1ZGIzMWJjMTFlIiwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyIsInNpZCI6ImI2ZTg5OWU4LTE2ODItNGQwNC05MzZmLTBjNWRiMzFiYzExZSJ9.goDhIVk_ryrcimqd_P9fjMgSHX3OYCqcYJ8XnLATYfM environment: test-env endpoint: api.yourdomain.com remoteCaBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZGRENDQXZ3Q0NRRFp3T3VnNmJuRG5UQU5CZ2txaGtpRzl3MEJBUXNGQURCTU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhFakFRQmdOVkJBb01DVlJ5WVdObFlXSnNaVEVjTUJvR0ExVUVBd3dUYlhacgpOQzU1YjNWeVpHpltNXpicjh2L014QjJpL2MyMU11NmVCajN0bDhQUQoyZFE0cjRTbFZkREs3eVdocHlnQ3ZSVk03andSOXhqcGMvSFkwcnpld0dNN2hMaEFVYmUva1p3dkF1aVR4bWwyCnl5UldheVROY25NPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== injector: propagationFormats: - B3
Install TPA
Once you have the Traceable Platform Installed and the values.yaml file for TPA installation ready, use the following steps to install the TPA on the K8S cluster
% helm repo add traceableai https://helm.traceable.ai % helm repo update % helm install --namespace traceableai traceable-agent traceableai/traceable-agent --create-namespace --values values.yaml |
Once the TPA is installed, confirm the installation is successful by running:
% kubectl get pods -n traceableai |
Check the logs to see if there are any error messages or exceptions while starting the TPA:
% kubectl logs traceable-agent-5b995d4fbb-5q7fv -n traceableai |