Sample Kubernetes YAML File for Deploying Application Monitor

Sample Kubernetes YAML files for deploying Application Monitor are at amsgce-runtime-<version>/samples/kubernetes/Application_Monitor.

Update the following Kubernetes object specification (.yaml) files for Application Monitor:

Kubernetes File	Description
amxce_authorization.yaml	A `ClusterRoleBinding` for binding roles to the user.
tea-agent.yaml	Kubernetes deployment YAML file to deploy Application Monitor agent`.`
tea-server.yaml	Kubernetes deployment YAML file to deploy TEA Server`.`

In the sample YAML files, specify the image tag of TEA Server Docker image (<tea-server-docker-image>) and Application Monitor agent (<amxceteaagent-image-name>).

Note: Communication between Application Monitor agent and ActiveMatrix Service Grid - Container Edition application container is done by using JMX or gRPC. Communication between Application Monitor agent and application pods with SSL enabled is not supported in ActiveMatrix Service Grid - Container Edition 1.0.1.

Environment Variables

You can use the following environment variables to configure Application Monitor:

Environment Variable	Description
`tea_server_url` (Required)	URL of a TIBCO Enterprise Administrator Server running in the cluster. This is required to connect and autoregister Application Monitor agent with TEA Server. Example: `http://tea-service:8777/tea`
`amxce_tea_agent_port` (Optional)	Application Monitor agent port. Default: 7073
amxce_tea_agent_name	Application Monitor agent display name. The name is displayed in the Application Monitor UI.
`amxce_tea_agent_shutdown_port` (Optional)	This is used to set shutdown port of TIBCO Enterprise Administrator server.
`tibco.amxce.reload.interval.ms`	Time interval in which Application Monitor synchronizes with Kubernetes API server and checks ActiveMatrix Service Grid - Container Edition nodes for active connection. It runs in scheduled thread and thread name starts with "amxce-reload-" Default: 300000 ms (5 min) Note: For small scale setup, set this parameter to lower value.
`tibco.amxce.agent.node.connect.max.thread`	This property specifies the number of running threads when Application Monitor connects to AMXCE Nodes. The thread name starts with "amxce-hpa-". Default: 5
`tibco.amxce.agent.node.connect.timeout.ms`	This is the maximum time interval for which Application Monitor waits for creating connection to AMXCE Node. After connection timeout, the Node is displayed as unreachable. Application Monitor retries to connect to unreachable Node after time interval value specified in the `tibco.amxce.reload.interval.ms.` Default: 5000 ms (5 seconds)
`POD_LABELS`	Specify a label or multiple labels separated by comma which are used in application deployment file. Application Monitor checks for these labels to discover ActiveMatrix Service Grid - Container Edition pods. Example `tea-agent.yaml` file name: POD_LABELS value: tibco.amxce=test Example application deployment file metadata: labels: app: bookstore tibco.amxce: test

ConfigMap Parameters

You can specify tea.conf file as a ConfigMap in tea-server.yaml file. This ConfigMap is mounted as volume with the TEA server pod. The following table lists some of the custom properties required to run TEA Server with ActiveMatrix Service Grid - Container Edition. For more information about TIBCO Enterprise Administrator server configuration (tea.conf), see TIBCO Enterprise Administrator documentation.

Property Description

Property	Description
tea.http.client.maxRequestsQueuedPerDestination	If you want to monitor more than 1024 application pods, then you must set the maximum number of application pods to monitor by using this property. By default, it is set to 1024. `tea.http.client.maxRequestsQueuedPerDestination=<maximum number of pods to monitor>` Example: `tea.http.client.maxRequestsQueuedPerDestination=2048`
tea.server.disablehostheaderverification	You can disable the host header validation when running TEA server by setting this property to true. By default, it is set to false. Example: `tea.server.disablehostheaderverification=true`
tea.security.content-security-policy	This property is required for Swagger UI. Do not remove or modify this property. Default: tea.security.content-security-policy="connect-src ;Access-Control-Allow-Origin ;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' 'unsafe-inline';form-action 'self';frame-ancestors 'self';img-src 'self' data:"

tea.http.client.maxRequestsQueuedPerDestination

If you want to monitor more than 1024 application pods, then you must set the maximum number of application pods to monitor by using this property. By default, it is set to 1024.

tea.http.client.maxRequestsQueuedPerDestination=<maximum number of pods to monitor>

Example:

tea.http.client.maxRequestsQueuedPerDestination=2048

tea.server.disablehostheaderverification

You can disable the host header validation when running TEA server by setting this property to true. By default, it is set to false.

Example:

tea.server.disablehostheaderverification=true

tea.security.content-security-policy

This property is required for Swagger UI. Do not remove or modify this property.

Default:

tea.security.content-security-policy="connect-src *;Access-Control-Allow-Origin *;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' 'unsafe-inline';form-action 'self';frame-ancestors 'self';img-src 'self' data:"

If you are using ClusterRole resource, you must provide "replicasets" access to the ClusterRole. This is required to get the deployment name and desired state of the pod. For more information about using ClusterRole for authorization, see Kubernetes documentation.

Example:

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: amxcecluster-role
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["pods"^*,"replicasets"^*]
  verbs: ["get", "list", "watch"]