Install Conductor with Helm (Enterprise)
Conductor cluster connections can be backed with basic Kubernetes manifests or packaged as a Helm chart. Helm managed cluster connections are a great option for users who already use Helm as a Kubernetes package manager or who are using GitOps tools such as ArgoCD or Flux. Leveraging this option for cluster connections allows Conductor (and optionally the Dapr control plane) to be configured only using Helm and effectively puts the cluster connection in "read-only mode" in the console.
Helm managed cluster connections are made up of two Helm charts; the agent Helm chart containing the Conductor agent and its supporting components, and the Dapr control plane as an entirely separate Helm chart. This allows users to add Conductor to their existing Helm management solutions while still taking advantage of the observability and advisory features of Conductor.
When Dapr is managed by Helm, the following features are not supported in Conductor:
- Managed mTLS certificate rotation (coming soon)
- Automatic agent upgrades
- Automatic Dapr configuration sync
- Application and sidecar rollouts
- Dapr upgrades via the web console/CLI
- Cluster connection updates via the web console/CLI
- Automatically applying advisories
Create a cluster connection (Console)
- Create a new cluster connection via the Conductor console, choosing a
Kubernetes distributionandCluster type, and enabling theHelm managedoption.
- Optionally toggle the
Install Daprflag, if you want to install Dapr on your cluster as a separate Helm chart. Configure theDapr version,Dapr namespaceand other Helm values using one of the provided Helm argument profiles or by bringing your own.
- Optionally configure additional settings in the
Advanced agent configurationsection to change the agent namespace, add Kubernetes labels, tolerations etc.
- Click
Createto generate the Helm commands and values.
-
Download and open the Agent and Dapr Helm values files to inspect their contents. Use the Helm values reference table below to check the desired behavior of both the Helm chart configurations for your cluster installation. Save the values in source control if it's part of your DevOps workflow.
-
After confirming the Helm values are correct for your configuration, install the Agent and Dapr Helm charts on your cluster using the provided commands. These will be installed as separate Helm charts.
# Sample Agent Helm installation
helm install <cluster-connection-name> oci://public.ecr.aws/diagrid/conductor-charts/agent \
--version <version-number> \
-n diagrid-cloud --create-namespace \
-f https://api.diagrid.io/apis/diagrid.io/v1beta1/clusters/<cluster-id>/helmvalues?token=<cluster-token>
# Sample Dapr Helm installation
helm install dapr dapr/dapr \
--version=<dapr-version> \
--namespace dapr-system --create-namespace --wait \
-f https://api.diagrid.io/apis/diagrid.io/v1beta1/clusters/<cluster-id>/daprhelmvalues?token=<cluster-token> -
Watch the Conductor and Dapr control plane resources come online in the console: https://conductor.diagrid.io/clusters.
Agent Helm values reference
Required values
It is important that you do not overwrite the following Helm values when modifying or providing your own custom Helm values, as these supply the connection details from your Kubernetes cluster that allow it to connect to your Conductor organization.
caCertPem: "your-ca-cert-pem"
global:
orgId: "your-org-id"
agentId: "your-agent-id"
manifestId: "your-manifest-id"
agent:
key: "your-agent-key"
keyB64: "your-agent-key-base64"
Global configuration
Global configuration applies to the Conductor agent and OpenTelemetry logs and metrics collectors.
| Parameter | Description | Default |
|---|---|---|
| global.namespace | Namespace for deployment | diagrid-cloud |
| global.namespaceDefault | Default namespace | diagrid-cloud |
| global.cloudUrl | Diagrid cloud endpoint | cloudgrid.diagrid.io:443 |
| global.orgId | Organization ID | "" |
| global.agentId | Agent ID | "" |
| global.manifestId | Manifest ID | "" |
| global.imageTag | Global image tag | "" |
| global.mainServiceAccountName | Main service account name | diagrid-agent |
| global.sccTargetServiceAccountName | SCC target service account | diagrid-agent-logs-collector |
| global.kubernetesOs | Kubernetes OS | linux |
| global.isOpenShift | OpenShift deployment flag | false |
| global.isLocal | Local deployment flag | false |
| global.customCA | Custom CA certificate | "" |
| global.proxyConfig | Proxy configuration |
Conductor agent
| Parameter | Description | Default |
|---|---|---|
| agent.image | Agent image repository | us-central1-docker.pkg.dev/prj-common-p-shared-79896/reg-p-common-docker-public/agent |
| agent.replicas | Number of agent replicas | 2 |
| agent.logLevel | Logging level | info |
| agent.installDependencies | Install dependencies | false |
| agent.tlsEnabled | Enable TLS | true |
| agent.tlsMutual | Enable mutual TLS | false |
| agent.key | Agent key | "" |
| agent.keyB64 | Base64 encoded agent key | "" |
| agent.goMemLimit | Go memory limit | 675MiB |
Conductor OpenTelemetry metrics collector
| Parameter | Description | Default |
|---|---|---|
| otelMetricsCollector.enabled | Enable metrics collector | true |
| otelMetricsCollector.labels | Additional labels | |
| otelMetricsCollector.replicas | Number of replicas | 2 |
| otelMetricsCollector.image | Collector image | us-central1-docker.pkg.dev/prj-common-p-shared-79896/reg-p-common-docker-public/diagrid-otel-collector |
| otelMetricsCollector.logLevel | Logging level | info |
| otelMetricsCollector.memoryLimiter | Memory limiter settings | See values.yaml |
| otelMetricsCollector.tlsEnabled | Enable TLS | true |
| otelMetricsCollector.remoteWriteURL | Metrics endpoint | https://metrics.diagrid.io/api/v1/push |
| otelMetricsCollector.remoteWriteTlsInsecure | Allow insecure TLS | true |
| otelMetricsCollector.remoteWriteAuthEnabled | Enable auth | true |
Conductor OpenTelemetry logs collector
| Parameter | Description | Default |
|---|---|---|
| otelLogsCollector.enabled | Enable logs collector | true |
| otelLogsCollector.labels | Additional labels | |
| otelLogsCollector.image | Collector image | us-central1-docker.pkg.dev/prj-common-p-shared-79896/reg-p-common-docker-public/diagrid-otel-collector |
| otelLogsCollector.logLevel | Logging level | info |
| otelLogsCollector.daprLogsURL | Dapr logs endpoint | cloudgrid.diagrid.io:443 |
| otelLogsCollector.memoryLimiter | Memory limiter settings | See values.yaml |
| otelLogsCollector.tlsEnabled | Enable TLS | true |
| otelLogsCollector.tlsInsecure | Allow insecure TLS | false |
| otelLogsCollector.isLogsLimited | Enable log limiting | true |
Dapr Helm values reference
All Dapr Helm values are from the Dapr open-source Helm chart. Use the Dapr Helm README Configuration to modify any properties required in your Dapr installation. Default Helm arguments profiles are provided, for example the following for Dev environments.
Dapr is installed as a separate Helm chart, removing the management from Conductor and effectively putting the Conductor console into "read-only-mode".
global:
registry: docker.io/daprio
ha:
enabled: false
mtls:
enabled: true
dapr_rbac: {}
dapr_operator:
watchInterval: 3m
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sidecar_injector:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sentry:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_placement:
cluster:
forceInMemoryLog: true
resources:
requests:
memory: 75Mi
cpu: 250m
limits:
memory: 500Mi
cpu: '1'
dapr_scheduler:
resources:
requests:
memory: 150Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'
Default resource settings
The following are the default values for the Conductor agent and Dapr control plane resource settings. These are considered a good starting place for Dev/Prod environments respectively, but should be monitored and then updated to ensure appropriate values are set.
Dapr control plane: Dev
dapr:
dapr_operator:
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sidecar_injector:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sentry:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_placement:
resources:
requests:
memory: 75Mi
cpu: 250m
limits:
memory: 500Mi
cpu: '1'
dapr_scheduler:
resources:
requests:
memory: 150Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'
Dapr control plane: Prod
dapr_operator:
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 1024Mi
cpu: '1'
dapr_sidecar_injector:
resources:
requests:
memory: 60Mi
cpu: 100m
limits:
memory: 200Mi
cpu: '1'
dapr_sentry:
resources:
requests:
memory: 60Mi
cpu: 100m
limits:
memory: 1024Mi
cpu: '1'
dapr_placement:
resources:
requests:
memory: 75Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'
dapr_scheduler:
resources:
requests:
memory: 250Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'
Conductor agent
resources:
limits:
memory: 750Mi
requests:
cpu: 10m
memory: 250Mi
Conductor OpenTelemetry metrics collector
resources:
limits:
memory: 2Gi
requests:
cpu: 100m
memory: 250Mi
Conductor OpenTelemetry logs collector
resources:
limits:
memory: 750Mi
requests:
cpu: 10m
memory: 250Mi