Install Conductor with Helm (Enterprise)
Conductor cluster connections can be created via the console, CLI or by using a Helm chart. Helm is a great option for users who are familiar with Helm as a Kubernetes package manager, or who are using GitOps tools such as ArgoCD or Flux. Leveraging this option for cluster connection creation allows Conductor (and optionally the Dapr control plane) to be configured only using Helm and effectively puts the cluster connection in "read-only" mode in the console.
The Conductor Helm chart deploys the agent alongside it's supporting components, and then optionally installs Dapr via a Helm sub-chart, still allowing you to offload the management of Dapr to Conductor.
Install Conductor agent
-
Create a cluster connection via the Conductor console or Diagrid CLI enabling the
Helm managedoption. -
Download the Helm values file from the console.
-
Open the Helm values file in an editor and inspect the contents. Update the values with any changes required using the Helm values reference tables below. If you want Conductor to manage your Dapr installation via a nested Helm chart, ensure that
dapr.enabledis set totrueand that the Dapr configuration contains any custom values you have set. -
If they are sufficient, and you do not wish to alter the Dapr installation on your cluster, run the Helm install command provided in the console to install the Conductor agent onto your cluster.
helm install my-cluster \
oci://public.ecr.aws/diagrid/conductor-charts/agent \
--version 0.333.0 \
-f https://api.diagrid.io/apis/diagrid.io/v1beta1/clusters/<clusterId>/helmvalues?token=<token> \
--namespace dapr-system \
--create-namespace
- Otherwise, if you made changes to the Helm values file, save the file locally and update the Helm install values file (
-f) argument to point to the local version of your Helm values file.
helm install my-cluster \
oci://public.ecr.aws/diagrid/conductor-charts/agent \
--version 0.333.0 \
-f ./<my-clusterId>-helm-values.yaml \
--namespace dapr-system \
--create-namespace
- Watch the Conductor and Dapr control plane resources come online in the console: https://conductor.diagrid.io/clusters.
Helm values reference
Required values
It is important that you do not overwrite the following Helm values when modifying or providing your own custom Helm values, as these supply the connection details to your cluster that allow you it to connect to your Conductor organization.
caCertPem: "your-ca-cert-pem"
global:
orgId: "your-org-id"
agentId: "your-agent-id"
manifestId: "your-manifest-id"
agent:
key: "your-agent-key"
keyB64: "your-agent-key-base64"
Global configuration
Global configuration applies to the Conductor agent and OpenTelemetry logs and metrics collectors.
| Parameter | Description | Default |
|---|---|---|
| global.namespace | Namespace for deployment | diagrid-cloud |
| global.namespaceDefault | Default namespace | diagrid-cloud |
| global.cloudUrl | Diagrid cloud endpoint | cloudgrid.diagrid.io:443 |
| global.orgId | Organization ID | "" |
| global.agentId | Agent ID | "" |
| global.manifestId | Manifest ID | "" |
| global.imageTag | Global image tag | "" |
| global.mainServiceAccountName | Main service account name | diagrid-agent |
| global.sccTargetServiceAccountName | SCC target service account | diagrid-agent-logs-collector |
| global.kubernetesOs | Kubernetes OS | linux |
| global.isOpenShift | OpenShift deployment flag | false |
| global.isLocal | Local deployment flag | false |
| global.customCA | Custom CA certificate | "" |
| global.proxyConfig | Proxy configuration |
Dapr control plane
Dapr installation configuration options. Besides the dapr.enabled argument, all values within the dapr block are a nested version of the values from the Dapr open-source Helm chart. Use the Dapr Helm Readme configuration to modify any properties required in your Dapr installation.
Setting dapr.enabled to true, will allow Conductor to install/manage Dapr via Helm chart and will configure the Dapr control plane and data plane with the following values on your Kubernetes cluster.
dapr:
enabled: true
global:
registry: docker.io/daprio
logAsJson: true
ha:
enabled: true
replicaCount: 3
mtls:
enabled: true
dapr_rbac: {}
dapr_operator:
watchInterval: 3m
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 1024Mi
cpu: '1'
dapr_sidecar_injector:
resources:
requests:
memory: 60Mi
cpu: 100m
limits:
memory: 200Mi
cpu: '1'
dapr_sentry:
resources:
requests:
memory: 60Mi
cpu: 100m
limits:
memory: 1024Mi
cpu: '1'
dapr_placement:
resources:
requests:
memory: 75Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'
dapr_scheduler:
resources:
requests:
memory: 250Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'
Conductor agent
| Parameter | Description | Default |
|---|---|---|
| agent.image | Agent image repository | us-central1-docker.pkg.dev/prj-common-p-shared-79896/reg-p-common-docker-public/agent |
| agent.replicas | Number of agent replicas | 2 |
| agent.logLevel | Logging level | info |
| agent.installDependencies | Install dependencies | false |
| agent.tlsEnabled | Enable TLS | true |
| agent.tlsMutual | Enable mutual TLS | false |
| agent.key | Agent key | "" |
| agent.keyB64 | Base64 encoded agent key | "" |
| agent.goMemLimit | Go memory limit | 675MiB |
Conductor OpenTelemetry metrics collector
| Parameter | Description | Default |
|---|---|---|
| otelMetricsCollector.enabled | Enable metrics collector | true |
| otelMetricsCollector.labels | Additional labels | |
| otelMetricsCollector.replicas | Number of replicas | 2 |
| otelMetricsCollector.image | Collector image | us-central1-docker.pkg.dev/prj-common-p-shared-79896/reg-p-common-docker-public/diagrid-otel-collector |
| otelMetricsCollector.logLevel | Logging level | info |
| otelMetricsCollector.memoryLimiter | Memory limiter settings | See values.yaml |
| otelMetricsCollector.tlsEnabled | Enable TLS | true |
| otelMetricsCollector.remoteWriteURL | Metrics endpoint | https://metrics.diagrid.io/api/v1/push |
| otelMetricsCollector.remoteWriteTlsInsecure | Allow insecure TLS | true |
| otelMetricsCollector.remoteWriteAuthEnabled | Enable auth | true |
Conductor OpenTelemetry logs collector
| Parameter | Description | Default |
|---|---|---|
| otelLogsCollector.enabled | Enable logs collector | true |
| otelLogsCollector.labels | Additional labels | |
| otelLogsCollector.image | Collector image | us-central1-docker.pkg.dev/prj-common-p-shared-79896/reg-p-common-docker-public/diagrid-otel-collector |
| otelLogsCollector.logLevel | Logging level | info |
| otelLogsCollector.daprLogsURL | Dapr logs endpoint | cloudgrid.diagrid.io:443 |
| otelLogsCollector.memoryLimiter | Memory limiter settings | See values.yaml |
| otelLogsCollector.tlsEnabled | Enable TLS | true |
| otelLogsCollector.tlsInsecure | Allow insecure TLS | false |
| otelLogsCollector.isLogsLimited | Enable log limiting | true |
Default resource settings
The following are the default values for the Conductor deployment and Dapr control plane resource settings. These are considered a good starting place for a development cluster, but should be monitored to ensure appropriate values are set.
Dapr control plane
dapr:
dapr_operator:
watchInterval: 3m
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sidecar_injector:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sentry:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_placement:
resources:
requests:
memory: 75Mi
cpu: 250m
limits:
memory: 500Mi
cpu: '1'
dapr_scheduler:
resources:
requests:
memory: 150Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'
Conductor agent
resources:
limits:
memory: 750Mi
requests:
cpu: 10m
memory: 250Mi
Conductor OpenTelemetry metrics collector
resources:
limits:
memory: 2Gi
requests:
cpu: 100m
memory: 250Mi
Conductor OpenTelemetry logs collector
resources:
limits:
memory: 750Mi
requests:
cpu: 10m
memory: 250Mi