Skip to main content

Install Conductor with Helm (Enterprise)

Conductor cluster connections can be backed with basic Kubernetes manifests or packaged as a Helm chart. Helm managed cluster connections are a great option for users who already use Helm as a Kubernetes package manager or who are using GitOps tools such as ArgoCD or Flux. Leveraging this option for cluster connections allows Conductor (and optionally the Dapr control plane) to be configured only using Helm and effectively puts the cluster connection in "read-only mode" in the console.

Helm managed cluster connections are made up of two Helm charts; the agent Helm chart containing the Conductor agent and its supporting components, and the Dapr control plane as an entirely separate Helm chart. This allows users to add Conductor to their existing Helm management solutions while still taking advantage of the observability and advisory features of Conductor.

Note

When Dapr is managed by Helm, the following features are not supported in Conductor:

  • Managed mTLS certificate rotation (coming soon)
  • Automatic agent upgrades
  • Automatic Dapr configuration sync
  • Application and sidecar rollouts
  • Dapr upgrades via the web console/CLI
  • Cluster connection updates via the web console/CLI
  • Automatically applying advisories

Create a cluster connection (Console)

  1. Create a new cluster connection via the Conductor console, choosing a Kubernetes distribution and Cluster type, and enabling the Helm managed option.

helm cluster connection create

  1. Optionally toggle the Install Dapr flag, if you want to install Dapr on your cluster as a separate Helm chart. Configure the Dapr version, Dapr namespace and other Helm values using one of the provided Helm argument profiles or by bringing your own.

helm cluster dapr install

  1. Optionally configure additional settings in the Advanced agent configuration section to change the agent namespace, add Kubernetes labels, tolerations etc.

helm cluster advanced configuration

  1. Click Create to generate the Helm commands and values.

helm download values

  1. Download and open the Agent and Dapr Helm values files to inspect their contents. Use the Helm values reference table below to check the desired behavior of both the Helm chart configurations for your cluster installation. Save the values in source control if it's part of your DevOps workflow.

  2. After confirming the Helm values are correct for your configuration, install the Agent and Dapr Helm charts on your cluster using the provided commands. These will be installed as separate Helm charts.

    # Sample Agent Helm installation
    helm install <cluster-connection-name> oci://public.ecr.aws/diagrid/conductor-charts/agent \
    --version <version-number> \
    -n diagrid-cloud --create-namespace \
    -f https://api.diagrid.io/apis/diagrid.io/v1beta1/clusters/<cluster-id>/helmvalues?token=<cluster-token>

    # Sample Dapr Helm installation
    helm install dapr dapr/dapr \
    --version=<dapr-version> \
    --namespace dapr-system --create-namespace --wait \
    -f https://api.diagrid.io/apis/diagrid.io/v1beta1/clusters/<cluster-id>/daprhelmvalues?token=<cluster-token>
  3. Watch the Conductor and Dapr control plane resources come online in the console: https://conductor.diagrid.io/clusters.

Agent Helm values reference

Required values

It is important that you do not overwrite the following Helm values when modifying or providing your own custom Helm values, as these supply the connection details from your Kubernetes cluster that allow it to connect to your Conductor organization.

caCertPem: "your-ca-cert-pem"

global:
orgId: "your-org-id"
agentId: "your-agent-id"
manifestId: "your-manifest-id"

agent:
key: "your-agent-key"
keyB64: "your-agent-key-base64"

Global configuration

Global configuration applies to the Conductor agent and OpenTelemetry logs and metrics collectors.

ParameterDescriptionDefault
global.namespaceNamespace for deploymentdiagrid-cloud
global.namespaceDefaultDefault namespacediagrid-cloud
global.cloudUrlDiagrid cloud endpointcloudgrid.diagrid.io:443
global.orgIdOrganization ID""
global.agentIdAgent ID""
global.manifestIdManifest ID""
global.imageTagGlobal image tag""
global.mainServiceAccountNameMain service account namediagrid-agent
global.sccTargetServiceAccountNameSCC target service accountdiagrid-agent-logs-collector
global.kubernetesOsKubernetes OSlinux
global.isOpenShiftOpenShift deployment flagfalse
global.isLocalLocal deployment flagfalse
global.customCACustom CA certificate""
global.proxyConfigProxy configuration

Conductor agent

ParameterDescriptionDefault
agent.imageAgent image repositoryus-central1-docker.pkg.dev/prj-common-p-shared-79896/reg-p-common-docker-public/agent
agent.replicasNumber of agent replicas2
agent.logLevelLogging levelinfo
agent.installDependenciesInstall dependenciesfalse
agent.tlsEnabledEnable TLStrue
agent.tlsMutualEnable mutual TLSfalse
agent.keyAgent key""
agent.keyB64Base64 encoded agent key""
agent.goMemLimitGo memory limit675MiB

Conductor OpenTelemetry metrics collector

ParameterDescriptionDefault
otelMetricsCollector.enabledEnable metrics collectortrue
otelMetricsCollector.labelsAdditional labels
otelMetricsCollector.replicasNumber of replicas2
otelMetricsCollector.imageCollector imageus-central1-docker.pkg.dev/prj-common-p-shared-79896/reg-p-common-docker-public/diagrid-otel-collector
otelMetricsCollector.logLevelLogging levelinfo
otelMetricsCollector.memoryLimiterMemory limiter settingsSee values.yaml
otelMetricsCollector.tlsEnabledEnable TLStrue
otelMetricsCollector.remoteWriteURLMetrics endpointhttps://metrics.diagrid.io/api/v1/push
otelMetricsCollector.remoteWriteTlsInsecureAllow insecure TLStrue
otelMetricsCollector.remoteWriteAuthEnabledEnable authtrue

Conductor OpenTelemetry logs collector

ParameterDescriptionDefault
otelLogsCollector.enabledEnable logs collectortrue
otelLogsCollector.labelsAdditional labels
otelLogsCollector.imageCollector imageus-central1-docker.pkg.dev/prj-common-p-shared-79896/reg-p-common-docker-public/diagrid-otel-collector
otelLogsCollector.logLevelLogging levelinfo
otelLogsCollector.daprLogsURLDapr logs endpointcloudgrid.diagrid.io:443
otelLogsCollector.memoryLimiterMemory limiter settingsSee values.yaml
otelLogsCollector.tlsEnabledEnable TLStrue
otelLogsCollector.tlsInsecureAllow insecure TLSfalse
otelLogsCollector.isLogsLimitedEnable log limitingtrue

Dapr Helm values reference

All Dapr Helm values are from the Dapr open-source Helm chart. Use the Dapr Helm README Configuration to modify any properties required in your Dapr installation. Default Helm arguments profiles are provided, for example the following for Dev environments.

Note

Dapr is installed as a separate Helm chart, removing the management from Conductor and effectively putting the Conductor console into "read-only-mode".

global:
registry: docker.io/daprio
ha:
enabled: false
mtls:
enabled: true
dapr_rbac: {}
dapr_operator:
watchInterval: 3m
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sidecar_injector:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sentry:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_placement:
cluster:
forceInMemoryLog: true
resources:
requests:
memory: 75Mi
cpu: 250m
limits:
memory: 500Mi
cpu: '1'
dapr_scheduler:
resources:
requests:
memory: 150Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'

Default resource settings

The following are the default values for the Conductor agent and Dapr control plane resource settings. These are considered a good starting place for Dev/Prod environments respectively, but should be monitored and then updated to ensure appropriate values are set.

Dapr control plane: Dev

dapr:
dapr_operator:
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sidecar_injector:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_sentry:
resources:
requests:
memory: 30Mi
cpu: 100m
limits:
memory: 500Mi
cpu: '1'
dapr_placement:
resources:
requests:
memory: 75Mi
cpu: 250m
limits:
memory: 500Mi
cpu: '1'
dapr_scheduler:
resources:
requests:
memory: 150Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'

Dapr control plane: Prod

dapr_operator:
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 1024Mi
cpu: '1'
dapr_sidecar_injector:
resources:
requests:
memory: 60Mi
cpu: 100m
limits:
memory: 200Mi
cpu: '1'
dapr_sentry:
resources:
requests:
memory: 60Mi
cpu: 100m
limits:
memory: 1024Mi
cpu: '1'
dapr_placement:
resources:
requests:
memory: 75Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'
dapr_scheduler:
resources:
requests:
memory: 250Mi
cpu: 250m
limits:
memory: 1024Mi
cpu: '1'

Conductor agent

resources:
limits:
memory: 750Mi
requests:
cpu: 10m
memory: 250Mi

Conductor OpenTelemetry metrics collector

resources:
limits:
memory: 2Gi
requests:
cpu: 100m
memory: 250Mi

Conductor OpenTelemetry logs collector

resources:
limits:
memory: 750Mi
requests:
cpu: 10m
memory: 250Mi