If the Java-based microservices or Liberty applications in IBM Cloud Private are not created and deployed by using IBM Microservice Builder, manually update the deployment to configure data collection for your Java-based microservices or applications.

Before you begin

  • The following V8.1.4 Cloud APM server information is required during Liberty data collector configuration.
    • The URL of the target Cloud APM server
    • The location of the key file, either a URL to download the key file or a local file directory (required only by a secure HTTPS connection).

      For example, http://127.0.0.1:8080/keyfile.p12, file:///etc/apm-keyfile/keyfile.p12, or /etc/apm-keyfile-volume/keyfile.p12.

    • The key file password that is paired with the key file (required only by a secure HTTPS connection)
  • The service account that you use to configure the data collector must have access to Kubernetes resources. Run the following command on the master node to decide whether the data collector can access Kubernetes resources with the service account, where kube_namespace is the target namespace and service_account is the account that you use to configure the data collector.
    kubectl auth can-i list nodes --as system:serviceaccount:kube_namespace:service_account
    kubectl auth can-i get pods --as system:serviceaccount:kube_namespace:service_account
    kubectl auth can-i list services --as system:serviceaccount:kube_namespace:service_account

    If the service account does not have access to Kubernetes resources, authorize it before you configure the data collector. For information, see Authorizing the data collector to access Kubernetes resources.

Procedure

  1. Create the server secret yaml file named apm-server-config-secret.yaml by running either the create -f or the apply -f command.
  2. Add the following information to the apm-server-config-secret.yaml file:
    apiVersion: v1
    kind: Secret
    metadata:
      name: apm-server-config
    data:
      ibm_apm_ingress_url: apm_for_devops_server_url
      ibm_apm_keyfile: key_file_location
      ibm_apm_keyfile_password: key_file_pswd
  3. Remember: Use base64 encoding to encrypt the actual values for the following variables. For example, on a Linux system run the echo -n ‘original_value’ | base64 command to get the encoded value.

    where:

    • apm_server_url is the base64 encoded URL of the target Cloud APM server.
    • key_file_location is the base64 encoded location of the key file. This variable is required by a secure HTTPS connection only.
    • key_file_pswd is the base64 encoded key file password that is paired with the key file. This variable is required by a secure HTTPS connection only.
  4. On the IBM Cloud Private master node, create the server secrets by running the following command:
    kubectl create -f apm-server-config-secret.yaml
  5. Update the Dockerfile for your Liberty application to add the following two lines that start with RUN:
    
    RUN installUtility install --acceptLicense defaultServer && installUtility install --acceptLicense apmDataCollector-7.4
    RUN /opt/ibm/wlp/usr/extension/liberty_dc/bin/config_liberty_dc.sh -silent /opt/ibm/wlp/usr/extension/liberty_dc/bin/silent_config_liberty_dc.txt
    
  6. Remove the current Docker image with the docker rmi command.

    The following example removes the Docker image by using the image tag:

    docker rmi -f mycluster.icp:8500/admin/trader:liberty

  7. Build and tag the Docker image again with the updated Dockerfile by running the following command:
    docker build -t new_image_tag .

    where new_image_tag is the Docker image tag, which must contain the IBM Cloud Private registry.

    Example:

    docker build -t mycluster.icp:8500/admin/trader:libertydc .

    where mycluster.icp:8500 is the IBM Cloud Private registry.

    Remember: During the Docker image build process, the Liberty data collector is downloaded from the WebSphere Liberty Repository as an extension pack. If your firewall rules do not allow connection to this public and online repository, you can enable on-premises or offline access to download and install the Liberty data collector. For more information about access to Liberty Repository, see Liberty: Liberty Repository.
  8. Push the new Docker image to the IBM Cloud Private registry by running the following command:
    docker push new_image_tag

    where new_image_tag is the Docker image tag that you specified in the previous step.

    Example:
    docker push mycluster.icp:8500/admin/trader:libertydc

  9. Edit the Liberty application deployment yaml file to use the new Docker image.
  10. Edit the Liberty application deployment yaml file by adding the following variables to the container specification. Specify your application name in the APPLICATION_NAME value. Add IBM_APM_KEYFILE and IBM_APM_KEYFILE_PASSWORD only for a secure HTTPS connection.
    
              - name: APPLICATION_NAME
                value: your_app_name
              - name: IBM_APM_SERVER_URL
                valueFrom:
                  secretKeyRef:
                    name: apm-server-config
                    key: ibm_apm_server_url
                    optional: true
              - name: IBM_APM_KEYFILE
                valueFrom:
                  secretKeyRef:
                    name: apm-server-config
                    key: ibm_apm_keyfile
                    optional: true
              - name: IBM_APM_KEYFILE_PASSWORD
                valueFrom:
                  secretKeyRef:
                    name: apm-server-config
                    key: ibm_apm_keyfile_password
                    optional: true
  11. If a proxy is set for the JVM, add the JVM_ARGS variable to the container specification in the application deployment yaml file to define the proxy properties.
    • If authentication is not required, specify the JVM_ARGS variable value as follows:
            - name: JVM_ARGS
              value: "-Dhttp.proxyHost=http_proxy_host -Dhttp.proxyPort=http_proxy_port -Dhttps.proxyHost=https_proxy_host -Dhttps.proxyPort=https_proxy_port -Djava.net.useSystemProxies=true -Dhttp.nonProxyHosts=non_proxy_host"
    • If a user ID and password is required to access the proxy, specify the JVM_ARGS variable value as follows:
            - name: JVM_ARGS
              value: "-Dhttp.proxyHost=http_proxy_host -Dhttp.proxyPort=http_proxy_port -Dhttp.proxyUser=http_proxy_user -Dhttp.proxyPassword=http_proxy_pwd -Dhttps.proxyHost=https_proxy_host -Dhttps.proxyPort=https_proxy_port -Dhttps.proxyUser=https_proxy_user -Dhttps.proxyPassword=https_proxy_pwd -Djava.net.useSystemProxies=true -Dhttp.nonProxyHosts=non_proxy_host"
    Remember:

    • All proxy properties that are embraced by double quotation marks (” “) must be set on the same line as value: and separated by a space.
    • The -Djava.net.useSystemProxies value must be set to true.
    • Use the -Dhttp.nonProxyHosts variable to specify the IPs that are used for internal communication and the asterisk (*) can be used.

    Example:

          - name: JVM_ARGS
            value: "-Dhttp.proxyHost=9.42.23.52 -Dhttp.proxyPort=82 -Dhttp.proxyUser=myproxy -Dhttp.proxyPassword=mypwd -Dhttps.proxyHost=9.42.23.52 -Dhttps.proxyPort=82 -Dhttps.proxyUser=myproxy -Dhttps.proxyPassword=mypsw -Djava.net.useSystemProxies=true -Dhttp.nonProxyHosts=10.*"
  12. Update the Liberty application deployment by running the kubectl replace command.
    kubectl replace -f updated_liberty_app_deployment.yaml

What to do next

Log in to the Cloud APM console from your browser to review the health status of your services in the dashboards. For detailed instructions, see Starting the Cloud APM console.

Remember: When you want to add the Liberty data collector instance on the Application Dashboard, select Liberty Runtime from the component list.

Join The Discussion

Your email address will not be published. Required fields are marked *