Docker with Helm: Install and configure Microsatellites

If your Microsatellites will be running in a Docker container, you can use our Helm chart to configure and deploy them.

To use the Helm chart:

  1. Clone the lightstep-microsatellite-helm-chart to a local directory. The helm repo is also hosted on Artifact Hub.

  2. Configure the chart for your Satellites using the values.yaml file. Please see Microsatellite Configuration Parameters for a full listing and expanded explanations of variables and recommended settings.

    If you are happy with the default port numbers and don’t need TLS, you only need to modify the following settings:

    • satellite_key (or collector_satellite_key_secret_name and collector_satellite_key_secret_key)
    • collector-pool
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# Default values for lightstep.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# REQUIRED: Input your satellite key.  Satellites will not run without a valid key.  You may use either a plain text Satellite key or an existing secret with the Satellite key stored.

replicaCount: 1

image:
  repository: lightstep/microsatellite
  version: 2022-04-28_17-39-22Z
  pullPolicy: IfNotPresent

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# Specify the minAvailable field for PodDisruptionBudget
pdbMinAvailable: 0

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # -- the name of the service account to use; if not set and create is true, a name is generated using the fullname template
  name:
  role:
    # Specifies whether get/watch/list for pods role should be created
    create: true
    name: lightstep-pod-reader
  clusterRole:
    # Specifies whether get/watch/list for nodes clusterRole should be created
    create: true
    name: lightstep-node-reader
  roleBinding:
    # Specifies whether role should be created
    create: true
    name: lightstep-read-pods
    # -- if not set and create is true, the `serviceAccount.role.name` is used
    roleRefName:
    # -- if not set and and create is true, the generated serviceAccount name is used
    serviceAccountName:
  clusterRoleBinding:
    # Specifies whether clusterRole should be created
    create: true
    name: lightstep-read-nodes
    # -- if not set and create is true, the `serviceAccount.clusterRole.name` is used
    roleRefName:
    # -- if not set and and create is true, the generated serviceAccount name is used
    serviceAccountName:

podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/port: "9102"

podSecurityContext: {}
  # fsGroup: 2000

# As of at least version 2021-01-26_23-02-36Z, `drop: ["ALL"]`
# for securityContext.capabilities results in the lightstep/collector
# container terminating with the following message:
#    /bin/sh: 1: exec: /root/collector: Operation not permitted
securityContext:
  # capabilities:
  #   drop:
  #     - ALL
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

service:
  type: ClusterIP
  httpPort: 8181
  # -- set to true if you're using GRPC in order to deploy as a headless service for better load balancing
  grpc: false
  grpcinsecure: 8184
  annotations: {}

# For details on the Cloud Observability configuration parameters, please refer to: https://docs.lightstep.com/docs/micro-satellite-configuration-parameters

lightstep:

  # -- REQUIRED: your Satellite Key - if not set, `lightstep.collector_satellite_key_secret_name` and `lightstep.collector_satellite_key_secret_key` must be set
  satelliteKey: ""
  # OR
  collector_satellite_key_secret_name: ""
  collector_satellite_key_secret_key: ""
  # $ kubectl describe secret collector_satellite_key_secret_name
  # Name:         collector_satellite_key_secret_name
  # Namespace:    default
  # Labels:       <none>
  # Annotations:  <none>
  # Type:  Opaque
  # Data
  # ====
  # collector_satellite_key_secret_key:  390 bytes

  # Single Project Mode details
  disable_access_token_checking: false
  # -- REQUIRED if `lightstep.disable_access_token_checking` is `true`
  project_name: ""

  # Optional configs

  collector_pool: my-satellite-pool
  # -- defaults to pod's name using the Downward API
  guid:
  diagnostic_port: 8000
  admin_plain_port: 8180
  admin_secure_port: 9090
  http_plain_port: 8181
  http_secure_port: 9191
  grpc_plain_port: 8184
  grpc_secure_port: 9292
  plain_port: 8383
  secure_port: 9393
  tls_cert_prefix:
  collector_ingestion_tags:

# Recommended resources would be 2Gi memory and 2 cpu
resources:
  limits:
    memory: 2Gi
    cpu: 2
  requests:
    memory: 2Gi
    cpu: 2

nodeSelector: {}

tolerations: []

affinity: {}

statsd:
  enabled: false
  host: localhost                                   # localhost is required for the sidecar to work
  port: 9125
  export_statsd: true                               # If true, dogStatsD will be ignored
  prefix: "lightstep.prod.us-west-1"
  satellite_prefix: "satellite-canary"
  client_prefix: "client_via_canary"
  dogStatsD: false                                  # If true, will output dogStatsD instead of statsD
  dogStatsDTags: "pool:us-west-1,canary:true"
  image:
    repository: prom/statsd-exporter
    tag: v0.20.0
    pullPolicy: IfNotPresent
  securityContext:
    capabilities:
      drop:
        - ALL
    readOnlyRootFilesystem: true
    runAsNonRoot: true
    runAsUser: 1000
  resources:
    limits:
      memory: 20M
      cpu: 1
    requests:
      memory: 15M
      cpu: 1
  1. Run helm install satellite lightstep-microsatellite-helm-chart, using the file path to your installation directory.

After startup, check the diagnostics page at (http://{satellite_host}:8000/diagnostics) to view the Microsatellite configuration. Follow these instructions to further validate your installation and troubleshoot any issues.

You configure your instrumentation to communicate with your Microsatellites by providing their location. If you are using a single Microsatellite, you provide the DNS name or IP address of that Microsatellite. For more than one, use the name or address of the load balancer you’ve deployed. Find out how to do that in the language-specific Quickstart guides.

By default, client libraries use secure connections. If you’ve configured your Microsatellite to use plainport connections, you must configure your tracer appropriately.

See also

Microsatellite configuration parameters

Verify and test Microsatellite setup

Updated Apr 6, 2021