Installation guide
Prerequisites
- Kubernetes cluster where you have Administrator access.
- Helm 3.x or later.
- Cluster outbound network access to Diagrid's artifact repository (See Access details).
- A D3E access token (provided by Diagrid).
- Dynatrace installation (only required for Option 3: Dynatrace integration).
Open source version compatibility
D3E maintains full compatibility with Dapr open source, providing additional enterprise features on top of the existing APIs and SDKs. Only two versions of Dapr are supported at a time; the current stable version and previous minor version, including select patch versions. This means that there is a rolling window that moves forward for supported releases and it is your operational responsibility to remain up to date with these supported versions. If you have an older version of Dapr you may have to do intermediate upgrades to get to a supported version.
The table below lists the currently supported and deprecated versions of D3E, corresponding to the associated Dapr open source versions.
| D3E version | ARM64 features | AMD64 features | Operating system |
|---|---|---|---|
| 1.14.4 | Multi-tenant control plane, namespace isolation and reduced permission set. | Multi-tenant control plane, namespace isolation, reduced permission set and Dynatrace integration. | Linux |
| 1.13.6 | Multi-tenant control plane, namespace isolation and reduced permission set. | Multi-tenant control plane, namespace isolation, reduced permission set and Dynatrace integration. | Linux |
Installation setup
- Ensure any existing Dapr installations are removed from your cluster. Run the following commands to delete the resources.
helm uninstall dapr -n dapr-system
kubectl delete pvc -n dapr-system --all
kubectl delete crds subscriptions.dapr.io resiliencies.dapr.io configurations.dapr.io components.dapr.io httpendpoints.dapr.io
- Set your D3E token in your terminal. Note: this is a custom access token that is provided to you by the Diagrid team.
token=<TOKEN-PROVIDED-BY-DIAGRID>
- Choose your installation path and continue with one of the following options to install D3E:
- Option 1: D3E with single namespace isolation
- Option 2: D3E with multi-namespace isolation & multi-tenancy
- Option 3: D3E with Dynatrace
- Option 4: D3E without ClusterRoles using the Diagrid Dapr Injector Helm chart
Option 1: D3E with single namespace isolation
In this configuration of D3E, the Dapr control plane is scoped to a single namespace and only applications deployed within that namespace can be injected with Dapr sidecars.
Helm values:
The D3E Helm chart supports all Helm chart values available from the open source Dapr Helm chart repository along with the values listed below. If you require additional configuration for your Dapr deployment, ensure to add these values into your Helm install command or use a custom values file.
| Helm value | Description | Default value | D3E options |
|---|---|---|---|
| global.rbac.namespaced | Enable namespace isolation | false | true, false |
Example installation command:
The following command will install D3E version 1.14.4 into the dapr-system namespace, and only allow applications in dapr-system to be injected with Dapr sidecars.
helm install \
--create-namespace \
-n dapr-system dapr \
--set global.rbac.namespaced=true \
--set diagrid.token=${token} \
--set global.tag=1.14.4 \
oci://public.ecr.aws/diagrid/d3e-charts/d3e-dapr --version 1.14.4
Option 1: Single namespace isolation
Option 2: D3E with multi-namespace isolation & multi-tenancy
In this configuration of D3E, the Dapr control plane is scoped to a list of namespaces and only applications deployed in those namespaces can be injected with Dapr sidecars. Use the global.rbac.namespaces Helm value to specify the list of namespaces that Dapr should be able to target for injection.
Helm values:
The D3E Helm chart supports all Helm chart values available from the open source Dapr Helm chart repository along with the values listed below. If you require additional configuration for your Dapr deployment, ensure to add these values into your Helm install command or use a custom values file.
| Helm value | Description | Default value | D3E options |
|---|---|---|---|
| global.rbac.namespaced | Enable namespace isolation | false | true, false |
| global.rbac.namespaces | List of namespaces Dapr can inject sidecars into | [] | ["namespace-1", “namespace-2”], ... |
Example installation command:
The following command will install D3E version 1.14.4 into the dapr-system namespace, and only allow applications in the namespace crud-app to be injected with Dapr sidecars.
helm install \
--create-namespace \
-n dapr-system \
--set global.rbac.namespaced=true \
--set-json 'global.rbac.namespaces=[“crud-app”]' \
--set diagrid.token=${token} \
--set global.tag=1.14.4 \
dapr oci://public.ecr.aws/diagrid/d3e-charts/d3e-dapr --version 1.14.4
Option 2: Multi-namespace isolation
Multi-tenancy support:
To configure multi-tenancy, execute the D3E Helm installation command again, modifying the Dapr namespace value (-n) and the global.rbac.namespaces value with new namespaces. This will allow for multiple Dapr installations within the same cluster, each within its own isolated namespace.
For example, run the Helm command to end up with the following cluster configuration:
- D3E deployed in the dapr-system namespace with the attributes
global.rbac.namespaced=trueandglobal.rbac.namespaces=[“crud-app”] - D3E deployed in the dapr-secondary namespace with the attributes
global.rbac.namespaced=trueandglobal.rbac.namespaces=[“order-app”]
Option 2: Multi-tenancy & namespace isolation
Option 3: D3E with Dynatrace
In this configuration of D3E, the Dapr sidecar uses container images that are compatible with Dynatrace. Use the global.tag Helm value to add the suffix -dynatrace to the version of D3E you are installing. Note: this option can be also combined with Helm values provided with D3E Options 1 or 2.
Helm values:
The D3E Helm chart supports all Helm chart values available from the open source Dapr Helm chart repository along with the values listed below. If you require additional configuration for your Dapr deployment, ensure to add these values into your Helm install command or use a custom values file.
| Helm value | Description | Default value | D3E options |
|---|---|---|---|
| global.tag | Container image tag | latest release | -dynatrace |
Example installation command:
The following command will install D3E version 1.14.4 with Dynatrace integration into the dapr-system namespace, and only allow applications in the namespace crud-app to be injected with Dapr sidecars.
helm install \
--create-namespace \
-n dapr-system \
--set global.rbac.namespaced=true \
--set-json 'global.rbac.namespaces=["crud-app”]' \
--set diagrid.token=${token} \
--set global.tag=1.14.4-dynatrace \
dapr oci://public.ecr.aws/diagrid/d3e-charts/d3e-dapr --version 1.14.4
Option 3: Dynatrace integration & namespace isolation
Option 4: D3E without ClusterRoles using the Diagrid Dapr Injector Helm chart
In this configuration of D3E, the Dapr control plane sidecar injector service is not deployed, removing the need for the Sidecar Injector ClusterRole (detailed in Kubernetes resource requirements). In order to inject the Dapr sidecar into required applications, the Diagrid Dapr Injector Helm library chart is used.
This option, although requiring the least amount of cluster permissions, does involve operational overhead to configure your Dapr application manifests to contain the sidecars. Unless there is a strict requirement for no Dapr ClusterRoles to be deployed in your Kubernetes environment, this method is not recommended.
Helm values:
The D3E Helm chart supports all Helm chart values available from the open source Dapr Helm chart repository along with the values listed below. If you require additional configuration for your Dapr deployment, ensure to add these values into your Helm install command or use a custom values file.
This option can be combined with Helm values in D3E Options 1, 2 or 3 to provide namespace isolation, multi-tenancy or Dynatrace integration in your D3E deployment.
| Helm value | Description | Default value | D3E options |
|---|---|---|---|
| dapr_sidecar_injector.enabled | Deployment of sidecar injector control plane service | true | true, false |
| global.rbac.injector.enabled | Deployment of the injector ClusterRole | true | true, false |
Example installation command: The following command will install D3E version 1.14.4 into the dapr-system namespace, without the sidecar injector control plane service, and only allow applications in the dapr-system namespace to be injected with sidecars.
helm install \
--create-namespace \
-n dapr-system \
--set global.rbac.namespaced=true \
--set diagrid.token=${token} \
--set dapr_sidecar_injector.enabled=false \
--set global.rbac.injector.enabled=false \
dapr oci://public.ecr.aws/diagrid/d3e-charts/d3e-dapr --version 1.14.4
Use the Diagrid Dapr Injector: After installing D3E on your cluster, you need to configure your applications to contain the Dapr sidecars at deployment time, by adding the Diagrid Dapr Injector Helm library chart as a dependency to your applications.
The step-by-step instructions to configure this are detailed in the GitHub repository here, starting at Step 1: Add the Dependency. This configuration must be done for all Dapr-enabled applications otherwise the sidecar will not be injected and Dapr operations will fail.
It is recommended to test out the behaviour using the deploy-sample sample application located in the repository to ensure that you understand the implications before proceeding with configuring your applications.
Option 4: Without ClusterRoles using the Diagrid Dapr Injector Helm chart & single namespace isolation