Install SUSE Observability

Before you start

Extra notes for installing on:

Before you start the installation of SUSE Observability:

  • Check the requirements to make sure that your Kubernetes environment fits the setup that you will use (recommended, minimal or non- high availability).

  • Check that you have the required permissions.

  • Add the SUSE Observability helm repository to the local helm client:

helm repo add suse-observability https://charts.rancher.com/server-charts/prime/suse-observability
helm repo update

Install SUSE Observability

For environments without internet access, also known as air-gapped environments, first follow these extra instructions.

Also, make sure to follow the air-gapped installation instructions whenever those are present for a step.

  1. Create the namespace where SUSE Observability will be installed

  2. Create values.yaml configuration file

  3. Configure storage class (Optional)

  4. Deploy SUSE Observability with Helm

  5. Access the SUSE Observability UI

Create namespace

Start by creating the namespace where you want to install SUSE Observability and deploy the secret in that namespace. In our walkthrough we will use the namespace suse-observability:

kubectl create namespace suse-observability

Create values.yaml configuration file

The values.yaml file contains all configuration required to deploy SUSE® Observability including your license key, base URL, admin password, and sizing profile.

Before you continue: Make sure you have the latest version of the Helm charts with helm repo update.

  • Recommended method

  • Legacy method (Deprecated)

Create a values.yaml file with the global.suseObservability configuration structure:

global:
  # Optional: Override image registry (defaults to registry.rancher.com)
  # Only needed for air-gapped environments or custom registries
  # imageRegistry: "your-private-registry.example.com"

  # Optional: Override storage class (uses cluster default if not set)
  # storageClass: "your-storage-class"

  suseObservability:
    # Required: Your SUSE Observability license key
    license: "YOUR-LICENSE-KEY"

    # Required: Base URL for SUSE Observability
    # Use http://localhost:8080 if ingress is not configured yet
    baseUrl: "https://observability.example.com"

    # Required: Sizing profile
    # Available: trial, 10-nonha, 20-nonha, 50-nonha, 100-nonha,
    #            150-ha, 250-ha, 500-ha, 4000-ha
    sizing:
      profile: "150-ha"

    # Required: Admin password (must be bcrypt hash)
    # Generate with: htpasswd -bnBC 10 "" "your-password" | tr -d ':\n'
    adminPassword: "$2a$10$..."

    # Optional: Receiver API key (auto-generated if not provided)
    # receiverApiKey: "your-receiver-api-key"

    # Optional: Pull secret for private registry
    # pullSecret:
    #   username: "registry-user"
    #   password: "registry-pass"
To generate a bcrypt password hash, use: htpasswd -bnBC 10 "" "your-password" | tr -d ':\n'

For more configuration options including affinity settings, see Configure Kubernetes Affinities.

This method is deprecated. For new installations, use the recommended method above. For existing installations using this method, see the migration guide to transition to the new configuration format.

You can generate the SUSE Observability configuration files by running a separate Helm Chart. This is the suse-observability/suse-observability-values chart:

export VALUES_DIR=.
helm template \
  --set license='<your license>' \
  --set baseUrl='<suse-observability-base-url>' \
  --set sizing.profile='<sizing.profile>' \
  suse-observability-values \
  suse-observability/suse-observability-values --output-dir $VALUES_DIR

This command generates the files $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml, $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml, and $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml.

The SUSE® Observability administrator passwords will be autogenerated by the above command and are output as comments in the generated basicConfig.yaml file. The actual values contain the bcrypt hashes of those passwords so that they’re securely stored in the Helm release in the cluster.

The values that can be passed to this chart are:

Configuration Value Description

Basic Config generate

basicConfig.generate

Switch on or off the generation of the basicConfig_values.yaml file.

Receiver API Key

receiverApiKey

The API key used by SUSE Observability to receive data from agents. This is a secret key that should be kept private. If you omit this, a random key will be generated for you.

Base URL

baseUrl

The <STACKSTATE_BASE_URL>. The external URL for SUSE Observability that users and agents will use to connect. For example https://suse-observability.internal. If you haven’t decided on an Ingress configuration yet, use http://localhost:8080. This can be updated later in the generated file.

Username and password**

-u -p

The username and password used by SUSE Observability to pull images. For air-gapped environments these need to be the username and password for the local contaier registry.

License key

license

The SUSE Observability license key.

Default password

adminPassword

The password for the default user (admin) to access SUSE Observability’s UI. If you omit this, a random password will be generated for you. If you do pass this value and it’s not bcrypt hashed, the chart will hash it for you.

Image Registry

imageRegistry

The registry where the SUSE Observability images are hosted. If not provided, the default value will be 'quay.io'

Pull Secret Username

pullSecret.username

The username used to pull images from the Docker registry where the SUSE Observability images are hosted. Only needed for custom registries.

Pull Secret Password

pullSecret.password

The password used to pull images from the Docker registry where the SUSE Observability images are hosted. Only needed for custom registries.

Sizing generate

sizing.generate

Switch on or off the generation of the sizing_values.yaml file.

Sizing profile

sizing.profile

OneOf trial, 10-nonha, 20-nonha, 50-nonha, 100-nonha, 150-ha, 250-ha, 500-ha. Based on these profiles, you can generate the sizing_values.yaml file containing default sizes for the SUSE Observability resources and configuration to deploy in HA or Non-HA mode. For example, 10-nonha produces a sizing_values.yaml to deploy a NonHa SUSE Observability instance to observe a 10 node cluster in a Non High availability mode. Currently, moving from a Non-HA to an HA environment is not possible. If you expect that your environment will require observing around 150 nodes, then it’s better to go with HA immediately.

Pod AntiAffinity

affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution

Enforce that the replicas of the same data services are scheduled to different Kubernetes nodes. Only applicable for HA profiles. Either true or false. The default is true - scheduling to different nodes is enforced.

Store the generated basicConfig.yaml and sizing_values.yaml files safely. You can reuse these files for upgrades, saving time and ensuring that SUSE® Observability continues to use the same API key. This is desirable as it means Agents and other data providers for SUSE® Observability won’t need updating. You can regenerate the files independently using the switches basicConfig.generate=false and sizing.generate=false to disable any of them while still keeping the previously generated version of the file in the output-dir.

The SUSE® Observability Values chart generates affinity configurations that you can use with the main SUSE® Observability chart to control pod scheduling behavior. Refer to Configure Kubernetes Affinities documentation for more information.

Configure storage class (Optional)

SUSE® Observability uses the cluster’s default storage class if not specified. You can optionally override this by setting global.storageClass in your values.yaml file.

  • Recommended method

  • Legacy method (Deprecated)

If you need to use a specific storage class, add it to your values.yaml file under global.storageClass:

global:
  storageClass: "your-storage-class"  # e.g., "local-path" for Rancher local-path provisioner
  suseObservability:
    # ... other configuration

Edit the file $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml to add the "storageClass" configuration:

# Source suse-observability-values/templates/baseConfig_values.yaml
global:
  storageClass: "your-storage-class" # Optional: override default storage class

Deploy SUSE® Observability with Helm

The recommended deployment of SUSE Observability is a production ready, high availability setup with many services running redundantly. If required, it’s also possible to run SUSE Observability in a non-redundant setup, where each service has only a single replica. This setup is only recommended for a test environment.

For air-gapped environments follow the instructions for the air-gapped installations.

  • Recommended method

  • Recommended method (Air-gapped)

  • Legacy method (Deprecated)

  • Legacy method (Air-gapped)

To deploy SUSE® Observability on Kubernetes:

  1. Before you deploy:

  2. Deploy the latest SUSE® Observability version to the suse-observability namespace with the following command:

helm upgrade \
  --install \
  --namespace suse-observability \
  --values values.yaml \
suse-observability \
suse-observability/suse-observability

Alternatively, deploy directly using --set flags without a values file:

helm upgrade \
  --install \
  --namespace suse-observability \
  --set global.suseObservability.license="YOUR-LICENSE-KEY" \
  --set global.suseObservability.baseUrl="https://observability.example.com" \
  --set global.suseObservability.sizing.profile="150-ha" \
  --set global.suseObservability.adminPassword='$2a$10$...' \
suse-observability \
suse-observability/suse-observability

To deploy SUSE® Observability in an air-gapped setup on Kubernetes:

  1. Before you deploy:

  2. Deploy the latest SUSE® Observability version to the suse-observability namespace with the following command:

helm upgrade \
  --install \
  --namespace suse-observability \
  --values local-docker-registry.yaml \
  --values values.yaml \
suse-observability \
suse-observability/suse-observability

This method is deprecated. For new installations, use the recommended method above. For existing installations using this method, see the migration guide to transition to the new configuration format.

To deploy SUSE® Observability on Kubernetes:

  1. Before you deploy:

  2. Deploy the latest SUSE® Observability version to the suse-observability namespace with the following command:

helm upgrade \
  --install \
  --namespace suse-observability \
  --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \
  --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \
  --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \
suse-observability \
suse-observability/suse-observability

This method is deprecated. For new installations, use the recommended method above. For existing installations using this method, see the migration guide to transition to the new configuration format.

To deploy SUSE® Observability in an air-gapped setup on Kubernetes:

  1. Before you deploy:

  2. Deploy the latest SUSE® Observability version to the suse-observability namespace with the following command:

helm upgrade \
  --install \
  --namespace suse-observability \
  --values local-docker-registry.yaml \
  --values $VALUES_DIR/suse-observability-values/templates/baseConfig_values.yaml \
  --values $VALUES_DIR/suse-observability-values/templates/sizing_values.yaml \
  --values $VALUES_DIR/suse-observability-values/templates/affinity_values.yaml \
suse-observability \
suse-observability-A.B.C.tgz

After the install, the SUSE Observability release should be listed in the SUSE Observability namespace and all pods should be running:

# Check the release is listed
helm list --namespace suse-observability

# Check pods are running
# It may take some time for all pods to be installed or available
kubectl get pods --namespace suse-observability

Access the SUSE Observability UI

After SUSE Observability has been deployed you can check if all pods are up and running:

kubectl get pods --namespace suse-observability

When all pods are up, you can enable a port-forward:

kubectl port-forward service/<helm-release-name>-suse-observability-router 8080:8080 --namespace suse-observability

For the ingress configuration, create an ingress_values.yaml file and add the below code.

Remember to set a secret for the TLS configuration. For details on how to do that, consult the kubectl documentation.

 
ingress:
  enabled: true
  class: ""
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    #if external dns (cloudflare and similars) configure:
    #external-dns.alpha.kubernetes.io/target: <INGRESS_FQDN>
    #external-dns.alpha.kubernetes.io/ttl: "60"
    #end if
  hosts:
  - host: <SUSE_OBSERVABILITY_HOST>
  tls:
  - hosts:
    - <SUSE_OBSERVABILITY_HOST>
    secretName: suse-private-ai-tls
  existingSecret: suse-private-ai-tls
  # Set up your secrets in whichever way feels fit. Check k8s docs for details: https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_tls/

Proceed to run an upgrade to apply ingress configuration:

  • Upgrade

  • Air-gapped upgrade

helm upgrade --namespace suse-observability --reuse-values --values ingress_values.yaml suse-observability suse-observability/suse-observability
helm upgrade --namespace suse-observability --reuse-values --values suse-observability-values/templates/ingress_values.yaml suse-observability suse-observability-A.B.C.tgz

If you are not using an external DNS, add to your local machine /etc/hosts: <CLUSTER_IP> <SUSE_OBSERVABILITY_HOST>.

SUSE Observability will now be available in your browser at https://localhost:8080. Log in with the username admin and the default password provided in the baseConfig_values.yaml file.

Next steps are