LogoLogo
StackState.comDownloadSupportExplore playground
SUSE Observability
SUSE Observability
  • SUSE Observability docs!
  • Docs for all SUSE Observability products
  • 🚀Get started
    • Quick start guide
    • SUSE Observability walk-through
    • SUSE Rancher Prime
      • Air-gapped
      • Agent Air-gapped
    • SUSE Cloud Observability
  • 🦮Guided troubleshooting
    • What is guided troubleshooting?
    • YAML Configuration
    • Changes
    • Logs
  • 🚨Monitors and alerts
    • Monitors
    • Out of the box monitors for Kubernetes
    • Notifications
      • Configure notifications
      • Notification channels
        • Slack
        • Teams
        • Webhook
        • Opsgenie
      • Troubleshooting
    • Customize
      • Add a monitor using the CLI
      • Derived State monitor
      • Dynamic Threshold monitor
      • Override monitor arguments
      • Write a remediation guide
  • 📈Metrics
    • Explore Metrics
    • Custom charts
      • Adding custom charts to components
      • Writing PromQL queries for representative charts
      • Troubleshooting custom charts
    • Advanced Metrics
      • Grafana Datasource
      • Prometheus remote_write
      • OpenMetrics
  • 📑Logs
    • Explore Logs
    • Log Shipping
  • 🔭Traces
    • Explore Traces
  • 📖Health
    • Health synchronization
    • Send health data over HTTP
      • Send health data
      • Repeat Snapshots JSON
      • Transactional Increments JSON
    • Debug health synchronization
  • 🔍Views
    • Kubernetes views
    • Custom views
    • Component views
    • Explore views
    • View structure
      • Overview perspective
      • Highlights perspective
      • Topology perspective
      • Events perspective
      • Metrics perspective
      • Traces perspective
      • Filters
      • Keyboard shortcuts
    • Timeline and time travel
  • 🕵️Agent
    • Network configuration
      • Proxy Configuration
    • Using a custom registry
    • Custom Secret Management
      • Custom Secret Management (Deprecated)
    • Request tracing
      • Certificates for sidecar injection
  • 🔭Open Telemetry
    • Overview
    • Getting started
      • Concepts
      • Kubernetes
      • Kubernetes Operator
      • Linux
      • AWS Lambda
    • Open telemetry collector
      • Sampling
      • SUSE Observability OTLP APIs
    • Instrumentation
      • Java
      • Node.js
        • Auto-instrumentation of Lambdas
      • .NET
      • SDK Exporter configuration
    • Troubleshooting
  • CLI
    • SUSE Observability CLI
  • 🚀Self-hosted setup
    • Install SUSE Observability
      • Requirements
      • Kubernetes / OpenShift
        • Kubernetes install
        • OpenShift install
        • Alibaba Cloud ACK install
        • Required Permissions
        • Override default configuration
        • Configure storage
        • Exposing SUSE Observability outside of the cluster
      • Initial run guide
      • Troubleshooting
        • Advanced Troubleshooting
        • Support Package (Logs)
    • Configure SUSE Observability
      • Slack notifications
      • E-mail notifications
      • Stackpacks
      • Advanced
        • Analytics
    • Release Notes
      • v2.0.0 - 11/Sep/2024
      • v2.0.1 - 18/Sep/2024
      • v2.0.2 - 01/Oct/2024
      • v2.1.0 - 29/Oct/2024
      • v2.2.0 - 09/Dec/2024
      • v2.2.1 - 10/Dec/2024
      • v2.3.0 - 30/Jan/2025
      • v2.3.1 - 17/Mar/2025
      • v2.3.2 - 22/Apr/2025
      • v2.3.3 - 07/May/2025
    • Upgrade SUSE Observability
      • Migration from StackState
      • Steps to upgrade
      • Version-specific upgrade instructions
    • Uninstall SUSE Observability
    • Air-gapped
      • SUSE Observability air-gapped
      • SUSE Observability Kubernetes Agent air-gapped
    • Data management
      • Backup and Restore
        • Kubernetes backup
        • Configuration backup
      • Data retention
      • Clear stored data
    • Security
      • Authentication
        • Authentication options
        • Single password
        • File-based
        • LDAP
        • Open ID Connect (OIDC)
          • Microsoft Entra ID
        • KeyCloak
        • Service tokens
        • Troubleshooting
      • RBAC
        • Role-based Access Control
        • Permissions
        • Roles
        • Scopes
      • Self-signed certificates
      • External secrets
  • 🔐Security
    • Service Tokens
    • API Keys
  • ☁️SaaS
    • User Management
  • Reference
    • SUSE Observability Query Language (STQL)
    • Chart units
    • Topology Identifiers
Powered by GitBook
LogoLogo

Legal notices

  • Privacy
  • Cookies
  • Responsible disclosure
  • SOC 2/SOC 3
On this page
  • SUSE Observability Agent installation
  • SUSE Observability Agent communication
  1. Agent

Network configuration

SUSE Observability

PreviousTimeline and time travelNextProxy Configuration

Last updated 8 months ago

SUSE Observability is a SaaS offering that's hosted in the cloud. To be able to communicate from your premises/cloud to the SUSE Observability SaaS, the SUSE Observability Agent needs to be able to connect to the SUSE Observability SaaS Receiver API. When your cluster is running in a private network, you might need to configure your network to allow the SUSE Observability Agent to connect to the SUSE Observability Receiver API, because your network configuration might disallow egress traffic to the internet. This page describes how to configure your network to allow to install the SUSE Observability Agent, as well as to allow the SUSE Observability Agent to communicate with the SUSE Observability Receiver API.

Traffic between the SUSE Observability Agent and the SUSE Observability Receiver API is always initiated by the SUSE Observability Agent. The SUSE Observability Receiver API doesn't initiate any traffic to the SUSE Observability Agent.

SUSE Observability Agent installation

The installation of the SUSE Observability Agent is done through Helm. By default the Helm Chart is configured to pull the SUSE Observability Agent container images from the Quay.io docker registry. If your network configuration disallows egress traffic to the internet, you have a number of options to install the SUSE Observability Agent:

  1. Configure your network to allow egress traffic to the Quay.io container registry from your Kubernetes cluster.

  2. Proxy the Quay.io container registry through your own container registry.

  3. Pull the Docker images into your own container registry.

For option 2 and 3, you need to configure the Helm Chart to pull the SUSE Observability Agent container images from your own container registry. A guide to configure the SUSE Observability Agent Helm Chart to pull images from your own container registry can be found .

SUSE Observability Agent communication

The SUSE Observability Agent communicates with the SUSE Observability Receiver API over HTTPS. The different parts of the SUSE Observability Agent connect to the SUSE Observability Receiver API, hosted in your tenant in, see the following diagram:

All communication is done over HTTPS, using the standard HTTPS port 443. The SUSE Observability Agent uses the following endpoints to communicate with the SUSE Observability Receiver API:

  • https://<tenant>.app.stackstate.io/receiver/stsAgent - the SUSE Observability Agent sends metrics, events and topology data to the SUSE Observability Receiver API.

In order to allow the SUSE Observability Agent to communicate with the SUSE Observability Receiver API, you need to configure your network to allow egress traffic to the SUSE Observability Receiver API. The SUSE Observability Receiver API is hosted in the cloud and has an specific IP specific for your tenant. You need to allow egress traffic to the internet. In order to obtain the correct IP addresses to allow egress traffic to, you can use the following command:

$ dig +short <tenant>.app.stackstate.io

Alternatively, you can visit the following URL in your browser: https://www.nslookup.io/domains/<tenant>.app.stackstate.io/dns-records/

🕵️
here
SUSE Observability Agent communication