From 2fbde8be9b68427d476122a6560fbdce283ff89e Mon Sep 17 00:00:00 2001 From: ganga1980 Date: Mon, 15 Jun 2020 17:05:57 -0700 Subject: [PATCH] [incubator/azuremonitor-containers] updates related to agent ciprod05262020 and win-ciprod05262020-2 release (#22718) * chart updates for may release Signed-off-by: Ganga Mahesh Siddem * update to use affinity to consistent with aks yaml Signed-off-by: Ganga Mahesh Siddem * fix issue with - Signed-off-by: Ganga Mahesh Siddem * expose parameter to set custommount path for container log Signed-off-by: Ganga Mahesh Siddem * fix pr feedback Signed-off-by: Ganga Mahesh Siddem * update to use mcr image for china cloud Signed-off-by: Ganga Mahesh Siddem * minor text updates Signed-off-by: Ganga Mahesh Siddem * fix lineendings in files Signed-off-by: Ganga Mahesh Siddem * fix new line issue Signed-off-by: Ganga Mahesh Siddem --- incubator/azuremonitor-containers/Chart.yaml | 6 +- incubator/azuremonitor-containers/README.md | 75 ++++++++++++--- .../templates/omsagent-crd.yaml | 2 +- .../templates/omsagent-daemonset-windows.yaml | 93 +++++++++++++++++++ .../templates/omsagent-daemonset.yaml | 17 +++- .../templates/omsagent-deployment.yaml | 17 +++- .../templates/omsagent-rbac.yaml | 1 - .../templates/omsagent-rs-configmap.yaml | 4 +- .../templates/omsagent-secret.yaml | 3 + incubator/azuremonitor-containers/values.yaml | 29 +++++- 10 files changed, 214 insertions(+), 33 deletions(-) create mode 100644 incubator/azuremonitor-containers/templates/omsagent-daemonset-windows.yaml diff --git a/incubator/azuremonitor-containers/Chart.yaml b/incubator/azuremonitor-containers/Chart.yaml index 991133f451bc..4be3050cb092 100644 --- a/incubator/azuremonitor-containers/Chart.yaml +++ b/incubator/azuremonitor-containers/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 7.0.0-1 description: Helm chart for deploying Azure Monitor container monitoring agent in Kubernetes name: azuremonitor-containers -version: 2.7.0 +version: 2.7.1 kubeVersion: "^1.10.0-0" keywords: - monitoring @@ -30,7 +30,9 @@ keywords: home: https://docs.microsoft.com/en-us/azure/monitoring/monitoring-container-health icon: https://raw.githubusercontent.com/Microsoft/OMS-docker/ci_feature/img/azuremonitor-containers.svg sources: - - https://github.com/Microsoft/OMS-docker/tree/ci_feature_prod + - https://github.com/microsoft/Docker-Provider/tree/ci_prod maintainers: - name: vishiy email: visnara@microsoft.com + - name: ganga1980 + email: gangams@microsoft.com diff --git a/incubator/azuremonitor-containers/README.md b/incubator/azuremonitor-containers/README.md index e0b912113e52..f7cfabf46b4b 100644 --- a/incubator/azuremonitor-containers/README.md +++ b/incubator/azuremonitor-containers/README.md @@ -30,11 +30,14 @@ Monitoring your Kubernetes cluster and containers is critical, especially when r ## Installing the Chart > Note: `--name` flag not required in Helm3 since this flag is deprecated + +> Note: use `omsagent.proxy` parameter to set the proxy endpoint if your K8s cluster configured behind the proxy. Refer to [configure proxy](#Configuring-Proxy-Endpoint) for more details about proxy. + ### To Use Azure Log Analytics Workspace in Public Cloud ```bash $ helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/ -$ helm install --name myrelease-1 \ +$ helm install --name azmon-containers-release-1 \ --set omsagent.secret.wsid=,omsagent.secret.key=,omsagent.env.clusterName= incubator/azuremonitor-containers ``` @@ -42,7 +45,7 @@ $ helm install --name myrelease-1 \ ```bash $ helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/ -$ helm install --name myrelease-1 \ +$ helm install --name azmon-containers-release-1 \ --set omsagent.domain=opinsights.azure.cn,omsagent.secret.wsid=,omsagent.secret.key=,omsagent.env.clusterName= incubator/azuremonitor-containers ``` @@ -50,7 +53,7 @@ $ helm install --name myrelease-1 \ ```bash $ helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/ -$ helm install --name myrelease-1 \ +$ helm install --name azmon-containers-release-1 \ --set omsagent.domain=opinsights.azure.us,omsagent.secret.wsid=,omsagent.secret.key=,omsagent.env.clusterName= incubator/azuremonitor-containers ``` @@ -61,11 +64,11 @@ But, if the previous version of chart installed with the Helm3 or release migra ## Uninstalling the Chart -To uninstall/delete the `myrelease-1` release: +To uninstall/delete the `azmon-containers-release-1` release: > Note: `--purge` flag not required in Helm3 since this flag deprecated ```bash -$ helm del --purge myrelease-1 +$ helm del --purge azmon-containers-release-1 ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -76,15 +79,20 @@ The following table lists the configurable parameters of the MSOMS chart and the The following table lists the configurable parameters of the MSOMS chart and their default values. -| Parameter | Description | Default | -| ----------------------- | --------------------------------------------------------| -------------------------------------------------------------------------------- | -| `omsagent.image.tag` | `msoms` image tag. | Most recent release | -| `omsagent.image.pullPolicy`| `msoms` image pull policy. | IfNotPresent | -| `omsagent.secret.wsid` | Azure Log analytics workspace id | Does not have a default value, needs to be provided | -| `omsagent.secret.key` | Azure Log analytics workspace key | Does not have a default value, needs to be provided | -| `omsagent.domain` | Azure Log analytics cloud domain (public,china, us govt)| opinsights.azure.com (Public cloud as default), opinsights.azure.cn (China Cloud), opinsights.azure.us (US Govt Cloud) | -| `omsagent.env.clusterName` | Name of your cluster | Does not have a default value, needs to be provided | -| `omsagent.rbac` | rbac enabled/disabled | true (i.e enabled) | +| Parameter | Description | Default | +| ----------------------- | --------------------------------------------------------| --------------------------------------------------------------------------------------------------------------------------- | +| `omsagent.image.tag` | image tag for Linux Agent. | Most recent release | +| `omsagent.image.tagWindows` | image tag for Windows Agent. | Most recent release | +| `omsagent.image.imagerepo` | image repo for Liunx & Windows. | For Public and US Govt cloud: mcr.microsoft.com/azuremonitor/containerinsights/ciprod and For China Cloud: mcr.azk8s.cn/azuremonitor/containerinsights/ciprod +| `omsagent.image.pullPolicy` | image pull policy for the agent. | IfNotPresent | +| `omsagent.secret.wsid` | Azure Log analytics workspace id | Does not have a default value, needs to be provided | +| `omsagent.secret.key` | Azure Log analytics workspace key | Does not have a default value, needs to be provided | +| `omsagent.domain` | Azure Log analytics cloud domain (public,china, us govt)| opinsights.azure.com (Public cloud as default), opinsights.azure.cn (China Cloud), opinsights.azure.us (US Govt Cloud) | +| `omsagent.env.clusterName` | Name of your cluster | Does not have a default value, needs to be provided | +| `omsagent.rbac` | rbac enabled/disabled | true (i.e.enabled) | +| `omsagent.proxy` | Proxy endpoint | Doesnt have default value. Refer to [configure proxy](#Configuring-Proxy-Endpoint) | + +> Note: For Azure Manage K8s clusters such as Azure Arc K8s and ARO v4, `omsagent.env.clusterId` with fully qualified azure resource id of the cluster should be used instead of `omsagent.env.clusterName` ### Note @@ -127,3 +135,42 @@ Starting with chart version 2.0.0, chart will create a CRD (healthstates.azmon.c ## Container Runtime(s) Starting with chart version 2.7.0, chart will support Container Runtime Interface(CRI) compatiable runtimes such as CRI-O and ContainerD etc. in addition to Docker/Moby. + +## Configuring Proxy Endpoint + +Starting with chart version 2.7.1, chart will support specifying the Proxy endpoint via `omsagent.proxy` chart parameter so that all remote outbound traffic will be routed via configured proxy endpoint. + +Communication between the Azure Monitor for containers agent and Azure Monitor backend can use an HTTP or HTTPS proxy server. + +Both anonymous and basic authentication (username/password) proxies are supported. + +The proxy configuration value has the following syntax: +[protocol://][user:password@]proxyhost[:port] + +Property|Description +-|- +Protocol|http or https +user|username for proxy authentication +password|password for proxy authentication +proxyhost|Address or FQDN of the proxy server +port|port number for the proxy server + +For example: +`omsagent.proxy=http://user01:password@proxy01.contoso.com:8080` + +> Note: Although you do not have any user/password set for the proxy, you will still need to add a psuedo user/password. This can be any username or password. + +The Azure Monitor for containers agent only creates secure connection over http. +Even if you specify the protocol as http, please note that http requests are created using SSL/TLS secure connection so the proxy must support SSL/TLS. + +## Support for Windows Container Logs + +Starting with chart version 2.7.1, chart deploys the daemonset on windows nodes which collects std{out;err} logs of the containers running on windows nodes. + +## Ux + +Once the Azure Monitor for containers chart successfully onboarded, you should be able to view insights of your cluster [Azure Portal](http://aka.ms/azmon-containers) + +# Contact + +If you have any questions or feedback regarding the container monitoring addon, please reach us out through [this](askcoin@microsoft.com) email. \ No newline at end of file diff --git a/incubator/azuremonitor-containers/templates/omsagent-crd.yaml b/incubator/azuremonitor-containers/templates/omsagent-crd.yaml index 9b7cba38512c..f4a028bd376c 100644 --- a/incubator/azuremonitor-containers/templates/omsagent-crd.yaml +++ b/incubator/azuremonitor-containers/templates/omsagent-crd.yaml @@ -9,4 +9,4 @@ spec: scope: Namespaced names: plural: healthstates - kind: HealthState \ No newline at end of file + kind: HealthState diff --git a/incubator/azuremonitor-containers/templates/omsagent-daemonset-windows.yaml b/incubator/azuremonitor-containers/templates/omsagent-daemonset-windows.yaml new file mode 100644 index 000000000000..56755963e15c --- /dev/null +++ b/incubator/azuremonitor-containers/templates/omsagent-daemonset-windows.yaml @@ -0,0 +1,93 @@ +{{- if and (ne .Values.omsagent.secret.key "") (ne .Values.omsagent.secret.wsid "") (or (ne .Values.omsagent.env.clusterName "") (ne .Values.omsagent.env.clusterId ""))}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: omsagent-win + namespace: kube-system + labels: + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: oms-agent + tier: node +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + dsName: "omsagent-ds" + template: + metadata: + labels: + dsName: "omsagent-ds" + annotations: + agentVersion: {{ .Values.omsagent.image.tagWindows }} + dockerProviderVersion: {{ .Values.omsagent.image.dockerProviderVersion }} + schema-versions: "v1" + spec: + {{- if .Values.omsagent.rbac }} + serviceAccountName: omsagent + {{- end }} + containers: + - name: omsagent-win + {{- if eq (.Values.omsagent.domain | lower) "opinsights.azure.cn" }} + image: "mcr.azk8s.cn/azuremonitor/containerinsights/ciprod:{{ .Values.omsagent.image.tagWindows }}" + {{- else }} + image: {{ printf "%s:%s" .Values.omsagent.image.repo .Values.omsagent.image.tagWindows }} + {{- end }} + imagePullPolicy: IfNotPresent + resources: +{{ toYaml .Values.omsagent.resources.daemonset | indent 9 }} + env: + {{- if ne .Values.omsagent.env.clusterId "" }} + - name: AKS_RESOURCE_ID + value: {{ .Values.omsagent.env.clusterId | quote }} + {{- if ne .Values.omsagent.env.clusterRegion "" }} + - name: AKS_REGION + value: {{ .Values.omsagent.env.clusterRegion | quote }} + {{- end }} + {{- else }} + - name: ACS_RESOURCE_NAME + value: {{ .Values.omsagent.env.clusterName | quote }} + {{- end }} + - name: CONTROLLER_TYPE + value: "DaemonSet" + - name: HOSTNAME + volumeMounts: + - mountPath: C:\ProgramData\docker\containers + name: docker-windows-containers + readOnly: true + - mountPath: C:\var #Read + Write access on this for position file + name: docker-windows-kuberenetes-container-logs + - mountPath: C:\etc\config\settings + name: settings-vol-config + readOnly: true + - mountPath: C:\etc\omsagent-secret + name: omsagent-secret + readOnly: true + livenessProbe: + exec: + command: + - cmd + - /c + - C:\opt\omsagentwindows\scripts\cmd\livenessProbe.cmd + periodSeconds: 60 + initialDelaySeconds: 180 + {{- with .Values.omsagent.daemonsetwindows.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: docker-windows-kuberenetes-container-logs + hostPath: + path: C:\var + - name: docker-windows-containers + hostPath: + path: C:\ProgramData\docker\containers + - name: settings-vol-config + configMap: + name: container-azm-ms-agentconfig + optional: true + - name: omsagent-secret + secret: + secretName: omsagent-secret +{{- end }} diff --git a/incubator/azuremonitor-containers/templates/omsagent-daemonset.yaml b/incubator/azuremonitor-containers/templates/omsagent-daemonset.yaml index 9b916ed7f045..e3f034f00a06 100644 --- a/incubator/azuremonitor-containers/templates/omsagent-daemonset.yaml +++ b/incubator/azuremonitor-containers/templates/omsagent-daemonset.yaml @@ -31,9 +31,9 @@ spec: containers: - name: omsagent {{- if eq (.Values.omsagent.domain | lower) "opinsights.azure.cn" }} - image: "dockerhub.azk8s.cn/microsoft/oms:{{ .Values.omsagent.image.tag }}" + image: "mcr.azk8s.cn/azuremonitor/containerinsights/ciprod:{{ .Values.omsagent.image.tag }}" {{- else }} - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:{{ .Values.omsagent.image.tag }}" + image: {{ printf "%s:%s" .Values.omsagent.image.repo .Values.omsagent.image.tag }} {{- end }} imagePullPolicy: IfNotPresent resources: @@ -95,6 +95,10 @@ spec: - mountPath: /etc/config/settings name: settings-vol-config readOnly: true + {{- if .Values.omsagent.logsettings.custommountpath }} + - mountPath: {{ .Values.omsagent.logsettings.custommountpath }} + name: custom-mount-path + {{- end }} livenessProbe: exec: command: @@ -103,8 +107,6 @@ spec: - "/opt/livenessprobe.sh" initialDelaySeconds: 60 periodSeconds: 60 - nodeSelector: - beta.kubernetes.io/os: linux {{- with .Values.omsagent.daemonset.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} @@ -137,4 +139,9 @@ spec: configMap: name: container-azm-ms-agentconfig optional: true -{{- end }} \ No newline at end of file + {{- if .Values.omsagent.logsettings.custommountpath }} + - name: custom-mount-path + hostPath: + path: {{ .Values.omsagent.logsettings.custommountpath }} + {{- end }} +{{- end }} diff --git a/incubator/azuremonitor-containers/templates/omsagent-deployment.yaml b/incubator/azuremonitor-containers/templates/omsagent-deployment.yaml index cd1a28b7ec42..86ca7e9d3300 100644 --- a/incubator/azuremonitor-containers/templates/omsagent-deployment.yaml +++ b/incubator/azuremonitor-containers/templates/omsagent-deployment.yaml @@ -32,9 +32,9 @@ spec: containers: - name: omsagent {{- if eq (.Values.omsagent.domain | lower) "opinsights.azure.cn" }} - image: "dockerhub.azk8s.cn/microsoft/oms:{{ .Values.omsagent.image.tag }}" + image: "mcr.azk8s.cn/azuremonitor/containerinsights/ciprod:{{ .Values.omsagent.image.tag }}" {{- else }} - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:{{ .Values.omsagent.image.tag }}" + image: {{ printf "%s:%s" .Values.omsagent.image.repo .Values.omsagent.image.tag }} {{- end }} imagePullPolicy: IfNotPresent resources: @@ -86,6 +86,10 @@ spec: - mountPath: /etc/config/settings name: settings-vol-config readOnly: true + {{- if .Values.omsagent.logsettings.custommountpath }} + - mountPath: {{ .Values.omsagent.logsettings.custommountpath }} + name: custom-mount-path + {{- end }} livenessProbe: exec: command: @@ -94,8 +98,6 @@ spec: - "/opt/livenessprobe.sh" initialDelaySeconds: 60 periodSeconds: 60 - nodeSelector: - beta.kubernetes.io/os: linux {{- with .Values.omsagent.deployment.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} @@ -128,4 +130,9 @@ spec: configMap: name: container-azm-ms-agentconfig optional: true -{{- end }} \ No newline at end of file + {{- if .Values.omsagent.logsettings.custommountpath }} + - name: custom-mount-path + hostPath: + path: {{ .Values.omsagent.logsettings.custommountpath }} + {{- end }} +{{- end }} diff --git a/incubator/azuremonitor-containers/templates/omsagent-rbac.yaml b/incubator/azuremonitor-containers/templates/omsagent-rbac.yaml index 83e41908779c..bd095c294195 100644 --- a/incubator/azuremonitor-containers/templates/omsagent-rbac.yaml +++ b/incubator/azuremonitor-containers/templates/omsagent-rbac.yaml @@ -47,4 +47,3 @@ roleRef: name: omsagent-reader apiGroup: rbac.authorization.k8s.io {{- end }} - diff --git a/incubator/azuremonitor-containers/templates/omsagent-rs-configmap.yaml b/incubator/azuremonitor-containers/templates/omsagent-rs-configmap.yaml index e3f8ce848e2b..9dda85441b89 100644 --- a/incubator/azuremonitor-containers/templates/omsagent-rs-configmap.yaml +++ b/incubator/azuremonitor-containers/templates/omsagent-rs-configmap.yaml @@ -53,7 +53,7 @@ data: log_level debug - + type filter_inventory2mdm custom_metrics_azure_regions eastus,southcentralus,westcentralus,westus2,southeastasia,northeurope,westeurope,southafricanorth,centralus,northcentralus,eastus2,koreacentral,eastasia,centralindia,uksouth,canadacentral,francecentral,japaneast,australiaeast log_level info @@ -244,4 +244,4 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/incubator/azuremonitor-containers/templates/omsagent-secret.yaml b/incubator/azuremonitor-containers/templates/omsagent-secret.yaml index 5923fb77769e..c6d992b827aa 100644 --- a/incubator/azuremonitor-containers/templates/omsagent-secret.yaml +++ b/incubator/azuremonitor-containers/templates/omsagent-secret.yaml @@ -13,4 +13,7 @@ data: WSID: {{ required "A valid workspace id is required!" .Values.omsagent.secret.wsid | b64enc | quote }} KEY: {{ required "A valid workspace key is required!" .Values.omsagent.secret.key | b64enc | quote }} DOMAIN: {{ .Values.omsagent.domain | b64enc | quote }} + {{- if ne .Values.omsagent.proxy "" }} + PROXY: {{ .Values.omsagent.proxy | b64enc | quote }} + {{- end }} {{- end }} diff --git a/incubator/azuremonitor-containers/values.yaml b/incubator/azuremonitor-containers/values.yaml index 178f13c38b67..d243e8c7fd96 100644 --- a/incubator/azuremonitor-containers/values.yaml +++ b/incubator/azuremonitor-containers/values.yaml @@ -6,9 +6,11 @@ ## ref: https://github.com/Microsoft/OMS-docker/tree/ci_feature_prod omsagent: image: - tag: "ciprod04162020" + repo: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod" + tag: "ciprod05262020" + tagWindows: "win-ciprod05262020-2" pullPolicy: IfNotPresent - dockerProviderVersion: "9.0.0-1" + dockerProviderVersion: "10.0.0-1" agentVersion: "1.10.0.1" ## To get your workspace id and key do the following ## You can create a Azure Loganalytics workspace from portal.azure.com and get its ID & PRIMARY KEY from 'Advanced Settings' tab in the Ux. @@ -17,6 +19,7 @@ omsagent: wsid: key: domain: opinsights.azure.com + proxy: env: clusterName: ## Applicable for only managed clusters hosted in Azure @@ -27,6 +30,8 @@ omsagent: logflushintervalsecs: "" tailbufchunksizemegabytes: "" tailbufmaxsizemegabytes: "" + ## Applicable for only Azure Stack Edge K8s since it has custom mount path for container logs which will have symlink to /var/log path + custommountpath: "" ## Configure node tolerations for scheduling onto nodes with taints ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ @@ -49,6 +54,10 @@ omsagent: nodeSelectorTerms: - labelSelector: matchExpressions: + - key: beta.kubernetes.io/os + operator: In + values: + - linux - key: type operator: NotIn values: @@ -60,6 +69,10 @@ omsagent: nodeSelectorTerms: - labelSelector: matchExpressions: + - key: beta.kubernetes.io/os + operator: In + values: + - linux - key: type operator: NotIn values: @@ -68,7 +81,17 @@ omsagent: operator: NotIn values: - master - + daemonsetwindows: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - labelSelector: + matchExpressions: + - key: beta.kubernetes.io/os + operator: In + values: + - windows ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ##