--- apiVersion: v1 kind: Namespace metadata: name: adx-mon --- apiVersion: v1 kind: ServiceAccount metadata: name: ingestor namespace: adx-mon --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: adx-mon:ingestor rules: - apiGroups: - "" resources: - namespaces - pods verbs: - get - list - watch - update - apiGroups: - adx-mon.azure.com resources: - functions - managementcommands - summaryrules verbs: - get - list - update - patch - apiGroups: - adx-mon.azure.com resources: - functions/status verbs: - update - patch - apiGroups: - adx-mon.azure.com resources: - functions/finalizers - managementcommands/finalizers - summaryrules/finalizers verbs: - get - update - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: adx-mon:ingestor roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: adx-mon:ingestor subjects: - kind: ServiceAccount name: ingestor namespace: adx-mon --- apiVersion: v1 kind: Service metadata: name: ingestor namespace: adx-mon spec: type: ClusterIP selector: app: ingestor ports: # By default and for convenience, the `targetPort` is set to the same value as the `port` field. - port: 443 targetPort: 9090 # Optional field # By default and for convenience, the Kubernetes control plane will allocate a port from a range (default: 30000-32767) #nodePort: 30007 --- apiVersion: apps/v1 kind: StatefulSet metadata: name: ingestor namespace: adx-mon spec: serviceName: "adx-mon" replicas: 1 updateStrategy: type: RollingUpdate selector: matchLabels: app: ingestor template: metadata: labels: app: ingestor annotations: adx-mon/scrape: "true" adx-mon/port: "9091" adx-mon/path: "/metrics" adx-mon/log-destination: "Logs:Ingestor" adx-mon/log-parsers: json spec: serviceAccountName: ingestor containers: - name: ingestor image: ghcr.io/azure/adx-mon/ingestor:latest ports: - containerPort: 9090 name: ingestor - containerPort: 9091 name: metrics env: - name: LOG_LEVEL value: INFO - name: "GODEBUG" value: "http2client=0" - name: "AZURE_RESOURCE" value: "$ADX_URL" - name: "AZURE_CLIENT_ID" value: "$CLIENT_ID" command: - /ingestor args: - "--storage-dir=/mnt/data" - "--max-segment-age=5s" - "--max-disk-usage=21474836480" - "--max-transfer-size=10485760" - "--max-connections=1000" - "--insecure-skip-verify" - "--metrics-kusto-endpoints=Metrics=$ADX_URL" - "--logs-kusto-endpoints=Logs=$ADX_URL" volumeMounts: - name: metrics mountPath: /mnt/data - mountPath: /etc/pki/ca-trust/extracted name: etc-pki-ca-certs readOnly: true - mountPath: /etc/ssl/certs name: ca-certs readOnly: true readinessProbe: httpGet: path: /readyz port: 9090 scheme: HTTPS initialDelaySeconds: 10 periodSeconds: 5 affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - ingestor topologyKey: kubernetes.io/hostname nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: agentpool operator: In values: - aks-system volumes: - name: ca-certs hostPath: path: /etc/ssl/certs type: Directory - name: etc-pki-ca-certs hostPath: path: /etc/pki/ca-trust/extracted type: DirectoryOrCreate - name: metrics hostPath: path: /mnt/ingestor tolerations: - key: CriticalAddonsOnly operator: Exists - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 --- --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.1 name: functions.adx-mon.azure.com spec: group: adx-mon.azure.com names: kind: Function listKind: FunctionList plural: functions singular: function scope: Namespaced versions: - name: v1 schema: openAPIV3Schema: description: Function defines a KQL function to be maintained in the Kusto cluster properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: FunctionSpec defines the desired state of Function properties: body: description: Body is the KQL body of the function type: string database: description: Database is the name of the database in which the function will be created type: string required: - body - database type: object status: description: FunctionStatus defines the observed state of Function properties: error: description: Error is a string that communicates any error message if one exists type: string lastTimeReconciled: description: LastTimeReconciled is the last time the Function was reconciled format: date-time type: string message: description: Message is a human-readable message indicating details about the Function type: string status: description: Status is an enum that represents the status of the Function type: string required: - lastTimeReconciled - status type: object type: object served: true storage: true subresources: status: {}