{{- $arcExtensionSettings := include "arc-extension-settings" . | fromYaml }} apiVersion: apps/v1 kind: DaemonSet metadata: name: ama-metrics-node namespace: kube-system labels: component: ama-metrics spec: selector: matchLabels: dsName: ama-metrics-node updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 50% template: metadata: labels: dsName: ama-metrics-node kubernetes.azure.com/managedby: aks annotations: agentVersion: "0.0.0.1" schema-versions: "v1" spec: priorityClassName: system-node-critical serviceAccountName: ama-metrics-serviceaccount containers: - name: prometheus-collector image: "{{ .Values.AzureMonitorMetrics.ImageRegistry }}{{ .Values.AzureMonitorMetrics.ImageRepository }}:{{ .Values.AzureMonitorMetrics.ImageTag }}" # image: "mcr.microsoft.com/azuremonitor/containerinsights/cidev/prometheus-collector/images:6.8.11-rashmi-upgrades-04-24-05-13-2024-9cabda9d" imagePullPolicy: IfNotPresent resources: limits: cpu: {{ .Values.AzureMonitorMetrics.DsCPULimitLinux }} memory: {{ .Values.AzureMonitorMetrics.DsMemoryLimitLinux }} requests: cpu: {{ .Values.AzureMonitorMetrics.DsCPURequestLinux }} memory: {{ .Values.AzureMonitorMetrics.DsMemoryRequestLinux }} {{- if $arcExtensionSettings.isProxyEnabled }} envFrom: - secretRef: name: ama-metrics-proxy-config {{- end }} env: - name: CLUSTER {{- if $arcExtensionSettings.isArcExtension }} value: "{{ $arcExtensionSettings.resourceId }}" {{- else }} value: "{{ .Values.global.commonGlobals.Customer.AzureResourceID }}" {{- end }} - name: AKSREGION {{- if $arcExtensionSettings.isArcExtension }} value: "{{ $arcExtensionSettings.region }}" {{- else }} value: "{{ .Values.global.commonGlobals.Region }}" {{- end }} - name: MAC value: "true" - name: AZMON_COLLECT_ENV value: "false" - name: customEnvironment {{- if .Values.AzureMonitorMetrics.isArcACluster }} value: "arcautonomous" {{- else if $arcExtensionSettings.isArcExtension }} value: "{{ $arcExtensionSettings.cloudEnvironment }}" {{- else }} value: "{{ lower .Values.global.commonGlobals.CloudEnvironment }}" {{- end }} - name: OMS_TLD value: "opinsights.azure.com" {{- if eq .Values.AzureMonitorMetrics.isArcACluster true }} - name: customRegionalEndpoint value: {{ required "customRegionalEndpoint is required in Arc Autonomous" .Values.AzureMonitorMetrics.arcAutonomousSettings.customRegionalEndpoint | toString | trim | quote }} - name: customGlobalEndpoint value: {{ required "customGlobalEndpoint is required in Arc Autonomous" .Values.AzureMonitorMetrics.arcAutonomousSettings.customGlobalEndpoint | toString | trim | quote }} - name: customResourceEndpoint value: {{ required "customResourceEndpoint is required in Arc Autonomous" .Values.AzureMonitorMetrics.arcAutonomousSettings.customResourceEndpoint | toString | trim | quote }} {{- end }} - name: CONTROLLER_TYPE value: "DaemonSet" - name: NODE_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONTAINER_CPU_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.cpu divisor: 1m - name: CONTAINER_MEMORY_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.memory divisor: 1Mi - name: KUBE_STATE_NAME value: ama-metrics-ksm - name: NODE_EXPORTER_NAME value: "" # Replace this with the node exporter shipped out of box with AKS - name: NODE_EXPORTER_TARGETPORT {{- if $arcExtensionSettings.isArcExtension }} value: "{{ $arcExtensionSettings.nodeExporterTargetPort }}" {{- else }} value: "19100" {{- end }} {{- if .Values.AzureMonitorMetrics }} {{- if .Values.AzureMonitorMetrics.KubeStateMetrics }} - name: KUBE_STATE_VERSION value: "{{ .Values.AzureMonitorMetrics.KubeStateMetrics.ImageRegistry }}{{ .Values.AzureMonitorMetrics.KubeStateMetrics.ImageRepository }}:{{ .Values.AzureMonitorMetrics.KubeStateMetrics.ImageTag }}" {{- end }} {{- end }} - name: NODE_EXPORTER_VERSION value: {{ $arcExtensionSettings.nodeExporterVersion }} - name: AGENT_VERSION value: {{ .Values.AzureMonitorMetrics.ImageTag }} - name: MODE value: "advanced" # only supported mode is 'advanced', any other value will be the default/non-advance mode - name: WINMODE value: "advanced" # WINDOWS: only supported mode is 'advanced', any other value will be the default/non-advance mode - name: MINIMAL_INGESTION_PROFILE value: "true" # only supported value is the string "true" - name: APPMONITORING_AUTOINSTRUMENTATION_ENABLED value: "{{ .Values.AzureMonitorMetrics.IsAppMonitoringAutoInstrumentationEnabled }}" - name: APPMONITORING_OPENTELEMETRYMETRICS_ENABLED value: "{{ .Values.AzureMonitorMetrics.IsAppMonitoringOpenTelemetryMetricsEnabled }}" - name: APPMONITORING_OPENTELEMETRYMETRICS_PORT value: "{{ .Values.AzureMonitorMetrics.OpenTelemetryMetricsPort }}" securityContext: privileged: false capabilities: drop: - ALL add: - DAC_OVERRIDE volumeMounts: - mountPath: /etc/config/settings name: settings-vol-config readOnly: true - mountPath: /etc/prometheus/certs name: ama-metrics-tls-secret-volume readOnly: true - mountPath: /etc/config/settings/prometheus name: prometheus-config-vol readOnly: true - name: host-log-containers readOnly: true mountPath: /var/log/containers - name: host-log-pods readOnly: true mountPath: /var/log/pods {{- if $arcExtensionSettings.mountMarinerCerts }} - mountPath: /anchors/mariner name: anchors-mariner readOnly: true {{- end }} {{- if $arcExtensionSettings.mountUbuntuCerts }} - mountPath: /anchors/ubuntu name: anchors-ubuntu readOnly: true {{- end }} {{- if $arcExtensionSettings.isArcExtension }} - mountPath: /anchors/proxy name: ama-metrics-proxy-cert readOnly: true {{- end }} livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 60 periodSeconds: 15 timeoutSeconds: 5 failureThreshold: 3 {{- if $arcExtensionSettings.isArcExtension }} - name: arc-msi-adapter imagePullPolicy: IfNotPresent env: - name: TOKEN_NAMESPACE value: "azure-arc" - name: LIVENESS_PROBE_PORT value: "9999" {{- .Values.Azure.Identity.MSIAdapterYaml | nindent 10 }} {{- else }} - name: addon-token-adapter command: - /addon-token-adapter args: - --secret-namespace=kube-system - --secret-name=aad-msi-auth-token - --token-server-listening-port=7777 - --health-server-listening-port=9999 image: "{{ .Values.AzureMonitorMetrics.AddonTokenAdapter.ImageRegistry }}{{ .Values.AzureMonitorMetrics.AddonTokenAdapter.ImageRepository }}:{{ .Values.AzureMonitorMetrics.AddonTokenAdapter.ImageTag }}" imagePullPolicy: IfNotPresent env: - name: AZMON_COLLECT_ENV value: "false" livenessProbe: httpGet: path: /healthz port: 9999 initialDelaySeconds: 10 periodSeconds: 60 resources: limits: cpu: 500m memory: 500Mi requests: cpu: 20m memory: 30Mi securityContext: capabilities: drop: - ALL add: - NET_ADMIN - NET_RAW {{- end }} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux - key: type operator: NotIn values: - virtual-kubelet {{- if not $arcExtensionSettings.isArcExtension }} - key: kubernetes.azure.com/cluster operator: Exists {{- end }} tolerations: - key: CriticalAddonsOnly operator: Exists {{- if eq (default .Values.tolerationsOnlyForControlPlane false) false }} - operator: "Exists" effect: "NoSchedule" - operator: "Exists" effect: "NoExecute" - operator: "Exists" effect: "PreferNoSchedule" {{- end }} - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule" - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoExecute" - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "PreferNoSchedule" - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoExecute" - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "PreferNoSchedule" volumes: - name: settings-vol-config configMap: name: ama-metrics-settings-configmap optional: true - name: ama-metrics-tls-secret-volume secret: secretName: ama-metrics-mtls-secret optional: true - name: prometheus-config-vol configMap: name: ama-metrics-prometheus-config-node optional: true - name: host-log-containers hostPath: path: /var/log/containers - name: host-log-pods hostPath: path: /var/log/pods {{- if $arcExtensionSettings.mountMarinerCerts }} - name: anchors-mariner hostPath: path: /etc/pki/ca-trust/source/anchors/ type: DirectoryOrCreate {{- end }} {{- if $arcExtensionSettings.mountUbuntuCerts }} - name: anchors-ubuntu hostPath: path: /usr/local/share/ca-certificates/ type: DirectoryOrCreate {{- end }} {{- if $arcExtensionSettings.isArcExtension }} - name: ama-metrics-proxy-cert secret: secretName: ama-metrics-proxy-cert optional: true {{- end }} {{- if not $arcExtensionSettings.isArcExtension }} --- apiVersion: apps/v1 kind: DaemonSet metadata: name: ama-metrics-win-node namespace: kube-system labels: component: ama-metrics spec: selector: matchLabels: dsName: ama-metrics-win-node updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 50% template: metadata: labels: dsName: ama-metrics-win-node kubernetes.azure.com/managedby: aks annotations: agentVersion: "0.0.0.1" schema-versions: "v1" spec: priorityClassName: system-node-critical serviceAccountName: ama-metrics-serviceaccount containers: - name: prometheus-collector image: "{{ .Values.AzureMonitorMetrics.ImageRegistry }}{{ .Values.AzureMonitorMetrics.ImageRepository }}:{{ .Values.AzureMonitorMetrics.ImageTagWin }}" imagePullPolicy: IfNotPresent resources: limits: cpu: {{ .Values.AzureMonitorMetrics.DsCPULimitWindows }} memory: {{ .Values.AzureMonitorMetrics.DsMemoryLimitWindows }} env: - name: CLUSTER value: "{{ .Values.global.commonGlobals.Customer.AzureResourceID }}" - name: AKSREGION value: "{{ .Values.global.commonGlobals.Region }}" - name: MAC value: "true" - name: AZMON_COLLECT_ENV value: "false" - name: customEnvironment value: "{{ .Values.global.commonGlobals.CloudEnvironment }}" - name: OMS_TLD value: "opinsights.azure.com" - name: CONTROLLER_TYPE value: "DaemonSet" - name: NODE_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONTAINER_CPU_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.cpu divisor: 1m - name: CONTAINER_MEMORY_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.memory divisor: 1Mi - name: KUBE_STATE_NAME value: ama-metrics-ksm - name: NODE_EXPORTER_NAME value: "" # Replace this with the node exporter shipped out of box with AKS - name: NODE_EXPORTER_TARGETPORT value: "19100" {{- if .Values.AzureMonitorMetrics }} {{- if .Values.AzureMonitorMetrics.KubeStateMetrics }} - name: KUBE_STATE_VERSION value: "{{ .Values.AzureMonitorMetrics.KubeStateMetrics.ImageRegistry }}{{ .Values.AzureMonitorMetrics.KubeStateMetrics.ImageRepository }}:{{ .Values.AzureMonitorMetrics.KubeStateMetrics.ImageTagWin }}" {{- end }} {{- end }} - name: NODE_EXPORTER_VERSION value: "v1.6.0" # Replace this with the version shipped by default - name: AGENT_VERSION value: {{ .Values.AzureMonitorMetrics.ImageTag }} - name: MODE value: "advanced" # only supported mode is 'advanced', any other value will be the default/non-advance mode - name: WINMODE value: "advanced" # WINDOWS: only supported mode is 'advanced', any other value will be the default/non-advance mode - name: MINIMAL_INGESTION_PROFILE value: "true" # only supported value is the string "true" - name: APPMONITORING_AUTOINSTRUMENTATION_ENABLED value: "{{ .Values.AzureMonitorMetrics.IsAppMonitoringAutoInstrumentationEnabled }}" - name: APPMONITORING_OPENTELEMETRYMETRICS_ENABLED value: "{{ .Values.AzureMonitorMetrics.IsAppMonitoringOpenTelemetryMetricsEnabled }}" - name: APPMONITORING_OPENTELEMETRYMETRICS_PORT value: "{{ .Values.AzureMonitorMetrics.OpenTelemetryMetricsPort }}" securityContext: privileged: false capabilities: drop: - ALL add: - DAC_OVERRIDE volumeMounts: - mountPath: /etc/config/settings name: settings-vol-config readOnly: true - mountPath: /etc/config/settings/prometheus name: prometheus-config-vol readOnly: true - mountPath: /etc/prometheus/certs name: ama-metrics-tls-secret-volume readOnly: true - name: host-log-containers readOnly: true mountPath: /var/log/containers - name: host-log-pods readOnly: true mountPath: /var/log/pods livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 300 periodSeconds: 60 timeoutSeconds: 60 failureThreshold: 3 - name: addon-token-adapter-win command: - addon-token-adapter-win args: - --secret-namespace=kube-system - --secret-name=aad-msi-auth-token - --token-server-listening-port=7777 - --health-server-listening-port=9999 image: "{{ .Values.AzureMonitorMetrics.AddonTokenAdapter.ImageRegistry }}{{ .Values.AzureMonitorMetrics.AddonTokenAdapter.ImageRepositoryWin }}:{{ .Values.AzureMonitorMetrics.AddonTokenAdapter.ImageTagWin }}" imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /healthz port: 9999 initialDelaySeconds: 10 periodSeconds: 60 resources: limits: memory: 500Mi requests: cpu: 100m memory: 100Mi securityContext: capabilities: drop: - ALL add: - NET_ADMIN affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - labelSelector: matchExpressions: - key: kubernetes.io/os operator: In values: - windows - key: type operator: NotIn values: - virtual-kubelet tolerations: - key: CriticalAddonsOnly operator: Exists - operator: "Exists" effect: NoExecute - operator: "Exists" effect: NoSchedule volumes: - name: settings-vol-config configMap: name: ama-metrics-settings-configmap optional: true - name: prometheus-config-vol configMap: name: ama-metrics-prometheus-config-node-windows optional: true - name: host-log-containers hostPath: path: /var/log/containers - name: host-log-pods hostPath: path: /var/log/pods - name: ama-metrics-tls-secret-volume secret: secretName: ama-metrics-mtls-secret optional: true {{- end }}