{{- $arcExtensionSettings := include "arc-extension-settings" . | fromYaml }} apiVersion: apps/v1 kind: Deployment metadata: name: ama-metrics namespace: kube-system labels: component: ama-metrics kubernetes.azure.com/managedby: aks spec: # New TargetAllocator Enabled scenario {{- if .Values.AzureMonitorMetrics.TargetAllocatorEnabled }} {{- if $arcExtensionSettings.hpaEnabled }} # If HPA toggle is enabled, allow HPA to modify the deployment spec {{- $currentSpec := (lookup "apps/v1" "Deployment" "kube-system" "ama-metrics").spec }} {{- if $currentSpec }} # in if check replicas: {{ $currentSpec.replicas }} {{- else}} # If current spec cannot be found, set to default replicas: 2 {{- end }} {{- else }} # HPA is not enabled, set the replicas via helm adapter values replicas: {{ .Values.AzureMonitorMetrics.DeploymentReplicas }} {{- end }} {{- else }} # Legacy with no TargetAllocator Enabled replicas: 1 {{- end }} revisionHistoryLimit: 2 paused: false selector: matchLabels: rsName: ama-metrics strategy: type: RollingUpdate template: metadata: labels: rsName: ama-metrics kubernetes.azure.com/managedby: aks annotations: agentVersion: "0.0.0.1" schema-versions: "v1" cluster-autoscaler.kubernetes.io/safe-to-evict: "true" spec: priorityClassName: system-node-critical serviceAccountName: ama-metrics-serviceaccount containers: - name: prometheus-collector image: "{{ .Values.AzureMonitorMetrics.ImageRegistry }}{{ .Values.AzureMonitorMetrics.ImageRepository }}:{{ .Values.AzureMonitorMetrics.ImageTag }}" imagePullPolicy: IfNotPresent resources: limits: cpu: {{ .Values.AzureMonitorMetrics.RsCPULimit }} memory: {{ .Values.AzureMonitorMetrics.RsMemoryLimit }} requests: cpu: {{ .Values.AzureMonitorMetrics.RsCPURequest }} memory: {{ .Values.AzureMonitorMetrics.RsMemoryRequest }} {{- if $arcExtensionSettings.isProxyEnabled }} envFrom: - secretRef: name: ama-metrics-proxy-config optional: true {{- end }} env: - name: CLUSTER {{- if $arcExtensionSettings.isArcExtension }} value: "{{ $arcExtensionSettings.resourceId }}" {{- else }} value: "{{ .Values.global.commonGlobals.Customer.AzureResourceID }}" {{- end }} - name: AKSREGION {{- if $arcExtensionSettings.isArcExtension }} value: "{{ $arcExtensionSettings.region }}" {{- else }} value: "{{ .Values.global.commonGlobals.Region }}" {{- end }} - name: MAC value: "true" - name: AZMON_COLLECT_ENV value: "false" - name: AZMON_OPERATOR_ENABLED {{- if $arcExtensionSettings.operatorEnabled }} value: "true" {{- else }} value: "false" {{- end }} - name: AZMON_COLLECTOR_HPA_ENABLED {{- if $arcExtensionSettings.hpaEnabled }} value: "true" {{- else }} value: "false" {{- end }} - name: customEnvironment {{- if .Values.AzureMonitorMetrics.isArcACluster }} value: "arcautonomous" {{- else if $arcExtensionSettings.isArcExtension }} value: "{{ $arcExtensionSettings.cloudEnvironment }}" {{- else }} value: "{{ lower .Values.global.commonGlobals.CloudEnvironment }}" {{- end }} - name: OMS_TLD value: "opinsights.azure.com" {{- if .Values.AzureMonitorMetrics.isArcACluster }} - name: customRegionalEndpoint value: {{ required "customRegionalEndpoint is required in Arc Autonomous" .Values.AzureMonitorMetrics.arcAutonomousSettings.customRegionalEndpoint | toString | trim | quote }} - name: customGlobalEndpoint value: {{ required "customGlobalEndpoint is required in Arc Autonomous" .Values.AzureMonitorMetrics.arcAutonomousSettings.customGlobalEndpoint | toString | trim | quote }} - name: customResourceEndpoint value: {{ required "customResourceEndpoint is required in Arc Autonomous" .Values.AzureMonitorMetrics.arcAutonomousSettings.customResourceEndpoint | toString | trim | quote }} {{- end }} - name: CONTROLLER_TYPE value: "ReplicaSet" - name: NODE_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONTAINER_CPU_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.cpu divisor: 1m - name: CONTAINER_MEMORY_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.memory divisor: 1Mi - name: KUBE_STATE_NAME value: ama-metrics-ksm - name: NODE_EXPORTER_NAME value: "" # Replace this with the node exporter shipped out of box with AKS - name: NODE_EXPORTER_TARGETPORT {{- if $arcExtensionSettings.isArcExtension }} value: "{{ $arcExtensionSettings.nodeExporterTargetPort }}" {{- else }} value: "19100" {{- end }} {{- if .Values.AzureMonitorMetrics }} {{- if .Values.AzureMonitorMetrics.KubeStateMetrics }} - name: KUBE_STATE_VERSION value: "{{ .Values.AzureMonitorMetrics.KubeStateMetrics.ImageRegistry }}{{ .Values.AzureMonitorMetrics.KubeStateMetrics.ImageRepository }}:{{ .Values.AzureMonitorMetrics.KubeStateMetrics.ImageTag }}" {{- if .Values.AzureMonitorMetrics.KubeStateMetrics.MetricLabelsAllowlist }} - name: KUBE_STATE_METRIC_LABELS_ALLOWLIST value: "{{ .Values.AzureMonitorMetrics.KubeStateMetrics.MetricLabelsAllowlist }}" {{- end }} {{- if .Values.AzureMonitorMetrics.KubeStateMetrics.MetricAnnotationsAllowList }} - name: KUBE_STATE_METRIC_ANNOTATIONS_ALLOWLIST value: "{{ .Values.AzureMonitorMetrics.KubeStateMetrics.MetricAnnotationsAllowList }}" {{- end }} {{- end }} {{- end }} {{- if .Values.AzureMonitorMetrics }} {{- if .Values.AzureMonitorMetrics.TargetAllocatorEnabled }} - name: OPERATOR_TARGETS_TA_IMG_VERSION value: "{{ .Values.AzureMonitorMetrics.ImageTagTargetAllocator }}" - name: OPERATOR_TARGETS_CFG_READER_IMG_VERSION value: "{{ .Values.AzureMonitorMetrics.ImageTagCfgReader }}" {{- end }} {{- end }} - name: NODE_EXPORTER_VERSION value: "{{ $arcExtensionSettings.nodeExporterVersion }}" - name: AGENT_VERSION value: {{ .Values.AzureMonitorMetrics.ImageTag }} - name: MODE value: "advanced" # only supported mode is 'advanced', any other value will be the default/non-advance mode - name: WINMODE value: "advanced" # WINDOWS: only supported mode is 'advanced', any other value will be the default/non-advance mode - name: MINIMAL_INGESTION_PROFILE value: "true" # only supported value is the string "true" {{- if $arcExtensionSettings.isArcExtension }} # Env vars for telemetry purposes - name: IS_ARC_EXTENSION value: "true" - name: ARC_DISTRIBUTION value: "{{ $arcExtensionSettings.distribution }}" - name: MOUNT_MARINER_CERTS value: "{{ $arcExtensionSettings.mountMarinerCerts }}" - name: MOUNT_UBUNTU_CERTS value: "{{ $arcExtensionSettings.mountUbuntuCerts }}" {{- end }} securityContext: privileged: false capabilities: drop: - ALL add: - DAC_OVERRIDE volumeMounts: - mountPath: /etc/config/settings name: settings-vol-config readOnly: true - mountPath: /etc/prometheus/certs name: ama-metrics-tls-secret-volume readOnly: true - mountPath: /etc/config/settings/prometheus name: prometheus-config-vol readOnly: true - name: host-log-containers readOnly: true mountPath: /var/log/containers - name: host-log-pods readOnly: true mountPath: /var/log/pods {{- if $arcExtensionSettings.mountMarinerCerts }} - mountPath: /anchors/mariner name: anchors-mariner readOnly: true {{- end }} {{- if $arcExtensionSettings.mountUbuntuCerts }} - mountPath: /anchors/ubuntu name: anchors-ubuntu readOnly: true {{- end }} {{- if $arcExtensionSettings.isArcExtension }} - mountPath: /anchors/proxy name: ama-metrics-proxy-cert readOnly: true {{- end }} livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 60 periodSeconds: 15 timeoutSeconds: 5 failureThreshold: 3 {{- if $arcExtensionSettings.isArcExtension }} - name: arc-msi-adapter imagePullPolicy: IfNotPresent env: - name: TOKEN_NAMESPACE value: "azure-arc" - name: LIVENESS_PROBE_PORT value: "9999" {{- .Values.Azure.Identity.MSIAdapterYaml | nindent 10 }} {{- else }} - name: addon-token-adapter command: - /addon-token-adapter args: - --secret-namespace=kube-system - --secret-name=aad-msi-auth-token - --token-server-listening-port=7777 - --health-server-listening-port=9999 image: "{{ .Values.AzureMonitorMetrics.AddonTokenAdapter.ImageRegistry }}{{ .Values.AzureMonitorMetrics.AddonTokenAdapter.ImageRepository }}:{{ .Values.AzureMonitorMetrics.AddonTokenAdapter.ImageTag }}" imagePullPolicy: IfNotPresent env: - name: AZMON_COLLECT_ENV value: "false" livenessProbe: httpGet: path: /healthz port: 9999 initialDelaySeconds: 10 periodSeconds: 60 resources: limits: cpu: 500m memory: 500Mi requests: cpu: 20m memory: 30Mi securityContext: capabilities: drop: - ALL add: - NET_ADMIN - NET_RAW {{- end }} affinity: nodeAffinity: # affinity to schedule on to ephemeral os node if its available preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: kubernetes.azure.com/mode operator: In values: - system - weight: 50 preference: matchExpressions: - key: azuremonitor/metrics.replica.preferred operator: In values: - "true" requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux - key: type operator: NotIn values: - virtual-kubelet {{- if not $arcExtensionSettings.isArcExtension }} - key: kubernetes.azure.com/cluster operator: Exists {{- end }} topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: rsName: ama-metrics - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: rsName: ama-metrics tolerations: - key: CriticalAddonsOnly operator: Exists {{- if eq (default .Values.tolerationsOnlyForControlPlane false) false }} - operator: "Exists" effect: "NoSchedule" - operator: "Exists" effect: "NoExecute" - operator: "Exists" effect: "PreferNoSchedule" {{- end }} - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule" - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoExecute" - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "PreferNoSchedule" - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoExecute" - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "PreferNoSchedule" volumes: - name: settings-vol-config configMap: name: ama-metrics-settings-configmap optional: true - name: prometheus-config-vol configMap: name: ama-metrics-prometheus-config optional: true - name: host-log-containers hostPath: path: /var/log/containers - name: host-log-pods hostPath: path: /var/log/pods {{- if $arcExtensionSettings.mountMarinerCerts }} - name: anchors-mariner hostPath: path: /etc/pki/ca-trust/source/anchors/ type: DirectoryOrCreate {{- end }} - name: ama-metrics-tls-secret-volume secret: secretName: ama-metrics-mtls-secret optional: true {{- if $arcExtensionSettings.mountUbuntuCerts }} - name: anchors-ubuntu hostPath: path: /usr/local/share/ca-certificates/ type: DirectoryOrCreate {{- end }} {{- if $arcExtensionSettings.isArcExtension }} - name: ama-metrics-proxy-cert secret: secretName: ama-metrics-proxy-cert optional: true {{- end }}