apiVersion: apps/v1 kind: Deployment metadata: name: ama-metrics-ccp namespace: {{ .Values.global.commonGlobals.Customer.Namespace }} labels: component: ama-metrics-ccp spec: replicas: 1 revisionHistoryLimit: 2 paused: false selector: matchLabels: rsName: ama-metrics-ccp strategy: type: RollingUpdate template: metadata: labels: rsName: ama-metrics-ccp annotations: agentVersion: "0.0.0.1" schema-versions: "v1" cluster-autoscaler.kubernetes.io/safe-to-evict: "true" spec: serviceAccountName: ama-metrics-ccp-sa containers: - name: prometheus-collector image: "{{ .Values.AzureMonitorMetrics.ImageRepository }}:{{ .Values.AzureMonitorMetrics.ImageTag }}" imagePullPolicy: IfNotPresent resources: limits: cpu: 1 memory: 1Gi requests: cpu: 150m memory: 500Mi env: - name: CLUSTER value: "{{ .Values.global.commonGlobals.Customer.AzureResourceID }}" - name: AKSREGION value: "{{ .Values.global.commonGlobals.Region }}" - name: MAC value: "true" - name: CCP_METRICS_ENABLED value: "true" - name: AZMON_COLLECT_ENV value: "false" - name: customEnvironment value: "{{ lower .Values.global.commonGlobals.CloudEnvironment }}" - name: OMS_TLD value: "opinsights.azure.com" - name: CONTROLLER_TYPE value: "ReplicaSet" - name: NODE_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONTAINER_CPU_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.cpu divisor: 1m - name: CONTAINER_MEMORY_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.memory divisor: 1Mi - name: NODE_EXPORTER_NAME value: "" # Replace this with the node exporter shipped out of box with AKS - name: NODE_EXPORTER_TARGETPORT value: "19100" - name: NODE_EXPORTER_VERSION value: "v1.5.0" # Replace this with the version shipped by default - name: AGENT_VERSION value: {{ .Values.AzureMonitorMetrics.ImageTag }} - name: MODE value: "advanced" # only supported mode is 'advanced', any other value will be the default/non-advance mode - name: WINMODE value: "" # WINDOWS: only supported mode is 'advanced', any other value will be the default/non-advance mode - name: MINIMAL_INGESTION_PROFILE value: "true" # false scrapes all metrics securityContext: privileged: false volumeMounts: - mountPath: /etc/config/settings name: settings-vol-config - mountPath: /etc/config/settings/prometheus name: prometheus-config-vol readOnly: true - mountPath: /anchors/mariner name: anchors-mariner readOnly: true - mountPath: /anchors/ubuntu name: anchors-ubuntu readOnly: true - mountPath: /etc/kubernetes/secrets name: kubernetes-secrets readOnly: true livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 60 periodSeconds: 15 timeoutSeconds: 5 failureThreshold: 3 - name: configmap-watcher image: mcr.microsoft.com/aks/hcp/configmap-watcher:master.20231031-bdfc08a4 command: - /configmap-watcher args: - --configmap-namespace=kube-system - --configmap-name=ama-metrics-settings-configmap - --kubeconfig-file=/etc/kubernetes/kubeconfig/kubeconfig.yaml - --settings-volume=/etc/config/settings resources: limits: cpu: 20m memory: 40Mi requests: cpu: 10m memory: 20Mi volumeMounts: - name: kubeconfig readOnly: true mountPath: /etc/kubernetes/kubeconfig - name: settings-vol-config mountPath: /etc/config/settings - name: addon-token-adapter command: - /addon-token-adapter args: - --secret-namespace=kube-system - --secret-name=aad-msi-auth-token - --token-server-listening-port=7777 - --health-server-listening-port=9999 image: "mcr.microsoft.com/aks/msi/addon-token-adapter:master.230804.1" imagePullPolicy: IfNotPresent env: - name: AZMON_COLLECT_ENV value: "false" livenessProbe: httpGet: path: /healthz port: 9999 initialDelaySeconds: 10 periodSeconds: 60 resources: limits: cpu: 500m memory: 500Mi requests: cpu: 20m memory: 30Mi securityContext: capabilities: drop: - ALL add: - NET_ADMIN - NET_RAW affinity: nodeAffinity: # affinity to schedule on to ephemeral os node if its available preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: kubernetes.azure.com/mode operator: In values: - system - weight: 50 preference: matchExpressions: - key: azuremonitor/metrics.replica.preferred operator: In values: - "true" requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux - key: type operator: NotIn values: - virtual-kubelet - key: kubernetes.azure.com/cluster operator: Exists volumes: - name: settings-vol-config emptyDir: { } - name: prometheus-config-vol configMap: name: ama-metrics-prometheus-config optional: true - name: anchors-mariner hostPath: path: /etc/pki/ca-trust/source/anchors/ type: DirectoryOrCreate - name: anchors-ubuntu hostPath: path: /usr/local/share/ca-certificates/ type: DirectoryOrCreate - name: kubeconfig secret: secretName: kubeconfig-file - name: kubernetes-secrets projected: defaultMode: 420 sources: - secret: name: kube-apiserver-ssl - secret: name: etcd-client-tls