otelcollector/deploy/chart/prometheus-collector/templates/prometheus-collector-daemonset.yaml

{{- if .Values.mode.advanced }} apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "prometheus-collector.fullname" . }}-node namespace: {{ .Release.Namespace }} labels: component: {{ template "prometheus-collector.fullname" . }} spec: selector: matchLabels: dsName: {{ template "prometheus-collector.fullname" . }}-node updateStrategy: type: RollingUpdate {{- if .Values.updateStrategy }} {{- if .Values.updateStrategy.daemonSet }} {{- if .Values.updateStrategy.daemonSet.maxUnavailable }} rollingUpdate: maxUnavailable: {{ .Values.updateStrategy.daemonSet.maxUnavailable }} {{- end }} {{- end }} {{- end }} template: metadata: labels: dsName: {{ template "prometheus-collector.fullname" . }}-node {{- with .Values.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }} {{- if ne (index .Values.azureKeyVault "aad-pod-identity") ""}} aadpodidbinding: {{ index .Values.azureKeyVault "aad-pod-identity" }} {{- end }} annotations: agentVersion: "0.0.0.1" schema-versions: "v1" {{- with .Values.podAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }} spec: serviceAccountName: {{ template "prometheus-collector.fullname" . }}-serviceaccount {{- if .Values.daemonsetPriorityClass }} priorityClassName: {{ .Values.daemonsetPriorityClass }} {{- end}} containers: - name: prometheus-collector image: &collectorimagetag "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{- toYaml .Values.resources.daemonSet | nindent 12 }} env: {{- if not .Values.useMonitoringAccount }} - name: CLUSTER value: {{ required "clusterName is required" .Values.clusterName | toString | trim | quote }} {{- else }} - name: CLUSTER value: {{ required "azureResourceId is required when using monitoring account" .Values.azureResourceId | toString | quote }} - name: AKSREGION value: {{ required "azureResourceRegion is required when using monitoring account" .Values.azureResourceRegion | toString | trim | lower | quote }} - name: MAC value: "true" - name: customEnvironment value: {{ required "customEnvironment is required when using monitoring account" .Values.customEnvironment | toString | trim | lower | quote }} - name: OMS_TLD value: "opinsights.azure.com" {{- if eq .Values.customEnvironment "arcautonomous" }} - name: customRegionalEndpoint value: {{ required "customRegionalEndpoint is required when using monitoring account in Arc Autonomous" .Values.arcAutonomousSettings.customRegionalEndpoint | toString | trim | quote }} - name: customGlobalEndpoint value: {{ required "customGlobalEndpoint is required when using monitoring account in Arc Autonomous" .Values.arcAutonomousSettings.customGlobalEndpoint | toString | trim | quote }} - name: customResourceEndpoint value: {{ required "customResourceEndpoint is required when using monitoring account in Arc Autonomous" .Values.arcAutonomousSettings.customResourceEndpoint | toString | trim | quote }} {{- end }} {{- end }} {{- if and (.Values.internalSettings.intEnvironment) (not .Values.useMonitoringAccount) }} - name: ME_ADDITIONAL_FLAGS value: "-FrontEndUrl https://az-int.int.microsoftmetrics.com" {{- end }} {{- if .Values.internalSettings.clusterOverride }} - name: CLUSTER_OVERRIDE value: "true" {{- end }} - name: CONTROLLER_TYPE value: "DaemonSet" - name: NODE_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONTAINER_CPU_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.cpu divisor: 1m - name: CONTAINER_MEMORY_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector resource: limits.memory divisor: 1Mi - name: KUBE_STATE_NAME value: {{ include "prometheus-collector.kubestatemetricsfullname" . }} - name: NODE_EXPORTER_NAME value: {{ include "prometheus-collector.nodeexporterfullname" . }} - name: NODE_EXPORTER_TARGETPORT value: "{{ index .Values "prometheus-node-exporter" "service" "targetPort" }}" - name: KUBE_STATE_VERSION value: "{{ index .Values "kube-state-metrics" "image" "repository" }}:{{ index .Values "kube-state-metrics" "image" "tag" }}" - name: NODE_EXPORTER_VERSION value: "{{ index .Values "prometheus-node-exporter" "image" "repository" }}:{{ index .Values "prometheus-node-exporter" "image" "tag" }}" - name: HELM_RELEASE_NAME value: "{{ .Release.Name }}" - name: AGENT_VERSION value: *collectorimagetag {{- if .Values.mode.advanced }} - name: MODE value: "advanced" # only supported mode is 'advanced', any other value will be the default/non-advance mode {{- else }} - name: MODE value: "" # only supported mode is 'advanced', any other value will be the default/non-advance mode {{- end }} {{- if .Values.windowsDaemonset }} - name: WINMODE value: "advanced" # WINDOWS: only supported mode is 'advanced' [when not using MAC], any other value will be the default/non-advance mode {{- else }} - name: WINMODE value: "" # WINDOWS: only supported mode is 'advanced', any other value will be the default/non-advance mode {{- end }} {{- if .Values.minimalIngestionProfile }} - name: MINIMAL_INGESTION_PROFILE value: "true" # only supported value is the string "true" {{- end }} securityContext: privileged: false volumeMounts: - mountPath: /etc/config/settings name: settings-vol-config readOnly: true - mountPath: /etc/config/settings/prometheus name: prometheus-config-vol readOnly: true {{- if not .Values.useMonitoringAccount }} - mountPath: /etc/config/settings/akv name: secrets-store-inline readOnly: true {{- end }} - name: host-log-containers readOnly: true mountPath: /var/log/containers - name: host-log-pods readOnly: true mountPath: /var/log/pods livenessProbe: exec: command: - /bin/bash - -c - /opt/microsoft/liveness/livenessprobe.sh initialDelaySeconds: 60 periodSeconds: 15 timeoutSeconds: 5 failureThreshold: 3 {{- if .Values.useMonitoringAccount }} - name: addon-token-adapter command: - /addon-token-adapter args: - --secret-namespace=kube-system - --secret-name=aad-msi-auth-token - --token-server-listening-port=7777 - --health-server-listening-port=9999 image: "mcr.microsoft.com/aks/msi/addon-token-adapter:master.221118.2" imagePullPolicy: IfNotPresent env: - name: AZMON_COLLECT_ENV value: "false" livenessProbe: httpGet: path: /healthz port: 9999 initialDelaySeconds: 10 periodSeconds: 60 resources: limits: cpu: 500m memory: 500Mi requests: cpu: 20m memory: 30Mi securityContext: capabilities: drop: - ALL add: - NET_ADMIN - NET_RAW {{- end }} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - labelSelector: matchExpressions: - key: kubernetes.io/os operator: In values: - linux - key: kubernetes.io/arch operator: In values: - amd64 - key: type operator: NotIn values: - virtual-kubelet # The following tolerations are removed for AKS, this is only required for non AKS tolerations: - operator: "Exists" effect: "PreferNoSchedule" volumes: - name: settings-vol-config configMap: name: {{ template "prometheus-collector.fullname" . }}-settings-configmap optional: true - name: prometheus-config-vol configMap: name: {{ .Release.Name }}-prometheus-config-node optional: true - name: host-log-containers hostPath: path: /var/log/containers - name: host-log-pods hostPath: path: /var/log/pods {{- if not .Values.useMonitoringAccount }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: "{{ template "prometheus-collector.fullname" . }}-azure-kv-metricstore" {{- if not .Values.azureKeyVault.useManagedIdentity }} nodePublishSecretRef: # Only required when using service principal mode name: {{ template "prometheus-collector.fullname" . }}-akv-creds # Only required when using service principal mode. The name of the Kubernetes secret that contains the service principal credentials to access keyvault {{- end }} {{- end }} {{- end }} --- {{- if and (eq .Values.mode.advanced true) (eq .Values.windowsDaemonset true) }} apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "prometheus-collector.fullname" . }}-win-node namespace: {{ .Release.Namespace }} labels: component: {{ template "prometheus-collector.fullname" . }} spec: selector: matchLabels: dsName: {{ template "prometheus-collector.fullname" . }}-win-node updateStrategy: type: RollingUpdate {{- if .Values.updateStrategy }} {{- if .Values.updateStrategy.daemonSet }} {{- if .Values.updateStrategy.daemonSet.maxUnavailable }} rollingUpdate: maxUnavailable: {{ .Values.updateStrategy.daemonSet.maxUnavailable }} {{- end }} {{- end }} {{- end }} template: metadata: labels: dsName: {{ template "prometheus-collector.fullname" . }}-win-node {{- if ne (index .Values.azureKeyVault "aad-pod-identity") ""}} aadpodidbinding: {{ index .Values.azureKeyVault "aad-pod-identity" }} {{- end }} annotations: agentVersion: "0.0.0.1" schema-versions: "v1" spec: serviceAccountName: {{ template "prometheus-collector.fullname" . }}-serviceaccount containers: - name: prometheus-collector-win image: &collectorimagewindowstag "{{ .Values.image.repository }}:{{ .Values.image.windows.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{- toYaml .Values.resources.daemonSetWindows | nindent 12 }} env: {{- if not .Values.useMonitoringAccount }} - name: CLUSTER value: {{ required "clusterName is required" .Values.clusterName | toString | trim | quote }} {{- else }} - name: CLUSTER value: {{ required "azureResourceId is required when using monitoring account" .Values.azureResourceId | toString | quote }} - name: AKSREGION value: {{ required "azureResourceRegion is required when using monitoring account" .Values.azureResourceRegion | toString | trim | lower | quote }} - name: customEnvironment value: {{ required "customEnvironment is required when using monitoring account" .Values.customEnvironment | toString | trim | lower | quote }} - name: MAC value: "true" {{- end }} {{- if .Values.internalSettings.intEnvironment }} - name: ME_ADDITIONAL_FLAGS value: "-FrontEndUrl https://az-int.int.microsoftmetrics.com" {{- end }} {{- if .Values.internalSettings.clusterOverride }} - name: CLUSTER_OVERRIDE value: "true" {{- end }} - name: CONTROLLER_TYPE value: "DaemonSet" - name: NODE_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CONTAINER_CPU_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector-win resource: limits.cpu divisor: 1m - name: CONTAINER_MEMORY_LIMIT valueFrom: resourceFieldRef: containerName: prometheus-collector-win resource: limits.memory divisor: 1Mi - name: KUBE_STATE_NAME value: {{ include "prometheus-collector.kubestatemetricsfullname" . }} - name: NODE_EXPORTER_NAME value: {{ include "prometheus-collector.nodeexporterfullname" . }} - name: NODE_EXPORTER_TARGETPORT value: "{{ index .Values "prometheus-node-exporter" "service" "targetPort" }}" - name: KUBE_STATE_VERSION value: "{{ index .Values "kube-state-metrics" "image" "repository" }}:{{ index .Values "kube-state-metrics" "image" "tag" }}" - name: NODE_EXPORTER_VERSION value: "{{ index .Values "prometheus-node-exporter" "image" "repository" }}:{{ index .Values "prometheus-node-exporter" "image" "tag" }}" - name: HELM_RELEASE_NAME value: "{{ .Release.Name }}" - name: AGENT_VERSION value: *collectorimagewindowstag {{- if .Values.mode.advanced }} - name: MODE value: "advanced" # only supported mode is 'advanced', any other value will be the default/non-advance mode {{- else }} - name: MODE value: "" # only supported mode is 'advanced', any other value will be the default/non-advance mode {{- end }} {{- if .Values.windowsDaemonset }} - name: WINMODE value: "advanced" # WINDOWS: only supported mode is 'advanced', any other value will be the default/non-advance mode {{- else }} - name: WINMODE value: "" # WINDOWS: only supported mode is 'advanced', any other value will be the default/non-advance mode {{- end }} {{- if .Values.minimalIngestionProfile }} - name: MINIMAL_INGESTION_PROFILE value: "true" # only supported value is the string "true" {{- end }} securityContext: privileged: false volumeMounts: - mountPath: /etc/config/settings name: settings-vol-config readOnly: true - mountPath: /etc/config/settings/prometheus name: prometheus-config-vol readOnly: true {{- if not .Values.useMonitoringAccount }} - mountPath: /etc/config/settings/akv name: secrets-store-inline readOnly: true {{- end }} - name: host-log-containers readOnly: true mountPath: /var/log/containers - name: host-log-pods readOnly: true mountPath: /var/log/pods livenessProbe: exec: command: - cmd - /c - C:\opt\microsoft\scripts\livenessprobe.cmd periodSeconds: 15 initialDelaySeconds: 300 timeoutSeconds: 15 failureThreshold: 3 {{- if .Values.useMonitoringAccount }} - name: addon-token-adapter-win command: - addon-token-adapter-win args: - --secret-namespace=kube-system - --secret-name=aad-msi-auth-token - --token-server-listening-port=7777 - --health-server-listening-port=9999 image: "mcr.microsoft.com/aks/hcp/addon-token-adapter:master.240102.1" imagePullPolicy: Always livenessProbe: httpGet: path: /healthz port: 9999 initialDelaySeconds: 10 periodSeconds: 60 resources: limits: memory: 500Mi requests: cpu: 100m memory: 100Mi securityContext: capabilities: add: - NET_ADMIN {{- end }} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - labelSelector: matchExpressions: - key: kubernetes.io/os operator: In values: - windows - key: type operator: NotIn values: - virtual-kubelet # The following tolerations are removed for AKS, this is only required for non AKS tolerations: - operator: "Exists" effect: "NoSchedule" - operator: "Exists" effect: "NoExecute" - operator: "Exists" effect: "PreferNoSchedule" volumes: - name: settings-vol-config configMap: name: {{ template "prometheus-collector.fullname" . }}-settings-configmap optional: true - name: prometheus-config-vol configMap: name: {{ .Release.Name }}-prometheus-config-node-windows optional: true - name: host-log-containers hostPath: path: /var/log/containers - name: host-log-pods hostPath: path: /var/log/pods {{- if not .Values.useMonitoringAccount }} - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: "{{ template "prometheus-collector.fullname" . }}-azure-kv-metricstore" {{- if not .Values.azureKeyVault.useManagedIdentity }} nodePublishSecretRef: # Only required when using service principal mode name: {{ template "prometheus-collector.fullname" . }}-akv-creds # Only required when using service principal mode. The name of the Kubernetes secret that contains the service principal credentials to access keyvault {{- end }} {{- end }} {{- end }} ---

otelcollector/deploy/chart/prometheus-collector/templates/prometheus-collector-daemonset.yaml (486 lines of code) (raw):