{{- if .Values.enableArcExtension }} {{- if .Values.arc.enableMonitoring }} {{- if .Values.linux.enabled}} apiVersion: apps/v1 kind: Deployment metadata: name: akvsecretsprovider-arc-monitoring namespace: {{ .Release.Namespace }} labels: app: arc-monitoring {{ include "sscdpa.arc.labels" . | indent 4 }} spec: replicas: 1 selector: matchLabels: app: "arc-monitoring" template: metadata: labels: app: "arc-monitoring" {{ include "sscdpa.arc.labels" . | indent 8 }} spec: serviceAccountName: csi-secrets-store-provider-azure containers: # Prom MDM Converter - name: prom-mdm-converter image: "upstreamarc.azurecr.io/prom-mdm-converter:v1.0.3" imagePullPolicy: IfNotPresent env: - name: SERVER_PORT value: "8090" - name: EXTENSION_RESOURCE_ID value: "{{ .Values.Azure.Extension.ResourceId }}" resources: {{- toYaml .Values.promMdmConverter.resources | nindent 12 }} # MDM - name: mdm image: "linuxgeneva-microsoft.azurecr.io/distroless/genevamdm:2.2024.614.1547-8b8fd6-20240614t1655" imagePullPolicy: IfNotPresent env: - name: ROLEINSTANCE valueFrom: fieldRef: fieldPath: spec.nodeName - name: CONFIG_OVERRIDES_FILE value: /tmp/geneva_mdm/mdmconfig.json - name: MDM_INPUT value: statsd_udp,statsd_tcp - name: MDM_LOG_LEVEL value: "Info" volumeMounts: - name: mdm-config mountPath: /tmp/geneva_mdm resources: {{- toYaml .Values.mdm.resources | nindent 12 }} # MSI Adapter - name: msi-adapter image: "mcr.microsoft.com/azurearck8s/msi-adapter:1.0.10" imagePullPolicy: IfNotPresent env: - name: TOKEN_NAMESPACE value: {{ .Release.Namespace }} - name: EXTENSION_ARMID value: {{ .Values.Azure.Extension.ResourceId }} - name: EXTENSION_NAME value: {{ .Values.Azure.Extension.Name }} - name: CLUSTER_TYPE value: ConnectedClusters - name: CLUSTER_IDENTITY value: "false" - name: MANAGED_IDENTITY_AUTH value: "true" - name: TEST_MODE value: "false" resources: {{- toYaml .Values.msiAdapter.resources | nindent 12 }} securityContext: capabilities: add: - NET_ADMIN {{- if eq .Values.Azure.Cluster.Distribution "openshift" }} privileged: true {{- end }} # Telegraf - name: telegraf image: "mcr.microsoft.com/cbl-mariner/base/telegraf:1.29" imagePullPolicy: IfNotPresent resources: {{- toYaml .Values.telegraf.resources | nindent 12 }} volumeMounts: - name: telegraf-conf mountPath: /etc/telegraf/telegraf.conf subPath: telegraf.conf # Pipeline agent for logging - name: amacoreagent image: "linuxgeneva-microsoft.azurecr.io/amacoreagentaot:1.3.52" imagePullPolicy: IfNotPresent resources: {{- toYaml .Values.amacoreagent.resources | nindent 12 }} env: - name: MONITORING_USE_GENEVA_CONFIG_SERVICE value: "true" - name: SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH value: "1" - name: MONITORING_GCS_AUTH_ID_TYPE value: AuthMSIToken - name: PA_TENANTS_DIR value: /etc/tenants - name: PA_GIG_BRIDGE_MODE value: "1" - name: PA_FLUENT_SOCKET_PORT value: "15000" - name: PA_TRACEFLAGS value: "4" - name: OTLP_DEBUG_VERBOSE value: "1" - name: FLUENTD_PORT value: "8130" - name: MDSD_DEBUG_LOG_FLAGS value: "-T 0x2002" - name: TENANT value: "westus2" - name: ROLE value: "akvsecretsprovider" - name: ROLEINSTANCE valueFrom: fieldRef: fieldPath: spec.nodeName - name: MONITORING_TENANT value: "westus2" - name: MONITORING_ROLE value: "akvsecretsprovider" - name: MONITORING_ROLE_INSTANCE valueFrom: fieldRef: fieldPath: spec.nodeName - name: MONITORING_GCS_ENVIRONMENT value: "DiagnosticsPROD" - name: MONITORING_GCS_ACCOUNT value: "akvsecretsprovider" - name: MONITORING_GCS_REGION value: "westus2" - name: MONITORING_GCS_NAMESPACE value: "akvsecretsprovider" - name: MONITORING_CONFIG_VERSION value: "2.2" - name: MDSD_CONFIG_DIR value: /tmp - name: DOCKER_LOGGING value: "true" volumeMounts: - name: tenants-conf-vol mountPath: /etc/tenants - name: var-log-vol mountPath: /geneva/geneva_logs - name: mdsd-run-vol mountPath: /var/run/mdsd # FluentD - name: fluentd image: "linuxgeneva-microsoft.azurecr.io/distroless/genevafluentd_td-agent:mariner_20240524.1" imagePullPolicy: IfNotPresent resources: {{- toYaml .Values.fluentd.resources | nindent 12 }} env: - name: FLUENT_CONF value: /etc/fluentd/fluentd.conf volumeMounts: - name: fluentd-conf-vol mountPath: /etc/fluentd - name: fluentd-buffer-vol mountPath: "/var/log/td-agent" - name: mdsd-run-vol mountPath: "/var/run/mdsd" - name: docker-log-vol mountPath: /var/lib/docker/containers readOnly: true - name: var-log-vol mountPath: /var/log - name: run-journal-vol mountPath: /run/log/journal readOnly: true {{- if eq .Values.Azure.Cluster.Distribution "openshift" }} securityContext: privileged: true {{- end }} affinity: {{ toYaml .Values.linux.affinity | indent 8 }} {{- if .Values.linux.priorityClassName }} priorityClassName: {{ .Values.linux.priorityClassName | quote }} {{- end }} volumes: - name: telegraf-conf configMap: name: arc-telegraf-config - name: mdm-config configMap: name: arc-mdm-config - name: mdsd-run-vol emptyDir: {} - name: var-log-vol hostPath: path: /var/log - name: run-journal-vol hostPath: path: /run/log/journal - name: fluentd-buffer-vol emptyDir: {} - name: docker-log-vol hostPath: path: /var/lib/docker/containers - name: fluentd-conf-vol configMap: name: arc-fluentd-conf - name: tenants-conf-vol configMap: name: arc-gcstenant-conf nodeSelector: kubernetes.io/os: linux {{- if .Values.linux.nodeSelector }} {{- toYaml .Values.linux.nodeSelector | nindent 8 }} {{- end }} {{- with .Values.linux.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} {{- end }} {{- end }} {{- end }}