From dbcefeab5c9a0a19977c9b5c7467576d47c1bf08 Mon Sep 17 00:00:00 2001
From: rashmy <rashmy@RASHMY-PC2>
Date: Fri, 3 Jan 2020 14:47:45 -0800
Subject: [PATCH 1/3] cadvsior secure port changes

---
 .../code/plugin/CAdvisorMetricsAPIClient.rb   | 50 +++++++++++++++----
 1 file changed, 40 insertions(+), 10 deletions(-)

diff --git a/source/code/plugin/CAdvisorMetricsAPIClient.rb b/source/code/plugin/CAdvisorMetricsAPIClient.rb
index be61b8b8f..0a1f50faa 100644
--- a/source/code/plugin/CAdvisorMetricsAPIClient.rb
+++ b/source/code/plugin/CAdvisorMetricsAPIClient.rb
@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 
 class CAdvisorMetricsAPIClient
-  require 'yajl/json_gem'
+  require "yajl/json_gem"
   require "logger"
   require "net/http"
   require "net/https"
@@ -63,13 +63,34 @@ def getSummaryStatsFromCAdvisor(winNode)
       response = nil
       @Log.info "Getting CAdvisor Uri"
       begin
-        cAdvisorUri = getCAdvisorUri(winNode)
+        # Check to see if omsagent needs to use 10255(insecure) port or 10250(secure) port
+        useSecureCAdvisorPort = ENV["IS_SECURE_CADVISOR_PORT"]
+        cAdvisorSecurePort = true
+        if !useSecureCAdvisorPort.nil? && !!useSecureCAdvisorPort == !useSecureCAdvisorPort
+          cAdvisorSecurePort = false
+        end
+
+        cAdvisorUri = getCAdvisorUri(winNode, cAdvisorSecurePort)
+        bearerToken = File.read("/var/run/secrets/kubernetes.io/serviceaccount/token")
+
         if !cAdvisorUri.nil?
           uri = URI.parse(cAdvisorUri)
-          Net::HTTP.start(uri.host, uri.port, :use_ssl => false, :open_timeout => 20, :read_timeout => 40 ) do |http|
-            cAdvisorApiRequest = Net::HTTP::Get.new(uri.request_uri)
-            response = http.request(cAdvisorApiRequest)
-            @Log.info "Got response code #{response.code} from #{uri.request_uri}"
+          if cAdvisorSecurePort
+            Net::HTTP.start(uri.host, uri.port,
+                            :use_ssl => true, :open_timeout => 20, :read_timeout => 40,
+                            :ca_file => "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
+                            :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |http|
+              cAdvisorApiRequest = Net::HTTP::Get.new(uri.request_uri)
+              cAdvisorApiRequest["Authorization"] = "Bearer #{bearerToken}"
+              response = http.request(cAdvisorApiRequest)
+              @Log.info "Got response code #{response.code} from #{uri.request_uri}"
+            end
+          else
+            Net::HTTP.start(uri.host, uri.port, :use_ssl => false, :open_timeout => 20, :read_timeout => 40) do |http|
+              cAdvisorApiRequest = Net::HTTP::Get.new(uri.request_uri)
+              response = http.request(cAdvisorApiRequest)
+              @Log.info "Got response code #{response.code} from #{uri.request_uri}"
+            end
           end
         end
       rescue => error
@@ -81,9 +102,14 @@ def getSummaryStatsFromCAdvisor(winNode)
       return response
     end
 
-    def getCAdvisorUri(winNode)
+    def getCAdvisorUri(winNode, cAdvisorSecurePort)
       begin
-        defaultHost = "http://localhost:10255"
+        if cAdvisorSecurePort
+          defaultHost = "https://localhost:10250"
+        else
+          defaultHost = "http://localhost:10255"
+        end
+
         relativeUri = "/stats/summary"
         if !winNode.nil?
           nodeIP = winNode["InternalIP"]
@@ -92,7 +118,11 @@ def getCAdvisorUri(winNode)
         end
         if !nodeIP.nil?
           @Log.info("Using #{nodeIP + relativeUri} for CAdvisor Uri")
-          return "http://#{nodeIP}:10255" + relativeUri
+          if cAdvisorSecurePort
+            return "https://#{nodeIP}:10250" + relativeUri
+          else
+            return "http://#{nodeIP}:10255" + relativeUri
+          end
         else
           @Log.warn ("NODE_IP environment variable not set. Using default as : #{defaultHost + relativeUri} ")
           if !winNode.nil?
@@ -104,7 +134,7 @@ def getCAdvisorUri(winNode)
       end
     end
 
-    def getMetrics(winNode: nil, metricTime: Time.now.utc.iso8601 )
+    def getMetrics(winNode: nil, metricTime: Time.now.utc.iso8601)
       metricDataItems = []
       begin
         cAdvisorStats = getSummaryStatsFromCAdvisor(winNode)

From c7fda39006d9d5ea193b45b2c6f92874817d9be9 Mon Sep 17 00:00:00 2001
From: rashmy <rashmy@RASHMY-PC2>
Date: Fri, 3 Jan 2020 15:03:19 -0800
Subject: [PATCH 2/3] update to use secure/insecure port for cadvisor

---
 installer/conf/telegraf.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/conf/telegraf.conf b/installer/conf/telegraf.conf
index cd22a56b4..f9dc3fb6a 100644
--- a/installer/conf/telegraf.conf
+++ b/installer/conf/telegraf.conf
@@ -531,7 +531,7 @@
 [[inputs.prometheus]]
   name_prefix="container.azm.ms/"
   ## An array of urls to scrape metrics from.
-  urls = ["http://$NODE_IP:10255/metrics"]
+  urls = ["$CADVISOR_METRICS_URL"]
   fieldpass = ["kubelet_docker_operations", "kubelet_docker_operations_errors"]
 
   metric_version = 2

From 8a6a5038dbb12197ad58c8054ab18f9c33555b3f Mon Sep 17 00:00:00 2001
From: rashmy <rashmy@RASHMY-PC2>
Date: Fri, 3 Jan 2020 15:15:42 -0800
Subject: [PATCH 3/3] telemetry changes

---
 source/code/plugin/CAdvisorMetricsAPIClient.rb | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/source/code/plugin/CAdvisorMetricsAPIClient.rb b/source/code/plugin/CAdvisorMetricsAPIClient.rb
index 0a1f50faa..06377db01 100644
--- a/source/code/plugin/CAdvisorMetricsAPIClient.rb
+++ b/source/code/plugin/CAdvisorMetricsAPIClient.rb
@@ -29,6 +29,8 @@ class CAdvisorMetricsAPIClient
   @dsPromFieldDropCount = ENV["TELEMETRY_DS_PROM_FIELDDROP_LENGTH"]
   @dsPromUrlCount = ENV["TELEMETRY_DS_PROM_URLS_LENGTH"]
 
+  @cAdvisorMetricsSecurePort = ENV["IS_SECURE_CADVISOR_PORT"]
+
   @LogPath = "/var/opt/microsoft/docker-cimprov/log/kubernetes_perf_log.txt"
   @Log = Logger.new(@LogPath, 2, 10 * 1048576) #keep last 2 files, max log file size = 10M
   #   @@rxBytesLast = nil
@@ -63,12 +65,11 @@ def getSummaryStatsFromCAdvisor(winNode)
       response = nil
       @Log.info "Getting CAdvisor Uri"
       begin
-        # Check to see if omsagent needs to use 10255(insecure) port or 10250(secure) port
-        useSecureCAdvisorPort = ENV["IS_SECURE_CADVISOR_PORT"]
         cAdvisorSecurePort = true
-        if !useSecureCAdvisorPort.nil? && !!useSecureCAdvisorPort == !useSecureCAdvisorPort
+        # Check to see if omsagent needs to use 10255(insecure) port or 10250(secure) port
+        if @cAdvisorMetricsSecurePort && @cAdvisorMetricsSecurePort.value == false
           cAdvisorSecurePort = false
-        end
+        else
 
         cAdvisorUri = getCAdvisorUri(winNode, cAdvisorSecurePort)
         bearerToken = File.read("/var/run/secrets/kubernetes.io/serviceaccount/token")
@@ -241,6 +242,7 @@ def getContainerCpuMetricItems(metricJSON, hostName, cpuMetricNameToCollect, met
                     telemetryProps["PodName"] = podName
                     telemetryProps["ContainerName"] = containerName
                     telemetryProps["Computer"] = hostName
+                    telemetryProps["CAdvisorIsSecure"] = @cAdvisorMetricsSecurePort
                     #telemetry about log collections settings
                     if (File.file?(@configMapMountPath))
                       telemetryProps["clustercustomsettings"] = true
@@ -442,6 +444,7 @@ def getContainerMemoryMetricItems(metricJSON, hostName, memoryMetricNameToCollec
                     telemetryProps["PodName"] = podName
                     telemetryProps["ContainerName"] = containerName
                     telemetryProps["Computer"] = hostName
+                    telemetryProps["CAdvisorIsSecure"] = @cAdvisorMetricsSecurePort
                     ApplicationInsightsUtility.sendMetricTelemetry(metricNametoReturn, metricValue, telemetryProps)
                   end
                 end