diff --git a/.pipelines/update-place-holders-in-yaml.sh b/.pipelines/update-place-holders-in-yaml.sh index 906303667..6b962bf72 100755 --- a/.pipelines/update-place-holders-in-yaml.sh +++ b/.pipelines/update-place-holders-in-yaml.sh @@ -10,6 +10,7 @@ do case "$KEY" in ClusterResourceId) ClusterResourceId=$VALUE ;; ClusterRegion) ClusterRegion=$VALUE ;; + UserAssignedIdentityClientId) UserAssignedIdentityClientId=$VALUE ;; CIRelease) CI_RELEASE=$VALUE ;; CIImageTagSuffix) CI_IMAGE_TAG_SUFFIX=$VALUE ;; *) @@ -24,6 +25,10 @@ echo "clusterRegion:$ClusterRegion" echo "replace cluster region" sed -i "s/VALUE_AKS_RESOURCE_REGION_VALUE/$ClusterRegion/g" omsagent.yaml +echo "userAssignedIdentityClientId:$UserAssignedIdentityClientId" +echo "replace user assigned identity client id" +sed -i "s=VALUE_USER_ASSIGNED_IDENTITY_CLIENT_ID_VALUE=$UserAssignedIdentityClientId=g" omsagent.yaml + echo "replace linux agent image" linuxAgentImageTag=$CI_RELEASE$CI_IMAGE_TAG_SUFFIX echo "Linux Agent Image Tag:"$linuxAgentImageTag diff --git a/ReleaseNotes.md b/ReleaseNotes.md index ce4d86f78..ebbf172e4 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -11,9 +11,9 @@ additional questions or comments. Note : The agent version(s) below has dates (ciprod), which indicate the agent build dates (not release dates) -### 10/11/2021 - -##### Version microsoft/oms:ciprod10112021 Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod10112021 (linux) -##### Version microsoft/oms:win-ciprod10112021 Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod10112021 (windows) +### 10/13/2021 - +##### Version microsoft/oms:ciprod10132021 Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod10132021 (linux) +##### Version microsoft/oms:win-ciprod10132021 Version mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod10132021 (windows) ##### Code change log - Linux Agent - MDSD Proxy support for non-AKS diff --git a/charts/azuremonitor-containers/Chart.yaml b/charts/azuremonitor-containers/Chart.yaml index 00f3f49ed..4dd6623bf 100644 --- a/charts/azuremonitor-containers/Chart.yaml +++ b/charts/azuremonitor-containers/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 7.0.0-1 description: Helm chart for deploying Azure Monitor container monitoring agent in Kubernetes name: azuremonitor-containers -version: 2.8.3 +version: 2.9.0 kubeVersion: "^1.10.0-0" keywords: - monitoring diff --git a/charts/azuremonitor-containers/templates/omsagent-daemonset-windows.yaml b/charts/azuremonitor-containers/templates/omsagent-daemonset-windows.yaml index efed76f7d..78831aa10 100644 --- a/charts/azuremonitor-containers/templates/omsagent-daemonset-windows.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-daemonset-windows.yaml @@ -86,7 +86,7 @@ spec: fieldRef: fieldPath: metadata.name - name: SIDECAR_SCRAPING_ENABLED - value: "false" + value: {{ .Values.omsagent.sidecarscraping | quote }} volumeMounts: - mountPath: C:\ProgramData\docker\containers name: docker-windows-containers @@ -104,7 +104,11 @@ spec: command: - cmd - /c - - C:\opt\omsagentwindows\scripts\cmd\livenessProbe.cmd + - C:\opt\omsagentwindows\scripts\cmd\livenessprobe.exe + - fluent-bit.exe + - fluentdwinaks + - "C:\\etc\\omsagentwindows\\filesystemwatcher.txt" + - "C:\\etc\\omsagentwindows\\renewcertificate.txt" periodSeconds: 60 initialDelaySeconds: 180 timeoutSeconds: 15 diff --git a/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml b/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml index 7201ee6ae..8e5513f91 100644 --- a/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-daemonset.yaml @@ -132,6 +132,69 @@ spec: initialDelaySeconds: 60 periodSeconds: 60 timeoutSeconds: 15 + {{- if .Values.omsagent.sidecarscraping }} + - name: omsagent-prometheus + {{- if eq (.Values.omsagent.domain | lower) "opinsights.azure.cn" }} + image: "mcr.azk8s.cn/azuremonitor/containerinsights/ciprod:{{ .Values.omsagent.image.tag }}" + {{- else }} + image: {{ printf "%s:%s" .Values.omsagent.image.repo .Values.omsagent.image.tag }} + {{- end }} + imagePullPolicy: IfNotPresent + resources: +{{ toYaml .Values.omsagent.resources.daemonsetlinuxsidecar | indent 9 }} + env: + {{- if ne .Values.omsagent.env.clusterId "" }} + - name: AKS_RESOURCE_ID + value: {{ .Values.omsagent.env.clusterId | quote }} + {{- if ne .Values.omsagent.env.clusterRegion "" }} + - name: AKS_REGION + value: {{ .Values.omsagent.env.clusterRegion | quote }} + {{- end }} + {{- else if ne .Values.Azure.Cluster.ResourceId "" }} + - name: AKS_RESOURCE_ID + value: {{ .Values.Azure.Cluster.ResourceId | quote }} + {{- if ne .Values.Azure.Cluster.Region "" }} + - name: AKS_REGION + value: {{ .Values.Azure.Cluster.Region | quote }} + {{- end }} + {{- else }} + - name: ACS_RESOURCE_NAME + value: {{ .Values.omsagent.env.clusterName | quote }} + {{- end }} + - name: CONTROLLER_TYPE + value: "DaemonSet" + - name: CONTAINER_TYPE + value: "PrometheusSidecar" + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTEST + value: {{ .Values.omsagent.ISTEST | quote }} + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/kubernetes/host + name: azure-json-path + - mountPath: /etc/omsagent-secret + name: omsagent-secret + readOnly: true + - mountPath: /etc/config/settings + name: settings-vol-config + readOnly: true + - mountPath: /etc/config/osm-settings + name: osm-settings-vol-config + readOnly: true + livenessProbe: + exec: + command: + - /bin/bash + - -c + - /opt/livenessprobe.sh + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 15 + {{- end }} {{- with .Values.omsagent.daemonset.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} @@ -173,4 +236,8 @@ spec: secret: secretName: omsagent-adx-secret optional: true + - name: osm-settings-vol-config + configMap: + name: container-azm-ms-osmconfig + optional: true {{- end }} diff --git a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml index fdc520cba..1eaf7f652 100644 --- a/charts/azuremonitor-containers/templates/omsagent-deployment.yaml +++ b/charts/azuremonitor-containers/templates/omsagent-deployment.yaml @@ -69,14 +69,14 @@ spec: fieldPath: status.hostIP {{- if not (empty .Values.Azure.Extension.Name) }} - name: ARC_K8S_EXTENSION_NAME - value: {{ .Values.Azure.Extension.Name | quote }} - {{- end }} + value: {{ .Values.Azure.Extension.Name | quote }} + {{- end }} - name: USER_ASSIGNED_IDENTITY_CLIENT_ID value: "" - name: SIDECAR_SCRAPING_ENABLED - value: "false" + value: {{ .Values.omsagent.sidecarscraping | quote }} - name: ISTEST - value: {{ .Values.omsagent.ISTEST | quote }} + value: {{ .Values.omsagent.ISTEST | quote }} securityContext: privileged: true ports: diff --git a/charts/azuremonitor-containers/values.yaml b/charts/azuremonitor-containers/values.yaml index 9dd5317a4..3ca313d38 100644 --- a/charts/azuremonitor-containers/values.yaml +++ b/charts/azuremonitor-containers/values.yaml @@ -17,14 +17,14 @@ Azure: httpProxy: "" httpsProxy: "" noProxy: "" - proxyCert: "" + proxyCert: "" omsagent: image: repo: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod" - tag: "ciprod04222021" - tagWindows: "win-ciprod04222021" + tag: "ciprod10132021" + tagWindows: "win-ciprod10132021" pullPolicy: IfNotPresent - dockerProviderVersion: "15.0.0-0" + dockerProviderVersion: "16.0.0-0" agentVersion: "1.10.0.1" # The priority used by the omsagent priority class for the daemonset pods @@ -39,7 +39,7 @@ omsagent: # chance to build pod for the node and give it to the scheduler) # Should be some number greater than default (0) priority: 10 - + # This used for running agent pods in test mode. # if set to true additional agent workflow logs will be emitted which are used for e2e and arc k8s conformance testing ISTEST: false @@ -58,10 +58,11 @@ omsagent: clusterId: clusterRegion: rbac: true + sidecarscraping: true logsettings: - logflushintervalsecs: "" - tailbufchunksizemegabytes: "" - tailbufmaxsizemegabytes: "" + logflushintervalsecs: "15" + tailbufchunksizemegabytes: "1" + tailbufmaxsizemegabytes: "1" ## Applicable for only Azure Stack Edge K8s since it has custom mount path for container logs which will have symlink to /var/log path custommountpath: "" @@ -171,10 +172,10 @@ omsagent: daemonsetlinux: requests: cpu: 75m - memory: 225Mi + memory: 325Mi limits: cpu: 150m - memory: 600Mi + memory: 750Mi daemonsetwindows: limits: cpu: 200m @@ -186,3 +187,11 @@ omsagent: limits: cpu: 1 memory: 1Gi + daemonsetlinuxsidecar: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 75m + memory: 225Mi + diff --git a/kubernetes/linux/Dockerfile b/kubernetes/linux/Dockerfile index 9b2241c7b..90acb4959 100644 --- a/kubernetes/linux/Dockerfile +++ b/kubernetes/linux/Dockerfile @@ -2,7 +2,7 @@ FROM ubuntu:18.04 MAINTAINER OMSContainers@microsoft.com LABEL vendor=Microsoft\ Corp \ com.microsoft.product="Azure Monitor for containers" -ARG IMAGE_TAG=ciprod10112021 +ARG IMAGE_TAG=ciprod10132021 ENV AGENT_VERSION ${IMAGE_TAG} ENV tmpdir /opt ENV APPLICATIONINSIGHTS_AUTH NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi diff --git a/kubernetes/linux/setup.sh b/kubernetes/linux/setup.sh index 7baae7954..243677dd0 100644 --- a/kubernetes/linux/setup.sh +++ b/kubernetes/linux/setup.sh @@ -10,7 +10,7 @@ sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ update-locale LANG=en_US.UTF-8 #install oneagent - Official bits (10/7/2021) -wget https://github.com/microsoft/Docker-Provider/releases/download/1.14/azure-mdsd_1.14.1-build.master.283_x86_64.deb +wget https://github.com/microsoft/Docker-Provider/releases/download/1.14/azure-mdsd_1.14.2-build.master.284_x86_64.deb /usr/bin/dpkg -i $TMPDIR/azure-mdsd*.deb cp -f $TMPDIR/mdsd.xml /etc/mdsd.d diff --git a/kubernetes/omsagent.yaml b/kubernetes/omsagent.yaml index a608b8f0c..66f8c4010 100644 --- a/kubernetes/omsagent.yaml +++ b/kubernetes/omsagent.yaml @@ -368,7 +368,7 @@ spec: value: "3" containers: - name: omsagent - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod10112021" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod10132021" imagePullPolicy: IfNotPresent resources: limits: @@ -403,7 +403,7 @@ spec: fieldPath: status.hostIP # Update this with the user assigned msi client id for omsagent - name: USER_ASSIGNED_IDENTITY_CLIENT_ID - value: "" + value: "VALUE_USER_ASSIGNED_IDENTITY_CLIENT_ID_VALUE" - name: AZMON_CONTAINERLOGS_ONEAGENT_REGIONS value: "koreacentral,norwayeast,eastus2" - name: USING_AAD_MSI_AUTH @@ -454,7 +454,7 @@ spec: timeoutSeconds: 15 #Only in sidecar scraping mode # - name: omsagent-prometheus - # image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod06112021" + # image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod10132021" # imagePullPolicy: IfNotPresent # resources: # limits: @@ -486,7 +486,7 @@ spec: # fieldPath: status.hostIP # # Update this with the user assigned msi client id for omsagent # - name: USER_ASSIGNED_IDENTITY_CLIENT_ID - # value: "" + # value: "VALUE_USER_ASSIGNED_IDENTITY_CLIENT_ID_VALUE" # - name: USING_AAD_MSI_AUTH # value: "false" # securityContext: @@ -603,7 +603,7 @@ spec: serviceAccountName: omsagent containers: - name: omsagent - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod10112021" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod10132021" imagePullPolicy: IfNotPresent resources: limits: @@ -631,7 +631,7 @@ spec: fieldPath: status.hostIP # Update this with the user assigned msi client id for omsagent - name: USER_ASSIGNED_IDENTITY_CLIENT_ID - value: "" + value: "VALUE_USER_ASSIGNED_IDENTITY_CLIENT_ID_VALUE" # Add the below environment variable to true only in sidecar enabled regions, else set it to false - name: SIDECAR_SCRAPING_ENABLED value: "false" @@ -776,7 +776,7 @@ spec: value: "3" containers: - name: omsagent-win - image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod10112021" + image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod10132021" imagePullPolicy: IfNotPresent resources: limits: @@ -808,7 +808,7 @@ spec: value: "false" # Update this with the user assigned msi client id for omsagent - name: USER_ASSIGNED_IDENTITY_CLIENT_ID - value: "" + value: "VALUE_USER_ASSIGNED_IDENTITY_CLIENT_ID_VALUE" # Add this only for clouds that require cert bootstrapping # - name: REQUIRES_CERT_BOOTSTRAP # value: "true" diff --git a/kubernetes/windows/Dockerfile b/kubernetes/windows/Dockerfile index 5b187d91a..0ddf67ab2 100644 --- a/kubernetes/windows/Dockerfile +++ b/kubernetes/windows/Dockerfile @@ -3,7 +3,7 @@ MAINTAINER OMSContainers@microsoft.com LABEL vendor=Microsoft\ Corp \ com.microsoft.product="Azure Monitor for containers" -ARG IMAGE_TAG=win-ciprod10112021 +ARG IMAGE_TAG=win-ciprod10132021 # Do not split this into multiple RUN! # Docker creates a layer for every RUN-Statement