Skip to content

Remove health type from DCR onboarding & add private link support for windows agent in msi mode #727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ganga1980 merged 7 commits into from
Mar 19, 2022
Merged

Remove health type from DCR onboarding & add private link support for windows agent in msi mode #727

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7aff63a
add private link support for windows agent in msi auth
ganga1980 Mar 18, 2022
c97aca8
remove Microsoft-KubeHealth
ganga1980 Mar 18, 2022
c6b3d89
add private link support for windows msi
ganga1980 Mar 18, 2022
ae999cb
fix bug
ganga1980 Mar 19, 2022
ec1f939
fix bug
ganga1980 Mar 19, 2022
dc8a929
fix bug
ganga1980 Mar 19, 2022
9b52a9a
fix bug
ganga1980 Mar 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 7 additions & 9 deletions scripts/dcr-onboarding/ci-extension-dcr.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,29 @@
{
"location": "<workspace-region>",
"properties": {
"dataSources": {
"dataSources": {
"extensions": [
{
"name": "ContainerInsightsExtension",
"streams": [
"Microsoft-Perf",
"Microsoft-ContainerInventory",
"Microsoft-ContainerLog",
"Microsoft-ContainerLogV2",
"Microsoft-ContainerLogV2",
"Microsoft-ContainerNodeInventory",
"Microsoft-KubeEvents",
"Microsoft-KubeHealth",
"Microsoft-KubeMonAgentEvents",
"Microsoft-KubeNodeInventory",
"Microsoft-KubePodInventory",
"Microsoft-KubePVInventory",
"Microsoft-KubeServices",
"Microsoft-InsightsMetrics"
"Microsoft-InsightsMetrics"

],
"extensionName": "ContainerInsights"
}
]
},
},
"destinations": {
"logAnalytics": [
{
Expand All @@ -38,17 +37,16 @@
"streams": [
"Microsoft-Perf",
"Microsoft-ContainerInventory",
"Microsoft-ContainerLog",
"Microsoft-ContainerLogV2",
"Microsoft-ContainerLog",
"Microsoft-ContainerLogV2",
"Microsoft-ContainerNodeInventory",
"Microsoft-KubeEvents",
"Microsoft-KubeHealth",
"Microsoft-KubeMonAgentEvents",
"Microsoft-KubeNodeInventory",
"Microsoft-KubePodInventory",
"Microsoft-KubePVInventory",
"Microsoft-KubeServices",
"Microsoft-InsightsMetrics"
"Microsoft-InsightsMetrics"
],
"destinations": [
"ciworkspace"
Expand Down
2 changes: 0 additions & 2 deletions scripts/onboarding/aks/onboarding-using-msi-auth/existingClusterOnboarding.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,6 @@
"Microsoft-ContainerLogV2",
"Microsoft-ContainerNodeInventory",
"Microsoft-KubeEvents",
"Microsoft-KubeHealth",
"Microsoft-KubeMonAgentEvents",
"Microsoft-KubeNodeInventory",
"Microsoft-KubePodInventory",
Expand Down Expand Up @@ -113,7 +112,6 @@
"Microsoft-ContainerLogV2",
"Microsoft-ContainerNodeInventory",
"Microsoft-KubeEvents",
"Microsoft-KubeHealth",
"Microsoft-KubeMonAgentEvents",
"Microsoft-KubeNodeInventory",
"Microsoft-KubePodInventory",
Expand Down
57 changes: 55 additions & 2 deletions source/plugins/go/src/ingestion_token_utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ var ChannelId string

var IngestionAuthToken string
var IngestionAuthTokenExpiration int64
var AMCSRedirectedEndpoint string = ""

type IMDSResponse struct {
AccessToken string `json:"access_token"`
Expand Down Expand Up @@ -218,11 +219,18 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
configurationId = ""
channelId = ""
var amcs_endpoint *url.URL
var AmcsEndpoint string
osType := os.Getenv("OS_TYPE")
resourceId := os.Getenv("AKS_RESOURCE_ID")
resourceRegion := os.Getenv("AKS_REGION")
mcsEndpoint := os.Getenv("MCS_ENDPOINT")
amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations?platform=%s&api-version=%s", resourceRegion, mcsEndpoint, resourceId, osType, AMCSAgentConfigAPIVersion)

AmcsEndpoint = fmt.Sprintf("https://global.handler.control.%s", mcsEndpoint)
if AMCSRedirectedEndpoint != "" {
AmcsEndpoint = AMCSRedirectedEndpoint
}
amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)

amcs_endpoint, err = url.Parse(amcs_endpoint_string)
if err != nil {
Log("getAgentConfiguration: Error creating AMCS endpoint URL: %s", err.Error())
Expand Down Expand Up @@ -253,6 +261,25 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
defer resp.Body.Close()
}
Log("getAgentConfiguration Response Status: %d", resp.StatusCode)
if resp.StatusCode == 421 { // AMCS returns redirected endpoint incase of private link
agentConfigEndpoint := resp.Header.Get("x-ms-agent-config-endpoint")
Log("getAgentConfiguration x-ms-agent-config-endpoint: %s", agentConfigEndpoint)
if agentConfigEndpoint != "" {
AMCSRedirectedEndpoint = agentConfigEndpoint
// reconstruct request with redirected endpoint
var err error
redirected_amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AMCSRedirectedEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
var bearer = "Bearer " + imdsAccessToken
req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
if err != nil {
message := fmt.Sprintf("getAgentConfiguration: Error creating HTTP request for AMCS endpoint: %s", err.Error())
Log(message)
return configurationId, channelId, err
}
req.Header.Set("Authorization", bearer)
continue
}
}
if IsRetriableError(resp.StatusCode) {
message := fmt.Sprintf("getAgentConfiguration: Request failed with an error code: %d, retryCount: %d", resp.StatusCode, retryCount)
Log(message)
Expand Down Expand Up @@ -326,11 +353,18 @@ func getIngestionAuthToken(imdsAccessToken string, configurationId string, chann
ingestionAuthToken = ""
refreshInterval = 0
var amcs_endpoint *url.URL
var AmcsEndpoint string
osType := os.Getenv("OS_TYPE")
resourceId := os.Getenv("AKS_RESOURCE_ID")
resourceRegion := os.Getenv("AKS_REGION")
mcsEndpoint := os.Getenv("MCS_ENDPOINT")
amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations/%s/channels/%s/issueIngestionToken?platform=%s&api-version=%s", resourceRegion, mcsEndpoint, resourceId, configurationId, channelId, osType, AMCSIngestionTokenAPIVersion)

AmcsEndpoint = fmt.Sprintf("https://global.handler.control.%s", mcsEndpoint)
if AMCSRedirectedEndpoint != "" {
AmcsEndpoint = AMCSRedirectedEndpoint
}

amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations/%s/channels/%s/issueIngestionToken?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpoint, resourceId, configurationId, channelId, resourceRegion, osType, AMCSIngestionTokenAPIVersion)
amcs_endpoint, err = url.Parse(amcs_endpoint_string)
if err != nil {
Log("getIngestionAuthToken: Error creating AMCS endpoint URL: %s", err.Error())
Expand Down Expand Up @@ -366,6 +400,25 @@ func getIngestionAuthToken(imdsAccessToken string, configurationId string, chann
}

Log("getIngestionAuthToken Response Status: %d", resp.StatusCode)
if resp.StatusCode == 421 { // AMCS returns redirected endpoint incase of private link
agentConfigEndpoint := resp.Header.Get("x-ms-agent-config-endpoint")
Log("getIngestionAuthToken x-ms-agent-config-endpoint: %s", agentConfigEndpoint)
if agentConfigEndpoint != "" {
AMCSRedirectedEndpoint = agentConfigEndpoint
// reconstruct request with redirected endpoint
var err error
redirected_amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations/%s/channels/%s/issueIngestionToken?operatingLocation=%s&platform=%s&api-version=%s", AMCSRedirectedEndpoint, resourceId, configurationId, channelId, resourceRegion, osType, AMCSIngestionTokenAPIVersion)
var bearer = "Bearer " + imdsAccessToken
req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
if err != nil {
message := fmt.Sprintf("getIngestionAuthToken: Error creating HTTP request for AMCS endpoint: %s", err.Error())
Log(message)
return ingestionAuthToken, refreshInterval, err
}
req.Header.Set("Authorization", bearer)
continue
}
}
if IsRetriableError(resp.StatusCode) {
message := fmt.Sprintf("getIngestionAuthToken: Request failed with an error code: %d, retryCount: %d", resp.StatusCode, retryCount)
Log(message)
Expand Down