Skip to content

Commit

Permalink
Gangams/cost optimization ga (#973)
Browse files Browse the repository at this point in the history 
* implement per table filtering

* implement per table filtering

* add telemetry for data collection profile

* add telemetry for data collection profile

* cost optimization GA updates

* template updates

* template updates

* fix bug

* fix bug

* fix bug

* reduce logging

* avoid frequent dcr config read calls

* avoid frequent dcr config read calls

* refactor code

* refactor code

* arm template updates

* fix pr feedback

* fix pr feedback

* update dcr and dcr-a api version

* refactor code

* refactor code

* code refactoring

* fix bug

* remove info logs

* update dcr and dcr-a api version

* optimize code
  • Loading branch information
@ganga1980
ganga1980 authored Jun 7, 2023
1 parent 1fa850b commit fde8bff
Show file tree
Hide file tree
Showing 24 changed files with 437 additions and 244 deletions.
10 changes: 5 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ The general directory structure is:

# Branches

- We are using a single branch which has all the code in development and we will be releasing from this branch itself.
- We are using a single branch which has all the code in development and we will be releasing from this branch itself.
- `ci_prod` branch contains codebase version in development.

To contribute: create your private branch off of `ci_prod`, make changes and use pull request to merge back to `ci_prod`.
Expand Down Expand Up @@ -340,7 +340,7 @@ Here are the instructions to onboard the feature branch to Azure Dev Ops pipelin

Integrated to Azure DevOps release pipeline for the ci_prod branch. With this, for every commit to ci_prod branch, latest bits automatically deployed to DEV AKS clusters in Build subscription.

When releasing the agent, we have a separate Azure DevOps pipeline which needs to be run to publish the image to prod MCR and our PROD AKS clusters.
When releasing the agent, we have a separate Azure DevOps pipeline which needs to be run to publish the image to prod MCR and our PROD AKS clusters.

For development, agent image will be in this format mcr.microsoft.com/azuremonitor/containerinsights/cidev:`Major.Minor.Patch`-CommitAheadCount-<git-commit-id>. Image tag for windows will be win-`Major.Minor.Patch`-CommitAheadCount-<git-commit-id>.
For releases, agent will be in this format mcr.microsoft.com/azuremonitor/containerinsights/ciprod:`Major.Minor.Patch`. Image tag for windows will be win-`Major.Minor.Patch`.
Expand All @@ -358,11 +358,11 @@ For our single branch ci_prod, automatically deployed latest yaml with latest ag
# Testing MSI Auth Mode Using Yaml

1. Enable Monitoring addon with Managed Idenity Auth Mode either using Portal or CLI or Template
2. Deploy [ARM template](./scripts/onboarding/aks/onboarding-using-msi-auth/) with enabled = false to create DCR, DCR-A and link the workspace to Portal
2. Get the MSI token (which is valid for 24 hrs.) value via `kubectl get secrets -n kube-system aad-msi-auth-token -o=jsonpath='{.data.token}'`
3. Disable Monitoring addon via `az aks disable-addons -a monitoring -g <rgName> -n <clusterName>`
4. Deploy [ARM template](./scripts/onboarding/aks/onboarding-using-msi-auth/) with enabled = false to create DCR, DCR-A and link the workspace to Portal
> Note - Make sure to update the parameter values in existingClusterParam.json file and have enabled = false in template file
`az deployment group create --resource-group <ResourceGroupName> --template-file ./existingClusterOnboarding.json --parameters @./existingClusterParam.json`
3. Get the MSI token (which is valid for 24 hrs.) value via `kubectl get secrets -n kube-system aad-msi-auth-token -o=jsonpath='{.data.token}'`
4. Disable Monitoring addon via `az aks disable-addons -a monitoring -g <rgName> -n <clusterName>`
5. Uncomment MSI auth related yaml lines, replace all the placeholder values, MSI token value and image tag in the ama-logs.yaml
6. Deploy the ama-logs.yaml via `kubectl apply -f ama-logs.yaml`
> Note: use the image toggle for release E2E validation
Expand Down
38 changes: 25 additions & 13 deletions scripts/onboarding/aks/onboarding-using-msi-auth/existingClusterOnboarding.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@
"description": "Full Resource ID of the log analitycs workspace that will be used for data destination. For example /subscriptions/00000000-0000-0000-0000-0000-00000000/resourceGroups/ResourceGroupName/providers/Microsoft.operationalinsights/workspaces/ws_xyz"
}
},
"defaultStreams": {
"type": "array",
"metadata": {
"description": "Array of default container insights streams"
}
},
"enableSyslog": {
"type": "bool",
"metadata": {
Expand Down Expand Up @@ -93,7 +99,7 @@
"resources": [
{
"type": "Microsoft.Insights/dataCollectionRules",
"apiVersion": "2021-04-01",
"apiVersion": "2022-06-01",
"name": "[variables('dcrName')]",
"location": "[parameters('workspaceRegion')]",
"tags": "[parameters('resourceTagValues')]",
Expand All @@ -103,9 +109,7 @@
"extensions": [
{
"name": "ContainerInsightsExtension",
"streams": [
"Microsoft-ContainerInsights-Group-Default"
],
"streams": "[parameters('defaultStreams')]",
"extensionSettings": {
"dataCollectionSettings" : {
"interval": "[parameters('dataCollectionInterval')]",
Expand All @@ -127,9 +131,7 @@
},
"dataFlows": [
{
"streams": [
"Microsoft-ContainerInsights-Group-Default"
],
"streams": "[parameters('defaultStreams')]",
"destinations": [
"ciworkspace"
]
Expand All @@ -147,7 +149,7 @@
"resources": [
{
"type": "Microsoft.Insights/dataCollectionRules",
"apiVersion": "2021-04-01",
"apiVersion": "2022-06-01",
"name": "[variables('dcrName')]",
"location": "[parameters('workspaceRegion')]",
"tags": "[parameters('resourceTagValues')]",
Expand All @@ -167,9 +169,14 @@
"extensions": [
{
"name": "ContainerInsightsExtension",
"streams": [
"Microsoft-ContainerInsights-Group-Default"
],
"streams": "[parameters('defaultStreams')]",
"extensionSettings": {
"dataCollectionSettings" : {
"interval": "[parameters('dataCollectionInterval')]",
"namespaceFilteringMode": "[parameters('namespaceFilteringModeForDataCollection')]",
"namespaces": "[parameters('namespacesForDataCollection')]"
}
},
"extensionName": "ContainerInsights"
}
]
Expand All @@ -183,9 +190,14 @@
]
},
"dataFlows": [
{
"streams": "[parameters('defaultStreams')]",
"destinations": [
"ciworkspace"
]
},
{
"streams": [
"Microsoft-ContainerInsights-Group-Default",
"Microsoft-Syslog"
],
"destinations": [
Expand Down Expand Up @@ -231,7 +243,7 @@
{
"type": "Microsoft.ContainerService/managedClusters/providers/dataCollectionRuleAssociations",
"name": "[concat(variables('clusterName'),'/microsoft.insights/', variables('associationName'))]",
"apiVersion": "2021-04-01",
"apiVersion": "2022-06-01",
"properties": {
"description": "Association of data collection rule. Deleting this association will break the data collection for this AKS Cluster.",
"dataCollectionRuleId": "[variables('dataCollectionRuleId')]"
Expand Down
158 changes: 89 additions & 69 deletions scripts/onboarding/aks/onboarding-using-msi-auth/existingClusterParam.json
View file
Original file line number Diff line number Diff line change
@@ -1,73 +1,93 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"aksResourceId": {
"value": "/subscriptions/<SubscriptionId>/resourcegroups/<ResourceGroup>/providers/Microsoft.ContainerService/managedClusters/<ResourceName>"
},
"aksResourceLocation": {
"value": "<aksClusterLocation>"
},
"workspaceResourceId": {
"value": "/subscriptions/<SubscriptionId>/resourceGroups/<ResourceGroup>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>"
},
"workspaceRegion": {
"value": "<workspaceRegion>"
},
"enableSyslog": {
"value": false
},
"syslogLevels": {
"value": [
"Debug",
"Info",
"Notice",
"Warning",
"Error",
"Critical",
"Alert",
"Emergency"
]
},
"syslogFacilities": {
"value": [
"auth",
"authpriv",
"cron",
"daemon",
"mark",
"kern",
"local0",
"local1",
"local2",
"local3",
"local4",
"local5",
"local6",
"local7",
"lpr",
"mail",
"news",
"syslog",
"user",
"uucp"
]
},
"resourceTagValues": {
"value": {
"<existingOrnew-tag-name1>": "<existingOrnew-tag-value1>",
"<existingOrnew-tag-name2>": "<existingOrnew-tag-value2>",
"<existingOrnew-tag-nameN>": "<existingOrnew-tag-valueN>"
}
},
"dataCollectionInterval": {
"value" : "1m"
},
"namespaceFilteringModeForDataCollection": {
"value": "Off"
},
"namespacesForDataCollection": {
"value": [ "kube-system", "gatekeeper-system", "azure-arc" ]
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"aksResourceId": {
"value": "/subscriptions/<SubscriptionId>/resourcegroups/<ResourceGroup>/providers/Microsoft.ContainerService/managedClusters/<ResourceName>"
},
"aksResourceLocation": {
"value": "<aksClusterLocation>"
},
"workspaceResourceId": {
"value": "/subscriptions/<SubscriptionId>/resourceGroups/<ResourceGroup>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>"
},
"workspaceRegion": {
"value": "<workspaceRegion>"
},
"enableSyslog": {
"value": false
},
"syslogLevels": {
"value": [
"Debug",
"Info",
"Notice",
"Warning",
"Error",
"Critical",
"Alert",
"Emergency"
]
},
"syslogFacilities": {
"value": [
"auth",
"authpriv",
"cron",
"daemon",
"mark",
"kern",
"local0",
"local1",
"local2",
"local3",
"local4",
"local5",
"local6",
"local7",
"lpr",
"mail",
"news",
"syslog",
"user",
"uucp"
]
},
"resourceTagValues": {
"value": {
"<existingOrnew-tag-name1>": "<existingOrnew-tag-value1>",
"<existingOrnew-tag-name2>": "<existingOrnew-tag-value2>",
"<existingOrnew-tag-nameN>": "<existingOrnew-tag-valueN>"
}
},
"dataCollectionInterval": {
"value": "1m"
},
"namespaceFilteringModeForDataCollection": {
"value": "Off"
},
"namespacesForDataCollection": {
"value": [
"kube-system",
"gatekeeper-system",
"azure-arc"
]
},
"defaultStreams": {
"value": [
"Microsoft-ContainerLog",
"Microsoft-ContainerLogV2",
"Microsoft-KubeEvents",
"Microsoft-KubePodInventory",
"Microsoft-KubeNodeInventory",
"Microsoft-KubePVInventory",
"Microsoft-KubeServices",
"Microsoft-KubeMonAgentEvents",
"Microsoft-InsightsMetrics",
"Microsoft-ContainerInventory",
"Microsoft-ContainerNodeInventory",
"Microsoft-Perf"
]
}
}
}
48 changes: 30 additions & 18 deletions scripts/onboarding/templates/arc-k8s-extension-msi-auth/existingClusterOnboarding.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@
"description": "Existing or new tags to use on Arc K8s ContainerInsights extension resources"
}
},
"defaultStreams": {
"type": "array",
"metadata": {
"description": "Array of default container insights streams"
}
},
"enableSyslog": {
"type": "bool",
"metadata": {
Expand Down Expand Up @@ -107,7 +113,7 @@
"resources": [
{
"type": "Microsoft.Insights/dataCollectionRules",
"apiVersion": "2021-04-01",
"apiVersion": "2022-06-01",
"name": "[variables('dcrName')]",
"location": "[parameters('workspaceRegion')]",
"tags": "[parameters('resourceTagValues')]",
Expand All @@ -117,9 +123,7 @@
"extensions": [
{
"name": "ContainerInsightsExtension",
"streams": [
"Microsoft-ContainerInsights-Group-Default"
],
"streams": "[parameters('defaultStreams')]",
"extensionSettings": {
"dataCollectionSettings" : {
"interval": "[parameters('dataCollectionInterval')]",
Expand All @@ -141,9 +145,7 @@
},
"dataFlows": [
{
"streams": [
"Microsoft-ContainerInsights-Group-Default"
],
"streams": "[parameters('defaultStreams')]",
"destinations": [
"ciworkspace"
]
Expand All @@ -161,7 +163,7 @@
"resources": [
{
"type": "Microsoft.Insights/dataCollectionRules",
"apiVersion": "2021-04-01",
"apiVersion": "2022-06-01",
"name": "[variables('dcrName')]",
"location": "[parameters('workspaceRegion')]",
"tags": "[parameters('resourceTagValues')]",
Expand All @@ -181,9 +183,14 @@
"extensions": [
{
"name": "ContainerInsightsExtension",
"streams": [
"Microsoft-ContainerInsights-Group-Default"
],
"streams": "[parameters('defaultStreams')]",
"extensionSettings": {
"dataCollectionSettings" : {
"interval": "[parameters('dataCollectionInterval')]",
"namespaceFilteringMode": "[parameters('namespaceFilteringModeForDataCollection')]",
"namespaces": "[parameters('namespacesForDataCollection')]"
}
},
"extensionName": "ContainerInsights"
}
]
Expand All @@ -198,14 +205,19 @@
},
"dataFlows": [
{
"streams": [
"Microsoft-ContainerInsights-Group-Default",
"Microsoft-Syslog"
],
"destinations": [
"streams": "[parameters('defaultStreams')]",
"destinations": [
"ciworkspace"
]
}
},
{
"streams": [
"Microsoft-Syslog"
],
"destinations": [
"ciworkspace"
]
}
]
}
}
Expand Down Expand Up @@ -245,7 +257,7 @@
{
"type": "Microsoft.Kubernetes/connectedClusters/providers/dataCollectionRuleAssociations",
"name": "[concat(variables('clusterName'),'/microsoft.insights/', variables('associationName'))]",
"apiVersion": "2021-04-01",
"apiVersion": "2022-06-01",
"properties": {
"description": "Association of data collection rule. Deleting this association will break the data collection for this AKS Cluster.",
"dataCollectionRuleId": "[variables('dataCollectionRuleId')]"
Expand Down
Loading

0 comments on commit fde8bff

Please sign in to comment.