oracle-quickstart · paliwalparitosh · May 5, 2025 · May 5, 2025
diff --git a/charts/logan/templates/_helpers.tpl b/charts/logan/templates/_helpers.tpl
@@ -43,6 +43,15 @@
   {{- end -}}
 {{- end -}}
 
+#ociLAClusterEntityID
+{{- define "logan.ociLAClusterEntityID" -}}
+  {{- if .Values.ociLAClusterEntityID -}}
+    {{ include "common.tplvalues.render" ( dict "value" .Values.ociLAClusterEntityID "context" .) }}
+  {{- else -}}
+    {{- "UNDEFINED" -}}
+  {{- end -}}
+{{- end -}}
+
 #kubernetesClusterName
 {{- define "logan.kubernetesClusterName" -}}
   {{- if .Values.kubernetesClusterName -}}

diff --git a/charts/logan/templates/discovery-cronjob.yaml b/charts/logan/templates/discovery-cronjob.yaml
@@ -36,6 +36,9 @@ spec:
               mountPath: {{ .Values.oci.path }}
               readOnly: true
             {{- end }}
+            {{- if .Values.resources }}
+            resources: {{- toYaml .Values.resources | nindent 14 }}
+            {{- end }}
             command:
             {{- /* object discovery script */}}
               - bundle

diff --git a/charts/logan/templates/logs-configmap.yaml b/charts/logan/templates/logs-configmap.yaml
@@ -3,6 +3,7 @@
 
 {{- $kubernetesClusterName := (include "logan.kubernetesClusterName" .) }}
 {{- $kubernetesClusterId := (include "logan.kubernetesClusterId" .) }}
+{{- $ociLAClusterEntityID := (include "logan.ociLAClusterEntityID" .) }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -86,12 +87,16 @@ data:
        @type record_transformer
        enable_ruby true
        <record>
+       {{- if eq $name "tcpconnect" }}
+       oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}", "Kubernetes Cluster Entity ID": "{{ $ociLAClusterEntityID }}" {{- range $k, $v := $logDefinition.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}}
+       {{- else }}
        {{- if $logDefinition.metadata }}
        oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}" {{- range $k, $v := $logDefinition.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}}
        {{- else if $.Values.fluentd.kubernetesSystem.metadata }}
        oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}" {{- range $k, $v := $.Values.fluentd.kubernetesSystem.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}}
        {{- else }}
        oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}" {{- range $k, $v := $.Values.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}}
+       {{- end -}}
        {{- end }}
        {{- if $logDefinition.ociLALogGroupID }}
        oci_la_log_group_id "{{ $logDefinition.ociLALogGroupID }}"

diff --git a/charts/logan/templates/tcpconnect-daemonset.yaml b/charts/logan/templates/tcpconnect-daemonset.yaml
@@ -0,0 +1,70 @@
+# Copyright (c) 2025, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+---
+{{- $authtype := .Values.authtype | lower }}
+{{- $imagePullSecrets := .Values.image.imagePullSecrets }}
+{{- $resourceNamePrefix := (include "logan.resourceNamePrefix" .) }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ $resourceNamePrefix }}-tcpconnect
+  namespace: {{ include "logan.namespace" . }}
+  labels:
+    app: {{ $resourceNamePrefix }}-tcpconnect
+    version: v1
+spec:
+  selector:
+    matchLabels:
+      app: {{ $resourceNamePrefix }}-tcpconnect
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: {{ $resourceNamePrefix }}-tcpconnect
+        version: v1
+    spec:
+      serviceAccountName: {{ include "logan.serviceAccount" . }}
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        effect: NoSchedule
+      {{- if $imagePullSecrets }}
+      imagePullSecrets:
+      - name: {{ .Values.image.imagePullSecrets }}
+      {{- end}}
+      containers:
+      - name: {{ $resourceNamePrefix }}-tcpconnect
+        image: {{ .Values.image.url }}
+        command:
+        - /bin/bash
+        - -c
+        - --
+        args:
+        - /usr/bin/tcpconnect -e
+        - -i {{ .Values.fluentd.kubernetesSystem.logs.tcpconnect.interval }}
+        env:
+        - name: K8S_NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        resources:
+          requests:
+            cpu: 50m
+            memory: 50Mi
+        imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
+        securityContext:
+          capabilities:
+            add:
+            - CAP_BPF
+          privileged: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        tty: true
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
diff --git a/charts/logan/values.yaml b/charts/logan/values.yaml
@@ -43,7 +43,7 @@ ociDomain:
 # -- Kubernetes Namespace for deploying monitoring resources deployed by this chart.
 namespace: "{{ .Values.global.namespace }}"
 
-# -- Resoure Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart
+# -- Resource Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart
 resourceNamePrefix: "{{ .Values.global.resourceNamePrefix }}"
 
 # --  Kubernetes ServiceAccount
@@ -53,7 +53,7 @@ image:
    # Image pull secrets for. Secret must be in the namespace defined by namespace
    imagePullSecrets:
    # -- Replace this value with actual docker image url
-   url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.6.0
+   url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.7.0
    # -- Image pull policy
    imagePullPolicy: Always
 
@@ -364,6 +364,15 @@ fluentd:
             # The regular expression pattern for the starting line in case of multi-line logs.
             multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/
 
+         # Config specific to EBPF TCPCONNECT Network logs collection
+         tcpconnect:
+            # The path to the source files.
+            path: /var/log/containers/*-tcpconnect*.log # TODO- Check if this will render as expected, suspecting it won't
+            # Logging Analytics log source to use for parsing and processing the logs: TCP CONNECT Logs
+            ociLALogSourceName: "Kubernetes TCP Connect Logs"
+            # Network logs Polling frequency in seconds
+            interval: 30
+
          # Config specific to Kubernetes Audit Logs Collection
          kube-audit:
             # The path to the source files.
@@ -600,6 +609,7 @@ fluentd:
          - '"/var/log/containers/etcd-*.log"'
          - '"/var/log/containers/kube-controller-manager-*.log"'
          - '"/var/log/containers/kube-scheduler-*.log"'
+         - '"/var/log/containers/*-tcpconnect-*.log"'
       # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0.
       #worker: 1
       # -- To set timezone override for genericContainerLogs (applies only to log records without explicit timezone identifier in the record itself)

diff --git a/charts/oci-onm/values.yaml b/charts/oci-onm/values.yaml
@@ -31,7 +31,7 @@ oci-onm-logan:
   kubernetesClusterID: "{{ .Values.global.kubernetesClusterID }}"
   kubernetesClusterName: "{{ .Values.global.kubernetesClusterName }}"
   image:
-    url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.6.0
+    url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.7.0
   # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value.
   ociLANamespace:
   # OCI Logging Analytics Default Log Group OCID

diff --git a/logan/docker-images/v1.0/oraclelinux/8-slim/Dockerfile b/logan/docker-images/v1.0/oraclelinux/8-slim/Dockerfile
@@ -18,6 +18,7 @@ ENV GEM_HOME /fluentd/vendor/bundle/ruby/3.3
 ENV FLUENTD_DISABLE_BUNDLER_INJECTION 1
 
 COPY Gemfile* /fluentd/
+COPY tcpconnect.* /fluentd/
 
 # Install ruby, ruby-libs along with rubygems and bundler.
 RUN microdnf -y module enable ruby:3.3 \
@@ -27,7 +28,7 @@ RUN microdnf -y module enable ruby:3.3 \
  && microdnf -y install --setopt=install_weak_deps=0 --nodocs rubygems \
  && gem install bundler -v 2.5.16 \
 # Install development dependent packages for gems native installation
- && microdnf --enablerepo ol8_codeready_builder -y install --nodocs gcc make redhat-rpm-config openssl ruby-devel gcc-c++ libtool libffi-devel bzip2 git libyaml-devel \
+ && microdnf --enablerepo ol8_codeready_builder -y install --nodocs gcc make redhat-rpm-config openssl ruby-devel gcc-c++ libtool libffi-devel bzip2 git libyaml-devel which elfutils-libelf-devel clang llvm \
 # Install Fluentd, it's dependencies along with other run time dependencies for OCI Logging Analytics Solution
  && bundle config silence_root_warning true \ 
  && bundle config --local path /fluentd/vendor/bundle \
@@ -40,7 +41,13 @@ RUN microdnf -y module enable ruby:3.3 \
  && cd /tmp && ls /tmp \
  && git clone -b 5.3.0 https://github.com/jemalloc/jemalloc.git && cd jemalloc/ \  
  && ./autogen.sh && make && make install_bin install_include install_lib \
- && mv lib/libjemalloc.so.2 /usr/lib
+ && mv lib/libjemalloc.so.2 /usr/lib \
+# Install libbpf-tools from bcc
+ && cd /tmp && ls /tmp \
+ && git clone -b v0.29.1 https://github.com/iovisor/bcc.git && cd bcc/ && git submodule update --init --recursive \
+ && cd libbpf-tools/ && cp /fluentd/tcpconnect.* ./ && make  \
+ && mv ./tcpconnect /usr/bin/ \
+ && cd /fluentd/
 
 ## To build the final docker image
 
@@ -72,6 +79,7 @@ RUN microdnf -y module enable ruby:3.3 \
 COPY --from=builder /fluentd /fluentd
 COPY --from=builder /usr/bin/tini /usr/bin/tini
 COPY --from=builder /usr/lib/libjemalloc.so.2 /usr/lib/libjemalloc.so.2
+COPY --from=builder /usr/bin/tcpconnect /usr/bin/tcpconnect
 
 RUN mkdir -p /fluentd/etc /fluentd/plugins \
  && touch /fluentd/etc/disable.conf