ContainerLogsV2 and Basic Logs support

bicep/main.bicep

@@ -842,6 +842,9 @@ param aad_tenant_id string = ''
 @description('Create, and use a new Log Analytics workspace for AKS logs')
 param omsagent bool = false
 
+@description('Enables the ContainerLogsV2 table to be of type Basic')
+param containerLogsV2BasicLogs bool = false
+
 @description('Enable RBAC using AAD')
 param enableAzureRBAC bool = false
 
@@ -1522,6 +1525,17 @@ resource aks_law 'Microsoft.OperationalInsights/workspaces@2022-10-01' = if (cre
   )
 }
 
+
+resource containerLogsV2_Basiclogs 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' = if(containerLogsV2BasicLogs){
+  name: '${aks_law_name}/ContainerLogV2'
+  properties: {
+    plan: 'Basic'
+  }
+  dependsOn: [
+    aks
+  ]
+}
+
 //This role assignment enables AKS->LA Fast Alerting experience
 var MonitoringMetricsPublisherRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
 resource FastAlertingRole_Aks_Law 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (omsagent) {

helper/src/components/addonsTab.js

@@ -8,6 +8,26 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
     const { addons, net } = tabValues
     const osmFeatureFlag = featureFlag.includes('osm')
     const wiFeatureFlag = featureFlag.includes('workloadId')
+    function setContainerLogV2BasicLogs(v) {
+        // Function ensures that the ContainerLogV2 schema is
+        // enabled when enabling ContainerLogV2 Basic Logs.
+        if(v){
+            updateFn("containerLogsV2", v)
+            updateFn("containerLogsV2BasicLogs", v)
+        }else{
+            updateFn("containerLogsV2BasicLogs", v)
+        }
+    }
+    function setContainerLogsV2(v){
+        // Function ensures that all the dependencies
+        // of the ContainerLogV2 schema is disabled.
+        if(v){
+            updateFn("containerLogsV2", v)
+        }else{
+            updateFn("containerLogsV2", v)
+            updateFn("containerLogsV2BasicLogs", v)
+        }
+    }
     return (
         <Stack tokens={{ childrenGap: 15 }} styles={adv_stackstyle}>
 
@@ -257,6 +277,13 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
                         decrementButtonAriaLabel="Decrease value by 1"
                         styles={{ root: { marginTop: '15px'}}}
                     />
+                    <Checkbox styles={{ root: { marginTop: '10px', marginBottom: '10px'}}} checked={addons.containerLogsV2} onChange={(ev, v) => setContainerLogsV2(v)} label={<Text>Enable the ContainerLogV2 schema (<Link target="_target" href="https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-logging-v2">docs</Link>) (*preview)</Text>} />
+
+                    <MessageBar messageBarType={MessageBarType.warning}>Enable the ContainerLogV2 (successor for ContainerLog) schema for additional data capture and friendlier schema. Disabling this feature will also disable features that are dependent on it (e.g. Basic Logs).</MessageBar>
+
+                    <Checkbox styles={{ root: { marginTop: '10px', marginBottom: '10px'}}} checked={addons.containerLogsV2BasicLogs} onChange={(ev, v) => setContainerLogV2BasicLogs(v)} label={<Text>Set Basic Logs for ContainerLogV2 (<Link target="_target" href="https://learn.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-configure?tabs=portal-1%2Cportal-2">docs</Link>) (*preview)</Text>} />
+
+                    <MessageBar messageBarType={MessageBarType.warning}>Enable the Basic log data plan to cost optimise on log ingestion at the cost of a lower retention period, some log query operations that are no longer available and no alerts. Enabling Basic Logs for ContainerLogsV2 has a dependency on the ContainerLogsV2 schema and thus enabling this capability will automatically enable ContainerLogsV2. In addition, the ContainerLogsV2 table's retention is fixed at eight days. More information available via the provided docs link.</MessageBar>
 
                     <Checkbox styles={{ root: { marginTop: '10px'}}} checked={addons.createAksMetricAlerts} onChange={(ev, v) => updateFn("createAksMetricAlerts", v)} label={<Text>Create recommended metric alerts, enable you to monitor your system resource when it's running on peak capacity or hitting failure rates (<Link target="_target" href="https://azure.microsoft.com/en-us/updates/ci-recommended-alerts/">docs</Link>) </Text>} />
 

helper/src/components/deployTab.js

@@ -149,7 +149,10 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
       ...(net.networkPluginMode && {networkPluginMode: 'Overlay'}),
       ...(net.ebpfDataplane && {ebpfDataplane: 'cilium'})
     }),
-    ...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers })
+    ...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers }),
+    ...(addons.monitor === "aci" && {
+       ...(addons.containerLogsV2BasicLogs && { containerLogsV2BasicLogs: addons.containerLogsV2BasicLogs})
+    })
   }
 
   const post_params = {
@@ -182,6 +185,12 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
     }),
   }
 
+  const preview_post_params = {
+    ...(addons.monitor === "aci" && {
+       ...(addons.containerLogsV2 && { containerLogsV2: addons.containerLogsV2})
+    })
+  }
+
   const params2tf = p => Object.keys(p).map(k => {
     return `    ${k} = ${k.toLowerCase().endsWith('principalid') ? '{value=data.azurerm_client_config.current.client_id}' : `{value=var.${k}}`}\n`
   }).join('')
@@ -219,14 +228,22 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
 
   const deployRelease = deploy.templateVersions.find(t => t.key === deploy.selectedTemplate) || {}
 
+  const preview_post_deploycmd = Object.keys(preview_post_params).map(k => {
+    const val = preview_post_params[k]
+    const targetVal = Array.isArray(val) ? JSON.stringify(JSON.stringify(val)) : val
+    return ` \\\n\t-p ${k}=${targetVal}`
+  }).join('')
+
   const post_deploycmd =  `\n\n# Deploy charts into cluster\n` +
   (deploy.selectedTemplate === "local" ? `bash .${ cluster.apisecurity === "private" ? '' : '/postdeploy/scripts'}/postdeploy.sh ` : `curl -sL ${deployRelease.post_url}  | bash -s -- `) +
   (deploy.selectedTemplate === 'local' ? (cluster.apisecurity === "private" ? '-r .' : '') : `-r ${deployRelease.base_download_url}`) +
   Object.keys(post_params).map(k => {
     const val = post_params[k]
     const targetVal = Array.isArray(val) ? JSON.stringify(JSON.stringify(val)) : val
     return ` \\\n\t-p ${k}=${targetVal}`
-  }).join('')
+  }).join('')+
+  (!deploy.disablePreviews ? preview_post_deploycmd : '')
+
 
   const post_deploystr = cluster.apisecurity !== "private" ?
     '# Get credentials for your new AKS cluster & login (interactive)\n' +
@@ -254,7 +271,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
       const val = finalParams[k]
       const targetVal = Array.isArray(val) ? JSON.stringify(JSON.stringify(val)) : val
       return ` \\\n\t${k}=${targetVal}`
-    }).join('') + '\n\n' + (Object.keys(post_params).length >0 ? post_deploystr : '')
+    }).join('') + '\n\n' + (Object.keys(post_params).length >0 || (!deploy.disablePreviews && Object.keys(preview_post_params).length >0) ? post_deploystr : '')
 
 
   const deployTfcmd = `#download the *.tf files and run these commands to deploy using terraform\n#for more AKS Construction samples of deploying with terraform, see https://aka.ms/aksc/terraform\n\nterraform fmt\nterraform init\nterraform validate\nterraform plan -out main.tfplan\nterraform apply main.tfplan\nterraform output`
@@ -382,9 +399,9 @@ az role assignment create --role "Managed Identity Operator" --assignee-principa
 
       <Separator styles={{ root: { marginTop: '30px !important' } }}><div style={{ display: "flex", alignItems: 'center', }}><b style={{ marginRight: '10px' }}>Deploy Cluster</b><Image src="./bicep.png" alt="Built with bicep" /> <p style={{ marginLeft: '10px' }}>powered by Bicep</p></div> </Separator>
 
-      {Object.keys(preview_params).length > 0 &&
+      {(Object.keys(preview_params).length > 0 || Object.keys(preview_post_params).length > 0) &&
         <MessageBar messageBarType={MessageBarType.severeWarning}>
-          <Text variant={'mediumPlus'} >Your deployment contains <b>Preview Features</b> which may require subscription registration and have Azure Region limitations. Please ensure you have registered for these previews, and have installed the <b>'az extension add --name aks-preview'</b> before running the relevant scripts.<br />Preview Features you have selected: <b>{Object.keys(preview_params).join(', ')}</b>.</Text>
+          <Text variant={'mediumPlus'} >Your deployment contains <b>Preview Features</b> which may require subscription registration and have Azure Region limitations. Please ensure you have registered for these previews, and have installed the <b>'az extension add --name aks-preview'</b> before running the relevant scripts.<br />Preview Features you have selected: <b>{Object.keys(Object.assign(preview_params,preview_post_params)).join(', ')}</b>.</Text>
           <Checkbox
             styles={{ root: { marginTop: "10px" } }}
             label='Include preview features in deployment'

helper/src/config.json

@@ -102,7 +102,9 @@
             "csisecret": "none",
             "keyVaultAksCSIPollInterval": "2m",
             "kvId": "",
-            "gitops": "none"
+            "gitops": "none",
+            "containerLogsV2": false,
+            "containerLogsV2BasicLogs": false
         },
         "net": {
             "vnetFirewallManagementSubnetAddressPrefix": "10.240.51.0/26",

postdeploy/scripts/certmanager-install.sh

@@ -8,4 +8,4 @@ sleep 1m
 echo "Installing Cert Manager ClusterIssuer"
 echo "Email Address for Lets Encrypt: $EMAILAD"
 helm upgrade --install smokecertissuer $CERTMANAGERISSUERURI --set email=$EMAILAD
-sleep 1m
+sleep 1m

postdeploy/scripts/postdeploy.sh

@@ -12,6 +12,7 @@ dnsZoneId=""
 denydefaultNetworkPolicy=""
 certEmail=""
 certClusterIssuer="letsencrypt-prod"
+containerLogsV2=""
 
 acrName=""
 KubeletId=""
@@ -24,7 +25,7 @@ while getopts "p:g:n:r:" opt; do
     p )
         IFS=',' read -ra params <<< "$OPTARG"
         for i in "${params[@]}"; do
-            if [[ $i =~ (ingress|monitor|enableMonitorIngress|grafanaHostname|ingressEveryNode|dnsZoneId|denydefaultNetworkPolicy|certEmail|certClusterIssuer|acrName|KubeletId|TenantId)=([^ ]*) ]]; then
+            if [[ $i =~ (ingress|monitor|enableMonitorIngress|grafanaHostname|ingressEveryNode|dnsZoneId|denydefaultNetworkPolicy|certEmail|certClusterIssuer|acrName|KubeletId|TenantId|containerLogsV2)=([^ ]*) ]]; then
                 echo "set ${BASH_REMATCH[1]}=${BASH_REMATCH[2]}"
                 declare ${BASH_REMATCH[1]}=${BASH_REMATCH[2]}
             else
@@ -111,6 +112,7 @@ if [ "$show_usage" ]; then
     echo "     KubeletId=<managed identity of Kubelet> *Require for cert-manager"
     echo "     TenantId=<AzureAD TenentId> *Require for cert-manager"
     echo "     acrName=<name of ACR> * If provided, used imported images for 3rd party charts"
+    echo "     containerLogsV2=<true> - Enables ContainerLogsV2"
     exit 1
 fi
 
@@ -401,3 +403,14 @@ if [ "$denydefaultNetworkPolicy" ]; then
     echo "# ----------- Default Deny All Network Policy, east-west traffic in cluster"
     kubectl apply -f ${release_version:-./postdeploy/k8smanifests}/networkpolicy-deny-all.yml
 fi
+
+if [ "$containerLogsV2" ]; then
+    echo "Downloading default ConfigMap"
+    configMapYamlFile="$(curl -s https://raw.githubusercontent.com/microsoft/Docker-Provider/ci_prod/kubernetes/container-azm-ms-agentconfig.yaml)"
+    echo "Setting containerlog_schema_version to v2"
+    configMapYamlFile=$(sed 's/#\[log_collection_settings.schema\]/[log_collection_settings.schema]/'<<<$configMapYamlFile)
+    configMapYamlFile=$(sed 's/# containerlog_schema_version = \"v2\"/containerlog_schema_version = "v2"/'<<<$configMapYamlFile)
+    echo "$configMapYamlFile" > container-azm-ms-agentconfig.yaml
+    echo "Applying ConfigMap using kubectl apply"
+    kubectl apply -f container-azm-ms-agentconfig.yaml
+fi