Health private preview agent

Kubernetes/container-azm-ms-agentconfig.yaml

@@ -8,7 +8,7 @@ data:
     #string.used by customer to keep track of this config file's version in their source control/repository (max allowed 10 chars, other chars will be truncated)
     ver1
   log-data-collection-settings: |-
-    # Log data collection settings
+    # Log data collection settings container-azm-ms-agent settings
     [log_collection_settings]
        [log_collection_settings.stdout]
           # In the absense of this configmap, default value for enabled is true
@@ -72,8 +72,11 @@ data:
         #fieldpass = ["metric_to_pass1", "metric_to_pass12"]
 
         #fielddrop = ["metric_to_drop"]
-
-
+  agent-settings: |-
+    # agent health model feature settings
+    [agent_settings.health_model]
+      # In the absence of this configmap, default value for enabled is false
+      enabled = false
 metadata:
   name: container-azm-ms-agentconfig
   namespace: kube-system

Kubernetes/omsagent.yaml

@@ -12,6 +12,9 @@ rules:
 - apiGroups: [""]
   resources: ["pods", "events", "nodes", "namespaces", "services"]
   verbs: ["list", "get", "watch"]
+- apiGroups: ["extensions"]
+  resources: ["deployments"]
+  verbs: ["list"]
 - nonResourceURLs: ["/metrics"]
   verbs: ["get"]
 ---
@@ -33,6 +36,12 @@ apiVersion: v1
 data:
   kube.conf: |- 
      # Fluentd config file for OMS Docker - cluster components (kubeAPI)
+     #fluent forward plugin
+     <source>
+      type forward
+      port 25235
+      bind 0.0.0.0
+     </source>
 
      #Kubernetes pod inventory
      <source>
@@ -81,6 +90,14 @@ data:
       log_level debug
      </source>
 
+     #Kubernetes health
+     <source>
+      type kubehealth
+      tag oms.api.KubeHealth.ReplicaSet
+      run_interval 60s
+      log_level debug
+     </source>
+
      #cadvisor perf- Windows nodes
      <source>
       type wincadvisorperf
@@ -103,6 +120,11 @@ data:
       log_level info
      </filter>
 
+     #health model aggregation filter
+     <filter oms.api.KubeHealth**>
+      type filter_health_model_builder
+     </filter>
+
      <match oms.containerinsights.KubePodInventory**>
       type out_oms
       log_level debug
@@ -249,6 +271,18 @@ data:
       max_retry_wait 9m
       retry_mdm_post_wait_minutes 60
      </match>
+
+     <match oms.api.KubeHealth.AgentCollectionTime**>
+      type out_oms_api
+      log_level debug
+      buffer_chunk_limit 10m
+      buffer_type file
+      buffer_path %STATE_DIR_WS%/out_oms_api_kubehealth*.buffer
+      buffer_queue_limit 10
+      flush_interval 20s
+      retry_limit 10
+      retry_wait 30s
+     </match>
 metadata:
   name: omsagent-rs-config
   namespace: kube-system
@@ -261,8 +295,8 @@ metadata:
 type: Opaque
 data:
   #BASE64 ENCODED (Both WSID & KEY) INSIDE DOUBLE QUOTE ("")
-  WSID: "WSID"
-  KEY: "KEY"
+  WSID: "VALUE_WSID"
+  KEY: "VALUE_KEY"
 ---
 apiVersion: extensions/v1beta1
 kind: DaemonSet
@@ -284,7 +318,7 @@ spec:
    serviceAccountName: omsagent
    containers:
      - name: omsagent 
-       image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod07092019"
+       image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:healthpreview07182019"
        imagePullPolicy: IfNotPresent
        resources:
         limits:
@@ -294,13 +328,15 @@ spec:
          cpu: 75m
          memory: 225Mi
        env:
-       #- name: AKS_RESOURCE_ID
-       #  value: "VALUE_AKS_RESOURCE_ID_VALUE"
-       #- name: AKS_REGION
-       #  value: "VALUE_AKS_RESOURCE_REGION_VALUE"
+       - name: AKS_RESOURCE_ID
+         value: "VALUE_AKS_RESOURCE_ID_VALUE"
+       - name: AKS_REGION
+         value: "VALUE_AKS_REGION_VALUE"
        #Uncomment below two lines for ACS clusters and set the cluster names manually. Also comment out the above two lines for ACS clusters
-       - name: ACS_RESOURCE_NAME
-         value: "my_acs_cluster_name"
+       #- name: ACS_RESOURCE_NAME
+       #   value: "my_acs_cluster_name"
+       - name: DISABLE_KUBE_SYSTEM_LOG_COLLECTION
+         value: "true"
        - name: CONTROLLER_TYPE
          value: "DaemonSet"
        - name: NODE_IP
@@ -397,8 +433,8 @@ spec:
   spec:
    serviceAccountName: omsagent
    containers:
-     - name: omsagent
-       image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:ciprod07092019"
+     - name: omsagent 
+       image: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:healthpreview07182019"
        imagePullPolicy: IfNotPresent
        resources:
         limits:
@@ -428,6 +464,9 @@ spec:
          protocol: TCP 
        - containerPort: 25224
          protocol: UDP
+       - containerPort: 25235
+         protocol: TCP
+         name: in-rs-tcp         
        volumeMounts:
         - mountPath: /var/run/host
           name: docker-sock
@@ -445,6 +484,8 @@ spec:
         - mountPath: /etc/config/settings
           name: settings-vol-config
           readOnly: true
+        - mountPath: "/mnt/azure"
+          name: azurefile-pv
        livenessProbe:
         exec:
          command:
@@ -482,4 +523,67 @@ spec:
       configMap:
         name: container-azm-ms-agentconfig
         optional: true
-
+    - name: azurefile-pv
+      persistentVolumeClaim:
+        claimName: azurefile
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: replicaset-service
+  namespace: kube-system
+spec:
+  selector:
+    rsName: "omsagent-rs"
+  ports:
+  - protocol: TCP
+    port: 25235
+    targetPort: in-rs-tcp
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: azurefile
+provisioner: kubernetes.io/azure-file
+mountOptions:
+  - dir_mode=0777
+  - file_mode=0777
+  - uid=1000
+  - gid=1000
+parameters:
+  skuName: Standard_LRS
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:azure-cloud-provider
+rules:
+- apiGroups: ['']
+  resources: ['secrets']
+  verbs:     ['get','create']
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:azure-cloud-provider
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: system:azure-cloud-provider
+subjects:
+- kind: ServiceAccount
+  name: persistent-volume-binder
+  namespace: kube-system
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: azurefile
+  namespace: kube-system
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: azurefile
+  resources:
+    requests:
+      storage: 10Mi

ci_feature/Dockerfile

@@ -1,8 +1,8 @@
 FROM ubuntu:16.04
 MAINTAINER OMSContainers@microsoft.com
 LABEL vendor=Microsoft\ Corp \
-com.microsoft.product="OMS Container Docker Provider" \
-com.microsoft.version="6.0.0-0"
+    com.microsoft.product="OMS Container Docker Provider" \
+    com.microsoft.version="6.0.0-1"
 ENV tmpdir /opt
 ENV APPLICATIONINSIGHTS_AUTH OTQzNWI0M2YtOTdkNS00ZGVkLThkOTAtYjA0Nzk1OGU2ZTg3
 ENV AGENT_VERSION ciprod07092019

ci_feature/setup.sh

@@ -14,8 +14,7 @@ wget https://github.com/Microsoft/OMS-Agent-for-Linux/releases/download/OMSAgent
 #create file to disable omi service startup script
 touch /etc/.omi_disable_service_control
 
-wget https://github.com/microsoft/Docker-Provider/releases/download/6.0.0.0/docker-cimprov-6.0.0-0.universal.x86_64.sh
-
+wget https://github.com/microsoft/Docker-Provider/releases/download/healthpreview06182019/docker-cimprov-6.0.0-1.universal.x86_64.sh
 chmod 775 $TMPDIR/*.sh
 
 #Extract omsbundle

ci_feature_prod/Dockerfile

@@ -1,11 +1,11 @@
 FROM ubuntu:16.04
 MAINTAINER OMSContainers@microsoft.com
 LABEL vendor=Microsoft\ Corp \
-com.microsoft.product="OMS Container Docker Provider" \
-com.microsoft.version="6.0.0-0"
+    com.microsoft.product="OMS Container Docker Provider" \
+    com.microsoft.version="6.0.0-1"
 ENV tmpdir /opt
 ENV APPLICATIONINSIGHTS_AUTH NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi
-ENV AGENT_VERSION ciprod07092019
+ENV AGENT_VERSION healthpreview07182019
 ENV HOST_MOUNT_PREFIX /hostfs
 ENV HOST_PROC /hostfs/proc
 ENV HOST_SYS /hostfs/sys

ci_feature_prod/main.sh

@@ -36,7 +36,7 @@ if [ -S ${DOCKER_SOCKET} ]; then
     groupadd -for -g ${DOCKER_GID} ${DOCKER_GROUP}
     echo "adding omsagent user to local docker group"
     usermod -aG ${DOCKER_GROUP} ${REGULAR_USER}
-fi 
+fi
 
 #Run inotify as a daemon to track changes to the mounted configmap.
 inotifywait /etc/config/settings --daemon --recursive --outfile "/opt/inotifyoutput.txt" --event create,delete --format '%e : %T' --timefmt '+%s'
@@ -48,11 +48,11 @@ else
 	curl --unix-socket /var/run/host/docker.sock "http:/info" | python -c "import sys, json; print json.load(sys.stdin)['Name']" > /var/opt/microsoft/docker-cimprov/state/containerhostname
 fi
 #check if file was written successfully.
-cat /var/opt/microsoft/docker-cimprov/state/containerhostname 
+cat /var/opt/microsoft/docker-cimprov/state/containerhostname
 
 #resourceid override for loganalytics data.
 if [ -z $AKS_RESOURCE_ID ]; then
-      echo "not setting customResourceId" 
+      echo "not setting customResourceId"
 else
       export customResourceId=$AKS_RESOURCE_ID
       echo "export customResourceId=$AKS_RESOURCE_ID" >> ~/.bashrc
@@ -63,7 +63,7 @@ fi
 #set agent config schema version
 if [  -e "/etc/config/settings/schema-version" ] && [  -s "/etc/config/settings/schema-version" ]; then
       #trim
-      config_schema_version="$(cat /etc/config/settings/schema-version | xargs)" 
+      config_schema_version="$(cat /etc/config/settings/schema-version | xargs)"
       #remove all spaces
       config_schema_version="${config_schema_version//[[:space:]]/}"
       #take first 10 characters
@@ -92,7 +92,7 @@ fi
 
 # Check for internet connectivity
 RET=`curl -s -o /dev/null -w "%{http_code}" http://www.microsoft.com/`
-if [ $RET -eq 200 ]; then 
+if [ $RET -eq 200 ]; then
       # Check for workspace existence
       if [ -e "/etc/omsagent-secret/WSID" ]; then
             workspaceId=$(cat /etc/omsagent-secret/WSID)
@@ -103,7 +103,7 @@ if [ $RET -eq 200 ]; then
       else
             echo "LA Onboarding:Workspace Id not mounted"
       fi
-else 
+else
       echo "-e error    Error resolving host during the onboarding request. Check the internet connectivity and/or network policy on the cluster"
 fi
 
@@ -131,7 +131,7 @@ rm -f /etc/opt/microsoft/omsagent/conf/omsagent.d/omsconfig.consistencyinvoker.c
 if [ -z $INT ]; then
   if [ -a /etc/omsagent-secret/DOMAIN ]; then
         /opt/microsoft/omsagent/bin/omsadmin.sh -w `cat /etc/omsagent-secret/WSID` -s `cat /etc/omsagent-secret/KEY` -d `cat /etc/omsagent-secret/DOMAIN`
-  elif [ -a /etc/omsagent-secret/WSID ]; then  
+  elif [ -a /etc/omsagent-secret/WSID ]; then
         /opt/microsoft/omsagent/bin/omsadmin.sh -w `cat /etc/omsagent-secret/WSID` -s `cat /etc/omsagent-secret/KEY`
   elif [ -a /run/secrets/DOMAIN ]; then
         /opt/microsoft/omsagent/bin/omsadmin.sh -w `cat /run/secrets/WSID` -s `cat /run/secrets/KEY` -d `cat /run/secrets/DOMAIN`
@@ -159,7 +159,7 @@ service cron start
 
 #get omsagent and docker-provider versions
 dpkg -l | grep omsagent | awk '{print $2 " " $3}'
-dpkg -l | grep docker-cimprov | awk '{print $2 " " $3}' 
+dpkg -l | grep docker-cimprov | awk '{print $2 " " $3}'
 
 #telegraf & fluentbit requirements
 if [ ! -e "/etc/config/kube.conf" ]; then
@@ -272,7 +272,7 @@ fi
 /opt/telegraf --version
 dpkg -l | grep td-agent-bit | awk '{print $2 " " $3}'
 
-#dpkg -l | grep telegraf | awk '{print $2 " " $3}' 
+#dpkg -l | grep telegraf | awk '{print $2 " " $3}'
 
 shutdown() {
 	/opt/microsoft/omsagent/bin/service_control stop

ci_feature_prod/setup.sh

@@ -14,7 +14,7 @@ wget https://github.com/Microsoft/OMS-Agent-for-Linux/releases/download/OMSAgent
 #create file to disable omi service startup script
 touch /etc/.omi_disable_service_control
 
-wget https://github.com/microsoft/Docker-Provider/releases/download/6.0.0.0/docker-cimprov-6.0.0-0.universal.x86_64.sh
+wget https://github.com/microsoft/Docker-Provider/releases/download/healthpreview06182019/docker-cimprov-6.0.0-1.universal.x86_64.sh
 
 chmod 775 $TMPDIR/*.sh