--- # Source: uma/templates/service_account.yaml apiVersion: v1 kind: ServiceAccount metadata: name: uma namespace: broadcom-aiops --- # Source: uma/templates/configmap_general.yaml # Common config map needed for All extensions apiVersion: v1 kind: ConfigMap metadata: name: caaiops-config-admin1 namespace: broadcom-aiops data: cluster_name: "SandBox" agentManager_url_1: "localhost:5001" agentManager_credential: "credential" monitored_namespace_list: "" agentManager_version: "" agentManager_httpProxy_host: "" agentManager_httpProxy_port: "" agentManager_httpProxy_username: "" agentManager_httpProxy_password: "" agentManager_httpCollector_host: "" agentManager_httpCollector_port: "" prometheus_server_url: "" prometheus_server_username: "" prometheus_server_password: "" prometheus_server_token: "" agentNaming_deployment_apmia_process: "ClusterDeployment" agentNaming_deployment_apmia_agent: "Infrastructure Agent" agentNaming_deployment_prometheus_process: "ClusterPerformanceMonitor" agentNaming_deployment_prometheus_agent: "Prometheus Agent" agentNaming_daemonset_apmia_host: "" agentNaming_daemonset_apmia_agent: "Kubernetes Agent" opentracing_grpc_hostport: "" zipkinTracing_zipkinServer_hostport: "" cloudmonitoring_aws_accesskey: "" cloudmonitoring_aws_secretkey: "" agentNaming_deployment_aws_host: "" agentNaming_deployment_aws_process: "" agentNaming_deployment_aws_agent: "" agentNaming_deployment_httpCollector_host: "" agentNaming_deployment_httpCollector_process: "" --- # Source: uma/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: broadcom-uma-clusterrole rules: - nonResourceURLs: - /metrics verbs: - get - apiGroups: - "" resources: - nodes - nodes/stats - nodes/metrics - nodes/proxy - services - pods - events - pods/exec - resourcequotas - replicationcontrollers - limitranges - namespaces - persistentvolumes - persistentvolumeclaims - endpoints - ingresses verbs: - get - create - update - list - watch - patch - apiGroups: - apps - admissionregistration.k8s.io resources: - deployments - statefulsets - replicasets - daemonsets - mutatingwebhookconfigurations verbs: - get - list - watch - create - update - patch - apiGroups: - extensions resources: - deployments - statefulsets - replicasets - daemonsets - ingresses verbs: - get - list - watch - create - patch - delete - apiGroups: - "" resources: - configmaps - secrets verbs: - '*' - apiGroups: - extensions - "networking.k8s.io" # k8s 1.14+ resources: - ingresses verbs: - get - list - watch - create - patch - delete - apiGroups: - ca.broadcom.com resources: - '*' verbs: - '*' - apiGroups: - security.openshift.io resources: - securitycontextconstraints resourceNames: - anyuid - privileged verbs: - use - apiGroups: - extensions resources: - podsecuritypolicies resourceNames: - ibm-privileged-psp verbs: - use - apiGroups: - apps.openshift.io resources: - deploymentconfigs verbs: - get - list - watch - create - update - patch --- # Source: uma/templates/role_binding.yaml # ClusterRoleBinding for binding with Service Account apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: broadcom-uma-clusterrolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: broadcom-uma-clusterrole subjects: - kind: ServiceAccount name: uma namespace: broadcom-aiops --- # Source: uma/templates/service_clusterdiscovery.yaml # Service for Cluster Discovery apiVersion: v1 kind: Service metadata: name: clusterinfo namespace: broadcom-aiops spec: selector: module: clusterinfo ports: - port: 8080 type: ClusterIP --- # Source: uma/templates/service_collector.yaml # Service for Collector apiVersion: v1 kind: Service metadata: name: collector namespace: broadcom-aiops spec: selector: module: collector ports: - port: 7779 type: ClusterIP --- # Source: uma/templates/daemonset_apmia.yaml # DaemonSet Configuration # Agent from Container1 will be reported to |Infrastructure|Agent # Agent from Container2 will be reported to |Application|JMX Agent apiVersion: apps/v1 kind: DaemonSet metadata: name: app-container-monitor namespace: broadcom-aiops labels: tier: monitoring app: cagent spec: # oc adm policy add-scc-to-user privileged -z default selector: matchLabels: app: caagent template: metadata: labels: app: caagent annotations: ca.broadcom.application.name: container-monitoring spec: hostPID: true hostIPC: true hostNetwork: true tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: node-role.kubernetes.io/storage effect: NoSchedule - key: node-role.kubernetes.io/infra effect: NoSchedule - effect: NoSchedule operator: Exists - effect: NoExecute operator: Exists serviceAccountName: uma initContainers: - name: init-clusterinfo image: caapm/universalmonitoragent:2022.1.0.25 command: ['bash', '-c', 'until [ $(curl --connect-timeout 5 --max-time 10 --write-out %{http_code} --silent --output /dev/null ${CLUSTERINFO_SERVICE_HOST}:${CLUSTERINFO_SERVICE_PORT}/up) -eq 200 ]; do sleep 2; done'] resources: limits: cpu: 20m memory: 20Mi requests: cpu: 10m memory: 10Mi containers: - name: containerinfo image: caapm/universalmonitoragent:2022.1.0.25 imagePullPolicy: Always command: ["/start.sh"] securityContext: privileged: true runAsUser: 0 env: - name: CAAPM_CONTAINERINFO_PORT value: "7777" - name: CAAPM_CONTAINERINFO_LOG_LEVEL value: "INFO" - name: CAAPM_CONTAINERINFO_STATS_INTERVAL value: "60" - name: CAAPM_CONTAINERINFO_COLLECTOR_SERVICE_ENABLED value: "true" - name: CAAPM_CONTAINERINFO_COLLECTOR_SERVICE_PORT value: "7779" livenessProbe: httpGet: path: /runtime/info port: 7777 initialDelaySeconds: 60 periodSeconds: 60 resources: limits: cpu: 500m memory: 500Mi requests: cpu: 100m memory: 200Mi volumeMounts: - name: dockersock mountPath: /var/run/docker.sock readOnly: true - name: containerdsock mountPath: /run/containerd/containerd.sock readOnly: true - name: containerdekssock mountPath: /run/dockershim.sock readOnly: true - name: criosock mountPath: /var/run/crio/crio.sock readOnly: true - name: sys mountPath: /host/sys readOnly: true - name: proc mountPath: /host/proc readOnly: true - name: dockeroverlay mountPath: /host/var/lib/docker/overlay readOnly: true - name: dockeroverlay2 mountPath: /host/var/lib/docker/overlay2 readOnly: true - name: criooverlay mountPath: /host/var/lib/containers/storage/overlay readOnly: true - name: criooverlaycontainers mountPath: /host/var/lib/containers/storage/overlay-containers readOnly: true - name: criooverlayimages mountPath: /host/var/lib/containers/storage/overlay-images readOnly: true - env: - name: containerflow value: disabled - name: agentManager_url_1 valueFrom: configMapKeyRef: key: agentManager_url_1 name: caaiops-config-admin1 - name: agentManager_credential valueFrom: configMapKeyRef: key: agentManager_credential name: caaiops-config-admin1 - name: apmenv_introscope_agent_connection_compatibility_version valueFrom: configMapKeyRef: key: agentManager_version name: caaiops-config-admin1 - name: type value: Kubernetes - name: interval value: "60" - name: DOCKER_STATS_CGROUP_MODE value: enabled - name: apmenv_introscope_epagent_config_httpServerPort value: "8889" - name: apmenv_introscope_agent_remotejmx_config_modules value: "jvm,memory" - name: apmenv_introscope_agent_extensions_bundles_load value: NodeExtension ,PythonExtension,CppExtension,autoattach,OpenshiftMonitor,HostMonitor, ########################## # Auto Attach properties: ########################## # Free memory threshold required for attaching to containers (%) #- name: apmenv_autoattach_free_memory_threshold # value: "50.00" # Interval for attaching to memory unbounded containers (sec). One unbounded container will be attached to per interval. #- name: apmenv_autoattach_unbounded_container_attach_interval # value: "300" # Operation Mode for Auto Attach (whitelist/blacklist). # whitelist: will only attach to processes marked with env variable CA_APM_MONITORING_ENABLED=true # blacklist: will attach to all processes except those marked with env variable CA_APM_MONITORING_ENABLED=false - name: apmenv_autoattach_filter_type value: "whitelist" - name: apmenv_autoattach_customJdkTools_enabled value: "false" - name: apmenv_autoattach_dynamicPropertyResolution_enabled value: "true" - name: apmenv_autoattach_dynamicPropertyResolution_properties_list value: "introscope.agent.hostName,com.wily.introscope.agent.agentName" - name: apmenv_autoattach_introscope_agent_hostName value: "{k8s_deployment_name},{k8s_daemonset_name},{k8s_pod_name},ContainerHost" - name: apmenv_autoattach_com_wily_introscope_agent_agentName value: "" - name: apmenv_autoattach_java_enabled_applications value: " " # Properties for aggressively monitoring every JVM - name: apmenv_autoattach_java_proactiveMode_enabled value: "true" #- name: apmenv_autoattach_java_proactiveMode_agent_load_delay # value: "300" - name: apmenv_autoattach_net_enabled_applications value: " " # Properties for aggressively monitoring every.NET Runtime - name: apmenv_autoattach_net_proactiveMode_enabled value: "true" #- name: apmenv_autoattach_net_proactiveMode_agent_load_delay # value: "30" # Properties for monitoring Nodejs Runtime - name: apmenv_autoattach_nodejs_enabled value: "true" # Properties for trace logging #- name: apmenv_log4j_logger_IntroscopeAgent # value: "TRACE#com.wily.util.feedback.Log4JSeverityLevel, logfile" #- name: apmenv_log4j_logger_IntroscopeAgent_AutoAttach # value: "TRACE#com.wily.util.feedback.Log4JSeverityLevel, logfile" #- name: apmenv_log4j_additivity_IntroscopeAgent_AutoAttach # value: "false" #- name: apmenv_log4j_appender_logfile_MaxFileSize # value: "200MB" #- name: apmenv_log4j_appender_logfile_MaxBackupIndex # value: "10" - name: nodename valueFrom: fieldRef: fieldPath: spec.nodeName - name: apmenv_com_ca_apm_kubernetes_clusterName valueFrom: configMapKeyRef: key: cluster_name name: caaiops-config-admin1 - name: apmenv_introscope_agent_hostmonitor_profiles_localhost_linux_groups value: memory,cpu,network,diskio,hostresources,application,protocol,systemmanagement,performance,process,ipc,distributedsystem,topprocess,operatingsystem,storage,systemload,port - name: apmenv_introscope_agent_hostName valueFrom: fieldRef: fieldPath: spec.nodeName - name: apmenv_introscope_agent_customProcessName valueFrom: configMapKeyRef: key: cluster_name name: caaiops-config-admin1 - name: apmenv_introscope_agent_agentName valueFrom: configMapKeyRef: key: agentNaming_daemonset_apmia_agent name: caaiops-config-admin1 - name: MIN_HEAP_VAL_IN_MB value: "64" - name: REDUCE_METRIC_EXPLOSION value: "false" - name: apmenv_com_ca_apm_kubernetes_monitor_legacy value: "false" - name: storage_mount_filter value: "/dev,/run,/var,/boot,/home,/mnt,/sys,/tmp,/etc,/usr" name: podmonitor image: caapm/universalmonitoragent:2022.1.0.25 resources: limits: cpu: 1000m memory: 1G requests: cpu: 200m memory: 300Mi livenessProbe: exec: command: - sh - -c - find /tmp/apmia-health/extensions/Docker-health.txt -mmin -2 | grep . initialDelaySeconds: 120 failureThreshold: 2 periodSeconds: 180 imagePullPolicy: Always # resources: # limits: # cpu: 500m # memory: 700Mi # requests: # cpu: 200m # memory: 300Mi securityContext: privileged: true volumeMounts: - name: dockersock mountPath: /var/run/docker.sock readOnly: true - name: dev mountPath: /host/dev readOnly: true - name: run mountPath: /host/run readOnly: true - name: sys mountPath: /host/sys readOnly: true - name: boot mountPath: /host/boot readOnly: true - name: home mountPath: /host/home readOnly: true - name: proc mountPath: /host/proc readOnly: true - name: rootfs mountPath: /host readOnly: true volumes: - name: dockersock hostPath: path: /var/run/docker.sock - name: containerdsock hostPath: path: /run/containerd/containerd.sock - name: containerdekssock hostPath: path: /run/dockershim.sock - name: criosock hostPath: path: /var/run/crio/crio.sock - name: dev hostPath: path: /dev - name: run hostPath: path: /run - name: sys hostPath: path: /sys - name: boot hostPath: path: /boot - name: home hostPath: path: /home - name: rootfs hostPath: path: / - name: proc hostPath: path: /proc - name: dockeroverlay hostPath: path: /var/lib/docker/overlay - name: dockeroverlay2 hostPath: path: /var/lib/docker/overlay2 - name: criooverlay hostPath: path: /var/lib/containers/storage/overlay - name: criooverlaycontainers hostPath: path: /var/lib/containers/storage/overlay-containers - name: criooverlayimages hostPath: path: /var/lib/containers/storage/overlay-images --- # Source: uma/templates/deployment_apmia.yaml # ( and .Values.monitor.container.prometheus.backend.endPoint.url .Values.agentManager.url ) # APMIA based Deployment. # Agent from Container1 will be reported to |ClusterMonitoring|Infrastructure Agent apiVersion: apps/v1 kind: Deployment metadata: name: container-monitor-admin namespace: broadcom-aiops labels: app: apmia-deployment spec: replicas: 1 template: metadata: name: apmia-deployment labels: app: apmia-deployment deployment.name: container-monitor spec: serviceAccountName: uma initContainers: - name: init-clusterinfo image: caapm/universalmonitoragent:2022.1.0.25 command: ['bash', '-c', 'until [ $(curl --connect-timeout 5 --max-time 10 --write-out %{http_code} --silent --output /dev/null ${CLUSTERINFO_SERVICE_HOST}:${CLUSTERINFO_SERVICE_PORT}/up) -eq 200 ]; do sleep 2; done'] resources: limits: cpu: 20m memory: 20Mi requests: cpu: 10m memory: 10Mi containers: - env: - name: agentManager_url_1 valueFrom: configMapKeyRef: key: agentManager_url_1 name: caaiops-config-admin1 - name: agentManager_credential valueFrom: configMapKeyRef: key: agentManager_credential name: caaiops-config-admin1 - name: apmenv_introscope_agent_connection_compatibility_version valueFrom: configMapKeyRef: key: agentManager_version name: caaiops-config-admin1 - name: interval value: "300" - name: KUEBRNETES_CLUSTER_MONITORING value: "true" - name: apmenv_introscope_epagent_config_httpServerPort value: "8888" - name: REDUCE_METRIC_EXPLOSION value: "false" - name: type value: "Kubernetes" - name: HostMonitoring value: disabled - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_cluster value: k8s_cluster_name=(k8s_cluster_clustername), k8s_project=(k8s_cluster_projects) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_node value: k8s_project=(k8s_node_namespaces),k8s_cluster_name=(k8s_node_clustername), k8s_pod_nodename=(name), k8s_node_agentpath=(agent) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_namespace value: k8s_project=(name), k8s_cluster_name=(k8s_namespace_clustername) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_pod value: k8s_pod_name=(name), k8s_project=(k8s_pod_namespace), k8s_cluster_name=(k8s_pod_clustername) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_deployment value: k8s_project=(k8s_deployment_namespace), k8s_cluster_name=(k8s_deployment_clustername) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_deploymentconfig value: k8s_project=(k8s_deploymentconfig_namespace), k8s_cluster_name=(k8s_deploymentconfig_clustername) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_daemonset value: k8s_project=(k8s_daemonset_namespace), k8s_cluster_name=(k8s_daemonset_clustername) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_container value: k8s_pod_nodename=(k8s_container_nodename), k8s_pod_container_name=(name), k8s_pod_name=(k8s_container_podname),k8s_project=(k8s_container_namespace),k8s_pod_container_id=(k8s_container_id), k8s_cluster_name=(k8s_container_clustername) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_replicaset value: k8s_project=(k8s_replicaset_namespace), k8s_cluster_name=(k8s_replicaset_clustername) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_service value: k8s_project=(k8s_service_namespace), k8s_cluster_name=(k8s_service_clustername) - name: apmenv_com_ca_apm_clusterdatareporter_additional_attributes_statefulset value: k8s_project=(k8s_statefulset_namespace), k8s_cluster_name=(k8s_statefulset_clustername) - name: apmenv_cluster_name valueFrom: configMapKeyRef: key: cluster_name name: caaiops-config-admin1 - name: apmenv_introscope_agent_customProcessName valueFrom: configMapKeyRef: key: agentNaming_deployment_apmia_process name: caaiops-config-admin1 - name: apmenv_introscope_agent_hostName valueFrom: configMapKeyRef: key: cluster_name name: caaiops-config-admin1 - name: apmenv_introscope_agent_agentName valueFrom: configMapKeyRef: key: agentNaming_deployment_apmia_agent name: caaiops-config-admin1 - name: apmenv_introscope_agent_extensions_bundles_load value: ClusterDataReporter, - name: MIN_HEAP_VAL_IN_MB value: "64" - name: MAX_HEAP_VAL_IN_MB value: "800" - name: METADATA_GRAPH_BUFFER_SIZE value: "100" - name: cluster_name valueFrom: configMapKeyRef: key: cluster_name name: caaiops-config-admin1 name: uma image: caapm/universalmonitoragent:2022.1.0.25 livenessProbe: httpGet: path: /healthz port: 8888 initialDelaySeconds: 60 periodSeconds: 60 resources: limits: cpu: 2 memory: 1G requests: cpu: 200m memory: 300Mi imagePullPolicy: Always restartPolicy: Always selector: matchLabels: app: apmia-deployment --- # Source: uma/templates/deployment_clusterdiscovery.yaml # Cluster Discovery Service apiVersion: apps/v1 kind: Deployment metadata: name: clusterinfo namespace: broadcom-aiops labels: app: cagent module: clusterinfo annotations: ca.broadcom.application.name: kubernete-cluster-monitoring spec: replicas: 1 template: metadata: name: clusterinfo labels: app: cagent module: clusterinfo spec: serviceAccountName: uma containers: - name: clusterinfo image: caapm/universalmonitoragent:2022.1.0.25 env: #- name: CAAPM_CLUSTERINFO_DATA_WATCHERS_TIMEOUT # value: "240" - name: type value: Kubernetes - name: agent_connection_compatibility_version valueFrom: configMapKeyRef: key: agentManager_version name: caaiops-config-admin1 - name: cluster_name valueFrom: configMapKeyRef: key: cluster_name name: caaiops-config-admin1 resources: limits: cpu: 2 memory: 1.5G requests: cpu: 400m memory: 700Mi imagePullPolicy: Always livenessProbe: httpGet: path: /up port: 8080 initialDelaySeconds: 60 periodSeconds: 120 command: ["/usr/local/openshift/apmia/jre/bin/java", "-Xms256m","-Xmx1024m", "-Dlogging.config=file:/usr/local/openshift/logback.xml", "-jar", "/clusterinfo-1.0.jar"] # Comment out this section in case you want to enable debug # command: ["java", "-jar", "-Dlogging.level.com.ca.apm.broadcom.kubernetes.springboot.ClusterInfoController=DEBUG","/clusterinfo-1.0.jar"] restartPolicy: Always selector: matchLabels: module: clusterinfo --- # Source: uma/templates/deployment_collector.yaml # Collector Service apiVersion: apps/v1 kind: Deployment metadata: name: collector namespace: broadcom-aiops labels: app: cagent module: collector annotations: ca.broadcom.application.name: kubernetes-container-collector spec: replicas: 1 template: metadata: name: collector labels: app: cagent module: collector spec: serviceAccountName: uma initContainers: - name: init-clusterinfo image: caapm/universalmonitoragent:2022.1.0.25 command: [ 'bash', '-c', 'until [ $(curl --connect-timeout 5 --max-time 10 --write-out %{http_code} --silent --output /dev/null ${CLUSTERINFO_SERVICE_HOST}:${CLUSTERINFO_SERVICE_PORT}/up) -eq 200 ]; do sleep 2; done' ] containers: - name: collector image: caapm/universalmonitoragent:2022.1.0.25 env: - name: type value: Kubernetes resources: limits: cpu: 1 memory: 1G requests: cpu: 250m memory: 500Mi imagePullPolicy: Always livenessProbe: httpGet: path: /health/up port: 7779 initialDelaySeconds: 60 periodSeconds: 120 command: [ "/collector-linux-amd64","--config=/usr/local/openshift/config/collector/config.yaml" ] restartPolicy: Always selector: matchLabels: module: collector --- # Source: uma/templates/configmap_probeautoattach.yaml # Probe AutoAttach secrets and config map --- # Source: uma/templates/deployment_probeautoattach.yaml # Probe Auto Attach