diff --git a/charts/member-agent-arc/charts_test.go b/charts/member-agent-arc/charts_test.go
index 29d0e5fa9..b380e91ee 100644
--- a/charts/member-agent-arc/charts_test.go
+++ b/charts/member-agent-arc/charts_test.go
@@ -52,6 +52,38 @@ func TestHelmChartTemplatesRenderValidYAML(t *testing.T) {
"enableTrafficManagerFeature": true,
"enableNetworkingFeatures": true,
"propertyProvider": "azure",
+ "geneva": map[string]interface{}{
+ "mdsd": map[string]interface{}{
+ "repository": "linuxgeneva-microsoft.azurecr.io/genevamdsd",
+ "tag": "v1.0.0",
+ },
+ "fluentd": map[string]interface{}{
+ "repository": "linuxgeneva-microsoft.azurecr.io/genevafluentd_td-agent",
+ "tag": "v1.0.0",
+ },
+ "mdm": map[string]interface{}{
+ "repository": "linuxgeneva-microsoft.azurecr.io/genevamdm",
+ "tag": "v1.0.0",
+ "account": "test-mdm-account",
+ },
+ "gcs": map[string]interface{}{
+ "environment": "Test",
+ "account": "test-account",
+ "region": "test-region",
+ "namespace": "test-namespace",
+ "configVersion": "1.0",
+ "authIdType": "AuthMSIToken",
+ },
+ "config": map[string]interface{}{
+ "tenant": "test-tenant",
+ "role": "test-role",
+ "azureEnvironment": "AzurePublicCloud",
+ "enableGigBridgeMode": "1",
+ },
+ "debugging": map[string]interface{}{
+ "dockerLogging": "false",
+ },
+ },
"Azure": map[string]interface{}{
"proxySettings": map[string]interface{}{
"isProxyEnabled": true,
@@ -91,6 +123,8 @@ func TestHelmChartTemplatesRenderValidYAML(t *testing.T) {
{name: "rbac template", templateFile: "rbac.yaml"},
{name: "serviceaccount template", templateFile: "serviceaccount.yaml"},
{name: "azure-proxy-secrets template", templateFile: "azure-proxy-secrets.yaml"},
+ {name: "configmap-fluentd template", templateFile: "configmap-fluentd.yaml"},
+ {name: "configmap-mdm template", templateFile: "configmap-mdm.yaml"},
}
for _, tt := range tests {
diff --git a/charts/member-agent-arc/configs/fluent.conf b/charts/member-agent-arc/configs/fluent.conf
new file mode 100644
index 000000000..117b7d5fb
--- /dev/null
+++ b/charts/member-agent-arc/configs/fluent.conf
@@ -0,0 +1,65 @@
+
+ @type tail
+ # Matching the following log files:
+ # fleet-hub-agent-*_fleet-hub-agent-*.log
+ # fleet-member-agent-*_msi-adapter-*.log
+ # fleet-member-agent-*_refresh-tokent-*.log
+ # fleet-member-agent-*_fleet-member-agent-*.log
+ path /var/log/containers/fleet-*-agent-*.log
+ path_key tailed_path
+ pos_file /var/log/td-agent.fleet-agent.log.pos
+ tag arc-extension.fleet-agent.*
+ read_from_head true
+
+ @type regexp
+ time_format %Y-%m-%dT%H:%M:%S.%L%z
+ expression /^(?
+
+# Collect logs for fleet networking controller managers, which are pods with names like fleet-*-controller-manager-*.log
+# Same as fleet-agent, these logs are tagged with `arc-extension.fleet-agent.*` and will show up in the same table.
+
+ @type tail
+ # Matching the following log files:
+ # fleet-hub-net-controller-manager-*_fleet-hub-net-controller-manager-*.log
+ # fleet-member-net-controller-manager-*_msi-adapter-*.log
+ # fleet-member-net-controller-manager-*_refresh-tokent-*.log
+ # fleet-member-net-controller-manager-*_fleet-member-net-controller-manager-*.log
+ # fleet-mcs-controller-manager-*_fleet-mcs-controller-manager-*.log
+ path /var/log/containers/fleet-*-controller-manager-*.log
+ path_key tailed_path
+ pos_file /var/log/td-agent.fleet-net-controller-manager.log.pos
+ tag arc-extension.fleet-agent.*
+ read_from_head true
+
+ @type regexp
+ time_format %Y-%m-%dT%H:%M:%S.%L%z
+ expression /^(?
+
+# Collect logs for CRD installer, which are pods with names like crd-installer-*.log
+# Same as fleet-agent, these logs are tagged with `arc-extension.fleet-agent.*` and will show up in the same table.
+#
+# @type tail
+# # Matching the following log files:
+# # crd-installer-*_crd-installer-*.log
+# path /var/log/containers/crd-installer-*.log
+# path_key tailed_path
+# pos_file /var/log/td-agent.crd-installer.log.pos
+# tag arc-extension.fleet-agent.*
+# read_from_head true
+#
+# @type regexp
+# time_format %Y-%m-%dT%H:%M:%S.%L%z
+# expression /^(?
+#
+# Add tag arc.fleetagent to logs from fleet agents, which are running under CCP namespaces.
+
+ @type rewrite_tag_filter
+
+ key namespace
+ pattern ^.*$
+ tag arc.fleetagent
+
+
\ No newline at end of file
diff --git a/charts/member-agent-arc/templates/configmap-fluentd.yaml b/charts/member-agent-arc/templates/configmap-fluentd.yaml
new file mode 100644
index 000000000..9caa7fb65
--- /dev/null
+++ b/charts/member-agent-arc/templates/configmap-fluentd.yaml
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: fluentd-config
+ namespace: {{ .Values.namespace }}
+data:
+ fluentd.conf: |
+
+ @type tail
+ # Matching the following log files:
+ # fleet-hub-agent-*_fleet-hub-agent-*.log
+ # fleet-member-agent-*_msi-adapter-*.log
+ # fleet-member-agent-*_refresh-tokent-*.log
+ # fleet-member-agent-*_fleet-member-agent-*.log
+ path /var/log/containers/fleet-*-agent-*.log
+ path_key tailed_path
+ pos_file /var/log/td-agent.fleet-agent.log.pos
+ tag arc-extension.fleet-agent.*
+ read_from_head true
+
+ @type regexp
+ time_format %Y-%m-%dT%H:%M:%S.%L%z
+ expression /^(?
+
+ # Collect logs for fleet networking controller managers
+
+ @type tail
+ path /var/log/containers/fleet-*-controller-manager-*.log
+ path_key tailed_path
+ pos_file /var/log/td-agent.fleet-net-controller-manager.log.pos
+ tag arc-extension.fleet-agent.*
+ read_from_head true
+
+ @type regexp
+ time_format %Y-%m-%dT%H:%M:%S.%L%z
+ expression /^(?
+
+ # Add tag arc.fleetagent to logs from fleet agents
+
+ @type rewrite_tag_filter
+
+ key namespace
+ pattern ^.*$
+ tag arc.fleetagent
+
+
diff --git a/charts/member-agent-arc/templates/configmap-mdm.yaml b/charts/member-agent-arc/templates/configmap-mdm.yaml
new file mode 100644
index 000000000..50de33d37
--- /dev/null
+++ b/charts/member-agent-arc/templates/configmap-mdm.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mdm-config
+ namespace: {{ .Values.namespace }}
+data:
+ mdmconfig.json: |
+ {
+ "account": "{{ .Values.geneva.mdm.account }}",
+ "input": "influxdb_udp"
+ }
diff --git a/charts/member-agent-arc/templates/deployment.yaml b/charts/member-agent-arc/templates/deployment.yaml
index 30f8ef5ff..06ac44a1a 100644
--- a/charts/member-agent-arc/templates/deployment.yaml
+++ b/charts/member-agent-arc/templates/deployment.yaml
@@ -130,6 +130,116 @@ spec:
subPath: azure-proxy-cert.crt
readOnly: true
{{- end }}
+ - name: mdsd
+ image: "{{ .Values.geneva.mdsd.repository }}:{{ .Values.geneva.mdsd.tag }}"
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: ENABLE_GIG_BRIDGE_MODE
+ value: {{ .Values.geneva.config.enableGigBridgeMode | quote }}
+ - name: MONITORING_GCS_ENVIRONMENT
+ value: {{ .Values.geneva.gcs.environment | quote }}
+ - name: MONITORING_GCS_ACCOUNT
+ value: {{ .Values.geneva.gcs.account | quote }}
+ - name: MONITORING_GCS_REGION
+ value: {{ .Values.geneva.gcs.region | quote }}
+ - name: MONITORING_GCS_NAMESPACE
+ value: {{ .Values.geneva.gcs.namespace | quote }}
+ - name: MONITORING_CONFIG_VERSION
+ value: {{ .Values.geneva.gcs.configVersion | quote }}
+ - name: MONITORING_GCS_AUTH_ID_TYPE
+ value: {{ .Values.geneva.gcs.authIdType | quote }}
+ - name: MONITORING_TENANT
+ value: {{ .Values.geneva.config.tenant | quote }}
+ - name: MONITORING_ROLE
+ value: {{ .Values.geneva.config.role | quote }}
+ - name: MONITORING_ROLE_INSTANCE
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: DOCKER_LOGGING
+ value: {{ .Values.geneva.debugging.dockerLogging | quote }}
+ - name: SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH
+ value: "true"
+ resources:
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - name: mdsd-run-vol
+ mountPath: /var/run/mdsd
+ - name: mdsd-logs-vol
+ mountPath: /geneva/geneva_logs
+ - name: fluentd
+ image: "{{ .Values.geneva.fluentd.repository }}:{{ .Values.geneva.fluentd.tag }}"
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: FLUENTD_CONF
+ value: /etc/fluentd/fluentd.conf
+ resources:
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - name: fluentd-conf-vol
+ mountPath: /etc/fluentd
+ - name: fluentd-buffer-vol
+ mountPath: /var/log/td-agent
+ - name: mdsd-run-vol
+ mountPath: /var/run/mdsd
+ - name: docker-log-vol
+ mountPath: /var/lib/docker/containers
+ readOnly: true
+ - name: var-log-vol
+ mountPath: /var/log
+ - name: run-journal-vol
+ mountPath: /run/log/journal
+ readOnly: true
+ - name: mdm
+ image: "{{ .Values.geneva.mdm.repository }}:{{ .Values.geneva.mdm.tag }}"
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: ROLEINSTANCE
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: CONFIG_OVERRIDES_FILE
+ value: /tmp/geneva_mdm/mdmconfig.json
+ - name: MDM_INPUT
+ value: influxdb_udp
+ - name: MDM_LOG_LEVEL
+ value: "Info"
+ - name: MDM_ACCOUNT
+ value: {{ .Values.geneva.mdm.account | quote }}
+ - name: ME_AZURE_ENV
+ value: {{ .Values.geneva.config.azureEnvironment | quote }}
+ resources:
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - name: mdm-config
+ mountPath: /tmp/geneva_mdm
volumes:
- name: provider-token
emptyDir: { }
@@ -138,6 +248,27 @@ spec:
secret:
secretName: azure-proxy-cert
{{- end }}
+ - name: mdsd-run-vol
+ emptyDir: {}
+ - name: mdsd-logs-vol
+ emptyDir: {}
+ - name: fluentd-conf-vol
+ configMap:
+ name: fluentd-config
+ - name: fluentd-buffer-vol
+ emptyDir: {}
+ - name: docker-log-vol
+ hostPath:
+ path: /var/lib/docker/containers
+ - name: var-log-vol
+ hostPath:
+ path: /var/log
+ - name: run-journal-vol
+ hostPath:
+ path: /run/log/journal
+ - name: mdm-config
+ configMap:
+ name: mdm-config
---
apiVersion: apps/v1
kind: Deployment
@@ -255,14 +386,145 @@ spec:
subPath: azure-proxy-cert.crt
readOnly: true
{{- end }}
+ - name: mdsd
+ image: "{{ .Values.geneva.mdsd.repository }}:{{ .Values.geneva.mdsd.tag }}"
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: ENABLE_GIG_BRIDGE_MODE
+ value: {{ .Values.geneva.config.enableGigBridgeMode | quote }}
+ - name: MONITORING_GCS_ENVIRONMENT
+ value: {{ .Values.geneva.gcs.environment | quote }}
+ - name: MONITORING_GCS_ACCOUNT
+ value: {{ .Values.geneva.gcs.account | quote }}
+ - name: MONITORING_GCS_REGION
+ value: {{ .Values.geneva.gcs.region | quote }}
+ - name: MONITORING_GCS_NAMESPACE
+ value: {{ .Values.geneva.gcs.namespace | quote }}
+ - name: MONITORING_CONFIG_VERSION
+ value: {{ .Values.geneva.gcs.configVersion | quote }}
+ - name: MONITORING_GCS_AUTH_ID_TYPE
+ value: {{ .Values.geneva.gcs.authIdType | quote }}
+ - name: MONITORING_TENANT
+ value: {{ .Values.geneva.config.tenant | quote }}
+ - name: MONITORING_ROLE
+ value: {{ .Values.geneva.config.role | quote }}
+ - name: MONITORING_ROLE_INSTANCE
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: DOCKER_LOGGING
+ value: {{ .Values.geneva.debugging.dockerLogging | quote }}
+ - name: SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH
+ value: "true"
+ resources:
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - name: mdsd-run-vol
+ mountPath: /var/run/mdsd
+ - name: mdsd-logs-vol
+ mountPath: /geneva/geneva_logs
+ - name: fluentd
+ image: "{{ .Values.geneva.fluentd.repository }}:{{ .Values.geneva.fluentd.tag }}"
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: FLUENTD_CONF
+ value: /etc/fluentd/fluentd.conf
+ resources:
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - name: fluentd-conf-vol
+ mountPath: /etc/fluentd
+ - name: fluentd-buffer-vol
+ mountPath: /var/log/td-agent
+ - name: mdsd-run-vol
+ mountPath: /var/run/mdsd
+ - name: docker-log-vol
+ mountPath: /var/lib/docker/containers
+ readOnly: true
+ - name: var-log-vol
+ mountPath: /var/log
+ - name: run-journal-vol
+ mountPath: /run/log/journal
+ readOnly: true
+ - name: mdm
+ image: "{{ .Values.geneva.mdm.repository }}:{{ .Values.geneva.mdm.tag }}"
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: ROLEINSTANCE
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: CONFIG_OVERRIDES_FILE
+ value: /tmp/geneva_mdm/mdmconfig.json
+ - name: MDM_INPUT
+ value: influxdb_udp
+ - name: MDM_LOG_LEVEL
+ value: "Info"
+ - name: MDM_ACCOUNT
+ value: {{ .Values.geneva.mdm.account | quote }}
+ - name: ME_AZURE_ENV
+ value: {{ .Values.geneva.config.azureEnvironment | quote }}
+ resources:
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - name: mdm-config
+ mountPath: /tmp/geneva_mdm
volumes:
- name: provider-token
- emptyDir: { }
+ emptyDir: {}
{{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }}
- name: azure-proxy-cert-store
secret:
secretName: azure-proxy-cert
{{- end }}
+ - name: mdsd-run-vol
+ emptyDir: {}
+ - name: mdsd-logs-vol
+ emptyDir: {}
+ - name: fluentd-conf-vol
+ configMap:
+ name: fluentd-config
+ - name: fluentd-buffer-vol
+ emptyDir: {}
+ - name: docker-log-vol
+ hostPath:
+ path: /var/lib/docker/containers
+ - name: var-log-vol
+ hostPath:
+ path: /var/log
+ - name: run-journal-vol
+ hostPath:
+ path: /run/log/journal
+ - name: mdm-config
+ configMap:
+ name: mdm-config
---
apiVersion: apps/v1
kind: Deployment
@@ -381,11 +643,142 @@ spec:
subPath: azure-proxy-cert.crt
readOnly: true
{{- end }}
+ - name: mdsd
+ image: "{{ .Values.geneva.mdsd.repository }}:{{ .Values.geneva.mdsd.tag }}"
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: ENABLE_GIG_BRIDGE_MODE
+ value: {{ .Values.geneva.config.enableGigBridgeMode | quote }}
+ - name: MONITORING_GCS_ENVIRONMENT
+ value: {{ .Values.geneva.gcs.environment | quote }}
+ - name: MONITORING_GCS_ACCOUNT
+ value: {{ .Values.geneva.gcs.account | quote }}
+ - name: MONITORING_GCS_REGION
+ value: {{ .Values.geneva.gcs.region | quote }}
+ - name: MONITORING_GCS_NAMESPACE
+ value: {{ .Values.geneva.gcs.namespace | quote }}
+ - name: MONITORING_CONFIG_VERSION
+ value: {{ .Values.geneva.gcs.configVersion | quote }}
+ - name: MONITORING_GCS_AUTH_ID_TYPE
+ value: {{ .Values.geneva.gcs.authIdType | quote }}
+ - name: MONITORING_TENANT
+ value: {{ .Values.geneva.config.tenant | quote }}
+ - name: MONITORING_ROLE
+ value: {{ .Values.geneva.config.role | quote }}
+ - name: MONITORING_ROLE_INSTANCE
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: DOCKER_LOGGING
+ value: {{ .Values.geneva.debugging.dockerLogging | quote }}
+ - name: SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH
+ value: "true"
+ resources:
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - name: mdsd-run-vol
+ mountPath: /var/run/mdsd
+ - name: mdsd-logs-vol
+ mountPath: /geneva/geneva_logs
+ - name: fluentd
+ image: "{{ .Values.geneva.fluentd.repository }}:{{ .Values.geneva.fluentd.tag }}"
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: FLUENTD_CONF
+ value: /etc/fluentd/fluentd.conf
+ resources:
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - name: fluentd-conf-vol
+ mountPath: /etc/fluentd
+ - name: fluentd-buffer-vol
+ mountPath: /var/log/td-agent
+ - name: mdsd-run-vol
+ mountPath: /var/run/mdsd
+ - name: docker-log-vol
+ mountPath: /var/lib/docker/containers
+ readOnly: true
+ - name: var-log-vol
+ mountPath: /var/log
+ - name: run-journal-vol
+ mountPath: /run/log/journal
+ readOnly: true
+ - name: mdm
+ image: "{{ .Values.geneva.mdm.repository }}:{{ .Values.geneva.mdm.tag }}"
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: ROLEINSTANCE
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: CONFIG_OVERRIDES_FILE
+ value: /tmp/geneva_mdm/mdmconfig.json
+ - name: MDM_INPUT
+ value: influxdb_udp
+ - name: MDM_LOG_LEVEL
+ value: "Info"
+ - name: MDM_ACCOUNT
+ value: {{ .Values.geneva.mdm.account | quote }}
+ - name: ME_AZURE_ENV
+ value: {{ .Values.geneva.config.azureEnvironment | quote }}
+ resources:
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - name: mdm-config
+ mountPath: /tmp/geneva_mdm
volumes:
- name: provider-token
- emptyDir: { }
+ emptyDir: {}
{{- if and .Values.Azure.proxySettings.isProxyEnabled .Values.Azure.proxySettings.proxyCert }}
- name: azure-proxy-cert-store
secret:
secretName: azure-proxy-cert
{{- end }}
+ - name: mdsd-run-vol
+ emptyDir: {}
+ - name: mdsd-logs-vol
+ emptyDir: {}
+ - name: fluentd-conf-vol
+ configMap:
+ name: fluentd-config
+ - name: fluentd-buffer-vol
+ emptyDir: {}
+ - name: docker-log-vol
+ hostPath:
+ path: /var/lib/docker/containers
+ - name: var-log-vol
+ hostPath:
+ path: /var/log
+ - name: run-journal-vol
+ hostPath:
+ path: /run/log/journal
+ - name: mdm-config
+ configMap:
+ name: mdm-config
diff --git a/charts/member-agent-arc/values.yaml b/charts/member-agent-arc/values.yaml
index 003da94f5..803437aab 100644
--- a/charts/member-agent-arc/values.yaml
+++ b/charts/member-agent-arc/values.yaml
@@ -34,6 +34,32 @@ enableV1Beta1APIs: true
enableTrafficManagerFeature: false
enableNetworkingFeatures: false
+geneva:
+ mdsd:
+ repository: linuxgeneva-microsoft.azurecr.io/genevamdsd
+ tag: "${GENEVA_MDSD_IMAGE_VERSION}"
+ fluentd:
+ repository: linuxgeneva-microsoft.azurecr.io/genevafluentd_td-agent
+ tag: "${GENEVA_FLUENTD_IMAGE_VERSION}"
+ mdm:
+ repository: linuxgeneva-microsoft.azurecr.io/genevamdm
+ tag: "${GENEVA_MDM_IMAGE_VERSION}"
+ account: ""
+ gcs:
+ environment: ""
+ account: ""
+ region: ""
+ namespace: ""
+ configVersion: ""
+ authIdType: "AuthMSIToken"
+ config:
+ tenant: ""
+ role: ""
+ azureEnvironment: ""
+ enableGigBridgeMode: "1"
+ debugging:
+ dockerLogging: "false"
+
Azure:
proxySettings:
isProxyEnabled: "false"