Skip to content

feat: add adx-mon Helm chart#1108

Open
tpdownes wants to merge 1 commit into
Azure:mainfrom
tpdownes:feat/helm-chart
Open

feat: add adx-mon Helm chart#1108
tpdownes wants to merge 1 commit into
Azure:mainfrom
tpdownes:feat/helm-chart

Conversation

@tpdownes

@tpdownes tpdownes commented Apr 7, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a Helm chart for deploying adx-mon components under charts/adx-mon/. Chart version 0.2.0-alpha, appVersion 0.2.0.

Chart contents

Templates: collector (DaemonSet + singleton Deployment + ConfigMaps), ingestor (StatefulSet + Service), alerter, operator

CRDs: adxclusters, alerters, alertrules, collectors, functions, ingestors, managementcommands, metricsexporters, summaryrules — each annotated with helm.sh/resource-policy: keep so helm uninstall leaves them (and existing CRs) intact.

ADX database routing

A single adx.databases list drives Kusto endpoint routing across ingestor, alerter, and the ADXCluster CR. Each entry has name, telemetryType (Logs or Metrics), and optional retentionInDays (default 30).

adx:
  name: my-adx-cluster
  url: https://my-adx-cluster.eastus.kusto.windows.net
  databases:
    - name: Logs
      telemetryType: Logs
      retentionInDays: 30
    - name: Metrics
      telemetryType: Metrics
      retentionInDays: 30

Required values

All of the following must be provided at install time — missing values produce a clear required-message error at render time. required runs before trim (via | default "" | trim) so null defaults don’t blow up inside trim.

Key Description
aks_cluster_name Name of the AKS cluster
region Azure region (e.g. eastus)
environment Environment tag (e.g. prod)
adx.name ADX cluster name
adx.url ADX cluster endpoint URL
adx_hub_url ADX hub/federation cluster endpoint URL
ingestor.client_id Workload Identity client ID; must have Database Admin on each ADX database
alerter.auth_msi_id Managed identity ID for the alerter (when alerter.enabled=true)
alerter.alerter_address Notifier URL the alerter forwards alerts to (when alerter.enabled=true)
operator.client_id Workload Identity client ID for the operator (when operator.enabled=true)

Configurability

Knobs surfaced through values.yaml:

  • Container imagesimage_registry (default ghcr.io/azure/adx-mon) plus per-component image.{repository,tag,pullPolicy}, resolved by a shared adx-mon.image template helper.
  • Log destinations — per-component log_destination (e.g. Logs:Collector) drives the adx-mon/log-destination pod annotation.
  • Resources — per-component resources blocks, plus collector.singleton_resources for the singleton Deployment.
  • Collector configcollector.config.{max_connections, max_batch_size, wal_flush_interval_ms, metrics_database, logs_database}.
  • TLS skipcollector.insecure_skip_verify and ingestor.insecure_skip_verify (default true today; can be flipped per env).
  • Alerter targetalerter.alerter_address replaces the previously hard-coded icmnotifier URL.

Namespace portability

  • collector.ingestor_endpoint defaults to https://ingestor.<release-namespace>.svc.cluster.local.
  • Collector self-scrape static-scrape-target uses .Release.Namespace instead of a hard-coded adx-mon.
  • Ingestor StatefulSet.spec.serviceName is ingestor (matches the headless Service).
  • Singleton collector WAL is rooted at /mnt/data/singleton to avoid colliding with the DaemonSet collector if they share storage.

Notes

  • Namespace creation is delegated to helm install --create-namespace.
  • ADXCluster federation managedIdentityClientId defaults to "" (uses DefaultAzureCredential); see Make federatedTargets.managedIdentityClientId optional #1073 for workload identity support.
  • CRDs are kept on uninstall. Delete them manually with kubectl delete crd ... for a full cleanup; the README has the full command.
  • README under charts/adx-mon/README.md documents required/optional values, image/log/resource/config knobs, and CRD retention behavior.

@tpdownes tpdownes force-pushed the feat/helm-chart branch 2 times, most recently from 632e014 to 326419d Compare April 7, 2026 05:08
@tpdownes tpdownes force-pushed the feat/helm-chart branch 6 times, most recently from bb97c8b to 60c6b18 Compare June 9, 2026 18:28
@tpdownes tpdownes marked this pull request as ready for review June 9, 2026 18:29
@matucker-msft matucker-msft requested a review from Copilot June 9, 2026 18:30

@matucker-msft matucker-msft left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick read through, but a lot of things need to be configurable via helm values.

Comment thread charts/adx-mon/templates/alerter.yaml Outdated
adx-mon/scrape: "true"
adx-mon/port: "8080"
adx-mon/path: "/metrics"
adx-mon/log-destination: "Logs:Alerter"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets make log-destination configurable as a helm value.

Comment thread charts/adx-mon/templates/alerter.yaml Outdated
command:
- /alerter
args:
- "--alerter-address=http://icmnotifier.adx-mon.svc.cluster.local:8080"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alerter-address needs to be configurable via helm value and should not default to icmnotifier as that is not apart of the oss repo

listen-addr = ':8080'

# Maximum number of connections to accept.
max-connections = 100

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets make a lot more of this config be configurable with helm values. things like max-connections/max-batch-size/wal-flush-internval-ms/database, static scrape targets, etc.

Comment thread charts/adx-mon/templates/collector.yaml Outdated
adx-mon/scrape: "true"
adx-mon/port: "9091"
adx-mon/path: "/metrics"
adx-mon/log-destination: "Logs:Collector"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

log-destination should be a helm value.

Comment thread charts/adx-mon/templates/collector.yaml Outdated
readOnly: true
resources:
requests:
cpu: 50m

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cpu requests/limits should be configurable with helm value.

Comment thread charts/adx-mon/templates/collector.yaml Outdated
adx-mon/scrape: "true"
adx-mon/port: "9091"
adx-mon/path: "/metrics"
adx-mon/log-destination: "Logs:Collector"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

log-destination should be configurable with helm value

Comment thread charts/adx-mon/templates/collector.yaml Outdated
readOnly: true
resources:
requests:
cpu: 50m

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

requests and limits as helm value.

Comment thread charts/adx-mon/templates/ingestor.yaml Outdated
adx-mon/scrape: "true"
adx-mon/port: "9091"
adx-mon/path: "/metrics"
adx-mon/log-destination: "Logs:Ingestor"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

log-destination as helm value.

Comment thread charts/adx-mon/templates/operator.yaml Outdated
metadata:
annotations:
adx-mon/scrape: "true"
adx-mon/log-destination: "Logs:Operator"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

log-destination as helm value

Comment thread charts/adx-mon/templates/alerter.yaml Outdated
{{- end }}
containers:
- name: alerter
image: ghcr.io/azure/adx-mon/alerter:latest

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image should be configurable via helm value, across all templates.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a new Helm chart (charts/adx-mon/) to deploy ADX-Mon components (collector, ingestor, alerter, operator) plus CRDs, providing a Helm-based installation path alongside existing kustomize/manifests-based deployment.

Changes:

  • Added a new Helm chart with templates for collector (DaemonSet + singleton Deployment), ingestor (StatefulSet), alerter (Deployment), and operator (Deployment + RBAC + an ADXCluster CR).
  • Added Helm-packaged CRDs under charts/adx-mon/templates/crds/.
  • Added chart documentation (README.md) and default configuration (values.yaml).

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 27 comments.

Show a summary per file
File Description
charts/adx-mon/Chart.yaml New Helm chart metadata (name/type/version/appVersion).
charts/adx-mon/values.yaml Default chart values for cluster/env labels, ADX config, and component toggles.
charts/adx-mon/README.md Installation/configuration documentation and declared CRD set.
charts/adx-mon/templates/operator.yaml Operator SA/RBAC/Deployment plus an ADXCluster custom resource.
charts/adx-mon/templates/ingestor.yaml Ingestor SA/RBAC/Service/StatefulSet deployment template.
charts/adx-mon/templates/alerter.yaml Alerter SA/RBAC/Service/Deployment template.
charts/adx-mon/templates/collector.yaml Collector SA/RBAC plus DaemonSet and singleton Deployment templates.
charts/adx-mon/templates/collector-config.yaml Collector and singleton collector ConfigMaps (TOML configuration).
charts/adx-mon/templates/crds/*.yaml CRD manifests included in the chart (multiple kinds).

Comment thread charts/adx-mon/templates/operator.yaml
Comment thread charts/adx-mon/templates/operator.yaml Outdated
Comment thread charts/adx-mon/templates/operator.yaml Outdated
Comment thread charts/adx-mon/templates/operator.yaml Outdated
Comment thread charts/adx-mon/templates/operator.yaml
Comment thread charts/adx-mon/templates/crds/summaryrules_crd.yaml
Comment thread charts/adx-mon/templates/crds/alertrules_crd.yaml
Comment thread charts/adx-mon/templates/ingestor.yaml
Comment thread charts/adx-mon/templates/collector-config.yaml Outdated
Comment thread charts/adx-mon/README.md
@tpdownes tpdownes force-pushed the feat/helm-chart branch 4 times, most recently from 6a72a97 to 052f0ad Compare June 9, 2026 19:19
Adds a Helm chart for deploying adx-mon components under
charts/adx-mon/. Chart version 0.2.0-alpha, appVersion 0.2.0.

Components & CRDs
- Templates: collector (DaemonSet + singleton Deployment + ConfigMaps),
  ingestor (StatefulSet + Service), alerter (Deployment), operator
- CRDs: adxclusters, alerters, alertrules, collectors, functions,
  ingestors, managementcommands, metricsexporters, summaryrules
- All CRDs carry helm.sh/resource-policy: keep so `helm uninstall`
  leaves them (and existing CRs) intact

ADX database routing
- Single adx.databases list drives Kusto endpoint routing across
  ingestor, alerter, and the ADXCluster CR
- Each entry has name, telemetryType (Logs|Metrics), and optional
  retentionInDays (default 30)

Required values (fail fast at render time)
- aks_cluster_name, region, environment
- adx.name, adx.url, adx_hub_url
- ingestor.client_id (must have Database Admin on ADX databases)
- alerter.auth_msi_id and alerter.alerter_address when alerter.enabled
- operator.client_id when operator.enabled
- `required` is run before `trim` (via `| default "" | trim`) so null
  defaults produce a friendly message instead of a trim error

Configurability surfaced to values
- image_registry plus per-component image.{repository,tag,pullPolicy}
  resolved by a shared adx-mon.image template helper
- log_destination per component (collector, ingestor, alerter,
  operator) for adx-mon/log-destination annotations
- resources per component, plus collector.singleton_resources for the
  singleton Deployment
- collector.config: max_connections, max_batch_size,
  wal_flush_interval_ms, metrics_database, logs_database
- collector.insecure_skip_verify and ingestor.insecure_skip_verify
  (default true today; configurable for future TLS rollout)
- alerter.alerter_address (replaces hard-coded icmnotifier URL)

Namespace portability
- collector.ingestor_endpoint defaults to
  https://ingestor.<.Release.Namespace>.svc.cluster.local
- Collector self-scrape static target uses .Release.Namespace
- ingestor StatefulSet serviceName fixed to "ingestor" (matches the
  headless Service)
- Singleton collector WAL storage-dir set to /mnt/data/singleton

Notes
- Namespace creation delegated to `helm install --create-namespace`
- ADXCluster federation managedIdentityClientId defaults to ""
  (DefaultAzureCredential); see Azure#1073 for workload identity support
- README documents required/optional values, image/log/resource/config
  knobs, and CRD retention behavior on uninstall
@tpdownes tpdownes requested a review from matucker-msft June 9, 2026 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants