feat: add adx-mon Helm chart#1108
Conversation
632e014 to
326419d
Compare
326419d to
7de9704
Compare
bb97c8b to
60c6b18
Compare
matucker-msft
left a comment
There was a problem hiding this comment.
Quick read through, but a lot of things need to be configurable via helm values.
| adx-mon/scrape: "true" | ||
| adx-mon/port: "8080" | ||
| adx-mon/path: "/metrics" | ||
| adx-mon/log-destination: "Logs:Alerter" |
There was a problem hiding this comment.
Lets make log-destination configurable as a helm value.
| command: | ||
| - /alerter | ||
| args: | ||
| - "--alerter-address=http://icmnotifier.adx-mon.svc.cluster.local:8080" |
There was a problem hiding this comment.
alerter-address needs to be configurable via helm value and should not default to icmnotifier as that is not apart of the oss repo
| listen-addr = ':8080' | ||
|
|
||
| # Maximum number of connections to accept. | ||
| max-connections = 100 |
There was a problem hiding this comment.
lets make a lot more of this config be configurable with helm values. things like max-connections/max-batch-size/wal-flush-internval-ms/database, static scrape targets, etc.
| adx-mon/scrape: "true" | ||
| adx-mon/port: "9091" | ||
| adx-mon/path: "/metrics" | ||
| adx-mon/log-destination: "Logs:Collector" |
There was a problem hiding this comment.
log-destination should be a helm value.
| readOnly: true | ||
| resources: | ||
| requests: | ||
| cpu: 50m |
There was a problem hiding this comment.
cpu requests/limits should be configurable with helm value.
| adx-mon/scrape: "true" | ||
| adx-mon/port: "9091" | ||
| adx-mon/path: "/metrics" | ||
| adx-mon/log-destination: "Logs:Collector" |
There was a problem hiding this comment.
log-destination should be configurable with helm value
| readOnly: true | ||
| resources: | ||
| requests: | ||
| cpu: 50m |
There was a problem hiding this comment.
requests and limits as helm value.
| adx-mon/scrape: "true" | ||
| adx-mon/port: "9091" | ||
| adx-mon/path: "/metrics" | ||
| adx-mon/log-destination: "Logs:Ingestor" |
There was a problem hiding this comment.
log-destination as helm value.
| metadata: | ||
| annotations: | ||
| adx-mon/scrape: "true" | ||
| adx-mon/log-destination: "Logs:Operator" |
There was a problem hiding this comment.
log-destination as helm value
| {{- end }} | ||
| containers: | ||
| - name: alerter | ||
| image: ghcr.io/azure/adx-mon/alerter:latest |
There was a problem hiding this comment.
image should be configurable via helm value, across all templates.
There was a problem hiding this comment.
Pull request overview
This PR introduces a new Helm chart (charts/adx-mon/) to deploy ADX-Mon components (collector, ingestor, alerter, operator) plus CRDs, providing a Helm-based installation path alongside existing kustomize/manifests-based deployment.
Changes:
- Added a new Helm chart with templates for collector (DaemonSet + singleton Deployment), ingestor (StatefulSet), alerter (Deployment), and operator (Deployment + RBAC + an ADXCluster CR).
- Added Helm-packaged CRDs under
charts/adx-mon/templates/crds/. - Added chart documentation (
README.md) and default configuration (values.yaml).
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 27 comments.
Show a summary per file
| File | Description |
|---|---|
| charts/adx-mon/Chart.yaml | New Helm chart metadata (name/type/version/appVersion). |
| charts/adx-mon/values.yaml | Default chart values for cluster/env labels, ADX config, and component toggles. |
| charts/adx-mon/README.md | Installation/configuration documentation and declared CRD set. |
| charts/adx-mon/templates/operator.yaml | Operator SA/RBAC/Deployment plus an ADXCluster custom resource. |
| charts/adx-mon/templates/ingestor.yaml | Ingestor SA/RBAC/Service/StatefulSet deployment template. |
| charts/adx-mon/templates/alerter.yaml | Alerter SA/RBAC/Service/Deployment template. |
| charts/adx-mon/templates/collector.yaml | Collector SA/RBAC plus DaemonSet and singleton Deployment templates. |
| charts/adx-mon/templates/collector-config.yaml | Collector and singleton collector ConfigMaps (TOML configuration). |
| charts/adx-mon/templates/crds/*.yaml | CRD manifests included in the chart (multiple kinds). |
6a72a97 to
052f0ad
Compare
Adds a Helm chart for deploying adx-mon components under
charts/adx-mon/. Chart version 0.2.0-alpha, appVersion 0.2.0.
Components & CRDs
- Templates: collector (DaemonSet + singleton Deployment + ConfigMaps),
ingestor (StatefulSet + Service), alerter (Deployment), operator
- CRDs: adxclusters, alerters, alertrules, collectors, functions,
ingestors, managementcommands, metricsexporters, summaryrules
- All CRDs carry helm.sh/resource-policy: keep so `helm uninstall`
leaves them (and existing CRs) intact
ADX database routing
- Single adx.databases list drives Kusto endpoint routing across
ingestor, alerter, and the ADXCluster CR
- Each entry has name, telemetryType (Logs|Metrics), and optional
retentionInDays (default 30)
Required values (fail fast at render time)
- aks_cluster_name, region, environment
- adx.name, adx.url, adx_hub_url
- ingestor.client_id (must have Database Admin on ADX databases)
- alerter.auth_msi_id and alerter.alerter_address when alerter.enabled
- operator.client_id when operator.enabled
- `required` is run before `trim` (via `| default "" | trim`) so null
defaults produce a friendly message instead of a trim error
Configurability surfaced to values
- image_registry plus per-component image.{repository,tag,pullPolicy}
resolved by a shared adx-mon.image template helper
- log_destination per component (collector, ingestor, alerter,
operator) for adx-mon/log-destination annotations
- resources per component, plus collector.singleton_resources for the
singleton Deployment
- collector.config: max_connections, max_batch_size,
wal_flush_interval_ms, metrics_database, logs_database
- collector.insecure_skip_verify and ingestor.insecure_skip_verify
(default true today; configurable for future TLS rollout)
- alerter.alerter_address (replaces hard-coded icmnotifier URL)
Namespace portability
- collector.ingestor_endpoint defaults to
https://ingestor.<.Release.Namespace>.svc.cluster.local
- Collector self-scrape static target uses .Release.Namespace
- ingestor StatefulSet serviceName fixed to "ingestor" (matches the
headless Service)
- Singleton collector WAL storage-dir set to /mnt/data/singleton
Notes
- Namespace creation delegated to `helm install --create-namespace`
- ADXCluster federation managedIdentityClientId defaults to ""
(DefaultAzureCredential); see Azure#1073 for workload identity support
- README documents required/optional values, image/log/resource/config
knobs, and CRD retention behavior on uninstall
Summary
Adds a Helm chart for deploying adx-mon components under
charts/adx-mon/. Chart version0.2.0-alpha, appVersion0.2.0.Chart contents
Templates: collector (DaemonSet + singleton Deployment + ConfigMaps), ingestor (StatefulSet + Service), alerter, operator
CRDs:
adxclusters,alerters,alertrules,collectors,functions,ingestors,managementcommands,metricsexporters,summaryrules— each annotated withhelm.sh/resource-policy: keepsohelm uninstallleaves them (and existing CRs) intact.ADX database routing
A single
adx.databaseslist drives Kusto endpoint routing across ingestor, alerter, and theADXClusterCR. Each entry hasname,telemetryType(LogsorMetrics), and optionalretentionInDays(default30).Required values
All of the following must be provided at install time — missing values produce a clear
required-message error at render time.requiredruns beforetrim(via| default "" | trim) so null defaults don’t blow up insidetrim.aks_cluster_nameregioneastus)environmentprod)adx.nameadx.urladx_hub_urlingestor.client_idalerter.auth_msi_idalerter.enabled=true)alerter.alerter_addressalerter.enabled=true)operator.client_idoperator.enabled=true)Configurability
Knobs surfaced through
values.yaml:image_registry(defaultghcr.io/azure/adx-mon) plus per-componentimage.{repository,tag,pullPolicy}, resolved by a sharedadx-mon.imagetemplate helper.log_destination(e.g.Logs:Collector) drives theadx-mon/log-destinationpod annotation.resourcesblocks, pluscollector.singleton_resourcesfor the singleton Deployment.collector.config.{max_connections, max_batch_size, wal_flush_interval_ms, metrics_database, logs_database}.collector.insecure_skip_verifyandingestor.insecure_skip_verify(defaulttruetoday; can be flipped per env).alerter.alerter_addressreplaces the previously hard-codedicmnotifierURL.Namespace portability
collector.ingestor_endpointdefaults tohttps://ingestor.<release-namespace>.svc.cluster.local.static-scrape-targetuses.Release.Namespaceinstead of a hard-codedadx-mon.StatefulSet.spec.serviceNameisingestor(matches the headless Service)./mnt/data/singletonto avoid colliding with the DaemonSet collector if they share storage.Notes
helm install --create-namespace.ADXClusterfederationmanagedIdentityClientIddefaults to""(usesDefaultAzureCredential); see Make federatedTargets.managedIdentityClientId optional #1073 for workload identity support.kubectl delete crd ...for a full cleanup; the README has the full command.charts/adx-mon/README.mddocuments required/optional values, image/log/resource/config knobs, and CRD retention behavior.