Helm cloudwatch agent #3633
Open
Helm cloudwatch agent #3633
+34
−48
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
STAGING HELMFILE DIFF:ingress nginx 323 2025-03-04 18:16:22.997027103 +0000 UTC deployed nginx-ingress-1.1.2 3.4.2
xray-daemon xray 322 2025-03-04 18:16:22.420803309 +0000 UTC deployed aws-xray-4.0.8 3.3.12
fb-agent amazon-cloudwatch 64 2025-03-04 18:16:22.69309729 +0000 UTC deployed fluent-bit-0.48.5 3.2.4
Comparing release=notify-documentation, chart=charts/notify-documentation
Comparing release=notify-api, chart=charts/notify-api
Comparing release=notify-admin, chart=charts/notify-admin
Comparing release=notify-document-download, chart=charts/notify-document-download
Comparing release=notify-celery, chart=charts/notify-celery
Comparing release=k8s-event-logger, chart=/tmp/helmfile4090666806/amazon-cloudwatch/staging/k8s-event-logger/k8s-event-logger/1.1.8/k8s-event-logger
Comparing release=karpenter-crd, chart=/tmp/helmfile4090666806/karpenter/staging/karpenter-crd/karpenter-crd/0.36.1/karpenter-crd
Comparing release=karpenter, chart=/tmp/helmfile4090666806/karpenter/staging/karpenter/karpenter/0.36.1/karpenter
Comparing release=karpenter-nodepool, chart=charts/karpenter-nodepool
Comparing release=priority-classes, chart=deliveryhero/priority-class
Comparing release=secrets-store-csi-driver, chart=secrets-store-csi-driver/secrets-store-csi-driver
Comparing release=aws-secrets-provider, chart=aws-secrets-manager/secrets-store-csi-driver-provider-aws
Comparing release=kube-state-metrics, chart=prometheus-community/kube-state-metrics
Comparing release=blazer, chart=stakater/application
Comparing release=ingress, chart=charts/nginx-ingress
Comparing release=xray-daemon, chart=okgolove/aws-xray
Comparing release=ipv4-geolocate, chart=charts/ipv4-geolocate
Comparing release=fb-agent, chart=fluent/fluent-bit
Comparing release=cert-manager, chart=jetstack/cert-manager
Comparing release=aws-cloudwatch-agent, chart=aws-observability/amazon-cloudwatch-observability
********************
Release was not present in Helm. Diff will show entire contents as new.
********************
amazon-cloudwatch, amazon-cloudwatch-observability-agent-cert, Secret (v1) has been added:
+ # Source: amazon-cloudwatch-observability/templates/linux/cloudwatch-agent-custom-resource.yaml
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/version: 1.0.0
+ name: amazon-cloudwatch-observability-agent-cert
+ namespace: amazon-cloudwatch
+ data:
+ ca.crt: '++++++++ # (1127 bytes)'
+ tls.crt: '++++++++ # (1391 bytes)'
+ tls.key: '++++++++ # (1679 bytes)'
amazon-cloudwatch, amazon-cloudwatch-observability-agent-client-cert, Secret (v1) has been added:
+ # Source: amazon-cloudwatch-observability/templates/linux/cloudwatch-agent-custom-resource.yaml
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/version: 1.0.0
+ name: amazon-cloudwatch-observability-agent-client-cert
+ namespace: amazon-cloudwatch
+ data:
+ ca.crt: '++++++++ # (1127 bytes)'
+ tls.crt: '++++++++ # (1127 bytes)'
+ tls.key: '++++++++ # (1675 bytes)'
amazon-cloudwatch, amazon-cloudwatch-observability-agent-server-cert, Secret (v1) has been added:
+ # Source: amazon-cloudwatch-observability/templates/linux/cloudwatch-agent-custom-resource.yaml
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/version: 1.0.0
+ name: amazon-cloudwatch-observability-agent-server-cert
+ namespace: amazon-cloudwatch
+ data:
+ ca.crt: '++++++++ # (1127 bytes)'
+ tls.crt: '++++++++ # (1224 bytes)'
+ tls.key: '++++++++ # (1679 bytes)'
amazon-cloudwatch, amazon-cloudwatch-observability-controller-manager, Deployment (apps) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/operator-deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ control-plane: controller-manager
+ name: amazon-cloudwatch-observability-controller-manager
+ namespace: amazon-cloudwatch
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ control-plane: controller-manager
+
+ spec:
+ containers:
+ - image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent-operator:2.1.0
+ args:
+ - "--auto-instrumentation-config={\"dotnet\":{\"limits\":{\"cpu\":\"500m\",\"memory\":\"128Mi\"},\"requests\":{\"cpu\":\"50m\",\"memory\":\"128Mi\"},\"runtime_metrics\":{\"enabled\":\"true\"}},\"java\":{\"limits\":{\"cpu\":\"500m\",\"memory\":\"64Mi\"},\"requests\":{\"cpu\":\"50m\",\"memory\":\"64Mi\"},\"runtime_metrics\":{\"enabled\":\"true\"}},\"nodejs\":{\"limits\":{\"cpu\":\"500m\",\"memory\":\"128Mi\"},\"requests\":{\"cpu\":\"50m\",\"memory\":\"128Mi\"}},\"python\":{\"limits\":{\"cpu\":\"500m\",\"memory\":\"32Mi\"},\"requests\":{\"cpu\":\"50m\",\"memory\":\"32Mi\"},\"runtime_metrics\":{\"enabled\":\"true\"}}}"
+ - "--auto-annotation-config={\"dotnet\":{\"daemonsets\":[],\"deployments\":[],\"namespaces\":[],\"statefulsets\":[]},\"java\":{\"daemonsets\":[],\"deployments\":[],\"namespaces\":[],\"statefulsets\":[]},\"nodejs\":{\"daemonsets\":[],\"deployments\":[],\"namespaces\":[],\"statefulsets\":[]},\"python\":{\"daemonsets\":[],\"deployments\":[],\"namespaces\":[],\"statefulsets\":[]}}"
+ - "--auto-instrumentation-java-image=public.ecr.aws/aws-observability/adot-autoinstrumentation-java:v1.33.0"
+ - "--auto-instrumentation-python-image=public.ecr.aws/aws-observability/adot-autoinstrumentation-python:v0.8.0"
+ - "--auto-instrumentation-dotnet-image=public.ecr.aws/aws-observability/adot-autoinstrumentation-dotnet:v1.6.0"
+ - "--auto-instrumentation-nodejs-image=public.ecr.aws/aws-observability/adot-autoinstrumentation-node:v0.5.0"
+ - "--target-allocator-image=public.ecr.aws/cloudwatch-agent/cloudwatch-agent-target-allocator:1.0.0"
+ - "--feature-gates=operator.autoinstrumentation.multi-instrumentation,operator.autoinstrumentation.multi-instrumentation.skip-container-validation"
+ command:
+ - /manager
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ resources:
+ requests:
+ cpu: 100m
+ memory: 64Mi
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ serviceAccountName: amazon-cloudwatch-observability-controller-manager
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: amazon-cloudwatch-observability-controller-manager-service-cert
+ nodeSelector:
+ kubernetes.io/os: linux
amazon-cloudwatch, amazon-cloudwatch-observability-controller-manager, ServiceAccount (v1) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/operator-serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ name: amazon-cloudwatch-observability-controller-manager
+ namespace: amazon-cloudwatch
amazon-cloudwatch, amazon-cloudwatch-observability-controller-manager-service-cert, Secret (v1) has been added:
+ # Source: amazon-cloudwatch-observability/templates/admission-webhooks/operator-webhook.yaml
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ labels:
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/managed-by: amazon-cloudwatch-agent-operator
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/version: 1.0.0
+ name: amazon-cloudwatch-observability-controller-manager-service-cert
+ namespace: amazon-cloudwatch
+ data:
+ tls.crt: '++++++++ # (1517 bytes)'
+ tls.key: '++++++++ # (1679 bytes)'
+ type: kubernetes.io/tls
amazon-cloudwatch, amazon-cloudwatch-observability-manager-role, ClusterRole (rbac.authorization.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/operator-clusterrole.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ name: amazon-cloudwatch-observability-manager-role
+ rules:
+ - apiGroups: [ "" ]
+ resources: [ "configmaps" ]
+ verbs: [ "create", "delete", "get", "list", "patch", "update", "watch" ]
+ - apiGroups: [ "" ]
+ resources: [ "events" ]
+ verbs: [ "create", "patch" ]
+ - apiGroups: [ "" ]
+ resources: [ "namespaces" ]
+ verbs: [ "get","list","patch","update","watch" ]
+ - apiGroups: [ "" ]
+ resources: [ "serviceaccounts" ]
+ verbs: [ "create","delete","get","list","patch","update","watch" ]
+ - apiGroups: [ "" ]
+ resources: [ "services" ]
+ verbs: [ "create","delete","get","list","patch","update","watch" ]
+ - apiGroups: [ "apps" ]
+ resources: [ "daemonsets" ]
+ verbs: [ "create","delete","get","list","patch","update","watch" ]
+ - apiGroups: [ "apps" ]
+ resources: [ "deployments" ]
+ verbs: [ "create","delete","get","list","patch","update","watch" ]
+ - apiGroups: [ "apps" ]
+ resources: [ "statefulsets" ]
+ verbs: [ "create","delete","get","list","patch","update","watch" ]
+ - apiGroups: [ "apps" ]
+ resources: [ "replicasets" ]
+ verbs: [ "get","list","watch" ]
+ - apiGroups: [ "cloudwatch.aws.amazon.com" ]
+ resources: [ "amazoncloudwatchagents", "dcgmexporters", "neuronmonitors" ]
+ verbs: [ "get","list","patch","update","watch" ]
+ - apiGroups: [ "cloudwatch.aws.amazon.com" ]
+ resources: [ "amazoncloudwatchagents/finalizers", "dcgmexporters/finalizers", "neuronmonitors/finalizers" ]
+ verbs: [ "get","patch","update" ]
+ - apiGroups: [ "cloudwatch.aws.amazon.com" ]
+ resources: [ "amazoncloudwatchagents/status", "dcgmexporters/status", "neuronmonitors/status" ]
+ verbs: [ "get","patch","update" ]
+ - apiGroups: [ "cloudwatch.aws.amazon.com" ]
+ resources: [ "instrumentations" ]
+ verbs: [ "get","list","patch","update","watch" ]
+ - apiGroups: [ "coordination.k8s.io" ]
+ resources: [ "leases" ]
+ verbs: [ "create","get","list","update" ]
+ - apiGroups: [ "networking.k8s.io" ]
+ resources: [ "ingresses" ]
+ verbs: [ "create","delete","get","list","patch","update","watch" ]
+ - apiGroups: [ "route.openshift.io" ]
+ resources: [ "routes", "routes/custom-host" ]
+ verbs: [ "create","delete","get","list","patch","update","watch" ]
+ - apiGroups: [ "policy" ]
+ resources: [ "poddisruptionbudgets" ]
+ verbs: [ "create","delete","get","list","patch","update","watch" ]
amazon-cloudwatch, amazon-cloudwatch-observability-manager-rolebinding, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/operator-clusterrolebinding.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ name: amazon-cloudwatch-observability-manager-rolebinding
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: amazon-cloudwatch-observability-manager-role
+ subjects:
+ - kind: ServiceAccount
+ name: amazon-cloudwatch-observability-controller-manager
+ namespace: amazon-cloudwatch
amazon-cloudwatch, amazon-cloudwatch-observability-mutating-webhook-configuration, MutatingWebhookConfiguration (admissionregistration.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/admission-webhooks/operator-webhook.yaml
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: MutatingWebhookConfiguration
+ metadata:
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ name: amazon-cloudwatch-observability-mutating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ path: /mutate-cloudwatch-aws-amazon-com-v1alpha1-instrumentation
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSVENDQWkyZ0F3SUJBZ0lRYTZVWlVJbS9GVmt0R2g5eUM3YTl4akFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVNzd0tRWURWUVFERXlKaGJXRjZiMjR0WTJ4dmRXUjNZWFJqYUMxdlluTmxjblpoWW1sc2FYUjVMV05oTUI0WApEVEkxTURNd05ERTVOVFEwTUZvWERUTTFNRE13TWpFNU5UUTBNRm93TFRFck1Da0dBMVVFQXhNaVlXMWhlbTl1CkxXTnNiM1ZrZDJGMFkyZ3RiMkp6WlhKMllXSnBiR2wwZVMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMTWVtZmxRN0ZXM0hmV0hsZlQvMVFmSkFMRjJ4ejFqRWxhUWJHTjFhSlVPemI0NAp5R0xlWllZWVJhdWFHb1FjRTh5Y0k0Z1h3UWlrbUcvb2lJT3NhbU56NjJnU3NSREkzT3k3SVRMdVFnWFF1SjFkCmlmU0RUY3NWaGRtSnJMMnh1bVNzeXFyTVAvTGVmYUNyVzBLcU5qMVBDaVo5cWVwOTJWSUVMTXBuNm42a08yWjMKZDNLblhySEZYOGVTWTRPUnlWYmZhRGwvaUlLb1BZWld5TUdzUS9ld0hBejI3VmNsV1hGMHJYY2NYSTJWQkFjRQpzNXo1YThXSWROV2RQc25FNnNSWDczS2J4ZWE2SHhuNlg2aGlOWmc2d2xUQWVZcjhGaTJ1cCtOdlRQZGlPMFVlCk9xRmEreXRoc0dKZWc0akFzMVJYc1VOc1hDam9wM1dKWHgzamJzY0NBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC8KQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RQpCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEJzQXd4RmdJTzd3dGRySS9ERnFTSlFVQ2hRVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQWcrTWpIRXk3VlpodEpSQzdIenV0Z1p2MGxrc21Hcmo5S2pTUU5uU200azJnVDM1UlRnVUsKZWxZd0hzVUNFdDJ4Slo1MHRXdVFTU0hmMlBEZzgzemVQVlFpMkRMTjFBS0p1TDVoNnN3dTBHSGVTSWRhejJELwplNHgrSytLemRWTUNtcEJwenZhSlliakMzZ0FEemw3c2RJZ3gwcmVja2ZYK3oxNm13OWtSZitiZnljbXhySm1FCk85aXo1RFBzYk92a0JYRGNQMjVVWS9HcVAvN0MwN2hSd09ReVNBN25rcmNPRDFQV0xtWU9OS2ZnZHE3b2RjbXIKbWxvU1NlY3l1Q2MyeW5HYlhIaDFYSC9kQ3YveHRkaXIya2tDVko0QkRBTndsUDlURTFLZzlSQm9WY2plTnQwNgpHS09Bb3pKeG54R0EvOWYvb05YVDVMMHVYNGpYYjFJaFBRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ failurePolicy: Ignore
+ name: minstrumentation.kb.io
+ rules:
+ - apiGroups:
+ - cloudwatch.aws.amazon.com
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - instrumentations
+ sideEffects: None
+ timeoutSeconds: 10
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ path: /mutate-cloudwatch-aws-amazon-com-v1alpha1-amazoncloudwatchagent
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSVENDQWkyZ0F3SUJBZ0lRYTZVWlVJbS9GVmt0R2g5eUM3YTl4akFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVNzd0tRWURWUVFERXlKaGJXRjZiMjR0WTJ4dmRXUjNZWFJqYUMxdlluTmxjblpoWW1sc2FYUjVMV05oTUI0WApEVEkxTURNd05ERTVOVFEwTUZvWERUTTFNRE13TWpFNU5UUTBNRm93TFRFck1Da0dBMVVFQXhNaVlXMWhlbTl1CkxXTnNiM1ZrZDJGMFkyZ3RiMkp6WlhKMllXSnBiR2wwZVMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMTWVtZmxRN0ZXM0hmV0hsZlQvMVFmSkFMRjJ4ejFqRWxhUWJHTjFhSlVPemI0NAp5R0xlWllZWVJhdWFHb1FjRTh5Y0k0Z1h3UWlrbUcvb2lJT3NhbU56NjJnU3NSREkzT3k3SVRMdVFnWFF1SjFkCmlmU0RUY3NWaGRtSnJMMnh1bVNzeXFyTVAvTGVmYUNyVzBLcU5qMVBDaVo5cWVwOTJWSUVMTXBuNm42a08yWjMKZDNLblhySEZYOGVTWTRPUnlWYmZhRGwvaUlLb1BZWld5TUdzUS9ld0hBejI3VmNsV1hGMHJYY2NYSTJWQkFjRQpzNXo1YThXSWROV2RQc25FNnNSWDczS2J4ZWE2SHhuNlg2aGlOWmc2d2xUQWVZcjhGaTJ1cCtOdlRQZGlPMFVlCk9xRmEreXRoc0dKZWc0akFzMVJYc1VOc1hDam9wM1dKWHgzamJzY0NBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC8KQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RQpCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEJzQXd4RmdJTzd3dGRySS9ERnFTSlFVQ2hRVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQWcrTWpIRXk3VlpodEpSQzdIenV0Z1p2MGxrc21Hcmo5S2pTUU5uU200azJnVDM1UlRnVUsKZWxZd0hzVUNFdDJ4Slo1MHRXdVFTU0hmMlBEZzgzemVQVlFpMkRMTjFBS0p1TDVoNnN3dTBHSGVTSWRhejJELwplNHgrSytLemRWTUNtcEJwenZhSlliakMzZ0FEemw3c2RJZ3gwcmVja2ZYK3oxNm13OWtSZitiZnljbXhySm1FCk85aXo1RFBzYk92a0JYRGNQMjVVWS9HcVAvN0MwN2hSd09ReVNBN25rcmNPRDFQV0xtWU9OS2ZnZHE3b2RjbXIKbWxvU1NlY3l1Q2MyeW5HYlhIaDFYSC9kQ3YveHRkaXIya2tDVko0QkRBTndsUDlURTFLZzlSQm9WY2plTnQwNgpHS09Bb3pKeG54R0EvOWYvb05YVDVMMHVYNGpYYjFJaFBRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ failurePolicy: Ignore
+ name: mamazoncloudwatchagent.kb.io
+ rules:
+ - apiGroups:
+ - cloudwatch.aws.amazon.com
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - amazoncloudwatchagents
+ sideEffects: None
+ timeoutSeconds: 10
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ path: /mutate-v1-pod
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSVENDQWkyZ0F3SUJBZ0lRYTZVWlVJbS9GVmt0R2g5eUM3YTl4akFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVNzd0tRWURWUVFERXlKaGJXRjZiMjR0WTJ4dmRXUjNZWFJqYUMxdlluTmxjblpoWW1sc2FYUjVMV05oTUI0WApEVEkxTURNd05ERTVOVFEwTUZvWERUTTFNRE13TWpFNU5UUTBNRm93TFRFck1Da0dBMVVFQXhNaVlXMWhlbTl1CkxXTnNiM1ZrZDJGMFkyZ3RiMkp6WlhKMllXSnBiR2wwZVMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMTWVtZmxRN0ZXM0hmV0hsZlQvMVFmSkFMRjJ4ejFqRWxhUWJHTjFhSlVPemI0NAp5R0xlWllZWVJhdWFHb1FjRTh5Y0k0Z1h3UWlrbUcvb2lJT3NhbU56NjJnU3NSREkzT3k3SVRMdVFnWFF1SjFkCmlmU0RUY3NWaGRtSnJMMnh1bVNzeXFyTVAvTGVmYUNyVzBLcU5qMVBDaVo5cWVwOTJWSUVMTXBuNm42a08yWjMKZDNLblhySEZYOGVTWTRPUnlWYmZhRGwvaUlLb1BZWld5TUdzUS9ld0hBejI3VmNsV1hGMHJYY2NYSTJWQkFjRQpzNXo1YThXSWROV2RQc25FNnNSWDczS2J4ZWE2SHhuNlg2aGlOWmc2d2xUQWVZcjhGaTJ1cCtOdlRQZGlPMFVlCk9xRmEreXRoc0dKZWc0akFzMVJYc1VOc1hDam9wM1dKWHgzamJzY0NBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC8KQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RQpCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEJzQXd4RmdJTzd3dGRySS9ERnFTSlFVQ2hRVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQWcrTWpIRXk3VlpodEpSQzdIenV0Z1p2MGxrc21Hcmo5S2pTUU5uU200azJnVDM1UlRnVUsKZWxZd0hzVUNFdDJ4Slo1MHRXdVFTU0hmMlBEZzgzemVQVlFpMkRMTjFBS0p1TDVoNnN3dTBHSGVTSWRhejJELwplNHgrSytLemRWTUNtcEJwenZhSlliakMzZ0FEemw3c2RJZ3gwcmVja2ZYK3oxNm13OWtSZitiZnljbXhySm1FCk85aXo1RFBzYk92a0JYRGNQMjVVWS9HcVAvN0MwN2hSd09ReVNBN25rcmNPRDFQV0xtWU9OS2ZnZHE3b2RjbXIKbWxvU1NlY3l1Q2MyeW5HYlhIaDFYSC9kQ3YveHRkaXIya2tDVko0QkRBTndsUDlURTFLZzlSQm9WY2plTnQwNgpHS09Bb3pKeG54R0EvOWYvb05YVDVMMHVYNGpYYjFJaFBRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ failurePolicy: Ignore
+ name: mpod.kb.io
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - pods
+ sideEffects: None
+ timeoutSeconds: 10
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ path: /mutate-v1-namespace
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSVENDQWkyZ0F3SUJBZ0lRYTZVWlVJbS9GVmt0R2g5eUM3YTl4akFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVNzd0tRWURWUVFERXlKaGJXRjZiMjR0WTJ4dmRXUjNZWFJqYUMxdlluTmxjblpoWW1sc2FYUjVMV05oTUI0WApEVEkxTURNd05ERTVOVFEwTUZvWERUTTFNRE13TWpFNU5UUTBNRm93TFRFck1Da0dBMVVFQXhNaVlXMWhlbTl1CkxXTnNiM1ZrZDJGMFkyZ3RiMkp6WlhKMllXSnBiR2wwZVMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMTWVtZmxRN0ZXM0hmV0hsZlQvMVFmSkFMRjJ4ejFqRWxhUWJHTjFhSlVPemI0NAp5R0xlWllZWVJhdWFHb1FjRTh5Y0k0Z1h3UWlrbUcvb2lJT3NhbU56NjJnU3NSREkzT3k3SVRMdVFnWFF1SjFkCmlmU0RUY3NWaGRtSnJMMnh1bVNzeXFyTVAvTGVmYUNyVzBLcU5qMVBDaVo5cWVwOTJWSUVMTXBuNm42a08yWjMKZDNLblhySEZYOGVTWTRPUnlWYmZhRGwvaUlLb1BZWld5TUdzUS9ld0hBejI3VmNsV1hGMHJYY2NYSTJWQkFjRQpzNXo1YThXSWROV2RQc25FNnNSWDczS2J4ZWE2SHhuNlg2aGlOWmc2d2xUQWVZcjhGaTJ1cCtOdlRQZGlPMFVlCk9xRmEreXRoc0dKZWc0akFzMVJYc1VOc1hDam9wM1dKWHgzamJzY0NBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC8KQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RQpCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEJzQXd4RmdJTzd3dGRySS9ERnFTSlFVQ2hRVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQWcrTWpIRXk3VlpodEpSQzdIenV0Z1p2MGxrc21Hcmo5S2pTUU5uU200azJnVDM1UlRnVUsKZWxZd0hzVUNFdDJ4Slo1MHRXdVFTU0hmMlBEZzgzemVQVlFpMkRMTjFBS0p1TDVoNnN3dTBHSGVTSWRhejJELwplNHgrSytLemRWTUNtcEJwenZhSlliakMzZ0FEemw3c2RJZ3gwcmVja2ZYK3oxNm13OWtSZitiZnljbXhySm1FCk85aXo1RFBzYk92a0JYRGNQMjVVWS9HcVAvN0MwN2hSd09ReVNBN25rcmNPRDFQV0xtWU9OS2ZnZHE3b2RjbXIKbWxvU1NlY3l1Q2MyeW5HYlhIaDFYSC9kQ3YveHRkaXIya2tDVko0QkRBTndsUDlURTFLZzlSQm9WY2plTnQwNgpHS09Bb3pKeG54R0EvOWYvb05YVDVMMHVYNGpYYjFJaFBRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ failurePolicy: Ignore
+ name: mnamespace.kb.io
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - namespaces
+ sideEffects: None
+ timeoutSeconds: 10
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ path: /mutate-v1-workload
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSVENDQWkyZ0F3SUJBZ0lRYTZVWlVJbS9GVmt0R2g5eUM3YTl4akFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVNzd0tRWURWUVFERXlKaGJXRjZiMjR0WTJ4dmRXUjNZWFJqYUMxdlluTmxjblpoWW1sc2FYUjVMV05oTUI0WApEVEkxTURNd05ERTVOVFEwTUZvWERUTTFNRE13TWpFNU5UUTBNRm93TFRFck1Da0dBMVVFQXhNaVlXMWhlbTl1CkxXTnNiM1ZrZDJGMFkyZ3RiMkp6WlhKMllXSnBiR2wwZVMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMTWVtZmxRN0ZXM0hmV0hsZlQvMVFmSkFMRjJ4ejFqRWxhUWJHTjFhSlVPemI0NAp5R0xlWllZWVJhdWFHb1FjRTh5Y0k0Z1h3UWlrbUcvb2lJT3NhbU56NjJnU3NSREkzT3k3SVRMdVFnWFF1SjFkCmlmU0RUY3NWaGRtSnJMMnh1bVNzeXFyTVAvTGVmYUNyVzBLcU5qMVBDaVo5cWVwOTJWSUVMTXBuNm42a08yWjMKZDNLblhySEZYOGVTWTRPUnlWYmZhRGwvaUlLb1BZWld5TUdzUS9ld0hBejI3VmNsV1hGMHJYY2NYSTJWQkFjRQpzNXo1YThXSWROV2RQc25FNnNSWDczS2J4ZWE2SHhuNlg2aGlOWmc2d2xUQWVZcjhGaTJ1cCtOdlRQZGlPMFVlCk9xRmEreXRoc0dKZWc0akFzMVJYc1VOc1hDam9wM1dKWHgzamJzY0NBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC8KQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RQpCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEJzQXd4RmdJTzd3dGRySS9ERnFTSlFVQ2hRVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQWcrTWpIRXk3VlpodEpSQzdIenV0Z1p2MGxrc21Hcmo5S2pTUU5uU200azJnVDM1UlRnVUsKZWxZd0hzVUNFdDJ4Slo1MHRXdVFTU0hmMlBEZzgzemVQVlFpMkRMTjFBS0p1TDVoNnN3dTBHSGVTSWRhejJELwplNHgrSytLemRWTUNtcEJwenZhSlliakMzZ0FEemw3c2RJZ3gwcmVja2ZYK3oxNm13OWtSZitiZnljbXhySm1FCk85aXo1RFBzYk92a0JYRGNQMjVVWS9HcVAvN0MwN2hSd09ReVNBN25rcmNPRDFQV0xtWU9OS2ZnZHE3b2RjbXIKbWxvU1NlY3l1Q2MyeW5HYlhIaDFYSC9kQ3YveHRkaXIya2tDVko0QkRBTndsUDlURTFLZzlSQm9WY2plTnQwNgpHS09Bb3pKeG54R0EvOWYvb05YVDVMMHVYNGpYYjFJaFBRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ failurePolicy: Ignore
+ name: mworkload.kb.io
+ rules:
+ - apiGroups:
+ - apps
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - daemonsets
+ - deployments
+ - statefulsets
+ sideEffects: None
+ timeoutSeconds: 10
amazon-cloudwatch, amazon-cloudwatch-observability-validating-webhook-configuration, ValidatingWebhookConfiguration (admissionregistration.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/admission-webhooks/operator-webhook.yaml
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: ValidatingWebhookConfiguration
+ metadata:
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ name: amazon-cloudwatch-observability-validating-webhook-configuration
+ webhooks:
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ path: /validate-cloudwatch-aws-amazon-com-v1alpha1-instrumentation
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSVENDQWkyZ0F3SUJBZ0lRYTZVWlVJbS9GVmt0R2g5eUM3YTl4akFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVNzd0tRWURWUVFERXlKaGJXRjZiMjR0WTJ4dmRXUjNZWFJqYUMxdlluTmxjblpoWW1sc2FYUjVMV05oTUI0WApEVEkxTURNd05ERTVOVFEwTUZvWERUTTFNRE13TWpFNU5UUTBNRm93TFRFck1Da0dBMVVFQXhNaVlXMWhlbTl1CkxXTnNiM1ZrZDJGMFkyZ3RiMkp6WlhKMllXSnBiR2wwZVMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMTWVtZmxRN0ZXM0hmV0hsZlQvMVFmSkFMRjJ4ejFqRWxhUWJHTjFhSlVPemI0NAp5R0xlWllZWVJhdWFHb1FjRTh5Y0k0Z1h3UWlrbUcvb2lJT3NhbU56NjJnU3NSREkzT3k3SVRMdVFnWFF1SjFkCmlmU0RUY3NWaGRtSnJMMnh1bVNzeXFyTVAvTGVmYUNyVzBLcU5qMVBDaVo5cWVwOTJWSUVMTXBuNm42a08yWjMKZDNLblhySEZYOGVTWTRPUnlWYmZhRGwvaUlLb1BZWld5TUdzUS9ld0hBejI3VmNsV1hGMHJYY2NYSTJWQkFjRQpzNXo1YThXSWROV2RQc25FNnNSWDczS2J4ZWE2SHhuNlg2aGlOWmc2d2xUQWVZcjhGaTJ1cCtOdlRQZGlPMFVlCk9xRmEreXRoc0dKZWc0akFzMVJYc1VOc1hDam9wM1dKWHgzamJzY0NBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC8KQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RQpCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEJzQXd4RmdJTzd3dGRySS9ERnFTSlFVQ2hRVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQWcrTWpIRXk3VlpodEpSQzdIenV0Z1p2MGxrc21Hcmo5S2pTUU5uU200azJnVDM1UlRnVUsKZWxZd0hzVUNFdDJ4Slo1MHRXdVFTU0hmMlBEZzgzemVQVlFpMkRMTjFBS0p1TDVoNnN3dTBHSGVTSWRhejJELwplNHgrSytLemRWTUNtcEJwenZhSlliakMzZ0FEemw3c2RJZ3gwcmVja2ZYK3oxNm13OWtSZitiZnljbXhySm1FCk85aXo1RFBzYk92a0JYRGNQMjVVWS9HcVAvN0MwN2hSd09ReVNBN25rcmNPRDFQV0xtWU9OS2ZnZHE3b2RjbXIKbWxvU1NlY3l1Q2MyeW5HYlhIaDFYSC9kQ3YveHRkaXIya2tDVko0QkRBTndsUDlURTFLZzlSQm9WY2plTnQwNgpHS09Bb3pKeG54R0EvOWYvb05YVDVMMHVYNGpYYjFJaFBRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ failurePolicy: Ignore
+ name: vinstrumentationcreateupdate.kb.io
+ rules:
+ - apiGroups:
+ - cloudwatch.aws.amazon.com
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - instrumentations
+ sideEffects: None
+ timeoutSeconds: 10
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ path: /validate-cloudwatch-aws-amazon-com-v1alpha1-instrumentation
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSVENDQWkyZ0F3SUJBZ0lRYTZVWlVJbS9GVmt0R2g5eUM3YTl4akFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVNzd0tRWURWUVFERXlKaGJXRjZiMjR0WTJ4dmRXUjNZWFJqYUMxdlluTmxjblpoWW1sc2FYUjVMV05oTUI0WApEVEkxTURNd05ERTVOVFEwTUZvWERUTTFNRE13TWpFNU5UUTBNRm93TFRFck1Da0dBMVVFQXhNaVlXMWhlbTl1CkxXTnNiM1ZrZDJGMFkyZ3RiMkp6WlhKMllXSnBiR2wwZVMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMTWVtZmxRN0ZXM0hmV0hsZlQvMVFmSkFMRjJ4ejFqRWxhUWJHTjFhSlVPemI0NAp5R0xlWllZWVJhdWFHb1FjRTh5Y0k0Z1h3UWlrbUcvb2lJT3NhbU56NjJnU3NSREkzT3k3SVRMdVFnWFF1SjFkCmlmU0RUY3NWaGRtSnJMMnh1bVNzeXFyTVAvTGVmYUNyVzBLcU5qMVBDaVo5cWVwOTJWSUVMTXBuNm42a08yWjMKZDNLblhySEZYOGVTWTRPUnlWYmZhRGwvaUlLb1BZWld5TUdzUS9ld0hBejI3VmNsV1hGMHJYY2NYSTJWQkFjRQpzNXo1YThXSWROV2RQc25FNnNSWDczS2J4ZWE2SHhuNlg2aGlOWmc2d2xUQWVZcjhGaTJ1cCtOdlRQZGlPMFVlCk9xRmEreXRoc0dKZWc0akFzMVJYc1VOc1hDam9wM1dKWHgzamJzY0NBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC8KQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RQpCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEJzQXd4RmdJTzd3dGRySS9ERnFTSlFVQ2hRVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQWcrTWpIRXk3VlpodEpSQzdIenV0Z1p2MGxrc21Hcmo5S2pTUU5uU200azJnVDM1UlRnVUsKZWxZd0hzVUNFdDJ4Slo1MHRXdVFTU0hmMlBEZzgzemVQVlFpMkRMTjFBS0p1TDVoNnN3dTBHSGVTSWRhejJELwplNHgrSytLemRWTUNtcEJwenZhSlliakMzZ0FEemw3c2RJZ3gwcmVja2ZYK3oxNm13OWtSZitiZnljbXhySm1FCk85aXo1RFBzYk92a0JYRGNQMjVVWS9HcVAvN0MwN2hSd09ReVNBN25rcmNPRDFQV0xtWU9OS2ZnZHE3b2RjbXIKbWxvU1NlY3l1Q2MyeW5HYlhIaDFYSC9kQ3YveHRkaXIya2tDVko0QkRBTndsUDlURTFLZzlSQm9WY2plTnQwNgpHS09Bb3pKeG54R0EvOWYvb05YVDVMMHVYNGpYYjFJaFBRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ failurePolicy: Ignore
+ name: vinstrumentationdelete.kb.io
+ rules:
+ - apiGroups:
+ - cloudwatch.aws.amazon.com
+ apiVersions:
+ - v1alpha1
+ operations:
+ - DELETE
+ resources:
+ - instrumentations
+ sideEffects: None
+ timeoutSeconds: 10
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ path: /validate-cloudwatch-aws-amazon-com-v1alpha1-amazoncloudwatchagent
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSVENDQWkyZ0F3SUJBZ0lRYTZVWlVJbS9GVmt0R2g5eUM3YTl4akFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVNzd0tRWURWUVFERXlKaGJXRjZiMjR0WTJ4dmRXUjNZWFJqYUMxdlluTmxjblpoWW1sc2FYUjVMV05oTUI0WApEVEkxTURNd05ERTVOVFEwTUZvWERUTTFNRE13TWpFNU5UUTBNRm93TFRFck1Da0dBMVVFQXhNaVlXMWhlbTl1CkxXTnNiM1ZrZDJGMFkyZ3RiMkp6WlhKMllXSnBiR2wwZVMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMTWVtZmxRN0ZXM0hmV0hsZlQvMVFmSkFMRjJ4ejFqRWxhUWJHTjFhSlVPemI0NAp5R0xlWllZWVJhdWFHb1FjRTh5Y0k0Z1h3UWlrbUcvb2lJT3NhbU56NjJnU3NSREkzT3k3SVRMdVFnWFF1SjFkCmlmU0RUY3NWaGRtSnJMMnh1bVNzeXFyTVAvTGVmYUNyVzBLcU5qMVBDaVo5cWVwOTJWSUVMTXBuNm42a08yWjMKZDNLblhySEZYOGVTWTRPUnlWYmZhRGwvaUlLb1BZWld5TUdzUS9ld0hBejI3VmNsV1hGMHJYY2NYSTJWQkFjRQpzNXo1YThXSWROV2RQc25FNnNSWDczS2J4ZWE2SHhuNlg2aGlOWmc2d2xUQWVZcjhGaTJ1cCtOdlRQZGlPMFVlCk9xRmEreXRoc0dKZWc0akFzMVJYc1VOc1hDam9wM1dKWHgzamJzY0NBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC8KQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RQpCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEJzQXd4RmdJTzd3dGRySS9ERnFTSlFVQ2hRVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQWcrTWpIRXk3VlpodEpSQzdIenV0Z1p2MGxrc21Hcmo5S2pTUU5uU200azJnVDM1UlRnVUsKZWxZd0hzVUNFdDJ4Slo1MHRXdVFTU0hmMlBEZzgzemVQVlFpMkRMTjFBS0p1TDVoNnN3dTBHSGVTSWRhejJELwplNHgrSytLemRWTUNtcEJwenZhSlliakMzZ0FEemw3c2RJZ3gwcmVja2ZYK3oxNm13OWtSZitiZnljbXhySm1FCk85aXo1RFBzYk92a0JYRGNQMjVVWS9HcVAvN0MwN2hSd09ReVNBN25rcmNPRDFQV0xtWU9OS2ZnZHE3b2RjbXIKbWxvU1NlY3l1Q2MyeW5HYlhIaDFYSC9kQ3YveHRkaXIya2tDVko0QkRBTndsUDlURTFLZzlSQm9WY2plTnQwNgpHS09Bb3pKeG54R0EvOWYvb05YVDVMMHVYNGpYYjFJaFBRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ failurePolicy: Ignore
+ name: vamazoncloudwatchagentcreateupdate.kb.io
+ rules:
+ - apiGroups:
+ - cloudwatch.aws.amazon.com
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - amazoncloudwatchagents
+ sideEffects: None
+ timeoutSeconds: 10
+ - admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ path: /validate-cloudwatch-aws-amazon-com-v1alpha1-amazoncloudwatchagent
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSVENDQWkyZ0F3SUJBZ0lRYTZVWlVJbS9GVmt0R2g5eUM3YTl4akFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVNzd0tRWURWUVFERXlKaGJXRjZiMjR0WTJ4dmRXUjNZWFJqYUMxdlluTmxjblpoWW1sc2FYUjVMV05oTUI0WApEVEkxTURNd05ERTVOVFEwTUZvWERUTTFNRE13TWpFNU5UUTBNRm93TFRFck1Da0dBMVVFQXhNaVlXMWhlbTl1CkxXTnNiM1ZrZDJGMFkyZ3RiMkp6WlhKMllXSnBiR2wwZVMxallUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMTWVtZmxRN0ZXM0hmV0hsZlQvMVFmSkFMRjJ4ejFqRWxhUWJHTjFhSlVPemI0NAp5R0xlWllZWVJhdWFHb1FjRTh5Y0k0Z1h3UWlrbUcvb2lJT3NhbU56NjJnU3NSREkzT3k3SVRMdVFnWFF1SjFkCmlmU0RUY3NWaGRtSnJMMnh1bVNzeXFyTVAvTGVmYUNyVzBLcU5qMVBDaVo5cWVwOTJWSUVMTXBuNm42a08yWjMKZDNLblhySEZYOGVTWTRPUnlWYmZhRGwvaUlLb1BZWld5TUdzUS9ld0hBejI3VmNsV1hGMHJYY2NYSTJWQkFjRQpzNXo1YThXSWROV2RQc25FNnNSWDczS2J4ZWE2SHhuNlg2aGlOWmc2d2xUQWVZcjhGaTJ1cCtOdlRQZGlPMFVlCk9xRmEreXRoc0dKZWc0akFzMVJYc1VOc1hDam9wM1dKWHgzamJzY0NBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC8KQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RQpCVEFEQVFIL01CMEdBMVVkRGdRV0JCVEJzQXd4RmdJTzd3dGRySS9ERnFTSlFVQ2hRVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQWcrTWpIRXk3VlpodEpSQzdIenV0Z1p2MGxrc21Hcmo5S2pTUU5uU200azJnVDM1UlRnVUsKZWxZd0hzVUNFdDJ4Slo1MHRXdVFTU0hmMlBEZzgzemVQVlFpMkRMTjFBS0p1TDVoNnN3dTBHSGVTSWRhejJELwplNHgrSytLemRWTUNtcEJwenZhSlliakMzZ0FEemw3c2RJZ3gwcmVja2ZYK3oxNm13OWtSZitiZnljbXhySm1FCk85aXo1RFBzYk92a0JYRGNQMjVVWS9HcVAvN0MwN2hSd09ReVNBN25rcmNPRDFQV0xtWU9OS2ZnZHE3b2RjbXIKbWxvU1NlY3l1Q2MyeW5HYlhIaDFYSC9kQ3YveHRkaXIya2tDVko0QkRBTndsUDlURTFLZzlSQm9WY2plTnQwNgpHS09Bb3pKeG54R0EvOWYvb05YVDVMMHVYNGpYYjFJaFBRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ failurePolicy: Ignore
+ name: vamazoncloudwatchagentdelete.kb.io
+ rules:
+ - apiGroups:
+ - cloudwatch.aws.amazon.com
+ apiVersions:
+ - v1alpha1
+ operations:
+ - DELETE
+ resources:
+ - amazoncloudwatchagents
+ sideEffects: None
+ timeoutSeconds: 10
amazon-cloudwatch, amazon-cloudwatch-observability-webhook-service, Service (v1) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/operator-service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ name: amazon-cloudwatch-observability-webhook-service
+ namespace: amazon-cloudwatch
+ spec:
+ ports:
+ - port: 443
+ protocol: TCP
+ targetPort: 9443
+ selector:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ control-plane: controller-manager
amazon-cloudwatch, cloudwatch-agent, AmazonCloudWatchAgent (cloudwatch.aws.amazon.com) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/linux/cloudwatch-agent-custom-resource.yaml
+ apiVersion: cloudwatch.aws.amazon.com/v1alpha1
+ kind: AmazonCloudWatchAgent
+ metadata:
+ name: cloudwatch-agent
+ namespace: amazon-cloudwatch
+ spec:
+ image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300052.0b1024
+ mode: daemonset
+ replicas: 1
+ nodeSelector:
+ kubernetes.io/os: linux
+ serviceAccount: cloudwatch-agent
+ priorityClassName: system-node-critical
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: eks.amazonaws.com/compute-type
+ operator: NotIn
+ values:
+ - fargate
+ hostNetwork: true
+ config: "{\"agent\":{\"region\":\"ca-central-1\"},\"logs\":{\"metrics_collected\":{\"application_signals\":{\"hosted_in\":\"notification-canada-ca-staging-eks-cluster\"},\"kubernetes\":{\"cluster_name\":\"notification-canada-ca-staging-eks-cluster\",\"enhanced_container_insights\":true}}},\"traces\":{\"traces_collected\":{\"application_signals\":{}}}}"
+ resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 250m
+ memory: 128Mi
+ volumeMounts:
+ - mountPath: /rootfs
+ name: rootfs
+ readOnly: true
+ - mountPath: /var/run/docker.sock
+ name: dockersock
+ readOnly: true
+ - mountPath: /run/containerd/containerd.sock
+ name: containerdsock
+ - mountPath: /var/lib/docker
+ name: varlibdocker
+ readOnly: true
+ - mountPath: /sys
+ name: sys
+ readOnly: true
+ - mountPath: /dev/disk
+ name: devdisk
+ readOnly: true
+ - mountPath: /etc/amazon-cloudwatch-observability-agent-cert
+ name: agenttls
+ readOnly: true
+ - mountPath: /etc/amazon-cloudwatch-observability-agent-client-cert
+ name: agentclienttls
+ readOnly: true
+ - mountPath: /etc/amazon-cloudwatch-observability-agent-server-cert
+ name: agentservertls
+ readOnly: true
+ - mountPath: /var/lib/kubelet/pod-resources
+ name: kubelet-podresources
+ volumes:
+ - name: kubelet-podresources
+ hostPath:
+ path: /var/lib/kubelet/pod-resources
+ type: Directory
+ - name: rootfs
+ hostPath:
+ path: /
+ - hostPath:
+ path: /var/run/docker.sock
+ name: dockersock
+ - hostPath:
+ path: /var/lib/docker
+ name: varlibdocker
+ - hostPath:
+ path: /run/containerd/containerd.sock
+ name: containerdsock
+ - hostPath:
+ path: /sys
+ name: sys
+ - hostPath:
+ path: /dev/disk/
+ name: devdisk
+ - name: agenttls
+ secret:
+ secretName: amazon-cloudwatch-observability-agent-cert
+ items:
+ - key: ca.crt
+ path: tls-ca.crt
+ - name: agentclienttls
+ secret:
+ secretName: amazon-cloudwatch-observability-agent-client-cert
+ items:
+ - key: ca.crt
+ path: tls-ca.crt
+ - name: agentservertls
+ secret:
+ secretName: amazon-cloudwatch-observability-agent-server-cert
+ items:
+ - key: tls.crt
+ path: server.crt
+ - key: tls.key
+ path: server.key
+ env:
+ - name: K8S_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: HOST_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: K8S_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ tolerations:
+ - operator: Exists
amazon-cloudwatch, cloudwatch-agent, ServiceAccount (v1) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/cloudwatch-agent-serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ name: cloudwatch-agent
+ namespace: amazon-cloudwatch
amazon-cloudwatch, cloudwatch-agent-role, ClusterRole (rbac.authorization.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/cloudwatch-agent-clusterrole.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ name: cloudwatch-agent-role
+ rules:
+ - apiGroups: [ "" ]
+ resources: [ "pods", "pods/logs", "nodes", "nodes/proxy", "namespaces", "endpoints" ]
+ verbs: [ "list", "watch", "get" ]
+ - apiGroups: [ "" ]
+ resources: [ "services" ]
+ verbs: [ "list", "watch" ]
+ - apiGroups: [ "apps" ]
+ resources: [ "replicasets", "daemonsets", "deployments", "statefulsets" ]
+ verbs: [ "list", "watch", "get" ]
+ - apiGroups: [ "batch" ]
+ resources: [ "jobs" ]
+ verbs: [ "list", "watch" ]
+ - apiGroups: [ "" ]
+ resources: [ "nodes/stats", "configmaps", "events" ]
+ verbs: [ "create", "get" ]
+ - apiGroups: [ "" ]
+ resources: [ "configmaps" ]
+ verbs: [ "update" ]
+ - nonResourceURLs: [ "/metrics" ]
+ verbs: [ "get", "list", "watch" ]
amazon-cloudwatch, cloudwatch-agent-role-binding, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/cloudwatch-agent-clusterrolebinding.yaml
+ kind: ClusterRoleBinding
+ apiVersion: rbac.authorization.k8s.io/v1
+ metadata:
+ name: cloudwatch-agent-role-binding
+ roleRef:
+ kind: ClusterRole
+ name: cloudwatch-agent-role
+ apiGroup: rbac.authorization.k8s.io
+ subjects:
+ - kind: ServiceAccount
+ name: cloudwatch-agent
+ namespace: amazon-cloudwatch
amazon-cloudwatch, cloudwatch-agent-windows, AmazonCloudWatchAgent (cloudwatch.aws.amazon.com) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/windows/cloudwatch-agent-windows-daemonset.yaml
+ apiVersion: cloudwatch.aws.amazon.com/v1alpha1
+ kind: AmazonCloudWatchAgent
+ metadata:
+ name: cloudwatch-agent-windows
+ namespace: amazon-cloudwatch
+ spec:
+ podSecurityContext:
+ windowsOptions:
+ runAsUserName: "NT AUTHORITY\\System"
+ image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300052.0b1024
+ mode: daemonset
+ serviceAccount: cloudwatch-agent
+ priorityClassName: system-node-critical
+ nodeSelector:
+ kubernetes.io/os: windows
+ config: "{\"agent\":{\"region\":\"ca-central-1\"},\"logs\":{\"metrics_collected\":{\"application_signals\":{\"hosted_in\":\"notification-canada-ca-staging-eks-cluster\"}}},\"traces\":{\"traces_collected\":{\"application_signals\":{}}}}"
+ resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 250m
+ memory: 128Mi
+ env:
+ - name: K8S_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: HOST_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: K8S_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ tolerations:
+ - operator: Exists
amazon-cloudwatch, cloudwatch-agent-windows-container-insights, AmazonCloudWatchAgent (cloudwatch.aws.amazon.com) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/windows/cloudwatch-agent-windows-container-insights-daemonset.yaml
+ apiVersion: cloudwatch.aws.amazon.com/v1alpha1
+ kind: AmazonCloudWatchAgent
+ metadata:
+ name: cloudwatch-agent-windows-container-insights
+ namespace: amazon-cloudwatch
+ spec:
+ podSecurityContext:
+ windowsOptions:
+ hostProcess: true
+ runAsUserName: "NT AUTHORITY\\System"
+ hostNetwork: true
+ image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300052.0b1024
+ workingDir: "%CONTAINER_SANDBOX_MOUNT_POINT%\\Program Files\\Amazon\\AmazonCloudWatchAgent"
+ mode: daemonset
+ serviceAccount: cloudwatch-agent
+ nodeSelector:
+ kubernetes.io/os: windows
+ config: "{\"agent\":{\"region\":\"ca-central-1\"},\"logs\":{\"metrics_collected\":{\"kubernetes\":{\"cluster_name\":\"notification-canada-ca-staging-eks-cluster\",\"enhanced_container_insights\":true}}}}"
+ resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 250m
+ memory: 128Mi
+ env:
+ - name: K8S_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: HOST_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: K8S_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: RUN_IN_CONTAINER
+ value: "True"
+ - name: RUN_AS_HOST_PROCESS_CONTAINER
+ value: "True"
+ tolerations:
+ - operator: Exists
amazon-cloudwatch, dcgm-exporter, DcgmExporter (cloudwatch.aws.amazon.com) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/linux/dcgm-exporter-daemonset.yaml
+ apiVersion: cloudwatch.aws.amazon.com/v1alpha1
+ kind: DcgmExporter
+ metadata:
+ name: dcgm-exporter
+ namespace: amazon-cloudwatch
+ labels:
+ k8s-app: dcgm-exporter
+ version: v1
+ spec:
+ image: nvcr.io/nvidia/k8s/dcgm-exporter:3.3.7-3.5.0-ubuntu22.04
+ nodeSelector:
+ kubernetes.io/os: linux
+ serviceAccount: dcgm-exporter-service-acct
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: node.kubernetes.io/instance-type
+ operator: In
+ values:
+ - g3.4xlarge
+ - g3.8xlarge
+ - g3.16xlarge
+ - g3s.xlarge
+ - g4ad.2xlarge
+ - g4ad.4xlarge
+ - g4ad.8xlarge
+ - g4ad.16xlarge
+ - g4ad.xlarge
+ - g4dn.2xlarge
+ - g4dn.4xlarge
+ - g4dn.8xlarge
+ - g4dn.12xlarge
+ - g4dn.16xlarge
+ - g4dn.metal
+ - g4dn.xlarge
+ - g5.2xlarge
+ - g5.4xlarge
+ - g5.8xlarge
+ - g5.12xlarge
+ - g5.16xlarge
+ - g5.24xlarge
+ - g5.48xlarge
+ - g5.xlarge
+ - g5g.2xlarge
+ - g5g.4xlarge
+ - g5g.8xlarge
+ - g5g.16xlarge
+ - g5g.metal
+ - g5g.xlarge
+ - g6.2xlarge
+ - g6.4xlarge
+ - g6.8xlarge
+ - g6.12xlarge
+ - g6.16xlarge
+ - g6.24xlarge
+ - g6.48xlarge
+ - g6.xlarge
+ - g6e.2xlarge
+ - g6e.4xlarge
+ - g6e.8xlarge
+ - g6e.12xlarge
+ - g6e.16xlarge
+ - g6e.24xlarge
+ - g6e.48xlarge
+ - g6e.xlarge
+ - gr6.4xlarge
+ - gr6.8xlarge
+ - p2.8xlarge
+ - p2.16xlarge
+ - p2.xlarge
+ - p3.2xlarge
+ - p3.8xlarge
+ - p3.16xlarge
+ - p3dn.24xlarge
+ - p4d.24xlarge
+ - p4de.24xlarge
+ - p5.48xlarge
+ - p5e.48xlarge
+ - p5en.48xlarge
+ - ml.g3.4xlarge
+ - ml.g3.8xlarge
+ - ml.g3.16xlarge
+ - ml.g3s.xlarge
+ - ml.g4ad.2xlarge
+ - ml.g4ad.4xlarge
+ - ml.g4ad.8xlarge
+ - ml.g4ad.16xlarge
+ - ml.g4ad.xlarge
+ - ml.g4dn.2xlarge
+ - ml.g4dn.4xlarge
+ - ml.g4dn.8xlarge
+ - ml.g4dn.12xlarge
+ - ml.g4dn.16xlarge
+ - ml.g4dn.metal
+ - ml.g4dn.xlarge
+ - ml.g5.2xlarge
+ - ml.g5.4xlarge
+ - ml.g5.8xlarge
+ - ml.g5.12xlarge
+ - ml.g5.16xlarge
+ - ml.g5.24xlarge
+ - ml.g5.48xlarge
+ - ml.g5.xlarge
+ - ml.g5g.2xlarge
+ - ml.g5g.4xlarge
+ - ml.g5g.8xlarge
+ - ml.g5g.16xlarge
+ - ml.g5g.metal
+ - ml.g5g.xlarge
+ - ml.g6.2xlarge
+ - ml.g6.4xlarge
+ - ml.g6.8xlarge
+ - ml.g6.12xlarge
+ - ml.g6.16xlarge
+ - ml.g6.24xlarge
+ - ml.g6.48xlarge
+ - ml.g6.xlarge
+ - ml.g6e.2xlarge
+ - ml.g6e.4xlarge
+ - ml.g6e.8xlarge
+ - ml.g6e.12xlarge
+ - ml.g6e.16xlarge
+ - ml.g6e.24xlarge
+ - ml.g6e.48xlarge
+ - ml.g6e.xlarge
+ - ml.gr6.4xlarge
+ - ml.gr6.8xlarge
+ - ml.p2.8xlarge
+ - ml.p2.16xlarge
+ - ml.p2.xlarge
+ - ml.p3.2xlarge
+ - ml.p3.8xlarge
+ - ml.p3.16xlarge
+ - ml.p3dn.24xlarge
+ - ml.p4d.24xlarge
+ - ml.p4de.24xlarge
+ - ml.p5.48xlarge
+ - ml.p5e.48xlarge
+ - ml.p5en.48xlarge
+ - key: eks.amazonaws.com/compute-type
+ operator: NotIn
+ values:
+ - fargate
+ resources:
+ limits:
+ cpu: 500m
+ memory: 500Mi
+ requests:
+ cpu: 250m
+ memory: 128Mi
+ env:
+ - name: "DCGM_EXPORTER_KUBERNETES"
+ value: "true"
+ - name: "DCGM_EXPORTER_LISTEN"
+ value: ":9400"
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ ports:
+ - name: "metrics"
+ port: 9400
+ volumeMounts:
+ - name: "pod-gpu-resources"
+ readOnly: true
+ mountPath: "/var/lib/kubelet/pod-resources"
+ - mountPath: /etc/amazon-cloudwatch-observability-dcgm-cert
+ name: dcgmtls
+ readOnly: true
+ volumes:
+ - name: dcgmtls
+ secret:
+ secretName: amazon-cloudwatch-observability-agent-cert
+ items:
+ - key: tls.crt
+ path: server.crt
+ - key: tls.key
+ path: server.key
+ - name: "pod-gpu-resources"
+ hostPath:
+ path: /var/lib/kubelet/pod-resources
+ metricsConfig: |
+ DCGM_FI_DEV_GPU_UTIL, gauge, GPU utilization (in %).
+ DCGM_FI_DEV_MEM_COPY_UTIL, gauge, Memory utilization (in %).
+ DCGM_FI_DEV_FB_FREE, gauge, Framebuffer memory free (in MiB).
+ DCGM_FI_DEV_FB_USED, gauge, Framebuffer memory used (in MiB).
+ DCGM_FI_DEV_FB_TOTAL, gauge, Framebuffer memory used (in MiB).
+ DCGM_FI_DEV_FB_USED_PERCENT, gauge, Percentage used of Frame Buffer: Used/(Total - Reserved).
+ DCGM_FI_DEV_MEMORY_TEMP, gauge, Memory temperature (in C).
+ DCGM_FI_DEV_GPU_TEMP, gauge, GPU temperature (in C).
+ DCGM_FI_DEV_POWER_USAGE, gauge, Power draw (in W).
+ tlsConfig: |
+ tls_server_config:
+ cert_file: /etc/amazon-cloudwatch-observability-dcgm-cert/server.crt
+ key_file: /etc/amazon-cloudwatch-observability-dcgm-cert/server.key
+ tolerations:
+ - operator: Exists
amazon-cloudwatch, dcgm-exporter-role, Role (rbac.authorization.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/linux/dcgm-exporter-role.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ name: "dcgm-exporter-role"
+ namespace: amazon-cloudwatch
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ resourceNames: ["dcgm-exporter-config-map"]
+ verbs: ["get"]
amazon-cloudwatch, dcgm-exporter-role-binding, RoleBinding (rbac.authorization.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/linux/dcgm-exporter-rolebinding.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ namespace: amazon-cloudwatch
+ name: dcgm-exporter-role-binding
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ roleRef:
+ kind: Role
+ name: "dcgm-exporter-role"
+ apiGroup: rbac.authorization.k8s.io
+ subjects:
+ - kind: ServiceAccount
+ name: dcgm-exporter-service-acct
+ namespace: amazon-cloudwatch
amazon-cloudwatch, neuron-monitor, NeuronMonitor (cloudwatch.aws.amazon.com) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/linux/neuron-monitor-daemonset.yaml
+ apiVersion: cloudwatch.aws.amazon.com/v1alpha1
+ kind: NeuronMonitor
+ metadata:
+ name: neuron-monitor
+ namespace: amazon-cloudwatch
+ labels:
+ k8s-app: neuron-monitor
+ version: v1
+ spec:
+ image: public.ecr.aws/neuron/neuron-monitor:1.3.0
+ serviceAccount: neuron-monitor-service-acct
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - linux
+ - key: node.kubernetes.io/instance-type
+ operator: In
+ values:
+ - trn1.2xlarge
+ - trn1.32xlarge
+ - trn1n.32xlarge
+ - trn2.3xlarge
+ - trn2.48xlarge
+ - trn2a.48xlarge
+ - trn2n.48xlarge
+ - trn2u.48xlarg
+ - inf1.xlarge
+ - inf1.2xlarge
+ - inf1.6xlarge
+ - inf1.24xlarge
+ - inf2.xlarge
+ - inf2.8xlarge
+ - inf2.24xlarge
+ - inf2.48xlarge
+ - ml.trn1.2xlarge
+ - ml.trn1.32xlarge
+ - ml.trn1n.32xlarge
+ - ml.inf1.xlarge
+ - ml.inf1.2xlarge
+ - ml.inf1.6xlarge
+ - ml.inf1.24xlarge
+ - ml.inf2.xlarge
+ - ml.inf2.8xlarge
+ - ml.inf2.24xlarge
+ - ml.inf2.48xlarge
+ - key: eks.amazonaws.com/compute-type
+ operator: NotIn
+ values:
+ - fargate
+ resources:
+ limits:
+ cpu: 500m
+ memory: 500Mi
+ requests:
+ cpu: 256m
+ memory: 128Mi
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: PATH
+ value: /usr/local/bin:/usr/bin:/bin:/opt/aws/neuron/bin
+ - name: GOMEMLIMIT
+ value: 320MiB
+ ports:
+ - name: "metrics"
+ port: 8000
+ command:
+ - "/opt/bin/entrypoint.sh"
+ args:
+ port: "8000"
+ cert-file: "/etc/amazon-cloudwatch-observability-neuron-cert/server.crt"
+ key-file: "/etc/amazon-cloudwatch-observability-neuron-cert/server.key"
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /etc/amazon-cloudwatch-observability-neuron-cert/
+ name: neurontls
+ readOnly: true
+ - mountPath: /opt-aws
+ name: "aws-config"
+ readOnly: true
+ volumes:
+ - name: neurontls
+ secret:
+ secretName: amazon-cloudwatch-observability-agent-cert
+ items:
+ - key: tls.crt
+ path: server.crt
+ - key: tls.key
+ path: server.key
+ - name: "aws-config"
+ hostPath:
+ path: /opt/aws
+ monitorConfig: |
+ {
+ "period": "5s",
+ "neuron_runtimes": [
+ {
+ "tag_filter": ".*",
+ "metrics": [
+ {
+ "type": "neuroncore_counters"
+ },
+ {
+ "type": "memory_used"
+ },
+ {
+ "type": "execution_stats"
+ }
+ ]
+ }
+ ],
+ "system_metrics": [
+ {
+ "period": "5s",
+ "type": "neuron_hw_counters"
+ }
+ ]
+ }
+ tolerations:
+ - operator: Exists
amazon-cloudwatch, neuron-monitor-role, Role (rbac.authorization.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/linux/neuron-monitor-exporter-role.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ name: "neuron-monitor-role"
+ namespace: amazon-cloudwatch
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ resourceNames: ["neuron-monitor-config-map"]
+ verbs: ["get"]
amazon-cloudwatch, neuron-monitor-role-binding, RoleBinding (rbac.authorization.k8s.io) has been added:
-
+ # Source: amazon-cloudwatch-observability/templates/linux/neuron-monitor-exporter-rolebinding.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ namespace: amazon-cloudwatch
+ name: neuron-monitor-role-binding
+ labels:
+ app.kubernetes.io/name: amazon-cloudwatch-observability
+ app.kubernetes.io/instance: aws-cloudwatch-agent
+ app.kubernetes.io/version: "1.0.0"
+ app.kubernetes.io/managed-by: "amazon-cloudwatch-agent-operator"
+ roleRef:
+ kind: Role
+ name: "neuron-monitor-role"
+ apiGroup: rbac.authorization.k8s.io
+ subjects:
+ - kind: ServiceAccount
+ name: neuron-monitor-service-acct
+ namespace: amazon-cloudwatch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What happens when your PR merges?
Moving cloudwatch agent to helmfile
What are you changing?
Provide some background on the changes
Helmfile migration
After merging this PR