{AKS} Enable AzureMonitorMetrics Addon (Managed Prometheus for public…

… preview) (#5428)
Azure · Oct 12, 2022 · a9471e5 · a9471e5
1 parent 0aeeae3
commit a9471e5
Show file tree

Hide file tree

Showing 13 changed files with 4,882 additions and 7 deletions.
diff --git a/linter_exclusions.yml b/linter_exclusions.yml
@@ -197,6 +197,21 @@ aks update:
     assign_kubelet_identity:
       rule_exclusions:
       - option_length_too_long
+    azure_monitor_workspace_resource_id:
+      rule_exclusions:
+      - option_length_too_long
+    disable_azuremonitormetrics:
+      rule_exclusions:
+      - option_length_too_long
+    enable_azuremonitormetrics:
+      rule_exclusions:
+      - option_length_too_long
+    ksm_metric_annotations_allow_list:
+      rule_exclusions:
+      - option_length_too_long
+    ksm_metric_labels_allow_list:
+      rule_exclusions:
+      - option_length_too_long
 arcdata dc create:
   parameters:
     logs_ui_private_key_file:

diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst
@@ -12,6 +12,11 @@ To release a new version, please select a new version number (usually plus 1 to
 Pending
 +++++++
 
+0.5.106
++++++++
+
+* Add support for AzureMonitorMetrics Addon (managed prometheus metrics in public preview) for AKS
+
 0.5.105
 +++++++
 

diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py
@@ -840,6 +840,24 @@
         - name: --defender-config
           type: string
           short-summary: Path to JSON file containing Microsoft Defender profile configurations.
+        - name: --enable-azuremonitormetrics
+          type: bool
+          short-summary: Enable Azure Monitor Metrics Profile
+        - name: --azure-monitor-workspace-resource-id
+          type: string
+          short-summary: Resource ID of the Azure Monitor Workspace
+        - name: --ksm-metric-labels-allow-list
+          type: string
+          short-summary: Comma-separated list of additional Kubernetes label keys that will be used in the resource' labels metric. By default the metric contains only name and namespace labels. To include additional labels provide a list of resource names in their plural form and Kubernetes label keys you would like to allow for them (e.g. '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. A single '*' can be provided per resource instead to allow any labels, but that has severe performance implications (e.g. '=pods=[*]').
+        - name: --ksm-metric-annotations-allow-list
+          type: string
+          short-summary: Comma-separated list of additional Kubernetes label keys that will be used in the resource' labels metric. By default the metric contains only name and namespace labels. To include additional labels provide a list of resource names in their plural form and Kubernetes label keys you would like to allow for them (e.g.'=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. A single '*' can be provided per resource instead to allow any labels, but that has severe performance implications (e.g. '=pods=[*]').
+        - name: --grafana-resource-id
+          type: string
+          short-summary: Resource ID of the Azure Managed Grafana Workspace
+        - name: --disable-azuremonitormetrics
+          type: bool
+          short-summary: Disable Azure Monitor Metrics Profile
         - name: --enable-node-restriction
           type: bool
           short-summary: Enable node restriction option on cluster.

diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py
@@ -123,6 +123,10 @@
     validate_enable_custom_ca_trust,
     validate_defender_config_parameter,
     validate_defender_disable_and_enable_parameters,
+    validate_azuremonitorworkspaceresourceid,
+    validate_grafanaresourceid,
+    validate_ksm_labels,
+    validate_ksm_annotations
 )
 
 # candidates for enumeration
@@ -432,6 +436,12 @@ def load_arguments(self, _):
         c.argument('enable_private_cluster', action='store_true', is_preview=True, help='enable private cluster for apiserver vnet integration')
         c.argument('disable_private_cluster', action='store_true', is_preview=True, help='disable private cluster for apiserver vnet integration')
         c.argument('private_dns_zone', is_preview=True)
+        c.argument('enable_azuremonitormetrics', action='store_true', is_preview=True)
+        c.argument('azure_monitor_workspace_resource_id', validator=validate_azuremonitorworkspaceresourceid, is_preview=True)
+        c.argument('ksm_metric_labels_allow_list', validator=validate_ksm_labels, is_preview=True)
+        c.argument('ksm_metric_annotations_allow_list', validator=validate_ksm_annotations, is_preview=True)
+        c.argument('grafana_resource_id', validator=validate_grafanaresourceid, is_preview=True)
+        c.argument('disable_azuremonitormetrics', action='store_true', is_preview=True)
         c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster")
         c.argument('disable_vpa', action='store_true', is_preview=True, help="disable vertical pod autoscaler for cluster")
         c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True)

diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py
@@ -647,3 +647,87 @@ def validate_defender_config_parameter(namespace):
 def validate_defender_disable_and_enable_parameters(namespace):
     if namespace.disable_defender and namespace.enable_defender:
         raise ArgumentUsageError('Providing both --disable-defender and --enable-defender flags is invalid')
+
+
+def sanitize_resource_id(resource_id):
+    resource_id = resource_id.strip()
+    if not resource_id.startswith("/"):
+        resource_id = "/" + resource_id
+    if resource_id.endswith("/"):
+        resource_id = resource_id.rstrip("/")
+    return resource_id.lower()
+
+
+def validate_azuremonitorworkspaceresourceid(namespace):
+    resource_id = namespace.azure_monitor_workspace_resource_id
+    if resource_id is None:
+        return
+    resource_id = sanitize_resource_id(resource_id)
+    if (bool(re.match(r'/subscriptions/.*/resourcegroups/.*/providers/microsoft.monitor/accounts/.*', resource_id))) is False:
+        raise ArgumentUsageError("--azure-monitor-workspace-resource-id not in the correct format. It should match `/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/microsoft.monitor/accounts/<resourceName>`")
+
+
+def validate_grafanaresourceid(namespace):
+    resource_id = namespace.grafana_resource_id
+    if resource_id is None:
+        return
+    resource_id = sanitize_resource_id(resource_id)
+    if (bool(re.match(r'/subscriptions/.*/resourcegroups/.*/providers/microsoft.dashboard/grafana/.*', resource_id))) is False:
+        raise ArgumentUsageError("--grafana-resource-id not in the correct format. It should match `/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/microsoft.dashboard/grafana/<resourceName>`")
+
+
+def validate_ksm_parameter(ksmparam):
+    labelValueMap = {}
+    ksmStrLength = len(ksmparam)
+    EOF = -1
+    next = ""
+    name = ""
+    firstWordPos = 0
+    for i, v in enumerate(ksmparam):
+        if i + 1 == ksmStrLength:
+            next = EOF
+        else:
+            next = ord(ksmparam[i + 1])
+        if i - 1 >= 0:
+            previous = ord(ksmparam[i - 1])
+        else:
+            previous = v
+        if v == "=":
+            if previous == ord(",") or next != ord("["):
+                raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"")
+            name = ksmparam[firstWordPos:i]
+            labelValueMap[name] = []
+            firstWordPos = i + 1
+        elif v == "[":
+            if previous != ord("="):
+                raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"")
+            firstWordPos = i + 1
+        elif v == "]":
+            # if after metric group, has char not comma or end.
+            if next != EOF and next != ord(","):
+                raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"")
+            if previous != ord("["):
+                labelValueMap[name].append(ksmparam[firstWordPos:i])
+            firstWordPos = i + 1
+        elif v == ",":
+            # if starts or ends with comma
+            if previous == v or next == EOF or next == ord("]"):
+                raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"")
+            if previous != ord("]"):
+                labelValueMap[name].append(ksmparam[firstWordPos:i])
+            firstWordPos = i + 1
+    for label in labelValueMap:
+        if (bool(re.match(r'^[a-zA-Z_][A-Za-z0-9_]+$', label))) is False:
+            raise InvalidArgumentValueError("Please format --metric properly. For eg. : --ksm-metric-labels-allow-list \"=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)\" and --ksm-metric-annotations-allow-list \"namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...\"")
+
+
+def validate_ksm_labels(namespace):
+    if namespace.ksm_metric_labels_allow_list is None:
+        return
+    validate_ksm_parameter(namespace.ksm_metric_labels_allow_list)
+
+
+def validate_ksm_annotations(namespace):
+    if namespace.ksm_metric_annotations_allow_list is None:
+        return
+    validate_ksm_parameter(namespace.ksm_metric_annotations_allow_list)
diff --git a/src/aks-preview/azext_aks_preview/addonconfiguration.py b/src/aks-preview/azext_aks_preview/addonconfiguration.py
@@ -224,7 +224,7 @@ def update_addons(cmd,  # pylint: disable=too-many-branches,too-many-statements
                 if addon_profile.enabled and check_enabled:
                     raise CLIError('The monitoring addon is already enabled for this managed cluster.\n'
                                    'To change monitoring configuration, run "az aks disable-addons -a monitoring"'
-                                   'before enabling it again.')
+                                   ' before enabling it again.')
                 if not workspace_resource_id:
                     workspace_resource_id = ensure_default_log_analytics_workspace_for_monitoring(
                         cmd,