Enable K8S On Prem (#228)

Makefile

@@ -119,6 +119,32 @@ build-for-docker-arm64:
 	$(LINUX_ARM64_BUILD)/start-amazon-cloudwatch-agent github.com/aws/private-amazon-cloudwatch-agent-staging/cmd/start-amazon-cloudwatch-agent
 	$(LINUX_ARM64_BUILD)/config-translator github.com/aws/private-amazon-cloudwatch-agent-staging/cmd/config-translator
 
+# this is because we docker ignore our build dir
+# even if there is no dir rm -rf will not fail but if there already is a dir mkdir will
+# for local registery you may only load a single platform
+build-for-docker-fast: build-for-docker-amd64 build-for-docker-arm64
+	rm -rf tmp
+	mkdir -p tmp/amd64
+	mkdir -p tmp/arm64
+	cp build/bin/linux_amd64/* tmp/amd64
+	cp build/bin/linux_arm64/* tmp/arm64
+	docker buildx build --platform linux/amd64,linux/arm64 . -f amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localbin/Dockerfile -t amazon-cloudwatch-agent
+	rm -rf tmp
+
+build-for-docker-fast-amd64: build-for-docker-amd64
+	rm -rf tmp
+	mkdir -p tmp/amd64
+	cp build/bin/linux_amd64/* tmp/amd64
+	docker buildx build --platform linux/amd64 . -f amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localbin/Dockerfile -t amazon-cloudwatch-agent --load
+	rm -rf tmp
+
+build-for-docker-fast-arm64: build-for-docker-arm64
+	rm -rf tmp
+	mkdir -p tmp/arm64
+	cp build/bin/linux_arm64/* tmp/arm64
+	docker buildx build --platform linux/arm64 . -f amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localbin/Dockerfile -t amazon-cloudwatch-agent --load
+	rm -rf tmp
+
 install-goimports:
 	GOBIN=$(TOOLS_BIN_DIR) go install golang.org/x/tools/cmd/goimports
 

amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localbin/Dockerfile

@@ -0,0 +1,24 @@
+ARG BUILD_IMAGE=ubuntu:latest
+
+# Install cert and binaries
+FROM $BUILD_IMAGE as build
+
+# Need to repeat the ARG after each FROM
+ARG TARGETARCH
+
+RUN mkdir -p /opt/aws/amazon-cloudwatch-agent/etc
+RUN mkdir -p /opt/aws/amazon-cloudwatch-agent/var
+RUN mkdir -p /opt/aws/amazon-cloudwatch-agent/bin
+COPY tmp/${TARGETARCH} /opt/aws/amazon-cloudwatch-agent/bin
+RUN apt-get update &&  \
+    apt-get install -y ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+FROM scratch
+
+COPY --from=build /tmp /tmp
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build /opt/aws/amazon-cloudwatch-agent /opt/aws/amazon-cloudwatch-agent
+
+ENV RUN_IN_CONTAINER="True"
+ENTRYPOINT ["/opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent"]

amazon-cloudwatch-container-insights/k8s-yaml-templates/cloudwatch-dev-namespace.yaml

@@ -0,0 +1,7 @@
+# create amazon-cloudwatch namespace
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: amazon-cloudwatch-dev
+  labels:
+    name: amazon-cloudwatch-dev

amazon-cloudwatch-container-insights/k8s-yaml-templates/cloudwatch-latest-namespace.yaml

@@ -0,0 +1,7 @@
+# create amazon-cloudwatch namespace
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: amazon-cloudwatch
+  labels:
+    name: amazon-cloudwatch

amazon-cloudwatch-container-insights/k8s-yaml-templates/cwagent-dev-kubernetes-monitoring-onprem/cwagent-configmap.yaml

@@ -0,0 +1,24 @@
+# create configmap for cwagent config
+apiVersion: v1
+data:
+  # Configuration is in Json format. No matter what configure change you make,
+  # please keep the Json blob valid.
+  cwagentconfig.json: |
+    {
+      "agent": {
+        "region": "us-west-2",
+        "debug": true
+      },
+      "logs": {
+        "metrics_collected": {
+          "kubernetes": {
+            "cluster_name": "cwagent-dev-kubernetes-monitoring-onprem"
+          }
+        },
+        "force_flush_interval": 5
+      }
+    }
+kind: ConfigMap
+metadata:
+  name: cwagentconfig
+  namespace: amazon-cloudwatch-dev

amazon-cloudwatch-container-insights/k8s-yaml-templates/cwagent-dev-kubernetes-monitoring-onprem/cwagent-creds-configmap.yaml

@@ -0,0 +1,12 @@
+# create configmap for cwagent creds
+apiVersion: v1
+data:
+  # Configuration is in aws creds format for on prem
+  credentials: |
+    [AmazonCloudWatchAgent]
+    aws_access_key_id = ${your aws_access_key_id}
+    aws_secret_access_key = ${enter you aws_secret_access_key here}
+kind: ConfigMap
+metadata:
+  name: creds
+  namespace: amazon-cloudwatch-dev

amazon-cloudwatch-container-insights/k8s-yaml-templates/cwagent-dev-kubernetes-monitoring-onprem/cwagent-daemonset.yaml

@@ -0,0 +1,97 @@
+# deploy cwagent as daemonset
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: cloudwatch-agent
+  namespace: amazon-cloudwatch-dev
+spec:
+  selector:
+    matchLabels:
+      name: cloudwatch-agent
+  template:
+    metadata:
+      labels:
+        name: cloudwatch-agent
+    spec:
+      containers:
+        - name: cloudwatch-agent
+          image: ${enter your dev image here}
+          imagePullPolicy: Always
+          #ports:
+          #  - containerPort: 8125
+          #    hostPort: 8125
+          #    protocol: UDP
+          resources:
+            limits:
+              cpu:  200m
+              memory: 200Mi
+            requests:
+              cpu: 200m
+              memory: 200Mi
+          # Please don't change below envs
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: HOST_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: CI_VERSION
+              value: "k8s/1.0.1"
+          # Please don't change the mountPath
+          volumeMounts:
+            - name: cwagentconfig
+              mountPath: /etc/cwagentconfig
+            - name: creds
+              mountPath: /root/.aws/credentials
+            - name: rootfs
+              mountPath: /rootfs
+              readOnly: true
+            - name: dockersock
+              mountPath: /var/run/docker.sock
+              readOnly: true
+            - name: varlibdocker
+              mountPath: /var/lib/docker
+              readOnly: true
+            - name: containerdsock
+              mountPath: /run/containerd/containerd.sock
+              readOnly: true
+            - name: sys
+              mountPath: /sys
+              readOnly: true
+            - name: devdisk
+              mountPath: /dev/disk
+              readOnly: true
+      volumes:
+        - name: cwagentconfig
+          configMap:
+            name: cwagentconfig
+        - name: creds
+          configMap:
+            name: creds
+        - name: rootfs
+          hostPath:
+            path: /
+        - name: dockersock
+          hostPath:
+            path: /var/run/docker.sock
+        - name: varlibdocker
+          hostPath:
+            path: /var/lib/docker
+        - name: containerdsock
+          hostPath:
+            path: /run/containerd/containerd.sock
+        - name: sys
+          hostPath:
+            path: /sys
+        - name: devdisk
+          hostPath:
+            path: /dev/disk/
+      terminationGracePeriodSeconds: 60
+      serviceAccountName: cloudwatch-agent

amazon-cloudwatch-container-insights/k8s-yaml-templates/cwagent-dev-kubernetes-monitoring-onprem/cwagent-serviceaccount.yaml

@@ -0,0 +1,46 @@
+# create cwagent service account and role binding
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloudwatch-agent
+  namespace: amazon-cloudwatch-dev
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cloudwatch-agent-role
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "nodes", "endpoints"]
+    verbs: ["list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["replicasets"]
+    verbs: ["list", "watch"]
+  - apiGroups: ["batch"]
+    resources: ["jobs"]
+    verbs: ["list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes/proxy"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["nodes/stats", "configmaps", "events"]
+    verbs: ["create"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["cwagent-clusterleader"]
+    verbs: ["get","update"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cloudwatch-agent-role-binding
+subjects:
+  - kind: ServiceAccount
+    name: cloudwatch-agent
+    namespace: amazon-cloudwatch-dev
+roleRef:
+  kind: ClusterRole
+  name: cloudwatch-agent-role
+  apiGroup: rbac.authorization.k8s.io

amazon-cloudwatch-container-insights/k8s-yaml-templates/cwagent-latest-kubernetes-monitoring-onprem/cwagent-configmap.yaml

@@ -0,0 +1,24 @@
+# create configmap for cwagent config
+apiVersion: v1
+data:
+  # Configuration is in Json format. No matter what configure change you make,
+  # please keep the Json blob valid.
+  cwagentconfig.json: |
+    {
+      "agent": {
+        "region": "us-west-2",
+        "debug": true
+      },
+      "logs": {
+        "metrics_collected": {
+          "kubernetes": {
+            "cluster_name": "cwagent-latest-kubernetes-monitoring-onprem"
+          }
+        },
+        "force_flush_interval": 5
+      }
+    }
+kind: ConfigMap
+metadata:
+  name: cwagentconfig
+  namespace: amazon-cloudwatch

amazon-cloudwatch-container-insights/k8s-yaml-templates/cwagent-latest-kubernetes-monitoring-onprem/cwagent-creds-configmap.yaml

@@ -0,0 +1,12 @@
+# create configmap for cwagent creds
+apiVersion: v1
+data:
+  # Configuration is in aws creds format for on prem
+  credentials: |
+    [AmazonCloudWatchAgent]
+    aws_access_key_id = ${your aws_access_key_id}
+    aws_secret_access_key = ${enter you aws_secret_access_key here}
+kind: ConfigMap
+metadata:
+  name: creds
+  namespace: amazon-cloudwatch