Skip to content

ama-logs deployment and test in dev clusters #1625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zanejohnson-azure merged 20 commits into from
Apr 6, 2026
Merged

ama-logs deployment and test in dev clusters #1625

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
f404bad
feat: CI agent auto-deploy pipeline with e2e testing
zanejohnson-azure Mar 19, 2026
8c58fc6
simplify feature support
zanejohnson-azure Mar 19, 2026
bf2c196
clean up
zanejohnson-azure Mar 19, 2026
c8f57c1
minor fix
zanejohnson-azure Mar 19, 2026
94f7b2e
separate win and linux image
zanejohnson-azure Mar 19, 2026
63ed3d6
temporarily disable trivy failure
zanejohnson-azure Mar 20, 2026
cadf2d6
fix typo
zanejohnson-azure Mar 20, 2026
02fb781
fix imageRepository var
zanejohnson-azure Mar 20, 2026
1b91fe8
temp test
zanejohnson-azure Mar 20, 2026
fd8b687
temp test
zanejohnson-azure Mar 20, 2026
8cd773f
temp test
zanejohnson-azure Mar 20, 2026
5cabe38
tmp switch branch for test scripts
zanejohnson-azure Mar 20, 2026
2eb48ba
law id fix
zanejohnson-azure Mar 20, 2026
ecd4a3b
clean up
zanejohnson-azure Mar 20, 2026
e615f10
remove fast test setup
zanejohnson-azure Mar 20, 2026
d293b23
udpate prod release for helm template change
zanejohnson-azure Mar 20, 2026
9335a97
clean up
zanejohnson-azure Apr 3, 2026
dffa132
ignore cve temporarily to unblock merge
zanejohnson-azure Apr 3, 2026
152085d
set up condition that trigger the test
zanejohnson-azure Apr 4, 2026
57d864f
bypass cve
zanejohnson-azure Apr 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions .pipelines/azure_pipeline_mergedbranches.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
- ES365AIMigrationTooling
stages:
- stage: stage
displayName: 'Build and Publish Container Images'
jobs:
- job: common
pool:
Expand Down Expand Up @@ -881,3 +882,74 @@
FileDirPath: '$(Build.ArtifactStagingDirectory)'
DisableRemediation: false
AcceptableOutdatedSignatureInHours: 72

- stage: Deploy_and_Test_Images_In_Dev_Clusters
Comment thread
zanejohnson-azure marked this conversation as resolved.
displayName: Deploy and Test Images in Dev Clusters
lockBehavior: sequential
dependsOn:
- stage
condition: |
and(eq(dependencies.stage.result, 'Succeeded'), eq(variables.IS_PR, false), eq(variables.IS_MAIN_BRANCH, true))
variables:
# Override the helm chart's default image repository (/azuremonitor/containerinsights/ciprod) to use cidev
ImageRepositoryOverride: '/azuremonitor/containerinsights/cidev'
# Use image tags built from the previous build stage
linuxImageTagUnderTest: $[stageDependencies.stage.common.outputs['setup.linuxImagetag']]
windowsImageTagUnderTest: $[stageDependencies.stage.common.outputs['setup.windowsImageTag']]
jobs:
# TODO: remomve the two temp cluster and add more clusters from test automation framework when the tests are stable

Check notice

Code scanning / devskim

A "TODO" or similar was left in source code, possibly indicating incomplete functionality Note

Suspicious comment
# ============================================================
# Cluster 1: zane-test — Deploy via Helm
# ============================================================
- template: /.pipelines/helm-deploy-templates/ama-logs-helm-deploy.yaml@self
parameters:
clusterName: 'zane-test'
resourceGroup: 'zane-test'
region: 'westus2'
subscriptionId: $(CI_BUILD_SUB_ID)
workspaceId: $(ZANE_TEST_LA2_LAW_ID) # zane-test-la2
amalogsLinuxImage: $(linuxImageTagUnderTest)
amalogsWindowsImage: $(windowsImageTagUnderTest)
imageRepository: $(ImageRepositoryOverride)
environment: 'CI-Agent-Dev'
azureSubscription: 'ContainerInsights_Build_Subscription_CI'

# Cluster 1: zane-test — Run E2E Tests
- template: /.pipelines/e2e-test-templates/test-ci-image-in-aks-cluster.yml@self
parameters:
clusterName: 'zane-test'
resourceGroup: 'zane-test'
azureSubscription: 'ContainerInsights_Build_Subscription_CI'
environmentName: 'CI-Agent-Dev'
dependsOnDeployJob: 'Deploy_AmaLogs_zane_test'
azureClientId: $(ZANE_TEST_CLIENT_ID)
azureTenantId: $(CI_BUILD_AZURE_TENANT_ID)
teamsWebhookUri: $(TeamsWebhookUri)

# ============================================================
# Cluster 2: zane-test2 — Deploy via Helm
# ============================================================
- template: /.pipelines/helm-deploy-templates/ama-logs-helm-deploy.yaml@self
parameters:
clusterName: 'zane-test2'
resourceGroup: 'zane-test'
region: 'centralus'
subscriptionId: $(CI_BUILD_SUB_ID)
workspaceId: $(ZANE_TEST_LA2_LAW_ID) # zane-test2-la2
amalogsLinuxImage: $(linuxImageTagUnderTest)
amalogsWindowsImage: $(windowsImageTagUnderTest)
imageRepository: $(ImageRepositoryOverride)
environment: 'CI-Agent-Dev2'
azureSubscription: 'ContainerInsights_Build_Subscription_CI'

# Cluster 2: zane-test2 — Run E2E Tests
- template: /.pipelines/e2e-test-templates/test-ci-image-in-aks-cluster.yml@self
parameters:
clusterName: 'zane-test2'
resourceGroup: 'zane-test'
azureSubscription: 'ContainerInsights_Build_Subscription_CI'
environmentName: 'CI-Agent-Dev2'
dependsOnDeployJob: 'Deploy_AmaLogs_zane_test2'
azureClientId: $(ZANE_TEST2_CLIENT_ID)
azureTenantId: $(CI_BUILD_AZURE_TENANT_ID)
teamsWebhookUri: $(TeamsWebhookUri)
10 changes: 6 additions & 4 deletions .pipelines/ci-aks-prod-release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -481,7 +481,7 @@ extends:
# Stage 3: Deploy ama-logs to AKS Clusters via Helm
# =============================================================================
# To add a new cluster, simply add an entry to the template list below.
# Each cluster only needs: clusterName, resourceGroup, region, subscriptionId, workspaceId, and imageTag.
# Each cluster only needs: clusterName, resourceGroup, region, subscriptionId, workspaceId, amalogsLinuxImage, and amalogsWindowsImage.
Comment thread
rashmichandrashekar marked this conversation as resolved.
# =============================================================================
- stage: Stage_3
displayName: Deploy ama-logs to CI AKS Prod Clusters via Helm
Expand All @@ -499,7 +499,8 @@ extends:
region: 'westcentralus'
subscriptionId: '9b96ebbd-c57a-42d1-bbe9-b69296e4c7fb'
workspaceId: '22f38e11-4f59-480c-b4b8-2573156b6e06' # "Monitoring-Model-Cluster-WCUS"
imageTag: '$(AgentImageTagSuffix)'
amalogsLinuxImage: '$(AgentImageTagSuffix)'
amalogsWindowsImage: 'win-$(AgentImageTagSuffix)'
environment: 'CI-Deploy-To-Prod-Cluster-1'
# Monitoring-Model-Cluster-WEU
- template: .pipelines/helm-deploy-templates/ama-logs-helm-deploy.yaml@self
Expand All @@ -509,5 +510,6 @@ extends:
region: 'westeurope'
subscriptionId: '9b96ebbd-c57a-42d1-bbe9-b69296e4c7fb'
workspaceId: '5c269467-32a9-4468-a1d6-ec1cac551e74' # "Monitoring-Model-Cluster-WEU"
imageTag: '$(AgentImageTagSuffix)'
environment: 'CI-Deploy-To-Prod-Cluster-2'
amalogsLinuxImage: '$(AgentImageTagSuffix)'
amalogsWindowsImage: 'win-$(AgentImageTagSuffix)'
environment: 'CI-Deploy-To-Prod-Cluster-2'
115 changes: 115 additions & 0 deletions .pipelines/e2e-test-templates/test-ci-image-in-aks-cluster.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
parameters:
- name: clusterName
type: string
- name: resourceGroup
type: string
- name: azureSubscription
type: string
default: 'ContainerInsights_Build_Subscription_CI'
- name: environmentName
type: string
- name: dependsOnDeployJob
type: string
displayName: 'Name of the deploy job this test depends on (e.g., Deploy_AmaLogs_zane_test)'
- name: azureClientId
type: string
- name: azureTenantId
type: string
- name: teamsWebhookUri
type: string
default: '$(TeamsWebhookUri)'
- name: additionalTestParams
type: string
default: ''

jobs:
- deployment: Test_${{ replace(parameters.clusterName, '-', '_') }}
displayName: 'Test: ${{ parameters.clusterName }}'
environment: ${{ parameters.environmentName }}
dependsOn: ${{ parameters.dependsOnDeployJob }}
pool:
name: Azure-Pipelines-CI-Test-EO
image: ci-1es-managed-ubuntu-2204
os: linux
variables:
skipComponentGovernanceDetection: true
strategy:
runOnce:
deploy:
steps:
- checkout: self
persistCredentials: true

- script: |
set -euo pipefail
echo "Ensuring kubectl is installed"
if ! command -v kubectl >/dev/null 2>&1; then
echo "Installing kubectl"
sudo az aks install-cli
else
echo "kubectl already installed: $(kubectl version --client --short || true)"
fi
displayName: 'Install kubectl'

- task: AzureCLI@2
displayName: 'Get credentials for ${{ parameters.clusterName }}'
inputs:
azureSubscription: ${{ parameters.azureSubscription }}
scriptLocation: 'inlineScript'
scriptType: 'bash'
inlineScript: 'az aks get-credentials -g ${{ parameters.resourceGroup }} -n ${{ parameters.clusterName }}'

- task: Bash@3
displayName: 'Wait for logs to be ingested into Log Analytics (20 min)'
inputs:
targetType: 'inline'
script: |
echo "========================================"
echo "Waiting for Log Analytics Ingestion"
echo "========================================"
echo "Cluster: ${{ parameters.clusterName }}"
echo ""
echo "Waiting 10 minutes to allow logs to be ingested..."
echo "This ensures queries will find logs from the newly deployed containers."
echo ""

wait_time=600
interval=60
elapsed=0

while [ $elapsed -lt $wait_time ]; do
remaining=$((wait_time - elapsed))
minutes_elapsed=$((elapsed / 60))
minutes_remaining=$((remaining / 60))
echo "⏳ Waiting... ($minutes_elapsed/$((wait_time / 60)) minutes elapsed, $minutes_remaining minutes remaining)"
sleep $interval
elapsed=$((elapsed + interval))
done

echo ""
echo "✓ Wait complete! Logs should now be available in Log Analytics."
echo "========================================"

- bash: |
echo "Running tests for cluster: ${{ parameters.clusterName }}"

chmod +x ./install-and-execute-testkube-tests.sh
./install-and-execute-testkube-tests.sh \
AzureClientId=${{ parameters.azureClientId }} \
AzureTenantId=${{ parameters.azureTenantId }} \
TeamsWebhookUri=${{ parameters.teamsWebhookUri }} \
${{ parameters.additionalTestParams }}
workingDirectory: $(Build.SourcesDirectory)/test/testkube/
displayName: 'Install Testkube and run E2E tests'

# Log completion
- bash: |
echo "========================================="
echo "TEST COMPLETE"
echo "========================================="
echo "Cluster: ${{ parameters.clusterName }}"
echo "Build ID: $(Build.BuildId)"
echo "✓ Testing finished for: ${{ parameters.clusterName }}"
echo "========================================="
displayName: 'Test Completion'
condition: always()
34 changes: 18 additions & 16 deletions .pipelines/helm-deploy-templates/ama-logs-helm-deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@
# parameters:
# clusterName: 'my-cluster'
# resourceGroup: 'my-rg'
# region: 'eastus'
# subscriptionId: '9b96ebbd-c57a-42d1-bbe9-b69296e4c7fb'
Comment thread
zanejohnson-azure marked this conversation as resolved.
# region: e.g. 'eastus'
# subscriptionId: 'your-subscription-id'
# workspaceId: 'your-workspace-id'
# imageTag: '$(AgentImageTagSuffix)' # e.g., 3.1.32
# amalogsLinuxImage: "ama-logs linux image tag"
# amalogsWindowsImage: "ama-logs windows image tag"
# environment: 'deployment environment'

parameters:
Expand All @@ -23,9 +24,16 @@ parameters:
- name: workspaceId
type: string
displayName: 'Log Analytics Workspace ID'
- name: imageTag
- name: amalogsLinuxImage
Comment thread
zanejohnson-azure marked this conversation as resolved.
type: string
displayName: 'Image tag suffix (e.g., 3.1.32)'
- name: amalogsWindowsImage
type: string
displayName: 'Image tag suffix (e.g., win-3.1.32)'
- name: imageRepository
Comment thread
zanejohnson-azure marked this conversation as resolved.
type: string
default: '/azuremonitor/containerinsights/ciprod'
displayName: 'Image repository path (e.g., /azuremonitor/containerinsights/ciprod or /azuremonitor/containerinsights/cidev)'
- name: environment
type: string
displayName: 'Azure DevOps Environment name'
Expand All @@ -34,9 +42,6 @@ parameters:
- name: cloudEnvironment
type: string
default: 'azurepubliccloud'
- name: kubernetesVersion
Comment thread
zanejohnson-azure marked this conversation as resolved.
type: string
default: '1.32.7'
- name: azureSubscription
type: string
default: 'ContainerInsights_Build_Subscription_CI'
Expand All @@ -46,9 +51,6 @@ parameters:
- name: releaseName
type: string
default: 'azuremonitor-containers'
- name: helmVersion
Comment thread
zanejohnson-azure marked this conversation as resolved.
type: string
default: '3.12.3'
- name: dependsOn
type: object
default: []
Expand Down Expand Up @@ -83,7 +85,7 @@ jobs:
- task: HelmInstaller@1
displayName: Install Helm
inputs:
helmVersionToInstall: '${{ parameters.helmVersion }}'
helmVersionToInstall: 'latest'
- task: HelmDeploy@0
displayName: 'Helm Deploy: ama-logs to ${{ parameters.clusterName }}'
inputs:
Expand All @@ -99,7 +101,7 @@ jobs:
# TODO: When it is merged to ci_prod, the following chartPath will be updated accordingly.
chartPath: '$(Build.SourcesDirectory)/charts/azuremonitor-containerinsights-for-prod-clusters'
releaseName: '${{ parameters.releaseName }}'
overrideValues: 'global.commonGlobals.CloudEnvironment=${{ parameters.cloudEnvironment }},global.commonGlobals.Region=${{ parameters.region }},OmsAgent.aksResourceID=$(AKS_RESOURCE_ID),OmsAgent.workspaceID=${{ parameters.workspaceId }},OmsAgent.imageTagLinux=${{ parameters.imageTag }},OmsAgent.imageTagWindows=win-${{ parameters.imageTag }}'
overrideValues: 'global.commonGlobals.CloudEnvironment=${{ parameters.cloudEnvironment }},global.commonGlobals.Region=${{ parameters.region }},OmsAgent.aksResourceID=$(AKS_RESOURCE_ID),OmsAgent.workspaceID=${{ parameters.workspaceId }},OmsAgent.imageRepository=${{ parameters.imageRepository }},OmsAgent.imageTagLinux=${{ parameters.amalogsLinuxImage }},OmsAgent.imageTagWindows=${{ parameters.amalogsWindowsImage }}'
waitForExecution: false
arguments: '--timeout 10m --install'
- task: AzureCLI@2
Expand All @@ -115,8 +117,8 @@ jobs:
echo "Cluster: ${{ parameters.clusterName }}"
echo "Resource Group: ${{ parameters.resourceGroup }}"
echo "Region: ${{ parameters.region }}"
echo "Linux Image Tag: ${{ parameters.imageTag }}"
echo "Windows Image Tag: win-${{ parameters.imageTag }}"
echo "Linux Image Tag: ${{ parameters.amalogsLinuxImage }}"
echo "Windows Image Tag: ${{ parameters.amalogsWindowsImage }}"
echo ""

echo "Getting AKS credentials..."
Expand Down Expand Up @@ -151,8 +153,8 @@ jobs:
echo "=========================================="
echo "Image Verification"
echo "=========================================="
EXPECTED_LINUX_TAG="${{ parameters.imageTag }}"
EXPECTED_WINDOWS_TAG="win-${{ parameters.imageTag }}"
EXPECTED_LINUX_TAG="${{ parameters.amalogsLinuxImage }}"
EXPECTED_WINDOWS_TAG="${{ parameters.amalogsWindowsImage }}"
VERIFICATION_PASSED=true

echo "Expected Linux image tag: $EXPECTED_LINUX_TAG"
Expand Down
28 changes: 27 additions & 1 deletion .trivyignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,28 @@
# to merge trivy scan PR, temporarily ignore CVE-2026-24051 until a fix is available
CVE-2026-24051
CVE-2026-24051

# to unblock PR merge
# go dependencies - temporarily ignore until upstream fixes are available
CVE-2026-32287
CVE-2026-34040
CVE-2026-33997
CVE-2026-27889
CVE-2026-29785
CVE-2026-33216
CVE-2026-33217
CVE-2026-33218
CVE-2026-33247
CVE-2026-33215
CVE-2026-33219
CVE-2026-33222
CVE-2026-33223
CVE-2026-33246
CVE-2026-33248
CVE-2026-33249
CVE-2026-33186
CVE-2026-25679
CVE-2026-27142

# to unblock PR merge
# opt/telegraf (gobinary)
CVE-2026-34986
10 changes: 5 additions & 5 deletions charts/azuremonitor-containerinsights-for-prod-clusters/templates/ama-logs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -533,7 +533,7 @@ spec:
- NET_RAW
{{- end }}
- name: ama-logs
image: "{{ template "addon_mcr_repository_base" $ }}/azuremonitor/containerinsights/ciprod:{{- default $amalogsLinuxDefaultImageTag $.Values.OmsAgent.imageTagLinux -}}"
image: "{{ template "addon_mcr_repository_base" $ }}{{ $.Values.OmsAgent.imageRepository | default "/azuremonitor/containerinsights/ciprod" }}:{{- default $amalogsLinuxDefaultImageTag $.Values.OmsAgent.imageTagLinux -}}"
Comment thread
zanejohnson-azure marked this conversation as resolved.
{{- if $.Values.OmsAgent.isImagePullPolicyAlways }}
imagePullPolicy: Always
{{- else }}
Expand Down Expand Up @@ -715,7 +715,7 @@ spec:
{{- end }}
{{- if and (not $.Values.OmsAgent.isPrometheusMetricsScrapingDisabled) $.Values.OmsAgent.isSidecarScrapingEnabled }}
- name: ama-logs-prometheus
image: "{{ template "addon_mcr_repository_base" $ }}/azuremonitor/containerinsights/ciprod:{{- default $amalogsLinuxDefaultImageTag $.Values.OmsAgent.imageTagLinux -}}"
image: "{{ template "addon_mcr_repository_base" $ }}{{ $.Values.OmsAgent.imageRepository | default "/azuremonitor/containerinsights/ciprod" }}:{{- default $amalogsLinuxDefaultImageTag $.Values.OmsAgent.imageTagLinux -}}"
{{- if $.Values.OmsAgent.isImagePullPolicyAlways }}
imagePullPolicy: Always
{{- else }}
Expand Down Expand Up @@ -1084,7 +1084,7 @@ spec:
- NET_RAW
{{- end }}
- name: ama-logs
image: "{{ template "addon_mcr_repository_base" . }}/azuremonitor/containerinsights/ciprod:{{- default $amalogsLinuxDefaultImageTag .Values.OmsAgent.imageTagLinux -}}"
image: "{{ template "addon_mcr_repository_base" . }}{{ .Values.OmsAgent.imageRepository | default "/azuremonitor/containerinsights/ciprod" }}:{{- default $amalogsLinuxDefaultImageTag .Values.OmsAgent.imageTagLinux -}}"
{{- if .Values.OmsAgent.isImagePullPolicyAlways }}
imagePullPolicy: Always
{{- else }}
Expand Down Expand Up @@ -1364,7 +1364,7 @@ spec:
value: "3"
containers:
- name: ama-logs-windows
image: "{{ template "addon_mcr_repository_base" . }}/azuremonitor/containerinsights/ciprod:{{- default $amalogsWindowsDefaultImageTag .Values.OmsAgent.imageTagWindows -}}"
image: "{{ template "addon_mcr_repository_base" . }}{{ .Values.OmsAgent.imageRepository | default "/azuremonitor/containerinsights/ciprod" }}:{{- default $amalogsWindowsDefaultImageTag .Values.OmsAgent.imageTagWindows -}}"
{{- if .Values.OmsAgent.isImagePullPolicyAlways }}
imagePullPolicy: Always
{{- else }}
Expand Down Expand Up @@ -1777,7 +1777,7 @@ spec:
- NET_ADMIN
- NET_RAW
- name: ama-logs
image: "{{ template "addon_mcr_repository_base" . }}/azuremonitor/containerinsights/ciprod:{{- default $amalogsLinuxDefaultImageTag .Values.OmsAgent.imageTagLinux -}}"
image: "{{ template "addon_mcr_repository_base" . }}{{ .Values.OmsAgent.imageRepository | default "/azuremonitor/containerinsights/ciprod" }}:{{- default $amalogsLinuxDefaultImageTag .Values.OmsAgent.imageTagLinux -}}"
{{- if .Values.OmsAgent.isImagePullPolicyAlways }}
imagePullPolicy: Always
{{- else }}
Expand Down
Loading
Loading