Adding node js implementation

.github/workflows/amazon-cloudwatch-observability-image-scan.yaml

@@ -0,0 +1,84 @@
+name: Run Image Scan for Amazon CloudWatch Observability Helm Chart
+
+on:
+  schedule:
+    - cron: 0 13 * * MON # Every Monday at 1PM UTC (9AM EST)
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  TERRAFORM_AWS_ASSUME_ROLE: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }}
+  AWS_DEFAULT_REGION: us-west-2
+
+jobs:
+  ContainerImageScan:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        container_images:
+          - registry: ".manager.image.repositoryDomainMap.public"
+            repository: ".manager.image.repository"
+            tag: ".manager.image.tag"
+
+          - registry: ".manager.autoInstrumentationImage.java.repositoryDomain"
+            repository: ".manager.autoInstrumentationImage.java.repository"
+            tag: ".manager.autoInstrumentationImage.java.tag"
+
+          - registry: ".manager.autoInstrumentationImage.python.repositoryDomain"
+            repository: ".manager.autoInstrumentationImage.python.repository"
+            tag: ".manager.autoInstrumentationImage.python.tag"
+
+          - registry: ".manager.autoInstrumentationImage.dotnet.repositoryDomain"
+            repository: ".manager.autoInstrumentationImage.dotnet.repository"
+            tag: ".manager.autoInstrumentationImage.dotnet.tag"
+
+          - registry: ".agent.image.repositoryDomainMap.public"
+            repository: ".agent.image.repository"
+            tag: ".agent.image.tag"
+
+          - registry: ".dcgmExporter.image.repositoryDomainMap.public"
+            repository: ".dcgmExporter.image.repository"
+            tag: ".dcgmExporter.image.tag"
+
+          - registry: ".neuronMonitor.image.repositoryDomainMap.public"
+            repository: ".neuronMonitor.image.repository"
+            tag: ".neuronMonitor.image.tag"
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
+
+      - name: "Get image registry"
+        id: registry
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq '${{ matrix.container_images.registry }}' charts/amazon-cloudwatch-observability/values.yaml
+
+      - name: "Get image repository"
+        id: repository
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq '${{ matrix.container_images.repository }}' charts/amazon-cloudwatch-observability/values.yaml
+
+      - name: "Get image tag"
+        id: tag
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq '${{ matrix.container_images.tag }}' charts/amazon-cloudwatch-observability/values.yaml
+
+      - name: "Scan for vulnerabilities"
+        uses: crazy-max/ghaction-container-scan@v3
+        with:
+          image: ${{ steps.registry.outputs.result }}/${{ steps.repository.outputs.result }}:${{ steps.tag.outputs.result }}
+          severity_threshold: HIGH

RELEASE_NOTES

@@ -1,3 +1,50 @@
+=======================================================================
+amazon-cloudwatch-observability v2.0.0 (2024-08-15)
+========================================================================
+Breaking Changes:
+* Enforce default requests and limits for auto instrumentation init containers
+
+Enhancements:
+* Allow configurable requests and limits for auto instrumentation init containers (#65)
+* Restructure resources configurations for AppSignals (#80)
+* Upgrade CWAgent to v1.300044.0
+* Upgrade CWAgent Operator to v1.6.0
+* Upgrade .Net SDK to v1.2.0
+* Upgrade FluentBit for Linux to 2.32.2.20240627
+
+=======================================================================
+amazon-cloudwatch-observability v1.10.0 (2024-07-30)
+========================================================================
+New Features:
+* Adding support for .Net auto instrumentation for Application Signals (#64)
+
+Enhancements:
+* Upgrade CWAgent Operator to v1.5.0
+
+=======================================================================
+amazon-cloudwatch-observability v1.9.0 (2024-07-22)
+========================================================================
+Bug Fixes:
+* Add nodeAffinity rule to not spin up resources on Fargate instances (#58)
+* Increase the default memory limit of DCGM Exporter to 500Mi to fix OOM crashing issue (#67)
+
+Enhancements:
+* Support parameterized resources configuration (#63)
+* Upgrade Java SDK to v1.32.3
+* Upgrade Python SDK to v0.3.0
+* Upgrade CWAgent to v1.300042.1
+
+=======================================================================
+amazon-cloudwatch-observability v1.8.0 (2024-07-02)
+========================================================================
+Bug Fixes:
+* Add GOMEMLIMIT environment variable for Neuron Monitor to fix OOM crash issue (#56)
+
+Enhancements:
+* Update Windows Fluent-Bit configuration to export Kubelet and kube-proxy service logs to host log group (#45)
+* Upgrade CWAgent Operator to v1.4.1
+* Upgrade CWAgent to v1.300041.0
+
 =======================================================================
 amazon-cloudwatch-observability v1.7.0 (2024-05-23)
 ========================================================================

charts/amazon-cloudwatch-observability/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: amazon-cloudwatch-observability
-version: 1.7.0
+version: 2.0.0
 appVersion: 1.0.0
 description: A Helm chart for Amazon CloudWatch Observability
 type: application

charts/amazon-cloudwatch-observability/templates/_helpers.tpl

@@ -161,6 +161,14 @@ Get the current recommended auto instrumentation nodejs image
 {{- printf "%s/%s:%s" .Values.manager.autoInstrumentationImage.nodejs.repositoryDomain .Values.manager.autoInstrumentationImage.nodejs.repository .Values.manager.autoInstrumentationImage.nodejs.tag -}}
 {{- end -}}
 
+{{/*
+Get the current recommended auto instrumentation dotnet image
+*/}}
+{{- define "auto-instrumentation-dotnet.image" -}}
+{{- printf "%s/%s:%s" .Values.manager.autoInstrumentationImage.dotnet.repositoryDomain .Values.manager.autoInstrumentationImage.dotnet.repository .Values.manager.autoInstrumentationImage.dotnet.tag -}}
+{{- end -}}
+
+
 {{/*
 Common labels
 */}}
@@ -240,4 +248,4 @@ Define the default service name
 */}}
 {{- define "amazon-cloudwatch-observability.webhookServiceName" -}}
 {{- default (printf "%s-webhook-service" (include "amazon-cloudwatch-observability.name" .)) .Values.manager.service.name }}
-{{- end -}}
+{{- end -}}

charts/amazon-cloudwatch-observability/templates/linux/cloudwatch-agent-daemonset.yaml

@@ -30,18 +30,24 @@ spec:
   nodeSelector:
     kubernetes.io/os: linux
   serviceAccount: {{ template "cloudwatch-agent.serviceAccountName" . }}
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: {{ .Values.fargateLabelKey }}
+                operator: NotIn
+                values:
+                  - fargate
+  hostNetwork: true
   {{- if .Values.agent.config }}
   config: {{ include "cloudwatch-agent.modify-config" (merge (dict "Config" .Values.agent.config) . ) }}
   {{- else }}
   config: {{ include "cloudwatch-agent.modify-config" (merge (dict "Config" .Values.agent.defaultConfig) . ) }}
   {{- end }}
-  resources:
-    requests:
-      memory: "128Mi"
-      cpu: "250m"
-    limits:
-      memory: "512Mi"
-      cpu: "500m"
+  {{- with .Values.agent.resources }}
+  resources: {{- toYaml . | nindent 4}}
+  {{- end }}
   volumeMounts:
   - mountPath: /rootfs
     name: rootfs

charts/amazon-cloudwatch-observability/templates/linux/dcgm-exporter-daemonset.yaml

@@ -15,17 +15,17 @@ spec:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
-        - matchExpressions:
-          - key: {{ .Values.nodeLabelKey }}
-            operator: In
-            values: {{ .Values.gpuInstances | toYaml | nindent 16 }}
-  resources:
-    requests:
-      cpu: 250m
-      memory: 128Mi
-    limits:
-      cpu: 500m
-      memory: 250Mi
+          - matchExpressions:
+              - key: {{ .Values.nodeLabelKey }}
+                operator: In
+                values: {{ .Values.gpuInstances | toYaml | nindent 16 }}
+              - key: {{ .Values.fargateLabelKey }}
+                operator: NotIn
+                values:
+                  - fargate
+  {{- with .Values.dcgmExporter.resources }}
+  resources: {{- toYaml . | nindent 4}}
+  {{- end }}
   env:
   - name: "DCGM_EXPORTER_KUBERNETES"
     value: "true"

charts/amazon-cloudwatch-observability/templates/linux/fluent-bit-daemonset.yaml

@@ -47,13 +47,9 @@ spec:
               fieldPath: metadata.name
         - name: CI_VERSION
           value: "k8s/1.3.17"
-        resources:
-          limits:
-            cpu: 500m
-            memory: 250Mi
-          requests:
-            cpu: 50m
-            memory: 25Mi
+        {{- with .Values.containerLogs.fluentBit.resources }}
+        resources: {{- toYaml . | nindent 10}}
+        {{- end }}
         volumeMounts:
         # Please don't change below read-only permissions
         - name: fluentbitstate
@@ -95,6 +91,15 @@ spec:
         hostPath:
           path: /var/log/dmesg
       serviceAccountName: {{ template "cloudwatch-agent.serviceAccountName" . }}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: {{ .Values.fargateLabelKey }}
+                    operator: NotIn
+                    values:
+                      - fargate
       nodeSelector:
         kubernetes.io/os: linux
       {{- with .Values.tolerations }}

charts/amazon-cloudwatch-observability/templates/linux/neuron-monitor-daemonset.yaml

@@ -14,32 +14,34 @@ spec:
       requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
           - matchExpressions:
-            - key: kubernetes.io/os
-              operator: In
-              values:
-                - linux
-            - key: {{ .Values.nodeLabelKey }}
-              operator: In
-              values: {{ .Values.neuronInstances | toYaml | nindent 20 }}
-  resources:
-    limits:
-      cpu: 500m
-      memory: 256Mi
-    requests:
-      cpu: 256m
-      memory: 128Mi
+              - key: kubernetes.io/os
+                operator: In
+                values:
+                  - linux
+              - key: {{ .Values.nodeLabelKey }}
+                operator: In
+                values: {{ .Values.neuronInstances | toYaml | nindent 20 }}
+              - key: {{ .Values.fargateLabelKey }}
+                operator: NotIn
+                values:
+                  - fargate
+  {{- with .Values.neuronMonitor.resources }}
+  resources: {{- toYaml . | nindent 4}}
+  {{- end }}
   env:
   - name: NODE_NAME
     valueFrom:
       fieldRef:
         fieldPath: spec.nodeName
   - name: PATH
     value: /usr/local/bin:/usr/bin:/bin:/opt/aws/neuron/bin
+  - name: GOMEMLIMIT
+    value: 160MiB
   ports:
   - name: "metrics"
     port: {{ .Values.neuronMonitor.service.port }}
   command:
-  - "/opt/bin/entrypoint.sh"
+    - "/opt/bin/entrypoint.sh"
   args:
     port: "{{ .Values.neuronMonitor.service.port }}"
     cert-file: "/etc/amazon-cloudwatch-observability-neuron-cert/server.crt"

charts/amazon-cloudwatch-observability/templates/operator-deployment.yaml

@@ -26,10 +26,12 @@ spec:
       containers:
       - image: {{ template "cloudwatch-agent-operator.image" . }}
         args:
+        - {{ printf "--auto-instrumentation-config=%s" (dict "java" (.Values.manager.autoInstrumentationResources.java) "python" (.Values.manager.autoInstrumentationResources.python) "dotnet" (.Values.manager.autoInstrumentationResources.dotnet) "nodejs" (.Values.manager.autoInstrumentationResources.nodejs) | toJson) | quote }}
         - {{ printf "--auto-annotation-config=%s" (.Values.manager.autoAnnotateAutoInstrumentation | toJson) | quote }}
         - "--auto-instrumentation-java-image={{ template "auto-instrumentation-java.image" . }}"
         - "--auto-instrumentation-python-image={{ template "auto-instrumentation-python.image" . }}"
         - "--auto-instrumentation-nodejs-image={{ template "auto-instrumentation-nodejs.image" . }}"
+        - "--auto-instrumentation-dotnet-image={{ template "auto-instrumentation-dotnet.image" . }}"
         - "--feature-gates=operator.autoinstrumentation.multi-instrumentation,operator.autoinstrumentation.multi-instrumentation.skip-container-validation"
         command:
         - /manager
@@ -38,7 +40,7 @@ spec:
         - containerPort: {{ .Values.manager.ports.containerPort }}
           name: webhook-server
           protocol: TCP
-        resources: {{ toYaml .Values.manager.resources | nindent 12 }}
+        resources: {{ toYaml .Values.manager.resources | nindent 10 }}
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert

charts/amazon-cloudwatch-observability/templates/windows/cloudwatch-agent-windows-daemonset.yaml

@@ -19,13 +19,9 @@ spec:
   nodeSelector:
     kubernetes.io/os: windows
   config: {{ .Values.agent.windowsDefaultConfig | toJson | quote }}
-  resources:
-    requests:
-      memory: "128Mi"
-      cpu: "250m"
-    limits:
-      memory: "512Mi"
-      cpu: "500m"
+  {{- with .Values.agent.resources }}
+  resources: {{- toYaml . | nindent 4}}
+  {{- end }}
   env:
   - name: K8S_NODE_NAME
     valueFrom:

charts/amazon-cloudwatch-observability/templates/windows/fluent-bit-windows-daemonset.yaml

@@ -53,13 +53,9 @@ spec:
               fieldPath: metadata.name
         - name: CI_VERSION
           value: "k8s/1.3.17"
-        resources:
-          limits:
-            cpu: 500m
-            memory: 600Mi
-          requests:
-            cpu: 300m
-            memory: 300Mi
+        {{- with .Values.containerLogs.fluentBit.resources }}
+        resources: {{- toYaml . | nindent 10}}
+        {{- end }}
         volumeMounts:
           - name: fluent-bit-config
             mountPath: fluent-bit\configuration\