AKS KubeletStats Receiver config (#1773)

* AKS KubeletStats Receiver config

Signed-off-by: Dani Louca <[email protected]>

Author: dloucasfx

.chloggen/kubeletAKS.yaml

@@ -0,0 +1,13 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+# The name of the component, or a single word describing the area of concern, (e.g. agent, clusterReceiver, gateway, operator, chart, other)
+component: agent
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Configure AKS KubeletStats receiver to use the appropriate CA file. For more information, see the following link
+  https://github.com/signalfx/splunk-otel-collector-chart/blob/main/docs/advanced-configuration.md#aks-kubeletstats-receiver
+# One or more tracking issues related to the change
+issues: [1773]
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

docs/advanced-configuration.md

@@ -62,6 +62,32 @@ scrape additional metadata. The supported options are:
 
 This value can be omitted if none of the values apply.
 
+## AKS KubeletStats Receiver
+
+Unlike other Kubernetes distributions, `AKS` does not generate the kubelet’s
+self-signed certificate using the Certificate Authority that issues the
+kube-apiserver certificate, `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`
+and it only adds the node name in its certificate Subject Alternative Name.
+
+When `distribution` is set to `aks`, the chart automatically sets the custom `ca_file`
+option to `/hostfs/etc/kubernetes/certs/kubeletserver.crt` and uses the node name in
+its endpoint.
+
+For custom setups (e.g., custom certificates, Windows nodes, or Linux nodes with virtual network using custom DNS),
+adjust `ca_file` and use the node IP instead.
+If you don't have access to the CA file, add `insecure_skip_verify: true` to the `kubeletstats` receiver config.
+
+```yaml
+agent:
+  config:
+    receivers:
+      kubeletstats:
+        ca_file: <Path to custom CA file>
+        endpoint: ${K8S_NODE_IP}:10255
+```
+
+
+
 ## Deployment environment
 
 Optional `environment` parameter can be used to specify an additional `deployment.environment`

examples/distribution-aks/rendered_manifests/configmap-agent.yaml

@@ -164,8 +164,9 @@ data:
             endpoint: 0.0.0.0:14268
       kubeletstats:
         auth_type: serviceAccount
+        ca_file: /hostfs/etc/kubernetes/certs/kubeletserver.crt
         collection_interval: 10s
-        endpoint: ${K8S_NODE_IP}:10250
+        endpoint: ${K8S_NODE_NAME}:10250
         extra_metadata_labels:
         - container.id
         metric_groups:

examples/distribution-aks/rendered_manifests/daemonset.yaml

@@ -32,7 +32,7 @@ spec:
         component: otel-collector-agent
         release: default
       annotations:
-        checksum/config: 4450d109fdc1562316ee72cb051a34ebfc50188fa0fd19373f5bb7a838bdfe5f
+        checksum/config: c2ecd4ea42969f8a53213e82d901735533d759c1f46238c4c4b48bed124f89d9
         kubectl.kubernetes.io/default-container: otel-collector
     spec:
       hostNetwork: true

helm-charts/splunk-otel-collector/templates/config/_otel-agent.tpl

@@ -381,6 +381,10 @@ receivers:
     # use the read-only endpoint instead.
     auth_type: none
     endpoint: ${K8S_NODE_IP}:10255
+    {{ else if eq .Values.distribution "aks" }}
+    ca_file: "/hostfs/etc/kubernetes/certs/kubeletserver.crt"
+    endpoint: ${K8S_NODE_NAME}:10250
+    auth_type: serviceAccount
     {{- else }}
     auth_type: serviceAccount
     endpoint: ${K8S_NODE_IP}:10250