Application topology

CHANGELOG.md

@@ -1,5 +1,25 @@
 # Change Log
 
+# 2025-06-09
+
+### Added
+- Introduced a new DaemonSet that uses eBPF (Extended Berkeley Packet Filter) to capture TCP connection logs, enabling visualization of application-level communication within the Kubernetes cluster.
+- OCI Console integration supporting new features:
+  - **Network View:** Dynamically discover and visualize workload-to-workload communication within the cluster.
+  - **Infrastructure View:** Visualize OKE infrastructure components such as Subnets, Load Balancers, Nodes, and their interactions.
+  - **Kubernetes Spec Change Detection (View Insights):** Monitor changes/diffs of 50+ key properties across primary Kubernetes workload types:
+    - DaemonSet
+    - Deployment
+    - ReplicaSet
+    - StatefulSet
+    - CronJob & Job
+    - Exclusion: Managed workloads (ex - A Job created via a CronJob) are not tracked
+
+  **Note:** Additional enhancements and features are available in the OCI Console beyond those listed here. Please refer to the OCI Log Analytics Release Notes for more details.
+
+### Changed
+- `kubernetesClusterID` (in the Helm chart) is now a mandatory field. *(This is not backward compatible.)*
+- Updated resource limits for Log Analytics pods and workloads.
 
 ## 2025-03-19
 ### Added

charts/logan/Chart.yaml

@@ -5,7 +5,7 @@ apiVersion: v2
 name: oci-onm-logan
 description: Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Objects information to OCI Logging Analytics.
 type: application
-version: 3.6.0
+version: 4.0.0
 appVersion: "3.0.0"
 
 dependencies:

charts/logan/templates/_helpers.tpl

@@ -1,5 +1,5 @@
 
-# Copyright (c) 2023, 2024, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2025, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 # tpl render function
@@ -43,6 +43,11 @@
   {{- end -}}
 {{- end -}}
 
+#ociLAClusterEntityID
+{{- define "logan.ociLAClusterEntityID" -}}
+  {{ include "common.tplvalues.render" ( dict "value" .Values.ociLAClusterEntityID "context" .) }}
+{{- end -}}
+
 #kubernetesClusterName
 {{- define "logan.kubernetesClusterName" -}}
   {{- if .Values.kubernetesClusterName -}}

charts/logan/templates/discovery-cronjob.yaml

@@ -1,3 +1,5 @@
+# Copyright (c) 2025, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 {{- $authtype := .Values.authtype | lower }}
 {{- $resourceNamePrefix := .Values.global.resourceNamePrefix }}
 {{- $kubernetesClusterName := (include "logan.kubernetesClusterName" .) }}

charts/logan/templates/fluentd-daemonset.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2023, 2024, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2025, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 ---
@@ -69,7 +69,9 @@ spec:
           {{- if .Values.extraEnv }}
           {{- toYaml .Values.extraEnv | nindent 10 }}
           {{- end }}
-        {{- if .Values.resources }}
+        {{- if .Values.resourceOverrides.fluentdDaemonset }}
+        resources: {{- toYaml .Values.resourceOverrides.fluentdDaemonset | nindent 10 }}
+        {{- else if .Values.resources }}
         resources: {{- toYaml .Values.resources | nindent 10 }}
         {{- end }}
         volumeMounts:

charts/logan/templates/fluentd-deployment.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2023, 2024, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2025, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 ---
@@ -61,7 +61,9 @@ spec:
           {{- if .Values.extraEnv }}
           {{- toYaml .Values.extraEnv | nindent 10 }}
           {{- end }}
-        {{- if .Values.resources }}
+        {{- if .Values.resourceOverrides.fluentdDeployment }}
+        resources: {{- toYaml .Values.resourceOverrides.fluentdDeployment | nindent 10 }}
+        {{- else if .Values.resources }}
         resources: {{- toYaml .Values.resources | nindent 10 }}
         {{- end }}
         volumeMounts:

charts/logan/templates/logs-configmap.yaml

@@ -1,8 +1,9 @@
-# Copyright (c) 2023, 2024, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2025, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
-
+---
 {{- $kubernetesClusterName := (include "logan.kubernetesClusterName" .) }}
 {{- $kubernetesClusterId := (include "logan.kubernetesClusterId" .) }}
+{{- $ociLAClusterEntityID := (include "logan.ociLAClusterEntityID" .) }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -86,12 +87,16 @@ data:
        @type record_transformer
        enable_ruby true
        <record>
+       {{- if eq $name "tcpconnect" }}
+       oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}", "Kubernetes Cluster Entity ID": "{{ $ociLAClusterEntityID }}" {{- range $k, $v := $logDefinition.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}}
+       {{- else }}
        {{- if $logDefinition.metadata }}
        oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}" {{- range $k, $v := $logDefinition.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}}
        {{- else if $.Values.fluentd.kubernetesSystem.metadata }}
        oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}" {{- range $k, $v := $.Values.fluentd.kubernetesSystem.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}}
        {{- else }}
        oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}" {{- range $k, $v := $.Values.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}}
+       {{- end -}}
        {{- end }}
        {{- if $logDefinition.ociLALogGroupID }}
        oci_la_log_group_id "{{ $logDefinition.ociLALogGroupID }}"

charts/logan/templates/tcpconnect-daemonset.yaml

@@ -0,0 +1,75 @@
+# Copyright (c) 2025, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+---
+{{- if .Values.enableTCPConnectLogs }}
+{{- $authtype := .Values.authtype | lower }}
+{{- $imagePullSecrets := .Values.image.imagePullSecrets }}
+{{- $resourceNamePrefix := (include "logan.resourceNamePrefix" .) }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ $resourceNamePrefix }}-logan-tcpconnect
+  namespace: {{ include "logan.namespace" . }}
+  labels:
+    app: {{ $resourceNamePrefix }}-logan-tcpconnect
+    version: v1
+spec:
+  selector:
+    matchLabels:
+      app: {{ $resourceNamePrefix }}-logan-tcpconnect
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: {{ $resourceNamePrefix }}-logan-tcpconnect
+        version: v1
+    spec:
+      serviceAccountName: {{ include "logan.serviceAccount" . }}
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/control-plane
+        effect: NoSchedule
+      {{- if $imagePullSecrets }}
+      imagePullSecrets:
+      - name: {{ .Values.image.imagePullSecrets }}
+      {{- end}}
+      containers:
+      - name: {{ $resourceNamePrefix }}-logan-tcpconnect
+        image: {{ .Values.image.url }}
+        command:
+        - /bin/bash
+        - -c
+        - --
+        args:
+        - /usr/bin/tcpconnect -e
+        - -i {{ .Values.fluentd.kubernetesSystem.logs.tcpconnect.interval }}
+        env:
+        - name: K8S_NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        {{- if .Values.resourceOverrides.tcpconnectDaemonset }}
+        resources: {{- toYaml .Values.resourceOverrides.tcpconnectDaemonset | nindent 10 }}
+        {{- else if .Values.resources }}
+        resources: {{- toYaml .Values.resources | nindent 10 }}
+        {{- end }}
+        imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
+        # The container runs in privileged mode, but with only the CAP_BPF capability enabled. 
+        # This allows it to execute the required BPF programs while maintaining a minimal security footprint.
+        securityContext:
+          capabilities:
+            add:
+            - CAP_BPF
+          privileged: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        tty: true
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+{{- end }}

charts/logan/values.schema.json

@@ -7,7 +7,8 @@
     "image",
     "ociLANamespace",
     "ociLALogGroupID",
-    "fluentd"
+    "fluentd",
+    "ociLAClusterEntityID"
   ],
   "properties": {
     "image": {
@@ -64,6 +65,9 @@
       "type": "string",
       "minLength": 3,
       "maxLength": 63
+    },
+    "ociLAClusterEntityID": {
+      "type": "string"
     }
   }
 }

charts/logan/values.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2023, 2024, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2025, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 global:
@@ -43,7 +43,7 @@ ociDomain:
 # -- Kubernetes Namespace for deploying monitoring resources deployed by this chart.
 namespace: "{{ .Values.global.namespace }}"
 
-# -- Resoure Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart
+# -- Resource Name Prefix: Wherever allowed, this prefix will be used with all resources used by this chart
 resourceNamePrefix: "{{ .Values.global.resourceNamePrefix }}"
 
 # --  Kubernetes ServiceAccount
@@ -53,7 +53,7 @@ image:
    # Image pull secrets for. Secret must be in the namespace defined by namespace
    imagePullSecrets:
    # -- Replace this value with actual docker image url
-   url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.6.0
+   url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.7.0
    # -- Image pull policy
    imagePullPolicy: Always
 
@@ -82,6 +82,11 @@ ociLAClusterEntityID:
 # In Kubernetes environments where SELinux mode is enforced, set this flag to 'true' to allow fluentd pods to access log files.
 privileged: false
 
+# -- Enables the collection of TCP connect logs.
+# Default: true
+# Warning: Disabling this will prevent automatic discovery of workload-to-workload communication within the cluster.
+enableTCPConnectLogs: true
+
 # -- Enables collection of AWS EKS Control Plane logs through CloudWatch or S3 Fluentd plugin
 enableEKSControlPlaneLogs: false
 
@@ -97,7 +102,7 @@ enableEKSControlPlaneLogs: false
 #   value: ENV_VARIABLE_VALUE
 extraEnv: []
 
-# Requests and limits for Memory and CPU
+# Requests and limits for Memory and CPU [Defaults]
 resources:
    # -- Limits
    limits:
@@ -107,6 +112,33 @@ resources:
       cpu: 100m
       memory: 250Mi
 
+# Requests and limits for Memory and CPU [Overrides]
+resourceOverrides:
+   # Responsible for TCP connection events collection.
+   tcpconnectDaemonset:
+      # -- Resource requests
+      requests:
+         cpu: 10m
+         memory: 50Mi
+   # Responsible for log collection.
+   fluentdDaemonset:
+      # -- Limits
+      limits:
+         memory: 500Mi
+      # -- Resource requests
+      requests:
+         cpu: 100m
+         memory: 250Mi
+   # Responsible for the collection of EKS control plane logs.
+   fluentdDeployment:
+      # -- Limits
+      limits:
+         memory: 500Mi
+      # -- Resource requests
+      requests:
+         cpu: 100m
+         memory: 250Mi
+
 # -- @param extraVolumes Extra volumes.
 # Example:
 #   - name: tmpDir
@@ -364,6 +396,15 @@ fluentd:
             # The regular expression pattern for the starting line in case of multi-line logs.
             multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/
 
+         # Config specific to EBPF TCPCONNECT Network logs collection
+         tcpconnect:
+            # The path to the source files.
+            path: /var/log/containers/*-logan-tcpconnect*.log
+            # Logging Analytics log source to use for parsing and processing the logs: TCP CONNECT Logs
+            ociLALogSourceName: "Kubernetes TCP Connect Logs"
+            # Network logs Polling frequency in seconds
+            interval: 30
+
          # Config specific to Kubernetes Audit Logs Collection
          kube-audit:
             # The path to the source files.
@@ -600,6 +641,7 @@ fluentd:
          - '"/var/log/containers/etcd-*.log"'
          - '"/var/log/containers/kube-controller-manager-*.log"'
          - '"/var/log/containers/kube-scheduler-*.log"'
+         - '"/var/log/containers/*-logan-tcpconnect-*.log"'
       # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0.
       #worker: 1
       # -- To set timezone override for genericContainerLogs (applies only to log records without explicit timezone identifier in the record itself)

charts/oci-onm/Chart.yaml

@@ -18,7 +18,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.6.0
+version: 4.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -32,7 +32,7 @@ dependencies:
   repository: "file://../common"
   condition: oci-onm-common.enabled
 - name: oci-onm-logan
-  version: "3.6.0"
+  version: "4.0.0"
   repository: "file://../logan"
   condition: oci-onm-logan.enabled
 - name: oci-onm-mgmt-agent

charts/oci-onm/values.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2023, 2024, Oracle and/or its affiliates.
+# Copyright (c) 2023, 2025, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 global:
@@ -31,7 +31,7 @@ oci-onm-logan:
   kubernetesClusterID: "{{ .Values.global.kubernetesClusterID }}"
   kubernetesClusterName: "{{ .Values.global.kubernetesClusterName }}"
   image:
-    url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.6.0
+    url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.7.0
   # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value.
   ociLANamespace:
   # OCI Logging Analytics Default Log Group OCID