Skip to content

Release 4.6.0 #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Release 4.6.0 #249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4788d0f
Add ability to configure operator webhooks (#238)
duhminick Sep 18, 2025
df9ddbc
Revert "Remove arm instances from dcgmExporter nodeAffinity selector …
movence Sep 22, 2025
53ff937
Added PV, PVC and Ingress permissions to cluster role (#236)
aadam19 Sep 24, 2025
8548733
release v4.5.0
movence Sep 24, 2025
6826865
[FluentBit] Use systemd plugins for retrieving host logs (#247)
zhihonl Oct 15, 2025
af81e87
release v4.6.0
sky333999 Oct 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/amazon-cloudwatch-observability-integration-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -213,4 +213,4 @@ jobs:
retry_wait_seconds: 5
command: |
cd integration-tests/amazon-cloudwatch-observability/terraform/eks/windows
terraform destroy --auto-approve
terraform destroy --auto-approve
22 changes: 22 additions & 0 deletions RELEASE_NOTES
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,25 @@
=======================================================================
amazon-cloudwatch-observability v4.6.0 (2025-10-16)
=======================================================================
Enhancements:
* Upgrade CWAgent Operator to v3.3.0
* Upgrade FluentBit to v3.0.0
* Update FluentBit config to use systemd plugin for retrieving host logs

=======================================================================
amazon-cloudwatch-observability v4.5.0 (2025-09-24)
=======================================================================
Enhancements:
* Support custom configurations for admission webhook with managed resources
* Support ARM GPU instances with DCGM Exporter
* Upgrade CWAgent to v1.300060.0b1248
* Upgrade CWAgent Operator to v3.2.0
* Upgrade Fluent Bit to v2.34.0
* Upgrade Java SDK to v2.11.5
* Upgrade .NET SDK to v1.9.1
* Upgrade DCGM Exporter to 4.4.0-4.5.0-ubuntu22.04
* Upgrade Neuron Monitor to v1.6.0

=======================================================================
amazon-cloudwatch-observability v4.4.0 (2025-09-04)
=======================================================================
Expand Down
2 changes: 1 addition & 1 deletion charts/amazon-cloudwatch-observability/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: amazon-cloudwatch-observability
version: 4.4.0
version: 4.6.0
appVersion: 1.0.0
description: A Helm chart for Amazon CloudWatch Observability
type: application
Expand Down
53 changes: 53 additions & 0 deletions charts/amazon-cloudwatch-observability/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -320,3 +320,56 @@ Define the default service name
{{- define "amazon-cloudwatch-observability.webhookServiceName" -}}
{{- default (printf "%s-webhook-service" (include "amazon-cloudwatch-observability.name" .)) .Values.manager.service.name }}
{{- end -}}

{{/*
Check if a specific admission webhook is enabled
*/}}
{{- define "amazon-cloudwatch-observability.isWebhookEnabled" -}}
{{- $ctx := index . 0 -}}
{{- $webhook := index . 1 -}}
{{- $webhookConfig := index $ctx.Values.admissionWebhooks $webhook -}}
{{- if hasKey $webhookConfig "create" -}}
{{- if $webhookConfig.create }}true{{- end -}}
{{- else -}}
{{- if $ctx.Values.admissionWebhooks.create }}true{{- end -}}
{{- end -}}
{{- end -}}

{{/*
Check if any admission webhook is enabled
*/}}
{{- define "amazon-cloudwatch-observability.webhookEnabled" -}}
{{- $webhooks := list "agents" "instrumentations" "pods" "workloads" "namespaces" -}}
{{- range $webhook := $webhooks -}}
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list $ $webhook) -}}
true
{{- break -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{/*
Get namespaceSelector value for admission webhooks
*/}}
{{- define "amazon-cloudwatch-observability.namespaceSelector" -}}
{{- $ctx := index . 0 -}}
{{- $webhook := index . 1 -}}
{{- $webhookConfig := index $ctx.Values.admissionWebhooks $webhook -}}
{{- if and (hasKey $webhookConfig "namespaceSelector") (ne $webhookConfig.namespaceSelector nil) -}}
{{- $selector := $webhookConfig.namespaceSelector -}}
{{- if $selector -}}
{{- toYaml $selector | nindent 4 -}}
{{- else -}}
{}
{{- end -}}
{{- else -}}
{{- $selector := $ctx.Values.admissionWebhooks.namespaceSelector -}}
{{- if $selector -}}
{{- toYaml $selector | nindent 4 -}}
{{- else -}}
{}
{{- end -}}
{{- end -}}
{{- end -}}


133 changes: 62 additions & 71 deletions ...dwatch-observability/templates/admission-webhooks/operator-webhook-with-cert-manager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and (.Values.admissionWebhooks.create) (.Values.admissionWebhooks.certManager.enabled) }}
{{- if and (.Values.admissionWebhooks.certManager.enabled) (include "amazon-cloudwatch-observability.webhookEnabled" .) }}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
Expand All @@ -8,23 +8,21 @@ metadata:
{{- include "amazon-cloudwatch-observability.labels" . | nindent 4}}
name: {{ template "amazon-cloudwatch-observability.name" . }}-mutating-webhook-configuration
webhooks:
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list . "instrumentations") }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-cloudwatch-aws-amazon-com-v1alpha1-instrumentation
failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
failurePolicy: {{ .Values.admissionWebhooks.instrumentations.failurePolicy | default .Values.admissionWebhooks.failurePolicy }}
name: minstrumentation.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
namespaceSelector: {{ include "amazon-cloudwatch-observability.namespaceSelector" (list . "instrumentations") }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- cloudwatch.aws.amazon.com
Expand All @@ -37,23 +35,22 @@ webhooks:
- instrumentations
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list . "agents") }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-cloudwatch-aws-amazon-com-v1alpha1-amazoncloudwatchagent
failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
failurePolicy: {{ .Values.admissionWebhooks.agents.failurePolicy | default .Values.admissionWebhooks.failurePolicy }}
name: mamazoncloudwatchagent.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
namespaceSelector: {{ include "amazon-cloudwatch-observability.namespaceSelector" (list . "agents") }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- cloudwatch.aws.amazon.com
Expand All @@ -66,23 +63,22 @@ webhooks:
- amazoncloudwatchagents
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list . "pods") }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-pod
failurePolicy: {{ .Values.admissionWebhooks.pods.failurePolicy }}
failurePolicy: {{ .Values.admissionWebhooks.pods.failurePolicy | default .Values.admissionWebhooks.failurePolicy }}
name: mpod.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
namespaceSelector: {{ include "amazon-cloudwatch-observability.namespaceSelector" (list . "pods") }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- ""
Expand All @@ -95,23 +91,22 @@ webhooks:
- pods
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list . "namespaces") }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-namespace
failurePolicy: {{ .Values.admissionWebhooks.pods.failurePolicy }}
failurePolicy: {{ .Values.admissionWebhooks.namespaces.failurePolicy | default .Values.admissionWebhooks.pods.failurePolicy | default .Values.admissionWebhooks.failurePolicy }}
name: mnamespace.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
namespaceSelector: {{ include "amazon-cloudwatch-observability.namespaceSelector" (list . "namespaces") }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- ""
Expand All @@ -124,23 +119,22 @@ webhooks:
- namespaces
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list . "workloads") }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-workload
failurePolicy: {{ .Values.admissionWebhooks.pods.failurePolicy }}
failurePolicy: {{ .Values.admissionWebhooks.workloads.failurePolicy | default .Values.admissionWebhooks.pods.failurePolicy | default .Values.admissionWebhooks.failurePolicy }}
name: mworkload.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
namespaceSelector: {{ include "amazon-cloudwatch-observability.namespaceSelector" (list . "workloads") }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- apps
Expand All @@ -155,6 +149,7 @@ webhooks:
- statefulsets
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
{{- end }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
Expand All @@ -165,23 +160,21 @@ metadata:
{{- include "amazon-cloudwatch-observability.labels" . | nindent 4}}
name: {{ template "amazon-cloudwatch-observability.name" . }}-validating-webhook-configuration
webhooks:
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list . "instrumentations") }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate-cloudwatch-aws-amazon-com-v1alpha1-instrumentation
failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
failurePolicy: {{ .Values.admissionWebhooks.instrumentations.failurePolicy | default .Values.admissionWebhooks.failurePolicy }}
name: vinstrumentationcreateupdate.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
namespaceSelector: {{ include "amazon-cloudwatch-observability.namespaceSelector" (list . "instrumentations") }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- cloudwatch.aws.amazon.com
Expand All @@ -194,6 +187,8 @@ webhooks:
- instrumentations
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list . "instrumentations") }}
- admissionReviewVersions:
- v1
clientConfig:
Expand All @@ -203,14 +198,11 @@ webhooks:
path: /validate-cloudwatch-aws-amazon-com-v1alpha1-instrumentation
failurePolicy: Ignore
name: vinstrumentationdelete.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
namespaceSelector: {{ include "amazon-cloudwatch-observability.namespaceSelector" (list . "instrumentations") }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- cloudwatch.aws.amazon.com
Expand All @@ -222,23 +214,22 @@ webhooks:
- instrumentations
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list . "agents") }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /validate-cloudwatch-aws-amazon-com-v1alpha1-amazoncloudwatchagent
failurePolicy: {{ .Values.admissionWebhooks.failurePolicy }}
failurePolicy: {{ .Values.admissionWebhooks.agents.failurePolicy | default .Values.admissionWebhooks.failurePolicy }}
name: vamazoncloudwatchagentcreateupdate.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
namespaceSelector: {{ include "amazon-cloudwatch-observability.namespaceSelector" (list . "agents") }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- cloudwatch.aws.amazon.com
Expand All @@ -251,6 +242,8 @@ webhooks:
- amazoncloudwatchagents
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- if include "amazon-cloudwatch-observability.isWebhookEnabled" (list . "agents") }}
- admissionReviewVersions:
- v1
clientConfig:
Expand All @@ -260,14 +253,11 @@ webhooks:
path: /validate-cloudwatch-aws-amazon-com-v1alpha1-amazoncloudwatchagent
failurePolicy: Ignore
name: vamazoncloudwatchagentdelete.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
namespaceSelector: {{ include "amazon-cloudwatch-observability.namespaceSelector" (list . "agents") }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- cloudwatch.aws.amazon.com
Expand All @@ -280,3 +270,4 @@ webhooks:
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
{{- end }}
{{- end }}
Loading