promitor-agent-scraper unable to scraper Metrics

[veerareddylucky]

Based on [https://github.com//issues/2218] we are trying to scraper Metrics using workload identity but is giving an error as following
Failed to scrape resource for metric 'azure_virtual_network_ddos_attack'
Promitor.Integrations.AzureMonitor.Exceptions.MetricNotFoundException: The metric 'IfUnderDDoSAttack' was not found
at Promitor.Integrations.AzureMonitor.AzureMonitorClient.QueryMetricAsync(String metricName, List1 metricDimensions, AggregationType aggregationType, TimeSpan aggregationInterval, String resourceId, String metricFilter, Nullable1 metricLimit) in /src/Promitor.Integrations.AzureMonitor/AzureMonitorClient.cs:line 90
at Promitor.Core.Scraping.AzureMonitorScraper1.ScrapeResourceAsync(String subscriptionId, ScrapeDefinition1 scrapeDefinition, TResourceDefinition resourceDefinition, AggregationType aggregationType, TimeSpan aggregationInterval) in /src/Promitor.Core.Scraping/AzureMonitorScraper.cs:line 55
at Promitor.Core.Scraping.Scraper1.ScrapeAsync(ScrapeDefinition1 scrapeDefinition) in /src/Promitor.Core.Scraping/Scraper.cs:line 79
Following my configuration file `

Default values for promitor-agent-scraper.

This is a YAML-formatted file.

replicaCount: 1

nameOverride: ""
fullnameOverride: ""

image:
repository: containers.promitor.io/tomkerkhove/promitor-agent-scraper
pullPolicy: Always
pullSecrets: []
tag:

azureAuthentication:
appId: "" # [Deprecated] Prefer identity.id
appKey: "" # [Deprecated] Prefer identity.key
mode: "UserAssignedManagedIdentity"
identity:
id: "xxxx-xxxxx-xxxx-xxxxx"
key: ""
binding: ""
metricSinks:
atlassianStatuspage:
enabled: false
pageId: ""
apiKey: ""
systemMetricMapping: []
# - id:
# promitorMetricName:
openTelemetryCollector:
enabled: false
collectorUri: ""
prometheusScrapingEndpoint:
enabled: true
baseUriPath: /metrics
enableMetricTimestamps: true
metricUnavailableValue: NaN
labelTransformation: None
enableServiceDiscovery: true
serviceMonitor:
enabled: false
namespace: ""
labels: {}
interval: 60s
timeout: 10s
metricRelabelings: []
relabelings: []
statsd:
enabled: false
host: ""
port: 8125
metricPrefix: ""
prometheusRule:
enabled: false
namespace: ""
additionalLabels: {}
interval: ""
rules: []
# Sample rule below. Can also use templated strings with some limitations regarding possible line length: go-yaml/yaml#166
# To prevent Helm from messing up the rules on fields > 80 characters you can use yaml literal style as shown below.
# - alert: PromitorRemainingArmCalls
# expr: |
# promitor_ratelimit_arm{service="{{ template "promitor-agent-scraper.name" . }}"} < 11999
# for: 5m
# labels:
# severity: warning
# annotations:
# description: |
# Service {{ template "promitor-agent-scraper.name" . }} currently reports {{ "{{ $value }}" }} remaining calls before Azure Resource Manager throttles us.
# summary: Azure Resource Manager may throttle us soon.
resourceDiscovery:
enabled: false
host: ""
port: 80
telemetry:
defaultLogLevel: "Error"
applicationInsights:
enabled: false
key: ""
logLevel: ""
containerLogs:
enabled: true
logLevel: ""

Metric Declaration YAML

azureMetadata:
tenantId: "xxxxx-xxxx-xxxxx-xxxxx"
subscriptionId: "xxxxx-xxxx-xxxxx-xxxxx"
resourceGroupName: xxxxx-xxxx-xxxxx-xxxxx
cloud: "Global"
metricDefaults:
aggregation:
interval: 00:05:00
scraping:
schedule: "*/5 * * * *"
metrics:

• name: azure_virtual_network_ddos_attack
  description: "Indication whether or not there is a DDOS attack on the Azure Virtual Network"
  resourceType: VirtualNetwork
  azureMetricConfiguration:
  metricName: IfUnderDDoSAttack
  aggregation:
  type: Maximum
  resources:
  • virtualNetworkName: test-vnet
    azureMonitor:
    logging:
    enabled: true
    logLevel:
    integration:
    history:
    startingFromInHours:

deployment:
env:
extra: []
# - name: AZURE_STORAGE_QUEUE_SAS_TOKEN
# valueFrom:
# secretKeyRef:
# name: azure-storage-queue
# key: sas-token

secrets:

To use your own secret, set createSecret to false and define the name/keys that your secret uses

createSecret: true
secretName: ""
appKeySecret: azure-app-key
atlassianStatuspageApiKey: atlassian-statuspage-apikey
extra: {}

service:
port: 8888

By default this pod is running as a non-root user.

If you choose targetPort <1024 it will fail to start.

targetPort: 5000
loadBalancer:
enabled: true
azure:
dnsPrefix:
exposeInternally: true

health:
readiness:
enabled: true
verifyDependencies: false
delay: 5
interval: 5
timeoutSeconds: 1
thresholds:
failure: 3
success: 1
liveness:
enabled: true
verifyDependencies: false
delay: 5
interval: 30
timeoutSeconds: 1
thresholds:
failure: 3
success: 1

affinity: {}

podLabels:
azure.workload.identity/use: "true"
annotations:
azure.workload.identity/inject-proxy-sidecar: "true"
azure.workload.identity/proxy-sidecar-port: "8080"

priorityClassName: ""

resources: {}

limits:

cpu: 100m

memory: 128Mi

requests:

cpu: 100m

memory: 128Mi

Role-based access control

https://kubernetes.io/docs/reference/access-authn-authz/rbac/

rbac:

If true, create & use RBAC resources

create: true

If true, create & use Pod Security Policy resources

ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/

podSecurityPolicyEnabled: false

Service Account for pods

ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

serviceAccount:
## Specifies whether a service account should be created
create: false

## The name of the service account to use if create is false
## If create is true, a name is generated using the fullname template
name: workload-identity-sa
annotations: {}

## Set this to true if you plan on using Pod Security Policy
automountServiceAccountToken: false

nodeSelector: {}

securityContext and containerSecurityContext are using secure defaults.

Only override if you have a good reason to.

securityContext:
enabled: true
runAsGroup: 10000
runAsNonRoot: true
runAsUser: 10000
seccompProfile:
type: RuntimeDefault

containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
enabled: true
privileged: false
readOnlyRootFilesystem: true

tolerations: []

Pass extra volumeMounts to the promitor container

extraVolumeMounts: []

- name: secrets-store-inline

mountPath: "/mnt/promitor-secrets"

readOnly: true

Pass extra volumes to the promitor deployment

extraVolumes: []

- name: secrets-store-inline

csi:

driver: secrets-store.csi.k8s.io

readOnly: true

volumeAttributes:

secretProviderClass: "promitor-secrets"

`