You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-monitor/containers/kubernetes-monitoring-private-link.md
+6-9Lines changed: 6 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,7 +32,7 @@ If your AKS cluster isn't in the same region as your Azure Monitor workspace, th
32
32
:::image type="content" source="media/kubernetes-monitoring-private-link/azure-monitor-workspace-data-collection-rule.png" alt-text="A screenshot show the data collection rules page for an Azure Monitor workspace." lightbox="media/kubernetes-monitoring-private-link/azure-monitor-workspace-data-collection-rule.png" :::
33
33
34
34
35
-
## Ingestion from a private AKS cluster
35
+
###Ingestion from a private AKS cluster
36
36
By default, a private AKS cluster can send data to Managed Prometheus and your Azure Monitor workspace over the public network using a public Data Collection Endpoint.
37
37
38
38
If you choose to use an Azure Firewall to limit the egress from your cluster, you can implement one of the following:
@@ -42,7 +42,7 @@ If you choose to use an Azure Firewall to limit the egress from your cluster, yo
42
42
-`*.ingest.monitor.azure.com`
43
43
- Enable the Azure Firewall to access the Azure Monitor Private Link scope and DCE that's used for data ingestion.
44
44
45
-
## Private link ingestion for remote write
45
+
###Private link ingestion for remote write
46
46
Use the following steps to set up remote write for a Kubernetes cluster over a private link virtual network and an Azure Monitor Private Link scope.
47
47
48
48
1. Create your Azure virtual network.
@@ -63,10 +63,7 @@ Data for Container insights, is stored in a [Log Analytics workspace](../logs/lo
63
63
64
64
### Cluster using managed identity authentication
65
65
66
-
67
-
### Existing AKS Cluster
68
-
69
-
**Use default Log Analytics workspace**
66
+
**Existing AKS cluster with default Log Analytics workspace**
70
67
71
68
```azurecli
72
69
az aks enable-addons --addon monitoring --name <cluster-name> --resource-group <cluster-resource-group-name> --ampls-resource-id "<azure-monitor-private-link-scope-resource-id>"
@@ -78,7 +75,7 @@ Example:
78
75
az aks enable-addons --addon monitoring --name "my-cluster" --resource-group "my-resource-group" --workspace-resource-id "/subscriptions/my-subscription/resourceGroups/my-resource-group/providers/Microsoft.OperationalInsights/workspaces/my-workspace" --ampls-resource-id "/subscriptions/my-subscription /resourceGroups/my-resource-group/providers/microsoft.insights/privatelinkscopes/my-ampls-resource"
79
76
```
80
77
81
-
**Use existing Log Analytics workspace**
78
+
**Existing AKS cluster with existing Log Analytics workspace**
82
79
83
80
```azurecli
84
81
az aks enable-addons --addon monitoring --name <cluster-name> --resource-group <cluster-resource-group-name> --workspace-resource-id <workspace-resource-id> --ampls-resource-id "<azure-monitor-private-link-scope-resource-id>"
@@ -90,7 +87,7 @@ Example:
90
87
az aks enable-addons --addon monitoring --name "my-cluster" --resource-group "my-resource-group" --workspace-resource-id "/subscriptions/my-subscription/resourceGroups/my-resource-group/providers/Microsoft.OperationalInsights/workspaces/my-workspace" --ampls-resource-id "/subscriptions/my-subscription /resourceGroups/ my-resource-group/providers/microsoft.insights/privatelinkscopes/my-ampls-resource"
91
88
```
92
89
93
-
### New AKS cluster
90
+
**New AKS cluster**
94
91
95
92
```azurecli
96
93
az aks create --resource-group rgName --name clusterName --enable-addons monitoring --workspace-resource-id "workspaceResourceId" --ampls-resource-id "azure-monitor-private-link-scope-resource-id"
@@ -103,7 +100,7 @@ az aks create --resource-group "my-resource-group" --name "my-cluster" --enabl
103
100
```
104
101
105
102
106
-
## Cluster using legacy authentication
103
+
###Cluster using legacy authentication
107
104
Use the following procedures to enable network isolation by connecting your cluster to the Log Analytics workspace using [Azure Private Link](../logs/private-link-security.md) if your cluster is not using managed identity authentication. This requires a [private AKS cluster](/azure/aks/private-clusters).
108
105
109
106
1. Create a private AKS cluster following the guidance in [Create a private Azure Kubernetes Service cluster](/azure/aks/private-clusters).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments