Skip to content

Commit 4aaac39

Browse files
author
Soham Dasgupta
committed
Add doc for enabling prometheus addon through policy
1 parent 6dd1590 commit 4aaac39

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

articles/azure-monitor/essentials/prometheus-metrics-enable.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -277,6 +277,41 @@ In this json, `full_resource_id_1` and `full_resource_id_2` were already in the
277277

278278
The final `azureMonitorWorkspaceResourceId` entry is already in the template and is used to link to the Azure Monitor Workspace resource ID provided in the parameters file.
279279

280+
## [Azure Policy](#tab/azurepolicy)
281+
282+
### Prerequisites
283+
284+
- Register the `AKS-PrometheusAddonPreview` feature flag in the Azure Kubernetes clusters subscription with the following command in Azure CLI: `az feature register --namespace Microsoft.ContainerService --name AKS-PrometheusAddonPreview`.
285+
- The Azure Monitor workspace and Azure Managed Grafana workspace must already be created.
286+
287+
### Download Azure policy rules and parameters and deploy
288+
289+
1. Download the main Azure policy rules template from [here](https://aka.ms/AddonPolicyMetricsProfile) and save it as **AddonPolicyMetricsProfile.rules.json**.
290+
2. Download the parameter file from [here](https://aka.ms/AddonPolicyMetricsProfile.parameters) and save it as **AddonPolicyMetricsProfile.parameters.json** in the same directory as the rules template.
291+
3. Create the policy definition using a command like : `az policy definition create --name "(Preview) Prometheus Metrics addon" --display-name "(Preview) Prometheus Metrics addon" --mode Indexed --metadata version=1.0.0 category=Kubernetes --rules .\AddonPolicyMetricsProfile.rules.json --params .\AddonPolicyMetricsProfile.parameters.json`
292+
4. After creating the policy definition, go to Azure portal -> Policy -> Definitions and select the Policy definition you just created.
293+
5. Click on 'Assign' and then go to the 'Parameters' tab and fill in the details. Then click 'Review + Create'.
294+
6. Now that the policy is assigned to the subscription, whenever you create a new cluster which does not have Prometheus enabled, the policy will run and deploy the resources. If you want to apply the policy to existing AKS cluster, create a 'Remediation task' for that AKS cluster resource after going to the 'Policy Assignment'.
295+
7. Now you should see metrics flowing in the existing linked Grafana resource which is linked with the corresponding Azure Monitor Workspace.
296+
297+
In case you create a new Managed Grafana resource from Azure portal, please link it with the corresponding Azure Monitor Workspace from the 'Linked Grafana Workspaces' tab of the relevant Azure Monitor Workspace page. Please assign the role 'Monitoring Data Reader' to the Grafana MSI on the Azure Monitor Workspace resource so that it can read data for displaying the charts, using the instructions below.
298+
299+
1. From the **Overview** page for the Azure Managed Grafana instance in the Azure portal, select **JSON view**.
300+
301+
2. Copy the value of the `principalId` field for the `SystemAssigned` identity.
302+
303+
```json
304+
"identity": {
305+
"principalId": "00000000-0000-0000-0000-000000000000",
306+
"tenantId": "00000000-0000-0000-0000-000000000000",
307+
"type": "SystemAssigned"
308+
},
309+
```
310+
3. From the **Access control (IAM)** page for the Azure Managed Grafana instance in the Azure portal, select **Add** and then **Add role assignment**.
311+
4. Select `Monitoring Data Reader`.
312+
5. Select **Managed identity** and then **Select members**.
313+
6. Select the **system-assigned managed identity** with the `principalId` from the Grafana resource.
314+
7. Click **Select** and then **Review+assign**.
280315

281316
### Deploy template
282317

0 commit comments

Comments
 (0)