|
| 1 | +--- |
| 2 | +title: Monitor AKS hybrid clusters |
| 3 | +ms.date: 01/10/2023 |
| 4 | +ms.topic: article |
| 5 | +author: austonli |
| 6 | +ms.author: aul |
| 7 | +description: Collect metrics and logs of AKS hybrid clusters using Azure Monitor. |
| 8 | +ms.reviewer: aul |
| 9 | +--- |
| 10 | + |
| 11 | +# Azure Monitor container insights for Azure Kubernetes Service (AKS) hybrid clusters (preview) |
| 12 | + |
| 13 | +>[!NOTE] |
| 14 | +>Support for monitoring AKS hybrid clusters is currently in preview. We recommend only using preview features in safe testing environments. |
| 15 | +
|
| 16 | +[Azure Monitor container insights](./container-insights-overview.md) provides a rich monitoring experience for [AKS hybrid clusters (preview)](/azure/aks/hybrid/aks-hybrid-options-overview). This article describes how to set up Container insights to monitor an AKS hybrid cluster. |
| 17 | + |
| 18 | +## Supported configurations |
| 19 | + |
| 20 | +- Azure Monitor container insights supports monitoring only Linux containers. |
| 21 | + |
| 22 | +## Prerequisites |
| 23 | + |
| 24 | +- Pre-requisites listed under the [generic cluster extensions documentation](../../azure-arc/kubernetes/extensions.md#prerequisites). |
| 25 | +- Log Analytics workspace. Azure Monitor Container Insights supports a Log Analytics workspace in the regions listed under Azure [products by region page](https://azure.microsoft.com/global-infrastructure/services/?regions=all&products=monitor). You can create your own workspace using [Azure Resource Manager](../logs/resource-manager-workspace.md), [PowerShell](../logs/powershell-workspace-configuration.md), or [Azure portal](../logs/quick-create-workspace.md). |
| 26 | +- [Contributor](../../role-based-access-control/built-in-roles.md#contributor) role assignment on the Azure subscription containing the Azure Arc-enabled Kubernetes resource. If the Log Analytics workspace is in a different subscription, then [Log Analytics Contributor](../logs/manage-access.md#azure-rbac) role assignment is needed on the Log Analytics workspace. |
| 27 | +- To view the monitoring data, you need to have [Log Analytics Reader](../logs/manage-access.md#azure-rbac) role assignment on the Log Analytics workspace. |
| 28 | +- The following endpoints need to be enabled for outbound access in addition to the ones mentioned under [connecting a Kubernetes cluster to Azure Arc](../../azure-arc/kubernetes/quickstart-connect-cluster.md#meet-network-requirements). |
| 29 | +- Azure CLI version 2.43.0 or higher |
| 30 | +- Azure k8s-extension version 1.3.7 or higher |
| 31 | +- Azure Resource-graph version 2.1.0 |
| 32 | + |
| 33 | +## Onboarding |
| 34 | + |
| 35 | +## [CLI](#tab/create-cli) |
| 36 | + |
| 37 | +```acli |
| 38 | +az login |
| 39 | +
|
| 40 | +az account set --subscription <cluster-subscription-name> |
| 41 | +
|
| 42 | +az k8s-extension create --name azuremonitor-containers --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type provisionedclusters --cluster-resource-provider "microsoft.hybridcontainerservice" --extension-type Microsoft.AzureMonitor.Containers --configuration-settings amalogs.useAADAuth=true |
| 43 | +``` |
| 44 | +## [Azure portal](#tab/create-portal) |
| 45 | + |
| 46 | +### Onboarding from the AKS hybrid resource pane |
| 47 | + |
| 48 | +1. In the Azure portal, select the AKS hybrid cluster that you wish to monitor. |
| 49 | + |
| 50 | +2. From the resource pane on the left, select the 'Insights' item under the 'Monitoring' section. |
| 51 | + |
| 52 | +3. On the onboarding page, select the 'Configure Azure Monitor' button |
| 53 | + |
| 54 | +4. You can now choose the [Log Analytics workspace](../logs/quick-create-workspace.md) to send your metrics and logs data to. |
| 55 | + |
| 56 | +5. Select the 'Configure' button to deploy the Azure Monitor Container Insights cluster extension. |
| 57 | + |
| 58 | +### Onboarding from Azure Monitor pane |
| 59 | + |
| 60 | +1. In the Azure portal, navigate to the 'Monitor' pane, and select the 'Containers' option under the 'Insights' menu. |
| 61 | + |
| 62 | +2. Select the 'Unmonitored clusters' tab to view the AKS hybrid clusters that you can enable monitoring for. |
| 63 | + |
| 64 | +3. Click on the 'Enable' link next to the cluster that you want to enable monitoring for. |
| 65 | + |
| 66 | +4. Choose the Log Analytics workspace. |
| 67 | + |
| 68 | +5. Select the 'Configure' button to continue. |
| 69 | + |
| 70 | + |
| 71 | +## [Resource Manager](#tab/create-arm) |
| 72 | + |
| 73 | +1. Download the Azure Resource Manager Template and Parameter files |
| 74 | + |
| 75 | +```bash |
| 76 | +curl -L https://aka.ms/existingClusterOnboarding.json -o existingClusterOnboarding.json |
| 77 | +``` |
| 78 | + |
| 79 | +```bash |
| 80 | +curl -L https://aka.ms/existingClusterParam.json -o existingClusterParam.json |
| 81 | +``` |
| 82 | + |
| 83 | +2. Edit the values in the parameter file. |
| 84 | + |
| 85 | + - For clusterResourceId and clusterRegion, use the values on the Overview page for the LCM cluster |
| 86 | + - For workspaceResourceId, use the resource ID of your Log Analytics workspace |
| 87 | + - For workspaceRegion, use the Location of your Log Analytics workspace |
| 88 | + - For workspaceDomain, use the workspace domain value as “opinsights.azure.com” for public cloud and for Azure China cloud as “opinsights.azure.cn” |
| 89 | + - For resourceTagValues, leave as empty if not specific |
| 90 | + |
| 91 | +3. Deploy the ARM template |
| 92 | + |
| 93 | +```azurecli |
| 94 | +az login |
| 95 | +
|
| 96 | +az account set --subscription <cluster-subscription-name> |
| 97 | +
|
| 98 | +az deployment group create --resource-group <resource-group> --template-file ./existingClusterOnboarding.json --parameters existingClusterParam.json |
| 99 | +``` |
| 100 | +--- |
| 101 | + |
| 102 | +## Validation |
| 103 | + |
| 104 | +### Extension details |
| 105 | + |
| 106 | +Showing the extension details: |
| 107 | + |
| 108 | +```azcli |
| 109 | +az k8s-extension list --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type provisionedclusters --cluster-resource-provider "microsoft.hybridcontainerservice" |
| 110 | +``` |
| 111 | + |
| 112 | + |
| 113 | +## Delete extension |
| 114 | + |
| 115 | +The command for deleting the extension: |
| 116 | + |
| 117 | +```azcli |
| 118 | +az k8s-extension delete --cluster-name <cluster-name> --resource-group <resource-group> --cluster-type provisionedclusters --cluster-resource-provider "microsoft.hybridcontainerservice" --name azuremonitor-containers --yes |
| 119 | +``` |
| 120 | + |
| 121 | +## Known Issues/Limitations |
| 122 | + |
| 123 | +- Windows containers are not supported currently |
0 commit comments