Merge pull request #283935 from bwren/ci-high-scale

Container insights high scale mode

Author: Stacyrch140

articles/azure-monitor/containers/container-insights-data-collection-configure.md

@@ -195,7 +195,7 @@ The following table describes the parameters you need to provide values for in e
 | `dataCollectionInterval` | Determines how often the agent collects data.  Valid values are 1m - 30m in 1m intervals The default value is 1m. If the value is outside the allowed range, then it defaults to *1 m*. |
 | `namespaceFilteringModeForDataCollection` | *Include*: Collects only data from the values in the *namespaces* field.<br>*Exclude*: Collects data from all namespaces except for the values in the *namespaces* field.<br>*Off*: Ignores any *namespace* selections and collect data on all namespaces.
 | `namespacesForDataCollection` | Array of comma separated Kubernetes namespaces to collect inventory and perf data based on the _namespaceFilteringMode_.<br>For example, *namespaces = ["kube-system", "default"]* with an _Include_ setting collects only these two namespaces. With an _Exclude_ setting, the agent collects data from all other namespaces except for _kube-system_ and _default_. With an _Off_ setting, the agent collects data from all namespaces including _kube-system_ and _default_. Invalid and unrecognized namespaces are ignored. |
-| `streams` | An array of container insights table streams. See [Stream values in DCR](#stream-values-in-dcr) for a list of the valid streams and their corresponding tables. |
+| `streams` | An array of container insights table streams. See [Stream values in DCR](#stream-values-in-dcr) for a list of the valid streams and their corresponding tables.<br><br>To enable [high scale mode](./container-insights-high-scale.md) for container logs, use `Microsoft-ContainerLogV2-HighScale`.  |
 | `useAzureMonitorPrivateLinkScope` | Specifies whether to use private link for the cluster connection to Azure Monitor. |
 | `azureMonitorPrivateLinkScopeResourceId` | If private link is used, resource ID of the private link scope.  |
 
@@ -237,6 +237,7 @@ When you specify the tables to collect using CLI or ARM, you specify a stream na
 | Microsoft-ContainerInventory | ContainerInventory |
 | Microsoft-ContainerLog | ContainerLog |
 | Microsoft-ContainerLogV2 | ContainerLogV2 |
+| Microsoft-ContainerLogV2-HighScale | ContainerLogV2 (High scale mode)<sup>1</sup> |
 | Microsoft-ContainerNodeInventory | ContainerNodeInventory |
 | Microsoft-InsightsMetrics | InsightsMetrics |
 | Microsoft-KubeEvents | KubeEvents |
@@ -247,6 +248,9 @@ When you specify the tables to collect using CLI or ARM, you specify a stream na
 | Microsoft-KubeServices | KubeServices |
 | Microsoft-Perf | Perf |
 
+<sup>1</sup> You shouldn't use both Microsoft-ContainerLogV2 and Microsoft-ContainerLogV2-HighScale in the same DCR. This will result in duplicate data.
+
+
 ## Share DCR with multiple clusters
 When you enable Container insights on a Kubernetes cluster, a new DCR is created for that cluster, and the DCR for each cluster can be modified independently. If you have multiple clusters with custom monitoring configurations, you may want to share a single DCR with multiple clusters. You can then make changes to a single DCR that are automatically implemented for any clusters associated with it.
 

articles/azure-monitor/containers/container-insights-high-scale.md

@@ -0,0 +1,128 @@
+---
+title: High scale logs collection in Container Insights (Preview) 
+description: Enable high scale logs collection in Container Insights (Preview).
+ms.topic: conceptual
+ms.date: 08/06/2024
+---
+
+# High scale logs collection in Container Insights (Preview) 
+High scale mode is a feature in Container Insights that enables you to collect container console (stdout & stderr) logs with high throughput from your Azure Kubernetes Service (AKS) cluster nodes. This feature enables you to collect up to 50,000 logs/sec per node.
+
+## Overview
+When high scale mode is enabled, Container Insights performs multiple configuration changes resulting in a higher overall throughput. This includes using an upgraded agent and Azure Monitor data pipeline with scale improvements. These changes are all made in the background by Azure Monitor and don't require input or configuration after the feature is enabled.   
+
+High scale mode impacts only the data collection layer. The rest of the Container insights experience remains the same, with logs being ingested into same `ContainerLogV2` table. Existing queries and alerts continue to work since the same data is being collected.
+
+To achieve the maximum supported logs throughput, you should use high-end VM SKUs with 16 CPU cores or more for your AKS cluster nodes. Using low end VM SKUs will impact your logs throughput.  
+
+## Does my cluster qualify?
+High scale logs collection is suited for environments sending more than 2,000 logs/sec (or 2 MB/sec) per node in their Kubernetes clusters and has been designed and tested for sending up to 50,000 logs/sec per node. Use the following [log queries](../logs/log-query-overview.md) to determine whether your cluster is suitable for high scale logs collection.
+
+
+**Logs per second and per node**
+
+```kusto
+ContainerLogV2 
+| where _ResourceId = "<cluster-resource-id>" 
+| summarize count() by bin(TimeGenerated, 1s), Computer 
+| render timechart 
+```
+
+**Log size (in MB) per second per node**
+
+```kusto
+ ContainerLogV2 
+| where _ResourceId = "<cluster-resource-id>"
+| summarize BillableDataMB = sum(_BilledSize)/1024/1024 by bin(TimeGenerated, 1s), Computer 
+| render timechart 
+```
+
+## Prerequisites 
+
+- Azure CLI version 2.63.0 or higher.
+- AKS-preview CLI extension version must be 7.0.0b4 or higher if an aks-preview CLI extension is installed.
+- Cluster schema must be [configured for ContainerLogV2](./container-insights-logs-schema.md#enable-the-containerlogv2-schema).
+- If the default resource limits (CPU and memory) on ama-logs daemon set container doesn't meet your log scale requirements, please contact the Microsoft support channel to increase the resource limits of your ama-logs container.
+
+## Network firewall requirements
+In addition to the [network firewall requirements](./kubernetes-monitoring-firewall.md) for monitoring a Kubernetes cluster, additional configurations in the following table are needed for enabling high scale mode depending on your cloud. 
+
+| Cloud | Endpoint | Port |
+|:---|:--|:--|
+| Azure Public Cloud | `<dce-name>-<suffix>.<cluster-region-name>-<suffix>.ingest.monitor.azure.com` | 443 |
+| Microsoft Azure operated by 21Vianet cloud | `<dce-name>-<suffix>.<cluster-region-name>-<suffix>.ingest.monitor.azure.cn` | 443 |
+| Azure Government cloud | `<dce-name>-<suffix>.<cluster-region-name>-<suffix>.ingest.monitor.azure.us` | 443 |
+
+The endpoint is the **Logs Ingestion** endpoint from the data collection endpoint (DCE) for the data collection rule (DCR) used by the cluster. This DCE is created when you enable high scale mode for the cluster and will start with the prefix `MSCI-ingest`.
+
+:::image type="content" source="media/container-insights-high-scale/logs-ingestion-endpoint.png" alt-text="Screenshot of logs ingestion endpoint for DCE." lightbox="media/container-insights-high-scale/logs-ingestion-endpoint.png" :::
+
+
+## Limitations 
+
+The following scenarios aren't supported during the preview release. These will be addressed when the feature becomes generally available.
+
+- AKS Clusters with Arm64 nodes 
+- Azure Arc-enabled Kubernetes
+- HTTP proxy with trusted certificate
+- Onboarding through Azure portal, Azure Policy, Terraform and Bicep 
+- Configuring through **Monitor Settings** in the AKS Insights portal experience  
+- Automatic migration from existing Container Insights   
+
+## Enable high scale logs collection
+Follow the two steps in the following sections to enable high scale mode for your cluster.
+
+> [!NOTE]
+> High log scale mode requires a [data collection endpoint (DCE)](../essentials/data-collection-endpoint-overview.md) for ingestion. An ingestion DCE is created with the prefix `MSCI-ingest` for each cluster when you onboard them. If Azure Monitor private link scope is configured, then there will also be configuration DCE created with the prefix `MSCI-config`. 
+
+### Update configmap
+The first step is to update configmap for the cluster to instruct the container insights ama-logs deamonset pods to run in high scale mode. 
+
+Follow the guidance in [Configure and deploy ConfigMap](./container-insights-data-collection-configmap.md#configure-and-deploy-configmap) to download and update ConfigMap for the cluster. The only change you need to make for high scale logs is to enable `agent_settings.high_log_scale` under `agent-settings` as in the following: 
+
+```yml
+[agent_settings.high_log_scale] 
+  enabled = true 
+```
+
+After applying this configmap, `ama-logs-*` pods will get restarted automatically and configure the ama-logs daemonset pods to run in high scale mode. 
+
+### Enable high scale mode for Monitoring add-on
+Enable the Monitoring Add-on with high scale mode using the following Azure CLI commands to enable high scale logs mode for the Monitoring add-on depending on your AKS configuration.
+
+> [!NOTE]
+> Instead of CLI, you can use an ARM template to enable high scale mode for the Monitoring add-on. See [Enable Container insights](./kubernetes-monitoring-enable.md?tabs=arm#enable-container-insights) for guidance on enabling Container Insights using an ARM template. To enable high scale mode, use `Microsoft-ContainerLogV2-HighScale` instead of `Microsoft-ContainerLogV2` in the `streams` parameter as described in [Configure DCR with ARM templates](./container-insights-data-collection-configure.md?tabs=arm#configure-dcr-with-arm-templates).
+
+
+**Existing AKS cluster**
+
+```azurecli
+az aks enable-addons -a monitoring -g <resource-group-name> -n <cluster-name> --enable-high-log-scale-mode  
+```
+
+**Existing AKS Private cluster**
+
+```azurecli
+az aks enable-addons -a monitoring -g  <resource-group-name> -n <cluster-name> --enable-high-scale-mode --ampls-resource-id /subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/microsoft.insights/privatelinkscopes/<resourceName> 
+```
+
+**New AKS cluster**
+
+```azurecli
+az aks create -g <cluster-name> -n <cluster-name> enable-addons -a monitoring --enable-high-log-scale-mode  
+```
+
+**New AKS Private cluster**
+
+See [Create a private Azure Kubernetes Service (AKS) cluster](/azure/aks/private-clusters?tabs=azure-portal) for details on creating an AKS Private cluster. Use the additional parameters `--enable-high-scale-mode` and `--ampls-resource-id` to configure high log scale mode with Azure Monitor Private Link Scope Resource ID. 
+
+## Migration
+If Container insights is already enabled for your cluster, then you need to disable it and then re-enable it with high scale mode.
+
+- Since high scale mode uses a different data pipeline, you must ensure that pipeline endpoints are not blocked by a firewall or other network connections.
+- High scale mode requires a data collection endpoint (DCE) for ingestion in addition to the standard DCR for data collection. If you've created any DCRs that use `Microsoft.ContainerLogV2`, you must replace this with `Microsoft.ContainerLogV2-HighScale` or data will be duplicated. You should also create a DCE for ingestion and link it to the DCR if the DCR isn't already using one. Refer to Container Insights onboarding through Azure Resource Manager for reference for the dependencies. 
+
+
+## Next steps
+- Share any feedback or issues with High Scale mode at [https://aka.ms/cihsfeedback](https://aka.ms/cihsfeedback).
+

articles/azure-monitor/containers/media/container-insights-high-scale/logs-ingestion-endpoint.png

@@ -448,6 +448,8 @@ items:
         href: containers/container-insights-data-collection-filter.md
       - name: Container log schema
         href: containers/container-insights-logs-schema.md
+      - name: High scale
+        href: containers/container-insights-high-scale.md      
       - name: Data transformations
         displayName: Container insights
         href: containers/container-insights-transformations.md