Improving monitoring data reference and a few other minor issues

Author: HJ Hang

AKS-Hybrid/TOC.yml

@@ -130,18 +130,18 @@
       items:    
           - name: Monitor Kubernetes object events
             href: kubernetes-monitor-object-events.md
-          - name: Monitor Kubernetes audit events
-            href: kubernetes-monitor-audit-events.md
-          - name: Monitor logs reference
-            href: kubernetes-monitor-metrics.md
+          - name: Get kubelet logs
+            href: aks-get-kubelet-logs.md
           - name: Enable Container Insights
             href: /azure/azure-monitor/containers/kubernetes-monitoring-enable
+          - name: Monitor Kubernetes audit events
+            href: kubernetes-monitor-audit-events.md
           - name: Use on-premises monitoring
             href: aks-monitor-logging.md
-          - name: Get kubelet logs
-            href: aks-get-kubelet-logs.md
           - name: Get on-demand logs for troubleshooting
             href: get-on-demand-logs.md
+          - name: Monitoring data reference
+            href: kubernetes-monitor-metrics.md
   - name: Troubleshooting
     items:
     - name: Troubleshoot & known issues

AKS-Hybrid/aks-create-clusters-cli.md

@@ -96,7 +96,7 @@ moc-l0ttdmaioew  Ready  control-plane,master 34m v1.24.11
 moc-ls38tngowsl  Ready  <none>               32m v1.24.11
 ```
 
-## Deploy the application
+## Deploy the application and load balancer
 
 A [Kubernetes manifest file](kubernetes-concepts.md#deployments) defines a cluster's desired state, such as which container images to run.
 
@@ -215,6 +215,8 @@ deployment "azure-vote-front" created
 service "azure-vote-front" created
 ```
 
+Now you need to deploy a MetalLB load balancer so it can assign an external IP for the application frontend. You can follow [the instructions](https://learn.microsoft.com/en-us/azure/aks/aksarc/deploy-load-balancer-cli) to deploy the MetalLB extension from Portal or CLI.
+
 ## Test the application
 
 When the application runs, a Kubernetes service exposes the application frontend to the internet. This process can take a few minutes to complete.

AKS-Hybrid/kubernetes-monitor-audit-events.md

@@ -26,7 +26,7 @@ Install the Arc K8S extension by running the following command:
 az k8s-extension create -g <resouerce-group-name> -c <cluster-name> --cluster-type connectedClusters --extension-type Microsoft.AKSArc.AzureMonitor --name "aksarc-azuremonitor" --auto-upgrade true
 ```
 
-After the extension installs successfully, follow the instructions in [Diagnostic settings in Azure Monitor](/azure/azure-monitor/essentials/diagnostic-settings#resource-logs) to create a diagnostic setting using the Azure portal, Azure CLI, or PowerShell. During this process, you can specify which categories of logs to collect. The categories for AKS Arc are listed in the [Azure Monitor reference](/azure/azure-monitor/logs/manage-logs-tables).
+After the extension installs successfully, follow the instructions in [Diagnostic settings in Azure Monitor](/azure/azure-monitor/essentials/diagnostic-settings#resource-logs) to create a diagnostic setting using the Azure portal, Azure CLI, or PowerShell. During this process, you can specify which categories of logs to collect. The categories for AKS Arc are listed in the [Monitoring data reference](/azure/azure-monitor/logs/manage-logs-tables).
 
 The example command is as follows:
 
@@ -38,23 +38,8 @@ az monitor diagnostic-settings create –name <Diagnostics_Setting_Name> --resou
 
 AKS supports either [Azure diagnostics mode](/azure/azure-monitor/essentials/resource-logs#azure-diagnostics-mode) or [resource-specific mode](/azure/azure-monitor/essentials/resource-logs#resource-specific) for resource logs. The mode specifies the tables in the Log Analytics workspace to which the data is sent. Azure diagnostics mode sends all data to the [AzureDiagnostics table](/azure/azure-monitor/reference/tables/azurediagnostics), while resource-specific mode sends data to [ArcK8SAudit](/azure/azure-monitor/reference/tables/arck8saudit), [ArcK8SAuditAdmin](/azure/azure-monitor/reference/tables/arck8sauditadmin), and [ArcK8SControlPlane](/azure/azure-monitor/reference/tables/arck8scontrolplane), as shown in the log category table in the next section.
 
-After you save the setting, it can take an hour to see the events in the Log Analytics workspace or other supported destination. You can write a KQL query to extract the insights based on the log category you enabled.
-
-### Log category
-
-|       Category                   |      Description                                                                                                                                                                                                |      Table  (resource-specific mode)  |
-|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
-|      kube-apiserver              |     Logs from the API server.                                                                                                                                                                                   |     ArcK8SControlPlane.                |
-|      kube-audit                  |     Audit log data for every audit event including get, list, create, update, delete, patch, and post.                                                                                                          |     ArcK8SAudit                       |
-|      kube-audit-admin            |     Subset of the kube-audit log category. Significantly reduces the number of logs by excluding the get and list audit events from the log.                                                                    |     ArcK8SAuditAdmin                  |
-|      kube-controller-manager     |     Gain deeper visibility of issues that may arise between Kubernetes and the Azure control plane. A typical example is the AKS cluster having a lack of permissions to interact with Azure.                   |     ArcK8SControlPlane                |
-|      kube-scheduler              |     Logs from the scheduler.                                                                                                                                                                                    |     ArcK8SControlPlane.                |
-|      cluster-autoscaler          |     Understand why the AKS cluster is scaling up or down, which may not be expected. This information is also useful to correlate time intervals where something interesting might have happened in the cluster.  |     ArcK8SControlPlane                |
-|      cloud-controller-manager    |     Logs from the cloud-node-manager component of the Kubernetes cloud controller manager.                                                                                                                      |     ArcK8SControlPlane                |
-|      guard                       |     Managed Microsoft Entra ID and Azure RBAC audits. For managed Microsoft Entra ID, this category includes token in and user info out. For Azure RBAC, it includes access reviews in and out.                        |     ArcK8SControlPlane                |
-|      csi-aksarcdisk-controller   |     Logs from the AKS Arc CSI storage driver.                                                                                                                                                                    |     ArcK8SControlPlane.                |
-|      csi-aksarcsmb-controller    |     Logs from the AKS Arc SMB CSI storage driver.                                                                                                                                                                |     ArcK8SControlPlane.                |
-|      csi-aksarcnfs-controller    |     Logs from the AKS Arc NFS CSI storage driver.                                                                                                                                                                |     ArcK8SControlPlane.                |
+After you save the settings, it can take up to an hour to see the events in the Log Analytics workspace or other supported destination. You can write a KQL query to extract the insights based on the log categories you enabled.
+
 
 ## Delete and disable the diagnostics setting
 

AKS-Hybrid/kubernetes-monitor-metrics.md

@@ -6,7 +6,7 @@ ms.topic: how-to
 ms.date: 05/30/2024
 ms.author: sethm 
 ms.lastreviewed: 03/28/2024
-ms.reviewer: haojiehan
+ms.reviewer: haojiehang
 
 ---
 
@@ -16,16 +16,24 @@ This article provides an overview of the metrics and logs used to monitor Kubern
 
 ## Metrics
 
-The following table lists the platform metrics collected for AKS Arc. Follow each link for a detailed list of the metrics for each particular type.
+### Platform Metrics
+The following table lists the platform metrics supported for AKS Arc. In order to view these basic platform metrics, you may install the observability extension on your Kubernetes cluster and wait a few minutes to start automatic metrics ingestion. Follow each link for a detailed list of the metrics for each particular type.
 
 | Metric type           | Resource provider/type namespace                       |
 |-----------------------|--------------------------------------------------------|
 | Provisioned clusters  | [Microsoft.HybridContainerService/provisionedClusters](/azure/azure-monitor/reference/supported-metrics/microsoft-hybridcontainerservice-provisionedclusters-metrics)   |
 | Connected clusters    | [Microsoft.Kubernetes/connectedClusters](/azure/azure-monitor/reference/supported-metrics/microsoft-kubernetes-connectedclusters-metrics)                 |
 
-## Azure Monitor resource logs
+### Prometheus Metrics
+To view more granular metrics, it is recommended to enable Managed Prometheus extension in your Kubernetes and query Prometheus metrics in Metrics Explorer or Managed Grafana. The extension onboarding instructions can be found in [here](https://learn.microsoft.com/en-us/azure/azure-monitor/containers/kubernetes-monitoring-enable?tabs=cli#enable-prometheus-and-grafana). 
 
-AKS Arc implements control plane logs (including audit logs) for clusters as [resource logs in Azure Monitor](/azure/azure-monitor/essentials/resource-logs). For more information about creating diagnostic settings to collect these logs, see [Monitor Kubernetes audit events](/azure/aks/hybrid/kubernetes-monitor-audit-events). The following table lists the resource log categories you can collect for AKS Arc:
+
+## Azure Monitor Logs
+AKS Arc supports two kinds of logs: Control Plane logs implemented as resource logs and container insights logs. For more information about exporting control plane logs such as audit logs using diagnostic settings, see [Monitor Kubernetes audit events](/azure/aks/hybrid/kubernetes-monitor-audit-events). For more information about enabling container insights, see [Enable Container Insights](https://learn.microsoft.com/en-us/azure/azure-monitor/containers/kubernetes-monitoring-enable?tabs=cli). 
+
+
+### Control Plane Logs
+The following table lists the log categories available for AKS Arc. This table can also be found in [Azure Monitor resource log reference](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-logs/microsoft-kubernetes-connectedclusters-logs).
 
 | Category                   | Description                                                                                                                                                                                                   | Table (resource-specific mode)  |
 |----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------|
@@ -43,23 +51,20 @@ AKS Arc implements control plane logs (including audit logs) for clusters as [re
 
 For more information, see the list of [all resource log category types supported in Azure Monitor](/azure/azure-monitor/essentials/resource-logs-schema).
 
-## Azure Monitor log tables
 
-The following table lists all the Azure Monitor log tables relevant to AKS Arc:
+### Azure Monitor Log Tables
+
+For both control plane logs and container insights, you can analyze them in Log Analytics Workspace. The Log Analytics tables can be found in [Azure Monitor Reference](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables-index#azure-arc-enabled-kubernetes).
 
-| Resource Type     | Notes                                                                                            |
-|-------------------|--------------------------------------------------------------------------------------------------|
-| [ConnectedCluster](/azure/azure-monitor/logs/manage-logs-tables)  | Follow this link for a list of all tables used by AKS Arc, and a description of their structure.  |
 
-## Azure Activity log
+## Activity log
 
-The following table links to a few example operations related to AKS Arc that might be created in the [Activity log](/azure/azure-monitor/essentials/activity-log-insights). Use the activity log to track information such as when a cluster is created, or had its configuration change:
+The following table lists a few example operations related to AKS that might be created in the Activity log. Use the Activity log to track information such as when a cluster is created or had its configuration change. You can view this information in the portal or by using other methods. You can also use it to create an Activity log alert to be proactively notified when an event occurs.
 
 | Resource Type                | Notes                                                                            |
 |------------------------------|----------------------------------------------------------------------------------|
 | [ProvisionedClusterInstances](/rest/api/hybridcontainer/provisioned-cluster-instances)  | Follow this link for a list and descriptions of operations used in AKS Arc.  |
 
-For more information about the schema of Activity log entries, see the [Activity log schema](/azure/azure-monitor/essentials/activity-log-schema).
 
 ## Next steps
 

AKS-Hybrid/resource-manager-quickstart.md

@@ -125,7 +125,7 @@ az aksarc show --resource-group "<resource-group-name>" --name "<cluster-name>"
 
 Similiar to step 3, download the node pool template and parameters from the [AKSArc repo](https://github.com/Azure/aksArc/tree/main/deploymentTemplates) and review the default values.
 
-### Deploy the template and validate results using Azure CLI (optional)
+## Step 8: Deploy the template and validate the deployment (optional)
 
 Review and apply the template. This process takes a few minutes to complete. You can use the Azure CLI to validate that the node pool is created successfully: