admin管理员组

文章数量:1388080

I'm trying to configure Container Insights Logs V2 through bicep templates. The Azure Documentation is not helpful in providing steps to do this - only steps to configure it through the Portal or using the az CLI are provided

This is what I have currently:

resource aksCluster 'Microsoft.ContainerService/managedClusters@2024-04-02-preview' = {
  location: location
  kind: 'Base'
  name: aksClusterName
  sku: {
    name: 'Base'
    tier: 'Standard'
  }
  # ...
  properties: {
    addonProfiles: {
      omsagent: {
        enabled: true
        config: {
          logAnalyticsWorkspaceResourceID: logAnalyticsWorkspaceId
        }
      }
    }
    # ... nothing special nor relevant (I think)
}

resource aksClusterDcr 'Microsoft.Insights/dataCollectionRules@2023-03-11' = {
  name: '${aksClusterName}-dcr'
  location: location
  kind: 'Linux'
  properties: {
    dataSources: {
      extensions: [
        {
          name: 'ContainerInsightsExtension'
          streams: [
            'Microsoft-ContainerLog'
            'Microsoft-ContainerLogV2'
            'Microsoft-KubeEvents'
            'Microsoft-KubePodInventory'
          ]
          extensionSettings: {
            dataCollectionSettings: {
              interval: '1m'
              namespaceFilteringMode: 'Off'
              enableContainerLogV2: true
            }
          }
          extensionName: 'ContainerInsights'
        }
      ]
    }
    destinations: {
      logAnalytics: [
        {
          name: 'ContainerInsightsWorkspace'
          workspaceResourceId: logAnalyticsWorkspaceId
        }
      ]
    }
    dataFlows: [
      {
        destinations: [
          'ContainerInsightsWorkspace'
        ]
        streams: [
          'Microsoft-ContainerLog'
          'Microsoft-ContainerLogV2'
          'Microsoft-KubeEvents'
          'Microsoft-KubePodInventory'
        ]
      }
    ]
  }
  dependsOn: [
    aksCluster
  ]
}

resource aksClusterDcra 'Microsoft.Insights/dataCollectionRuleAssociations@2023-03-11' = {
  name: '${aksClusterName}-dcra'
  scope: aksCluster
  properties: {
    description: ''
    dataCollectionRuleId: aksClusterDcr.id
  }
}

The result is that I have a ContainerLog table in my Log Analytics Workspace but no ContainerLogV2 table.

If I then go to my AKS cluster > Monitoring > Insights > Monitor Settings, I can see it is enabled:

  • 1m collection frequency
  • No namespace filters applied
  • Syslog collection disabled
  • ContainerLogV2 enabled
  • Custom data collected

If I provision Container Insights on a freshly installed cluster through the Azure Portal, the ARM Deployment shows 3 steps: create a DCR, create a DCRA and updates the cluster. The cluster update appears to be for adding the addonProfiles.omsagent parameter to the cluster object/json. This is pretty much what I have declared in my bicep template...

Is there something else I am missing? Something the Azure Portal or CLI do behind the scenes beside the creation of the DCR, DCRA and updating the cluster properties?

Thanks in advance!

I'm trying to configure Container Insights Logs V2 through bicep templates. The Azure Documentation is not helpful in providing steps to do this - only steps to configure it through the Portal or using the az CLI are provided

This is what I have currently:

resource aksCluster 'Microsoft.ContainerService/managedClusters@2024-04-02-preview' = {
  location: location
  kind: 'Base'
  name: aksClusterName
  sku: {
    name: 'Base'
    tier: 'Standard'
  }
  # ...
  properties: {
    addonProfiles: {
      omsagent: {
        enabled: true
        config: {
          logAnalyticsWorkspaceResourceID: logAnalyticsWorkspaceId
        }
      }
    }
    # ... nothing special nor relevant (I think)
}

resource aksClusterDcr 'Microsoft.Insights/dataCollectionRules@2023-03-11' = {
  name: '${aksClusterName}-dcr'
  location: location
  kind: 'Linux'
  properties: {
    dataSources: {
      extensions: [
        {
          name: 'ContainerInsightsExtension'
          streams: [
            'Microsoft-ContainerLog'
            'Microsoft-ContainerLogV2'
            'Microsoft-KubeEvents'
            'Microsoft-KubePodInventory'
          ]
          extensionSettings: {
            dataCollectionSettings: {
              interval: '1m'
              namespaceFilteringMode: 'Off'
              enableContainerLogV2: true
            }
          }
          extensionName: 'ContainerInsights'
        }
      ]
    }
    destinations: {
      logAnalytics: [
        {
          name: 'ContainerInsightsWorkspace'
          workspaceResourceId: logAnalyticsWorkspaceId
        }
      ]
    }
    dataFlows: [
      {
        destinations: [
          'ContainerInsightsWorkspace'
        ]
        streams: [
          'Microsoft-ContainerLog'
          'Microsoft-ContainerLogV2'
          'Microsoft-KubeEvents'
          'Microsoft-KubePodInventory'
        ]
      }
    ]
  }
  dependsOn: [
    aksCluster
  ]
}

resource aksClusterDcra 'Microsoft.Insights/dataCollectionRuleAssociations@2023-03-11' = {
  name: '${aksClusterName}-dcra'
  scope: aksCluster
  properties: {
    description: ''
    dataCollectionRuleId: aksClusterDcr.id
  }
}

The result is that I have a ContainerLog table in my Log Analytics Workspace but no ContainerLogV2 table.

If I then go to my AKS cluster > Monitoring > Insights > Monitor Settings, I can see it is enabled:

  • 1m collection frequency
  • No namespace filters applied
  • Syslog collection disabled
  • ContainerLogV2 enabled
  • Custom data collected

If I provision Container Insights on a freshly installed cluster through the Azure Portal, the ARM Deployment shows 3 steps: create a DCR, create a DCRA and updates the cluster. The cluster update appears to be for adding the addonProfiles.omsagent parameter to the cluster object/json. This is pretty much what I have declared in my bicep template...

Is there something else I am missing? Something the Azure Portal or CLI do behind the scenes beside the creation of the DCR, DCRA and updating the cluster properties?

Thanks in advance!

  • azure
  • azure-aks
  • azure-log-analytics
  • azure-monitoring
Share Improve this question asked Mar 18 at 13:43 Jean-Francois ChevretteJean-Francois Chevrette 1,0631 gold badge7 silver badges4 bronze badges 0
Add a comment  | 

1 Answer 1

Reset to default 0

Azure AKS provision Container Insights Logs V2 using bicep

As per the configuration, the issue might seem to be the use of defining the ContainerLogV2 which in general expects a string.

I tried a demo configuration with the mentioned requirement as mentioned below.

Bicep configuration:

resource aksCluster 'Microsoft.ContainerService/managedClusters@2024-04-02-preview' = {
  name: aksClusterName
  location: location
  identity: {
    type: 'SystemAssigned' 
  }
  sku: {
    name: 'Base'
    tier: 'Standard'  
  }
  properties: {
    kubernetesVersion: '1.30'  
    dnsPrefix: '${aksClusterName}-dns'
    agentPoolProfiles: [
      {
        name: 'nodepool1'
        count: nodeCount
        vmSize: nodeVmSize
        mode: 'System'
      }
    ]
    addonProfiles: {
      omsagent: {
        enabled: true
        config: {
          logAnalyticsWorkspaceResourceID: logAnalyticsWorkspace.id
          enableContainerLogV2: 'true' 
        }
      }
    }
  }
}

resource aksClusterDcr 'Microsoft.Insights/dataCollectionRules@2023-03-11' = {
  name: '${aksClusterName}-dcr'
  location: location
  kind: 'Linux'
  properties: {
    dataSources: {
      extensions: [
        {
          name: 'ContainerInsightsExtension'
          streams: [
            'Microsoft-ContainerLog'
            'Microsoft-ContainerLogV2'
            'Microsoft-KubeEvents'
            'Microsoft-KubePodInventory'
          ]
          extensionSettings: {
            dataCollectionSettings: {
              interval: '1m'
              namespaceFilteringMode: 'Off'
              enableContainerLogV2: 'true'
            }
          }
          extensionName: 'ContainerInsights'
        }
      ]
    }
    destinations: {
      logAnalytics: [
        {
          name: 'ContainerInsightsWorkspace'
          workspaceResourceId: logAnalyticsWorkspace.id
        }
      ]
    }
    dataFlows: [
      {
        destinations: [
          'ContainerInsightsWorkspace'
        ]
        streams: [
          'Microsoft-ContainerLog'
          'Microsoft-ContainerLogV2'
          'Microsoft-KubeEvents'
          'Microsoft-KubePodInventory'
        ]
      }
    ]
  }
  
}

resource aksClusterDcra 'Microsoft.Insights/dataCollectionRuleAssociations@2023-03-11' = {
  name: '${aksClusterName}-dcra'
  scope: aksCluster
  properties: {
    dataCollectionRuleId: aksClusterDcr.id
  }
}

Deployment:

Now check AKS Add-on Profiles using the commands

az aks show --name <aks-name> --resource-group <rg-name> --query "addonProfiles.omsagent"

Check if the Data Collection Rule (DCR) is created and correctly configured

az monitor data-collection rule show --name vksbAksCluster-dcr --resource-group <resource-group-name>

Ensure the DCR is correctly associated with the AKS cluster:

az monitor data-collection rule-association list --scope "/subscriptions/subID/resourceGroups/prod-rg/providers/Microsoft.ContainerService/managedClusters/vksbAksCluster"

refer: https://learn.microsoft/en-us/azure/azure-monitor/containers/container-insights-data-collection-configure?tabs=portal

https://learn.microsoft/en-us/azure/templates/microsoft.insights/datacollectionrules?pivots=deployment-language-bicep

https://github/Azure-Samples/aks-managed-prometheus-and-grafana-bicep

本文标签: Azure AKS provision Container Insights Logs V2 using bicepStack Overflow

版权声明:本文标题:Azure AKS provision Container Insights Logs V2 using bicep - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744509772a2609808.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。