Skip to content

Enable AKS Container insights#

Operational Excellence · Azure Kubernetes Service · Rule · 2021_09 · Important

Enable Container insights to monitor AKS cluster workloads.

Description#

With Container insights, you can use performance charts and health status to monitor AKS clusters, nodes and pods. Container insights delivers quick, visual and actionable information: from the CPU and memory pressure of your nodes to the logs of individual Kubernetes pods.

Recommendation#

Consider enabling Container insights for AKS clusters. Monitoring containers is critical, especially when running production AKS clusters at scale with multiple applications.

Examples#

Configure with Azure template#

To enable Container insights for an AKS cluster:

  • Set properties.addonProfiles.omsAgent.enabled to true.
  • Set Log Analytics workspace ID with properties.addonProfiles.omsAgent.config.logAnalyticsWorkspaceResourceID.

For example:

Azure Template snippet
{
    "comments": "Azure Kubernetes Cluster",
    "apiVersion": "2020-12-01",
    "dependsOn": [
        "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]"
    ],
    "type": "Microsoft.ContainerService/managedClusters",
    "location": "[parameters('location')]",
    "name": "[parameters('clusterName')]",
    "identity": {
        "type": "UserAssigned",
        "userAssignedIdentities": {
            "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]": {}
        }
    },
    "properties": {
        "kubernetesVersion": "[parameters('kubernetesVersion')]",
        "disableLocalAccounts": true,
        "enableRBAC": true,
        "dnsPrefix": "[parameters('dnsPrefix')]",
        "agentPoolProfiles": [
            {
                "name": "system",
                "osDiskSizeGB": 32,
                "count": 3,
                "minCount": 3,
                "maxCount": 10,
                "enableAutoScaling": true,
                "maxPods": 50,
                "vmSize": "Standard_D2s_v3",
                "osType": "Linux",
                "type": "VirtualMachineScaleSets",
                "vnetSubnetID": "[variables('clusterSubnetId')]",
                "mode": "System",
                "osDiskType": "Ephemeral",
                "scaleSetPriority": "Regular"
            }
        ],
        "aadProfile": {
            "managed": true,
            "enableAzureRBAC": true,
            "adminGroupObjectIDs": "[parameters('clusterAdmins')]",
            "tenantID": "[subscription().tenantId]"
        },
        "networkProfile": {
            "networkPlugin": "azure",
            "networkPolicy": "azure",
            "loadBalancerSku": "Standard",
            "serviceCidr": "192.168.0.0/16",
            "dnsServiceIP": "192.168.0.4",
            "dockerBridgeCidr": "172.17.0.1/16"
        },
        "autoUpgradeProfile": {
            "upgradeChannel": "stable"
        },
        "addonProfiles": {
            "azurepolicy": {
                "enabled": true,
                "config": {
                    "version": "v2"
                }
            },
            "omsagent": {
                "enabled": true,
                "config": {
                    "logAnalyticsWorkspaceResourceID": "[parameters('workspaceId')]"
                }
            },
            "kubeDashboard": {
                "enabled": false
            }
        }
    }
}

Configure with Azure CLI#

Enable for default Log Analytics workspace#

Azure CLI snippet
az aks enable-addons \
  --addons monitoring \
  --name '<cluster_name>' \
  --resource-group '<cluster_resource_group>'

Enable for an existing Log Analytics workspace#

Azure CLI snippet
az aks enable-addons \
  --addons monitoring \
  --name '<cluster_name>' \
  --resource-group '<cluster_resource_group>' \
  --workspace-resource-id '<workspace_id>'

Comments