Integrate Azure Monitor for Containers with GKE as an Azure Arc Connected Cluster using Kubernetes extensions

The following Jumpstart scenario will guide you on how to enable Azure Monitor for Containers for a Google Kubernetes Engine (GKE) cluster that is projected as an Azure Arc connected cluster.

in this scenario, you will hook the GKE cluster to Azure Monitor by deploying the OMS agent on your Kubernetes cluster in order to start collecting telemetry.

NOTE: This guide assumes you already deployed a GKE cluster and connected it to Azure Arc. If you haven’t, this repository offers you a way to do so in an automated fashion using Terraform.

Kubernetes extensions are add-ons for Kubernetes clusters. The extensions feature on Azure Arc-enabled Kubernetes clusters enables usage of Azure Resource Manager based APIs, CLI and portal UX for deployment of extension components (Helm charts in initial release) and will also provide lifecycle management capabilities such as auto/manual extension version upgrades for the extensions.


  • Clone the Azure Arc Jumpstart repository

    git clone
  • Install or update Azure CLI to version 2.36.0 and above. Use the below command to check your current installed version.

    az --version
  • Create Azure service principal (SP)

    To be able to complete the scenario and its related automation, Azure service principal assigned with the “Contributor” role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell).

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "<Unique SP Name>" --role "Contributor" --scopes /subscriptions/$subscriptionId

    For example:

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "JumpstartArcK8s" --role "Contributor" --scopes /subscriptions/$subscriptionId

    Output should look like this:

    "displayName": "JumpstartArcK8s",

    NOTE: If you create multiple subsequent role assignments on the same service principal, your client secret (password) will be destroyed and recreated each time. Therefore, make sure you grab the correct password.

    NOTE: The Jumpstart scenarios are designed with as much ease of use in-mind and adhering to security-related best practices whenever possible. It is optional but highly recommended to scope the service principal to a specific Azure subscription and resource group as well considering using a less privileged service principal account

Create Azure monitor extensions instance

To create a new extension Instance, we will use the k8s-extension create command while passing in values for the mandatory parameters. This scenario provides you with the automation to deploy the Azure Monitor extension on your Azure Arc-enabled Kubernetes cluster

  • In order to keep your local environment clean and untouched, we will use Google Cloud Shell to run the gke_monitor_onboarding shell script against the GKE connected cluster.

  • Before integrating the cluster with Azure Monitor for Containers, click on the “Insights (preview)” blade for the connected Arc cluster to show how the cluster is not currently being monitored.

    Screenshot showing Azure Portal with Azure Arc-enabled Kubernetes resource

    Screenshot showing Azure Portal with Azure Arc-enabled Kubernetes resource Insights

  • Edit the environment variables in the script to match your environment parameters and upload it to the Cloud Shell environment. After than run it using the . ./ command.

    NOTE: The extra dot is due to the shell script having an export function and needs to have the vars exported in the same shell session as the rest of the commands.

    Screenshot showing GKE cluster in GCP console

    Screenshot showing connection to GKE cluster in GCP console

    Screenshot showing uploading the script file to cloud shell

    The script will:

    • Login to your Azure subscription using the SPN credentials
    • Add or Update your local connectedk8s and k8s-extension Azure CLI extensions
    • Create monitor k8s extension instance
  • You can see that the monitoring is enabled once you visit the Container Insights section of the Azure Arc-enabled Kubernetes cluster resource in Azure.

    NOTE: As the OMS start collecting telemetry from the cluster nodes and pods, it will take 5-10min for data to start show up in the Azure Portal.

  • Click the “Connected Clusters” tab and see the Azure Arc connected cluster was added. Now that your cluster is being monitored, navigate through the different tabs and sections and watch the monitoring telemetry for the cluster nodes and pods.

Screenshot showing Monitoring console

Delete extension instance

The following command only deletes the extension instance, but doesn’t delete the Log Analytics workspace. The data within the Log Analytics resource is left intact. You can visit the Insights seciton of Azure Arc resource in Azure Portal and can see the onboarding state as not connected.

az k8s-extension delete --name azuremonitor-containers --cluster-type connectedClusters --cluster-name <cluster-name> --resource-group <resource-group>

Screenshot showing Azure Portal with Azure Arc-enabled Kubernetes resource Insights