Integrate Azure Monitor for Containers with MicroK8s as an Azure Arc Connected Cluster using a Shell script
The following Jumpstart scenario will guide you on how to onboard an microK8s cluster which is projected an Azure Arc connected cluster resource on to Azure Monitor for Containers using a Shell script.
in this scenario, you will hook the microK8s cluster to Azure Monitor by deploying the Azure Monitor agent on your Kubernetes cluster to start collecting telemetry.
NOTE: This guide assumes you already deployed MicroK8s and connected it to Azure Arc. If you haven’t, this repository offers you a way to do so in the MicroK8s onboarding guide.
Prerequisites
-
Clone the Azure Arc Jumpstart repository
git clone https://github.com/microsoft/azure_arc.git -
Install or update Azure CLI to version 2.49.0 and above. Use the below command to check your current installed version.
az --version -
Create Azure service principal (SP)
To be able to complete the scenario and its related automation, Azure service principal assigned with the “Contributor” role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell).
az login subscriptionId=$(az account show --query id --output tsv) az ad sp create-for-rbac -n "<Unique SP Name>" --role "Contributor" --scopes /subscriptions/$subscriptionIdFor example:
az login subscriptionId=$(az account show --query id --output tsv) az ad sp create-for-rbac -n "JumpstartArcK8s" --role "Contributor" --scopes /subscriptions/$subscriptionIdOutput should look like this:
{ "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX", "displayName": "JumpstartArcK8s", "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX", "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX" }NOTE: If you create multiple subsequent role assignments on the same service principal, your client secret (password) will be destroyed and recreated each time. Therefore, make sure you grab the correct password.
NOTE: The Jumpstart scenarios are designed with as much ease of use in-mind and adhering to security-related best practices whenever possible. It is optional but highly recommended to scope the service principal to a specific Azure subscription and resource group as well considering using a less privileged service principal account
Azure Monitor for Containers Integration
-
Retrieve either the shell and PowerShell scripts provided.
-
Before integrating the cluster with Azure Monitor for Containers, click on the “Insights (preview)” blade for the connected Arc cluster to show how the cluster is not currently being monitored.
-
Edit the environment variables in either of the scripts to match your environment parameters, run it using the
. ./microk8s_monitor_onboarding.sh(Bash) or./microk8s_monitor_onboarding.ps1(PowerShell) command.export subscriptionId='e73c1dbe-XXXX-XXXX-XXXX-c813757b1786' export appId='051b9a58-XXXX-XXXX-XXXX-0e7ae1bca3fb' export password='051b9a58-XXXX-XXXX-XXXX-0e7ae1bca3fb' export tenantId='051b9a58-XXXX-XXXX-XXXX-0e7ae1bca3fb' export resourceGroup='Arc-MicroK8s-Demo' export arcClusterName='Arc-MicroK8s-Demo'The script will:
-
Login to your Azure subscription using the SPN credentials
-
Download the Azure Monitor agent script
-
Retrieve the Azure Arc Connected Cluster Azure Resource ID as well as the cluster credentials (KUBECONFIG)
-
Retrieve the Kube config using the
microk8s configcommand and append the configuration to ~/.kube/config -
Execute the script which will create Azure Log Analytics workspace, deploy the Azure Monitor agent on the Kubernetes cluster and tag the cluster
-
Delete the downloaded script
-
Once the script will complete its run, you will have an Azure Arc connected cluster integrated with Azure Monitor for Containers.
-
At the end of its run, the script will generate a URL for you to click on, this URL will open a new browser tab leading to the Azure Monitor for Containers Insights page.
NOTE: As the Azure Monitor agent starts collecting telemetry from the cluster nodes and pods, it will take 5-10min for data to start show up in the Azure Portal.
-
Click the “Connected Clusters” tab and see the Azure Arc connected cluster was added. Now that your cluster is being monitored, navigate through the different tabs and sections and watch the monitoring telemetry for the cluster nodes and pods.
