Tutorial: Enable telemetry and monitoring for your Azure Container Linux (ACL) cluster

In this tutorial, part four of five, you learn how to:

• Enable Container Insights to monitor your existing cluster.
• Verify the agent is deployed successfully.
• Verify the solution is enabled.

The commands in this tutorial use the environment variables set in Tutorial 1: Create a cluster with ACL for AKS.

In the next tutorial, you learn how to upgrade your ACL nodes.

Prerequisites

• In previous tutorials, you created and deployed an ACL cluster. To complete this tutorial, you need an existing cluster. If you haven't completed this step and want to follow along, start with Tutorial 1: Create a cluster with ACL for AKS.
• If you're connecting an existing AKS cluster to a Log Analytics workspace in another subscription, you need to register the Microsoft.ContainerService resource provider in the subscription with the Log Analytics workspace. For more information, see Register resource provider.
• Azure Container Linux requires Azure CLI version 2.86.0 or higher. Use the az version command to find the version. To upgrade to the latest version, use the az upgrade command.

Azure Container Linux (ACL) considerations and limitations

Before you begin, review the following considerations and limitations for ACL:

• ACL is generally available starting AKS v1.34.
• ACL requires Trusted Launch with Secure Boot and vTPM. Non-Trusted Launch variants aren't available.
• ACL on Arm64 requires Cobalt-based (v6) SKUs to enable Trusted Launch compatibility.
• NodeImage and None are the only supported operating system (OS) upgrade channels. Unmanaged and SecurityPatch are incompatible with ACL due to the immutable /usr directory.
• Artifact Streaming isn't supported.
• Pod Sandboxing isn't supported.
• Confidential Virtual Machines (CVMs) aren't supported.
• Generation 1 VMs aren't supported.
• FIPS-enabled nodes aren't supported.

Connect to your cluster

Before enabling monitoring, it's important to ensure you're connected to the correct cluster. Get the credentials for your ACL cluster and configure kubectl to use them using the az aks get-credentials command.

az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME

Enable monitoring

You can enable monitoring for your ACL cluster using a default Log Analytics workspace or by specifying a Log Analytics workspace. The following steps show you how to enable monitoring for your cluster using either method.

Option 1: Use a default Log Analytics workspace

Use the following commands to check if the monitoring add-on is already enabled for your cluster. If it isn't, the command enables monitoring for your ACL cluster using a default Log Analytics workspace in the default resource group of the AKS cluster subscription. If one doesn't already exist in the region, the default workspace created resembles the following format: DefaultWorkspace-< GUID >-< Region >.

# Check if monitoring addon is already enabled
MONITORING_ENABLED=$(az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "addonProfiles.omsagent.enabled" -o tsv)

if [ "$MONITORING_ENABLED" != "true" ]; then
  az aks enable-addons --addons monitoring --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP
fi

Option 2: Specify a Log Analytics workspace

You can specify a Log Analytics workspace to enable monitoring of your ACL cluster. The resource ID of the workspace is in the following format: "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.OperationalInsights/workspaces/<workspace-name>".

Enable monitoring with a specified workspace using the az aks enable-addons command. Replace <workspace-resource-id> with the resource ID of your Log Analytics workspace.

az aks enable-addons --addons monitoring --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --workspace-resource-id <workspace-resource-id>

Verify agent and solution deployment

1. Verify the agent is deployed successfully using the following command:

   kubectl get ds ama-logs --namespace=kube-system
   

   Example output:

   NAME       DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
   ama-logs   3         3         3       3            3           <none>          3m22s
   

2. Verify deployment of the solution using the following command:

   kubectl get deployment ama-logs-rs -n=kube-system
   

   Example output:

   NAME           DESIRED   CURRENT   UP-TO-DATE   AVAILABLE    AGE
   ama-logs-rs    1         1         1            1            3h
   

Verify solution configuration

Get the configuration of the solution using the az aks show command. With this command, you can check if the solution is enabled, what the Log Analytics workspace resource ID is, and get summary information about the cluster.

az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "addonProfiles.omsagent"

After a few minutes, the command completes and returns JSON-formatted information about the solution. The results of the command should show the monitoring add-on profile and resemble the following example output:

{
  "config": {
    "logAnalyticsWorkspaceResourceID": "/subscriptions/xxxxx/resourceGroups/xxxxx/providers/Microsoft.OperationalInsights/workspaces/xxxxx"
  },
  "enabled": true
}

Next step

In this tutorial, you enabled telemetry and monitoring for your ACL cluster. In the next tutorial, you learn how to upgrade your ACL nodes.

Upgrade ACL nodes