Enable Container insights for Azure Kubernetes Service (AKS) cluster
This article describes how to enable Container insights on a managed Kubernetes cluster hosted on an Azure Kubernetes Service (AKS) cluster.
Prerequisites
- See Prerequisites for Container insights.
- You can attach an AKS cluster to a Log Analytics workspace in a different Azure subscription in the same Microsoft Entra tenant, but you must use the Azure CLI or an Azure Resource Manager template. You can't currently perform this configuration with the Azure portal.
- If you're connecting an existing AKS cluster to a Log Analytics workspace in another subscription, the Microsoft.ContainerService resource provider must be registered in the subscription with the Log Analytics workspace. For more information, see Register resource provider.
Enable monitoring
There are multiple options to enable Prometheus metrics on your cluster from the Azure portal.
New cluster
When you create a new AKS cluster in the Azure portal, you can enable Prometheus, Container insights, and Grafana from the Integrations tab. In the Azure Monitor section, select either Default configuration or Custom configuration if you want to specify which workspaces to use. You can perform additional configuration once the cluster is created.
From existing cluster
This option enables Container insights on a cluster and gives you the option of also enabling Managed Prometheus and Managed Grafana for the cluster.
Note
If you want to enabled Managed Prometheus without Container insights, then enable it from the Azure Monitor workspace.
Open the cluster's menu in the Azure portal and select Insights.
- If Container insights isn't enabled for the cluster, then you're presented with a screen identifying which of the features have been enabled. Click Configure monitoring.
- If Container insights has already been enabled on the cluster, select the Monitoring Settings button to modify the configuration.
The Container insights will be enabled. Select the checkboxes for Enable Prometheus metrics and Enable Grafana if you also want to enable them for the cluster. If you have existing Azure Monitor workspace and Grafana workspace, then they're selected for you.
Click Advanced settings to select alternate workspaces or create new ones. The Cost presets setting allows you to modify the default collection details to reduce your monitoring costs. See Enable cost optimization settings in Container insights for details.
Click Configure to save the configuration.
From Container insights
From the Container insights menu, you can view all of your clusters, quickly identify which aren't monitored, and launch the same configuration experience as described in From existing cluster.
- Open the Monitor menu in the Azure portal and select Insights.
- The Unmonitored clusters tab lists clusters that don't have Container insights enabled. Click Enable next to a cluster and follow the guidance in Existing cluster.
Verify agent and solution deployment
You can verify that the agent is deployed properly using the kubectl command line tool.
kubectl get ds ama-logs --namespace=kube-system
The output should resemble the following example, which indicates that it was deployed properly:
User@aksuser:~$ kubectl get ds ama-logs --namespace=kube-system
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
ama-logs 2 2 2 2 2 beta.kubernetes.io/os=linux 1d
If there are Windows Server nodes on the cluster, run the following command to verify that the agent is deployed successfully:
kubectl get ds ama-logs-windows --namespace=kube-system
The output should resemble the following example, which indicates that it was deployed properly:
User@aksuser:~$ kubectl get ds ama-logs-windows --namespace=kube-system
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
ama-logs-windows 2 2 2 2 2 beta.kubernetes.io/os=windows 1d
To verify deployment of the solution, run the following command:
kubectl get deployment ama-logs-rs -n=kube-system
The output should resemble the following example, which indicates that it was deployed properly:
User@aksuser:~$ kubectl get deployment ama-logs-rs -n=kube-system
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
ama-logs-rs 1 1 1 1 3h
View configuration with CLI
Use the aks show
command to find out whether the solution is enabled or not, what the Log Analytics workspace resource ID is, and summary information about the cluster.
az aks show -g <resourceGroupofAKSCluster> -n <nameofAksCluster>
The command will return JSON-formatted information about the solution. The addonProfiles
section should include information on the omsagent
as in the following example:
"addonProfiles": {
"omsagent": {
"config": {
"logAnalyticsWorkspaceResourceID": "/subscriptions/<WorkspaceSubscription>/resourceGroups/<DefaultWorkspaceRG>/providers/Microsoft.OperationalInsights/workspaces/<defaultWorkspaceName>"
},
"enabled": true
}
}
Limitations
- Dependency on DCR/DCRA for region availability. For new AKS region, there might be chances that DCR is still not supported in the new region. In that case, onboarding Container Insights with MSI will fail. One workaround is to onboard to Container Insights through CLI with the old way (with the use of Container Insights solution)
- You must be on a machine on the same private network to access live logs from a private cluster.
Next steps
- If you experience issues while you attempt to onboard the solution, review the Troubleshooting guide.
- With monitoring enabled to collect health and resource utilization of your AKS cluster and workloads running on them, learn how to use Container insights.
Feedback
Submit and view feedback for