How to stop monitoring your hybrid cluster

After you enable monitoring of your Kubernetes cluster, you can stop monitoring the cluster with Container insights if you decide you no longer want to monitor it. This article shows how to accomplish this for the following environments:

  • AKS Engine on Azure and Azure Stack
  • OpenShift version 4 and higher
  • Azure Arc-enabled Kubernetes (preview)

How to stop monitoring using Helm

The following steps apply to the following environments:

  • AKS Engine on Azure and Azure Stack
  • OpenShift version 4 and higher
  1. To first identify the Container insights helm chart release installed on your cluster, run the following helm command.

    helm list
    

    The output will resemble the following:

    NAME                            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                           APP VERSION
    azmon-containers-release-1      default         3               2020-04-21 15:27:24.1201959 -0700 PDT   deployed        azuremonitor-containers-2.7.0   7.0.0-1
    

    azmon-containers-release-1 represents the helm chart release for Container insights.

  2. To delete the chart release, run the following helm command.

    helm delete <releaseName>

    Example:

    helm delete azmon-containers-release-1

    This will remove the release from the cluster. You can verify by running the helm list command:

    NAME                            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                           APP VERSION
    

The configuration change can take a few minutes to complete. Because Helm tracks your releases even after you’ve deleted them, you can audit a cluster’s history, and even undelete a release with helm rollback.

How to stop monitoring on Azure Arc-enabled Kubernetes

Using PowerShell

  1. Download and save the script to a local folder that configures your cluster with the monitoring add-on using the following commands:

    wget https://aka.ms/disable-monitoring-powershell-script -OutFile disable-monitoring.ps1
    
  2. Configure the $azureArcClusterResourceId variable by setting the corresponding values for subscriptionId, resourceGroupName and clusterName representing the resource ID of your Azure Arc-enabled Kubernetes cluster resource.

    $azureArcClusterResourceId = "/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Kubernetes/connectedClusters/<clusterName>"
    
  3. Configure the $kubeContext variable with the kube-context of your cluster by running the command kubectl config get-contexts. If you want to use the current context, set the value to "".

    $kubeContext = "<kubeContext name of your k8s cluster>"
    
  4. Run the following command to stop monitoring the cluster.

    .\disable-monitoring.ps1 -clusterResourceId $azureArcClusterResourceId -kubeContext $kubeContext
    

Using service principal

The script disable-monitoring.ps1 uses the interactive device login. If you prefer non-interactive login, you can use an existing service principal or create a new one that has the required permissions as described in Prerequisites. To use service principal, you will have to pass $servicePrincipalClientId, $servicePrincipalClientSecret and $tenantId parameters with values of service principal you have intended to use to enable-monitoring.ps1 script.

$subscriptionId = "<subscription Id of the Azure Arc-connected cluster resource>"
$servicePrincipal = New-AzADServicePrincipal -Role Contributor -Scope "/subscriptions/$subscriptionId"

$servicePrincipalClientId =  $servicePrincipal.ApplicationId.ToString()
$servicePrincipalClientSecret = [System.Net.NetworkCredential]::new("", $servicePrincipal.Secret).Password
$tenantId = (Get-AzSubscription -SubscriptionId $subscriptionId).TenantId

For example:

\disable-monitoring.ps1 -clusterResourceId $azureArcClusterResourceId -kubeContext $kubeContext -servicePrincipalClientId $servicePrincipalClientId -servicePrincipalClientSecret $servicePrincipalClientSecret -tenantId $tenantId

Using bash

  1. Download and save the script to a local folder that configures your cluster with the monitoring add-on using the following commands:

    curl -o disable-monitoring.sh -L https://aka.ms/disable-monitoring-bash-script
    
  2. Configure the azureArcClusterResourceId variable by setting the corresponding values for subscriptionId, resourceGroupName and clusterName representing the resource ID of your Azure Arc-enabled Kubernetes cluster resource.

    export azureArcClusterResourceId="/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Kubernetes/connectedClusters/<clusterName>"
    
  3. Configure the kubeContext variable with the kube-context of your cluster by running the command kubectl config get-contexts.

    export kubeContext="<kubeContext name of your k8s cluster>"
    
  4. To stop monitoring your cluster, there are different commands provided based on your deployment scenario.

    Run the following command to stop monitoring the cluster using the current context.

    bash disable-monitoring.sh --resource-id $azureArcClusterResourceId
    

    Run the following command to stop monitoring the cluster by specifying a context

    bash disable-monitoring.sh --resource-id $azureArcClusterResourceId --kube-context $kubeContext
    

Using service principal

The bash script disable-monitoring.sh uses the interactive device login. If you prefer non-interactive login, you can use an existing service principal or create a new one that has the required permissions as described in Prerequisites. To use service principal, you will have to pass --client-id, --client-secret and --tenant-id values of service principal you have intended to use to enable-monitoring.sh bash script.

subscriptionId="<subscription Id of the Azure Arc-connected cluster resource>"
servicePrincipal=$(az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${subscriptionId}")
servicePrincipalClientId=$(echo $servicePrincipal | jq -r '.appId')

servicePrincipalClientSecret=$(echo $servicePrincipal | jq -r '.password')
tenantId=$(echo $servicePrincipal | jq -r '.tenant')

For example:

bash disable-monitoring.sh --resource-id $azureArcClusterResourceId --kube-context $kubeContext --client-id $servicePrincipalClientId --client-secret $servicePrincipalClientSecret  --tenant-id $tenantId

Next steps

If the Log Analytics workspace was created only to support monitoring the cluster and it's no longer needed, you have to manually delete it. If you are not familiar with how to delete a workspace, see Delete an Azure Log Analytics workspace.