Cloud Services

ModernOps configuration

Azure Cloud account
Published On Sep 06, 2024 - 10:40 AM

Azure Cloud account

Configure an account to view permission for Container Cluster Management to pull data from Azure Resource Manager.

Configure Azure Resource Manager and access rights for Azure

The Application (Account) should have registration of the application of that particular subscription and have at least the
Read
 access/role. For that purpose, a new key should be created. Then, the client Secret Key, Client ID, and Tenant ID are used to create/configure an account in Container Cluster Management to pull data from Azure Cloud.
Use the following procedure to create a client Secret Key respective Application Account for Azure Cloud:
  1. Log in to the Azure portal using your Azure account:
  1. Select
    Azure Active Directory
     from the left navigation bar.
  2. Select the
    App registrations
     from the left panel on the
    Default directory
     page.
  3. Select
    New Registration
     option from
    App Registration
     pane.
  4. Enter the following information about the
    Create
     pane:
    • Name:
       Name for the new application. Type in the desired application name. Example: GraphConnectorApp
    • Redirect URI (optional):
       Returns an authentication response after successfully authenticating a user.
  6. Edit the manifest file and change the value of the
    oauth2AllowImplicitFlow
     parameter to
    true
    after the application is created.
  7. Select
    Save
    .
    1. From the Registered App pane, select
      API Permissions
      .
    2. Select
      Add Permission
       from the settings pane. Permissions must be set as the image below:
      • On the
        Azure Portal
        , go to
        Subscriptions
         and Select the Subscription.
      • Select
        Access Control (IAM)
         on the left side of the panel.
  9. Select the
    Add
     button of the
    Create a Custom Role
     section.
  10. Create a
    Custom role
     and
    Add
     permissions according to his requirements.
  11. Selects the
    resource type
    ,
    resource
    , and
    Add Permissions
     according to his requirement
  12. Selects
    Review + Create

Generate secret key

Use the following procedure to generate a secret key:
  1. From
    Azure Active Directory Admin Centre
    , select the created Application from the list of App Registrations and
    Create Certificates and Secrets
    for the completed Application.
  2. Log into your Azure account to access the Azure portal.
  3. Select the created application name.
  4. From the
    Settings
     pane, select the
    Keys
     option.
  5. From the Keys pane, enter the
    Description
  6. Select the
    Expiration
     period.
  7. Click
    Save
    .
  8. From the
    Keys
     pane, copy the encoded key value and select save. This key value cannot be retrieved after leaving this pane. This encoded key value is the client's Secret Key that will be a part of the authentication credential.
  9. Add the
    Created custom role
     to the created Application.

Get Tenant ID

Use the following procedure to acquire the Tenant ID:
  1. From Azure
    Active Directory Admin Center
    , navigate to the App Registrations pane.
  2. Log into the Azure portal.
  3. Select
    Azure Active Directory
    App Registrations
    .
  4. From the
    App Registrations
     pane, click
    Endpoints
    .
  5. From the
    Endpoints
     pane, click the copy icon next to the
    OAuth 2.0 Token Endpoint
     option.
  6. Click
    Save
    .
  7. Copy the value between microsoftonline.com/ and /oauth2/token from the copied endpoint URL. This is the Tenant ID that will be part of the authentication credential. This is the Tenant ID requested in the form described in DevOps Azure Cloud Platform Configuration.

Get the Client ID

Use the following procedure to acquire the Client ID:
  1. From
    Azure Active Directory Admin Center
    , open the created application.
  2. Select the
    Settings
     option.
  3. Log into the Azure portal.
  4. Select the created application name.
  5. From the
    Settings
     pane, copy the
    Application ID
     value. This is the Client ID that will be part of the authentication credential. This is the Client ID requested in the form described in DevOps Azure Cloud Platform Configuration.
At this point you have successfully configured Azure Cloud to exchange data with Container Cluster Management.

IAM connection prerequisite

Once all configuration steps have been completed at a cloud provider level, you must configure the tenant. Use the following procedure:
  1. From the tenant landing page, select the Main menu or the
    Manage IAM
     tile.
  2. Select Admin and then,
    IAM
    .
  3. On the IAM screen, select the
    Connections
     tab from the left panel.
  4. Select the
    Add New
     Drop-down menu.
  5. Select the
    Add a Connection
    .
  6. Select the Technology Category as
    Cloud Provider
    .
  7. Select
    Azure Cloud
    .
  8. Enter the
    Account Number
    ,
    Access Key Id
    , and
    Access Secret Key
     from the Azure account referred to in the previous section.
  9. Validate your credentials by selecting
    Test connection
    .
  10. Once the connection is successful, select
    Add
     to create a connection.
The "subscriptionId" column is required.

Azure Monitor support

Container Cluster Management supports Azure Monitor, a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premise environments. You can use Azure Monitor to help optimize the availability and performance of your applications and services. It helps you understand how your applications are performing and allows you to manually and programmatically respond to system events.
Container Cluster Management is capable of fetching container level stats but, to access this service, you must first configure it for Container Cluster Management.

Configure Azure Monitor

Prerequisites:
 Three settings are necessary in the Azure portal for collecting stats using Azure Monitor:
  • Contributor
     permissions are necessary for the cluster we want to get stats from
  • The application should have
    Reader
     permissions in the workspace on Log Analytics Workspaces
  • Setup authentication for API. This information is available at learn.microsoft.com.
First, create a connection. Use the following procedure:
  1. Navigate to IAM (Click Admin → IAM).
  2. Click Connection on the left navigation panel.
  3. Click
    Add New Connection
    from the Add New drop-down menu. The application navigates to the
    Add Connection
     page.
  4. Select
    Technology Category
     .
  5. For
    Cloud Provider
    ,
    Select Azure Cloud
    .
  6. Complete the form.
  7. Click
    Test Connection
     to test the connection.
  8. Click Add to add the connection when the connection is functioning.
The
subscriptionId
 field is necessary to pull in data for Azure clusters and other mandatory fields.
After a connection is added, a worker thread triggers CMS configuration steps internally and creates a YAML configuration in Common Metrics Service for collecting Kubernetes Container level stats. The following YAML configuration containing the query to fetch CPU and Memory stats gets added:

metricbeat.modules:
 - module: azure
   metricsets:
     - container_insights
   period: 24h
   enabled: true
   continuous: true
   connectionID: "{{connectionID}}"
   queries:
     - name: CPUMemorystats
CPU Query
These Stats are collected by CMS from Azure Monitor using the configurations performed in the aforementioned
Prerequisites
. The collected stats are then stored in a collection and are later used to generate recommendations visible on the CCM Dashboard. The stats are collected once every 24 hours and the worker checking a new connection in IAM is executed every 5 minutes.
Do you have two minutes for a quick survey?
Take Survey