Cloud Services

ModernOps

Azure Cloud account
Published On May 16, 2024 - 2:05 PM

Azure Cloud account

Container Cluster Management supports your use of Azure Resource Manager, and this topic describes the configuration requirements.

Configure Azure Resource Manager and access rights for Azure

The Application (Account) should have registration of the application of that particular subscription and have at least the
Read
access/role. For that purpose, a new key should be created. Then, the client Secret Key, Client ID, and Tenant ID are used to create/configure an account in Container Cluster Management to pull data from Azure Cloud.
Use the following procedure to create a client Secret Key respective Application Account for Azure Cloud:
  1. Log in to the Azure portal using your Azure account:
  1. Select
    Azure Active Directory
    from the left navigation.
  2. Select the
    App registrations
    from the left panel on the
    Default directory
    page.
  3. Select
    New Registration
    option from
    App Registration
    pane.
  4. Type in the following information about the
    Create
    pane:
    • Name:
      Name for the new application. Type in the desired application name. Example: GraphConnectorApp
    • Redirect URI (optional):
      Returns an authentication response after successfully authenticating a user. Example: https://office.com
  5. Select
    Register
    .
    Notes:
    The recently created application will be shown.
  6. Edit the manifest file and change the value of the
    oauth2AllowImplicitFlow
    parameter to
    true
    after the application is created.
  7. Select
    Save
    .
  8. Add permissions:
    1. From the Registered App pane, select
      API Permissions
      .
    2. Select
      Add Permission
      from the settings pane. Permissions must be set as the image below:
    The status for all the permissions will turn green on adding the required permissions, as shown in the screenshot above.
    1. On the
      Azure Portal
      , go to
      Subscriptions
      and Select the Subscription.
    2. Select
      Access Control (IAM)
      on the left side of the panel.
  9. Select the
    Add
    button of the
    Create a Custom Role
    section.
  10. Create a
    Custom role
    and
    Add
    permissions according to his requirements.
  11. Selects the
    resource type
    ,
    resource
    , and
    Add Permissions
    according to his requirement
  12. Selects
    Review + Create

Generate secret key

Use the following procedure to generate a secret key:
  1. From
    Azure Active Directory Admin Centre
    , select the created Application from the list of App Registrations and
    Create Certificates and Secrets
    for the completed Application.
  2. Log into https://aad.portal.azure.com/ and select the created application name.
  3. From the
    Settings
    pane, he selects the
    Keys
    option.
  4. From the Keys pane, he types in the
    Description
    , selects the
    Expiration
    period and then selects the
    Save
    button.
  5. From the
    Keys
    pane, copy the encoded key value and select save. This key value cannot be retrieved after leaving this pane. This encoded key value is the client's Secret Key that will be a part of the authentication credential.
  6. Add the
    Created custom role
    to the created Application.

Get Tenant ID

Use the following procedure to acquire the Tenant ID:
  1. From Azure
    Active Directory Admin Center
    , navigate to the App Registrations pane.
  2. Log into the Azure portal and select the following menu selection:
    Azure Active Directory
    ->
    App Registrations
    .
  3. From
    App Registrations
    pane, click
    Endpoints
    option.
  4. From the
    Endpoints
    pane, select the copy icon next to the
    OAuth 2.0 Token Endpoint
    option and
    Save
    the value.
  5. Copy the value between microsoftonline.com/ and /oauth2/token from the copied endpoint URL. This is the Tenant ID that will be part of the authentication credential. This is the Tenant ID requested in the form described in DevOps Azure Cloud Platform Configuration.

Get the Client ID

Use the following procedure to acquire the Client ID:
  1. From
    Azure Active Directory Admin Center
    , open the created application.
  2. Select the
    Settings
    option.
  3. Log into https://aad.portal.azure.com/ and select the created application name.
  4. From the
    Settings
    pane, copy the
    Application ID
    value. This is the Client ID that will be part of the authentication credential. This is the Client ID requested in the form described in DevOps Azure Cloud Platform Configuration.
At this point you have successfully configured Azure Cloud to exchange data with Container Cluster Management.

IAM connection prerequisite

Once all configuration steps have been completed at a cloud provider level, you will need to configure the tenant in order to continue with the data exchange for cluster management.
  • Complete configuration on the Cloud Provider console.
Step 1:
From the tenant landing page, select the Main menu or the
Manage IAM
tile.
Step 2:
Select Admin and then,
IAM
.
Step 3:
On the IAM screen, select the
Connections
tab from the left panel.
Step 4:
Select the
Add New
Drop-down menu.
Step 5:
Select the
Add a Connection
.
Step 6:
Select the Technology Category as
Cloud Provider
.
Step 7:
Select
Azure Cloud
.
Step 8:
Enter the
Account Number
,
Access Key Id
, and
Access Secret Key
from the Azure account referred to in the previous section.
Step 9:
Validate your credentials by selecting
Test connection
.
Step 10:
Once the connection is successful, select
Add
to create a connection.
Although it is shown as optional in the picture above, the "subscriptionId" column, along with the other obligatory values, is required to bring in data for Azure clusters.

Azure Monitor support

Container Cluster Management supports Azure Monitor, a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments.  You can use Azure Monitor to help optimize the availability and performance of your applications and services. It helps you understand how your applications are performing and allows you to manually and programmatically respond to system events.
Container Cluster Management is capable of fetching container level stats using an internal service called  Common Metrics Service. However, to access this service, you must first configure it for Container Cluster Management.

Configure Azure Monitor

Prerequisites:
Three settings are necessary in the Azure portal for collecting stats using Azure Monitor:
  • Contributor
    permissions are necessary for the cluster we want to get stats from
  • The application should have
    Reader
    permissions in the workspace on Log Analytics Workspaces
  • Setup authentication for API. This information is available at learn.microsoft.com.
First, create a connection. Use the following procedure:
  1. Navigate to IAM (Click Admin --> IAM).
  2. Click Connection on the left navigation panel.
  3. Click
    Add New Connection
    from the Add New drop-down menu. The application navigates to the
    Add Connection
    page.
  4. Select
    Technology Category
    .
  5. For
    Cloud Provider
    ,
    Select Azure Cloud
    .
  6. Complete the form.
  7. Click
    Test Connection
    to test the connection.
  8. Click Add to add the connection when the connection is functioning.
The
subscriptionId
field is necessary to pull in data for Azure clusters, along with other mandatory fields.
After a connection is added, a worker thread triggers CMS configuration steps internally and creates a YAML configuration in Common Metrics Service for collecting Kubernetes Container level stats. The following YAML configuration containing the query to fetch CPU and Memory stats gets added:
metricbeat.modules: - module: azure metricsets: - container_insights period: 24h enabled: true continuous: true connectionID: "{{connectionID}}" queries: - name: CPUMemorystats
CPU Query
These Stats are collected by CMS from Azure Monitor using the configurations performed in the aforementioned
Prerequisites
. The collected stats are then stored in a collection and are later used to generate recommendations visible on the CCM Dashboard. The stats are collected once every 24 hours and the worker checking a new connection in IAM is executed every 5 minutes.
Do you have two minutes for a quick survey?
Take Survey