Cloud Services

Container Cluster Management

Expand menu Collapse menu

Azure Cloud account

Published On Jun 05, 2024 - 1:31 PM

Azure Cloud account

Container Cluster Management supports your use of Azure Resource Manager, and this topic describes the configuration requirements.

Configure Azure Resource Manager and access rights for Azure

The Application (Account) should have registration of the application of that particular subscription and have at least the Read
access/role. For that purpose, a new key should be created. Then, the client Secret Key, Client ID, and Tenant ID are used to create/configure an account in Container Cluster Management to pull data from Azure Cloud.

Use the following procedure to create a client Secret Key respective Application Account for Azure Cloud:

URL: https://portal.azure.com/

Select Azure Active Directory
from the left navigation.

Select the App registrations
from the left panel on the Default directory
page.

Select New Registration
option from App Registration
pane.

Type in the following information about the Create
pane:

Name:
Name for the new application. Type in the desired application name. Example: GraphConnectorApp

Redirect URI (optional):
Returns an authentication response after successfully authenticating a user. Example: https://office.com

Select Register
.

Notes:
The recently created application will be shown.

Edit the manifest file and change the value of the oauth2AllowImplicitFlow
parameter to true
after the application is created.

Select Save
.

Add permissions:

From the Registered App pane, select API Permissions
.

Select Add Permission
from the settings pane. Permissions must be set as the image below:

The status for all the permissions will turn green on adding the required permissions, as shown in the screenshot above.

On the Azure Portal
, go to Subscriptions
and Select the Subscription.

Select Access Control (IAM)
on the left side of the panel.

Select the Add
button of the Create a Custom Role
section.

Create a Custom role
and Add
permissions according to his requirements.

Selects the resource type
, resource
, and Add Permissions
according to his requirement

Selects
Review + Create

Generate secret key

Use the following procedure to generate a secret key:

From Azure Active Directory Admin Centre
, select the created Application from the list of App Registrations and Create Certificates and Secrets
for the completed Application.

Log into https://aad.portal.azure.com/ and select the created application name.

From the Settings
pane, he selects the Keys
option.

From the Keys pane, he types in the Description
, selects the Expiration
period and then selects the Save
button.

From the Keys
pane, copy the encoded key value and select save. This key value cannot be retrieved after leaving this pane. This encoded key value is the client's Secret Key that will be a part of the authentication credential.

Add the Created custom role
to the created Application.

Get Tenant ID

Use the following procedure to acquire the Tenant ID:

From Azure Active Directory Admin Center
, navigate to the App Registrations pane.

Log into the Azure portal and select the following menu selection: Azure Active Directory

App Registrations
.

From App Registrations
pane, click Endpoints
option.

From the Endpoints
pane, select the copy icon next to the OAuth 2.0 Token Endpoint
option and Save
the value.

Copy the value between microsoftonline.com/ and /oauth2/token from the copied endpoint URL. This is the Tenant ID that will be part of the authentication credential. This is the Tenant ID requested in the form described in DevOps Azure Cloud Platform Configuration.

Get the Client ID

Use the following procedure to acquire the Client ID:

From Azure Active Directory Admin Center
, open the created application.

Select the Settings
option.

Log into https://aad.portal.azure.com/ and select the created application name.

From the Settings
pane, copy the Application ID
value. This is the Client ID that will be part of the authentication credential. This is the Client ID requested in the form described in DevOps Azure Cloud Platform Configuration.

At this point you have successfully configured Azure Cloud to exchange data with Container Cluster Management.

IAM connection prerequisite

Once all configuration steps have been completed at a cloud provider level, you will need to configure the tenant in order to continue with the data exchange for cluster management.

Complete configuration on the Cloud Provider console.

Step 1:
From the tenant landing page, select the Main menu or the Manage IAM
tile.

Step 2:
Select Admin and then, IAM
.

Step 3:
On the IAM screen, select the Connections
tab from the left panel.

Step 4:
Select the Add New
Drop-down menu.

Step 5:
Select the Add a Connection
.

Step 6:
Select the Technology Category as Cloud Provider
.

Step 7:
Select Azure Cloud
.

Step 8:
Enter the Account Number
, Access Key Id
, and Access Secret Key
from the Azure account referred to in the previous section.

Step 9:
Validate your credentials by selecting Test connection
.

Step 10:
Once the connection is successful, select Add
to create a connection.

Although it is shown as optional in the picture above, the "subscriptionId" column, along with the other obligatory values, is required to bring in data for Azure clusters.

Azure Monitor support

Container Cluster Management supports Azure Monitor, a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments. You can use Azure Monitor to help optimize the availability and performance of your applications and services. It helps you understand how your applications are performing and allows you to manually and programmatically respond to system events.

Container Cluster Management is capable of fetching container level stats using an internal service called Common Metrics Service. However, to access this service, you must first configure it for Container Cluster Management.

Configure Azure Monitor

Prerequisites:
Three settings are necessary in the Azure portal for collecting stats using Azure Monitor:

Contributor
permissions are necessary for the cluster we want to get stats from

The application should have Reader
permissions in the workspace on Log Analytics Workspaces

Setup authentication for API. This information is available at learn.microsoft.com.

First, create a connection. Use the following procedure:

Navigate to IAM (Click Admin --> IAM).

Click Connection on the left navigation panel.

Click Add New Connection
from the Add New drop-down menu. The application navigates to the Add Connection
page.

Select Technology Category
.

For Cloud Provider
, Select Azure Cloud
.

Complete the form.

Click Test Connection
to test the connection.

Click Add to add the connection when the connection is functioning.

The subscriptionId
field is necessary to pull in data for Azure clusters, along with other mandatory fields.

After a connection is added, a worker thread triggers CMS configuration steps internally and creates a YAML configuration in Common Metrics Service for collecting Kubernetes Container level stats. The following YAML configuration containing the query to fetch CPU and Memory stats gets added:


metricbeat.modules: 
  - module: azure
    metricsets:
      - container_insights
    period: 24h
    enabled: true
    continuous: true
    connectionID: "{{connectionID}}"
    queries:
      - name: CPUMemorystatsCPU Query

These Stats are collected by CMS from Azure Monitor using the configurations performed in the aforementioned Prerequisites
. The collected stats are then stored in a collection and are later used to generate recommendations visible on the CCM Dashboard. The stats are collected once every 24 hours and the worker checking a new connection in IAM is executed every 5 minutes.

Supported public cloud providers

Do you have two minutes for a quick survey?

Take Survey