Generate secret key
Use the following procedure to generate a secret key:
From
Azure Active Directory Admin Centre
, select the created Application from the list of App Registrations and
Create Certificates and Secrets
for the completed Application.
From the
Settings
pane, he selects the
Keys
option.
From the Keys pane, he types in the
Description
, selects the
Expiration
period and then selects the
Save
button.
From the
Keys
pane, copy the encoded key value and select save. This key value cannot be retrieved after leaving this pane. This encoded key value is the client's Secret Key that will be a part of the authentication credential.
Add the
Created custom role
to the created Application.
Get Tenant ID
Use the following procedure to acquire the Tenant ID:
From Azure
Active Directory Admin Center
, navigate to the App Registrations pane.
Log into the
Azure portal and select the following menu selection:
Azure Active Directory
->
App Registrations
.
From
App Registrations
pane, click
Endpoints
option.
From the
Endpoints
pane, select the copy icon next to the
OAuth 2.0 Token Endpoint
option and
Save
the value.
Copy the value between microsoftonline.com/ and /oauth2/token from the copied endpoint URL. This is the Tenant ID that will be part of the authentication credential. This is the Tenant ID requested in the form described in
DevOps Azure Cloud Platform Configuration.
Get the Client ID
Use the following procedure to acquire the Client ID:
From
Azure Active Directory Admin Center
, open the created application.
Select the
Settings
option.
From the
Settings
pane, copy the
Application ID
value. This is the Client ID that will be part of the authentication credential. This is the Client ID requested in the form described in
DevOps Azure Cloud Platform Configuration.
At this point you have successfully configured Azure Cloud to exchange data with Container Cluster Management.
IAM connection prerequisite
Once all configuration steps have been completed at a cloud provider level, you will need to configure the tenant in order to continue with the data exchange for cluster management.
Complete configuration on the Cloud Provider console.
Step 1:
From the tenant landing page, select the Main menu or the
Manage IAM
tile.
Step 2:
Select Admin and then,
IAM
.
Step 3:
On the IAM screen, select the
Connections
tab from the left panel.
Step 4:
Select the
Add New
Drop-down menu.
Step 5:
Select the
Add a Connection
.
Step 6:
Select the Technology Category as
Cloud Provider
.
Step 7:
Select
Azure Cloud
.
Step 8:
Enter the
Account Number
,
Access Key Id
, and
Access Secret Key
from the Azure account referred to in the previous section.
Step 9:
Validate your credentials by selecting
Test connection
.
Step 10:
Once the connection is successful, select
Add
to create a connection.
Although it is shown as optional in the picture above, the "subscriptionId" column, along with the other obligatory values, is required to bring in data for Azure clusters.
Azure Monitor support
Container Cluster Management supports Azure Monitor, a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments. You can use Azure Monitor to help optimize the availability and performance of your applications and services. It helps you understand how your applications are performing and allows you to manually and programmatically respond to system events.
Container Cluster Management is capable of fetching container level stats using an internal service called Common Metrics Service. However, to access this service, you must first configure it for Container Cluster Management.
Configure Azure Monitor
Prerequisites:
Three settings are necessary in the Azure portal for collecting stats using Azure Monitor:
Contributor
permissions are necessary for the cluster we want to get stats from
The application should have
Reader
permissions in the workspace on Log Analytics Workspaces
Setup authentication for API. This information is available at learn.microsoft.com.
First, create a connection. Use the following procedure:
Navigate to IAM (Click Admin --> IAM).
Click Connection on the left navigation panel.
Click
Add New Connection
from the Add New drop-down menu. The application navigates to the
Add Connection
page.
Select
Technology Category
.
For
Cloud Provider
,
Select Azure Cloud
.
Complete the form.
Click
Test Connection
to test the connection.
Click Add to add the connection when the connection is functioning.
The
subscriptionId
field is necessary to pull in data for Azure clusters, along with other mandatory fields.
After a connection is added, a worker thread triggers CMS configuration steps internally and creates a YAML configuration in Common Metrics Service for collecting Kubernetes Container level stats. The following YAML configuration containing the query to fetch CPU and Memory stats gets added:
metricbeat.modules:
- module: azure
metricsets:
- container_insights
period: 24h
enabled: true
continuous: true
connectionID: "{{connectionID}}"
queries:
- name: CPUMemorystats
CPU Query
These Stats are collected by CMS from Azure Monitor using the configurations performed in the aforementioned
Prerequisites
. The collected stats are then stored in a collection and are later used to generate recommendations visible on the CCM Dashboard. The stats are collected once every 24 hours and the worker checking a new connection in IAM is executed every 5 minutes.