Cloud Services

Container Cluster Management

Azure Cloud account
Published On Dec 12, 2024 - 2:16 PM

Azure Cloud account

Configure an account to view permission for Container Cluster Management to pull data from Azure Resource Manager.

Configure Azure Resource Manager and access rights for Azure

The Application (Account) should have registration of the application of that particular subscription and have at least the
Read
access/role. For that purpose, a new key should be created. Then, the client Secret Key, Client ID, and Tenant ID are used to create/configure an account in Container Cluster Management to pull data from Azure Cloud.
Use the following procedure to create a client Secret Key respective Application Account for Azure Cloud:
  1. Log in to the Azure portal using your Azure account:
  1. Select
    Azure Active Directory
    from the left navigation bar.
  2. Select the
    App registrations
    from the left panel on the
    Default directory
    page.
  3. Select
    New Registration
    option from
    App Registration
    pane.
  4. Enter the following information about the
    Create
    pane:
    • Name:
      Name for the new application. Type in the desired application name. Example: GraphConnectorApp
    • Redirect URI (optional):
      Returns an authentication response after successfully authenticating a user.
  5. Edit the manifest file and change the value of the
    oauth2AllowImplicitFlow
    parameter to
    true
    after the application is created.
  6. Select
    Save
    .
    1. From the Registered App pane, select
      API Permissions
      .
    2. Select
      Add Permission
      from the settings pane. Permissions must be set as the image below:
      • On the
        Azure Portal
        , go to
        Subscriptions
        and Select the Subscription.
      • Select
        Access Control (IAM)
        on the left side of the panel.
  7. Select the
    Add
    button of the
    Create a Custom Role
    section.
  8. Create a
    Custom role
    and
    Add
    permissions according to his requirements.
  9. Selects the
    resource type
    ,
    resource
    , and
    Add Permissions
    according to his requirement
  10. Selects
    Review + Create

Generate secret key

Use the following procedure to generate a secret key:
  1. From
    Azure Active Directory Admin Centre
    , select the created Application from the list of App Registrations and
    Create Certificates and Secrets
    for the completed Application.
  2. Log into your Azure account to access the Azure portal.
  3. Select the created application name.
  4. From the
    Settings
    pane, select the
    Keys
    option.
  5. From the Keys pane, enter the
    Description
  6. Select the
    Expiration
    period.
  7. Click
    Save
    .
  8. From the
    Keys
    pane, copy the encoded key value and select save. This key value cannot be retrieved after leaving this pane. This encoded key value is the client's Secret Key that will be a part of the authentication credential.
  9. Add the
    Created custom role
    to the created Application.

Get Tenant ID

Use the following procedure to acquire the Tenant ID:
  1. From Azure
    Active Directory Admin Center
    , navigate to the App Registrations pane.
  2. Log into the Azure portal.
  3. Select
    Azure Active Directory
    App Registrations
    .
  4. From the
    App Registrations
    pane, click
    Endpoints
    .
  5. From the
    Endpoints
    pane, click the copy icon next to the
    OAuth 2.0 Token Endpoint
    option.
  6. Click
    Save
    .
  7. Copy the value between microsoftonline.com/ and /oauth2/token from the copied endpoint URL. This is the Tenant ID that will be part of the authentication credential. This is the Tenant ID requested in the form described in DevOps Azure Cloud Platform Configuration.

Get the Client ID

Use the following procedure to acquire the Client ID:
  1. From
    Azure Active Directory Admin Center
    , open the created application.
  2. Select the
    Settings
    option.
  3. Log into the Azure portal.
  4. Select the created application name.
  5. From the
    Settings
    pane, copy the
    Application ID
    value. This is the Client ID that will be part of the authentication credential. This is the Client ID requested in the form described in DevOps Azure Cloud Platform Configuration.
At this point you have successfully configured Azure Cloud to exchange data with Container Cluster Management.

IAM connection prerequisite

Once all configuration steps have been completed at a cloud provider level, you must configure the tenant. Use the following procedure:
  1. From the tenant landing page, select the Main menu or the
    Manage IAM
    tile.
  2. Select Admin and then,
    IAM
    .
  3. On the IAM screen, select the
    Connections
    tab from the left panel.
  4. Select the
    Add New
    Drop-down menu.
  5. Select the
    Add a Connection
    .
  6. Select the Technology Category as
    Cloud Provider
    .
  7. Select
    Azure Cloud
    .
  8. Enter the
    Account Number
    ,
    Access Key Id
    , and
    Access Secret Key
    from the Azure account referred to in the previous section.
  9. Validate your credentials by selecting
    Test connection
    .
  10. Once the connection is successful, select
    Add
    to create a connection.
The "subscriptionId" column is required.

Azure Monitor support

Container Cluster Management supports Azure Monitor, a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premise environments. You can use Azure Monitor to help optimize the availability and performance of your applications and services. It helps you understand how your applications are performing and allows you to manually and programmatically respond to system events.
Container Cluster Management is capable of fetching container level stats but, to access this service, you must first configure it for Container Cluster Management.

Configure Azure Monitor

Prerequisites:
Three settings are necessary in the Azure portal for collecting stats using Azure Monitor:
  • Contributor
    permissions are necessary for the cluster we want to get stats from
  • The application should have
    Reader
    permissions in the workspace on Log Analytics Workspaces
  • Setup authentication for API. This information is available at learn.microsoft.com.
First, create a connection. Use the following procedure:
  1. Navigate to IAM (Click Admin → IAM).
  2. Click Connection on the left navigation panel.
  3. Click
    Add New Connection
    from the Add New drop-down menu. The application navigates to the
    Add Connection
    page.
  4. Select
    Technology Category
    .
  5. For
    Cloud Provider
    ,
    Select Azure Cloud
    .
  6. Complete the form.
  7. Click
    Test Connection
    to test the connection.
  8. Click Add to add the connection when the connection is functioning.
The
subscriptionId
field is necessary to pull in data for Azure clusters and other mandatory fields.
After a connection is added, a worker thread triggers CMS configuration steps internally and creates a YAML configuration in Common Metrics Service for collecting Kubernetes Container level stats. The following YAML configuration containing the query to fetch CPU and Memory stats gets added:
metricbeat.modules: - module: azure metricsets: - container_insights period: 24h enabled: true continuous: true connectionID: "{{connectionID}}" queries: - name: CPUMemorystats
CPU Query
These Stats are collected by CMS from Azure Monitor using the configurations performed in the aforementioned
Prerequisites
. The collected stats are then stored in a collection and are later used to generate recommendations visible on the CCM Dashboard. The stats are collected once every 24 hours and the worker checking a new connection in IAM is executed every 5 minutes.
Do you have two minutes for a quick survey?
Take Survey