How to enable Azure Monitor for containers

This article provides an overview of the options available to setup Azure Monitor for containers to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service.

Azure Monitor for containers can be enabled for new, or one or more existing deployments of AKS using the following supported methods:

Note

This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.

Prerequisites

Before you start, make sure that you have the following:

  • A Log Analytics workspace.

    Azure Monitor for containers supports a Log Analytics workspace in the regions listed in Azure Products by region.

    You can create a workspace when you enable monitoring of your new AKS cluster or let the onboarding experience create a default workspace in the default resource group of the AKS cluster subscription. If you chose to create it yourself, you can create it through Azure Resource Manager, through PowerShell, or in the Azure portal. For a list of the supported mapping pairs used for the default workspace, see Region mapping for Azure Monitor for containers.

  • You are a member of the Log Analytics contributor role to enable container monitoring. For more information about how to control access to a Log Analytics workspace, see Manage workspaces.

  • You are a member of the Owner role on the AKS cluster resource.

Note

As part of the ongoing transition from Microsoft Operations Management Suite to Azure Monitor, the Operations Management Suite Agent for Windows or Linux will be referred to as the Log Analytics agent for Windows and Log Analytics agent for Linux.

  • Prometheus metrics are not collected by default. Before configuring the agent to collect them, it is important you review the Prometheus documentation to understand what you can define.

Components

Your ability to monitor performance relies on a containerized Log Analytics agent for Linux specifically developed for Azure Monitor for containers. This specialized agent collects performance and event data from all nodes in the cluster, and the agent is automatically deployed and registered with the specified Log Analytics workspace during deployment. The agent version is microsoft/oms:ciprod04202018 or later, and is represented by a date in the following format: mmddyyyy.

Note

With the preview release of Windows Server support for AKS, an AKS cluster with Windows Server nodes do not have an agent installed to collect data and forward to Azure Monitor. Instead, a Linux node automatically deployed in the cluster as part of the standard deployment collects and forwards the data to Azure Monitor on behalf all Windows nodes in the cluster.

When a new version of the agent is released, it is automatically upgraded on your managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). To follow the versions released, see agent release announcements.

Note

If you have already deployed an AKS cluster, you enable monitoring by using either Azure CLI or a provided Azure Resource Manager template, as demonstrated later in this article. You cannot use kubectl to upgrade, delete, re-deploy, or deploy the agent. The template needs to be deployed in the same resource group as the cluster.

You enable Azure Monitor for containers by using one of the following methods described in the following table.

Deployment State Method Description
New AKS cluster Create cluster using Azure CLI You can enable monitoring of a new AKS cluster that you create with Azure CLI.
Create cluster using Terraform You can enable monitoring of a new AKS cluster that you create using the open-source tool Terraform.
Existing AKS cluster Enable using Azure CLI You can enable monitoring of an AKS cluster already deployed using Azure CLI.
Enable using Terraform You can enable monitoring of an AKS cluster already deployed using the open-source tool Terraform.
Enable from Azure Monitor You can enable monitoring of one or more AKS clusters already deployed from the AKS multi-cluster page in Azure Monitor.
Enable from AKS cluster You can enable monitoring directly from an AKS cluster in the Azure portal.
Enable using an Azure Resource Manager template You can enable monitoring of an AKS cluster with a pre-configured Azure Resource Manager template.

Next steps

  • With monitoring enabled to capture health metrics for both the AKS cluster nodes and pods, these health metrics are available in the Azure portal. To learn how to use Azure Monitor for containers, see View Azure Kubernetes Service health.