Configure Azure Red Hat OpenShift v4.x with Container insights

Container insights provides a rich monitoring experience for Azure Kubernetes Service (AKS) and AKS engine clusters. This article describes how to achieve a similar monitoring experience by enabling monitoring for Kubernetes clusters that are hosted on Azure Red Hat OpenShift version 4.x.

Note

Support for Azure Red Hat OpenShift is a feature in public preview at this time.

You can enable Container insights for one or more existing deployments of Azure Red Hat OpenShift v4.x by using the supported methods described in this article.

For an existing cluster, run this Bash script in the Azure CLI.

Supported and unsupported features

Container insights supports monitoring Azure Red Hat OpenShift v4.x as described in Container insights overview, except for the following features:

  • Live Data (preview)
  • Collecting metrics from cluster nodes and pods and storing them in the Azure Monitor metrics database

Prerequisites

Enable monitoring for an existing cluster

To enable monitoring for an Azure Red Hat OpenShift version 4 or later cluster that's deployed in Azure by using the provided Bash script, do the following:

  1. Sign in to Azure by running the following command:

    az login
    
  2. Download and save to a local folder the script that configures your cluster with the monitoring add-in by running the following command:

    curl -o enable-monitoring.sh -L https://aka.ms/enable-monitoring-bash-script

  3. Connect to ARO v4 cluster using the instructions in Tutorial: Connect to an Azure Red Hat OpenShift 4 cluster.

Integrate with an existing workspace

In this section, you enable monitoring of your cluster using the Bash script you downloaded earlier. To integrate with an existing Log Analytics workspace, start by identifying the full resource ID of your Log Analytics workspace that's required for the logAnalyticsWorkspaceResourceId parameter, and then run the command to enable the monitoring add-in against the specified workspace.

If you don't have a workspace to specify, you can skip to the Integrate with the default workspace section and let the script create a new workspace for you.

  1. List all the subscriptions that you have access to by running the following command:

    az account list --all -o table
    

    The output will look like the following:

    Name                                  CloudName    SubscriptionId                        State    IsDefault
    ------------------------------------  -----------  ------------------------------------  -------  -----------
    Microsoft Azure                       AzureCloud   0fb60ef2-03cc-4290-b595-e71108e8f4ce  Enabled  True
    
  2. Copy the value for SubscriptionId.

  3. Switch to the subscription that hosts the Log Analytics workspace by running the following command:

    az account set -s <subscriptionId of the workspace>
    
  4. Display the list of workspaces in your subscriptions in the default JSON format by running the following command:

    az resource list --resource-type Microsoft.OperationalInsights/workspaces -o json
    
  5. In the output, find the workspace name, and then copy the full resource ID of that Log Analytics workspace under the field ID.

  6. To enable monitoring, run the following command. Replace the values for the azureAroV4ClusterResourceId and logAnalyticsWorkspaceResourceId parameters.

    export azureAroV4ClusterResourceId="/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.RedHatOpenShift/OpenShiftClusters/<clusterName>"
    export logAnalyticsWorkspaceResourceId="/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/microsoft.operationalinsights/workspaces/<workspaceName>" 
    

    Here is the command you must run once you have populated the 3 variables with Export commands:

    bash enable-monitoring.sh --resource-id $azureAroV4ClusterResourceId --workspace-id $logAnalyticsWorkspaceResourceId

After you've enabled monitoring, it might take about 15 minutes before you can view the health metrics for the cluster.

Integrate with the default workspace

In this section, you enable monitoring for your Azure Red Hat OpenShift v4.x cluster by using the Bash script that you downloaded.

In this example, you're not required to pre-create or specify an existing workspace. This command simplifies the process for you by creating a default workspace in the default resource group of the cluster subscription, if one doesn't already exist in the region.

The default workspace that's created is in the format of DefaultWorkspace-<GUID>-<Region>.

Replace the value for the azureAroV4ClusterResourceId parameter.

export azureAroV4ClusterResourceId="/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.RedHatOpenShift/OpenShiftClusters/<clusterName>"

For example:

`bash enable-monitoring.sh --resource-id $azureAroV4ClusterResourceId

After you've enabled monitoring, it might take about 15 minutes before you can view health metrics for the cluster.

Enable monitoring from the Azure portal

The multi-cluster view in Container insights highlights your Azure Red Hat OpenShift clusters that don't have monitoring enabled under the Unmonitored clusters tab. The Enable option next to your cluster doesn't initiate onboarding of monitoring from the portal. You're redirected to this article to enable monitoring manually by following the steps that were outlined earlier in this article.

  1. Sign in to the Azure portal.

  2. On the left pane or from the home page, select Azure Monitor.

  3. In the Insights section, select Containers.

  4. On the Monitor - containers page, select Unmonitored clusters.

  5. In the list of non-monitored clusters, select the cluster, and then select Enable.

    You can identify the results in the list by looking for the ARO value in the Cluster Type column. After you select Enable, you're redirected to this article.

Next steps

  • Now that you've enabled monitoring to collect health and resource utilization of your RedHat OpenShift version 4.x cluster and the workloads that are running on them, learn how to use Container insights.

  • By default, the containerized agent collects the stdout and stderr container logs of all the containers that are running in all the namespaces except kube-system. To configure a container log collection that's specific to a particular namespace or namespaces, review Container Insights agent configuration to configure the data collection settings you want for your ConfigMap configuration file.

  • To scrape and analyze Prometheus metrics from your cluster, review Configure Prometheus metrics scraping.

  • To learn how to stop monitoring your cluster by using Container insights, see How to stop monitoring your Azure Red Hat OpenShift cluster.