Ensure Azure Monitoring Enabled For Azure Kubernetes Service (AKS) Cluster
As part of Azure Monitoring, valuable telemetry reported by AKS is collected and stored. In addition to memory and processor metrics for controllers, nodes, and container logs, individual container logs are also included. Azure Log Analytics provides access to this data for AKS clusters and Azure Monitor instances. Memory and processor metrics from containers, nodes, and controllers should be stored. As a result, AKS clusters can be analyzed in real-time and post-mortem to identify unknown behaviors.
Risk Level: medium
Cloud Entity: Azure
Spectral Rule ID: AZURE009
REMEDIATION
set properties.addonProfiles.omsagent.enabled to true
"apiVersion": "2020-02-01",
"properties": {
"addonProfiles": {
"omsagent": {
- "enabled": false
+ "enabled": true
}
}
References:
- https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?tabs=json&pivots=deployment-language-terraform#managedclusteraddonprofile
- https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-enable-aks?tabs=terraform
Azure AKS
AKS is an open-source fully managed container orchestration service that became available in June 2018 and is available on the Microsoft Azure public cloud that can be used to deploy, scale and manage Docker containers and container-based applications in a cluster environment.
Updated about 1 year ago