Azure AKS - oms agent AND diagnostic settings possible together?
I'm deploying an AKS cluster via Terraform.
I set an oms_agent block within my aks resource block:
resource "azurerm_kubernetes_cluster" "tfdemo-cluster" {
resource_group_name = var.resourcegroup_name
location = var.location
name = "${var.projectname}-aks"
node_resource_group = "${var.resourcegroup_name}-node"
... omitted to shorten ...
oms_agent {
log_analytics_workspace_id = var.log_analytics_workspace_id
}
Like this it works as aspected.
But when I add an additional resource of type diagnostic_settings like so
resource "azurerm_monitor_diagnostic_setting" "aks-diagnostics" {
name = "aks-logs"
storage_account_id = var.storage_account_id
target_resource_id = azurerm_kubernetes_cluster.tfdemo-cluster.id
log {
category = "kube-audit"
enabled = true
}
metric {
category = "AllMetrics"
retention_policy {
days = 30
enabled = true
}
}
}
I run into an error that says:
"diagnosticsettings.DiagnosticSettingsClient#CreateOrUpdate: Failure sending request: StatusCode=409 -- Original Error: autorest/azure: Service returned an error. Status=nil nil"
When I tried to google that error messages I found issues related to other Azure services where the sku of that service wasn't matching a specified feature or capacity but I'm don't see that here.
Why I want log analytics workspace AND logs dumped into a storage account: My thinking was just that a log anal. ws is really expensive compared to storage in a storage account. So I thought I send say the audit data for long time retention to the cheap storage account (my settings in the given example might not 100% represent that but it's not the point here I'd say) and still have the "expensive" log analytics service to dig into the cluster performance.
Thanks a lot for any input!
I Tried to reproduce the same in my environment to Create an Azure AKS cluster with OMS Agent and Diagnostic Setting using Terraform:
Sending long-term data retention logs to a Azure Storage Account can be more cost-effective than keeping them in a Azure Log Analytics workspace. However, the Azure Log Analytics workspace can still be useful for real-time analysis and performance monitoring.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "aksgroup" {
name = "aks-rg"
location = "East US"
}
resource "azurerm_log_analytics_workspace" "oms" {
name = "oms-workspace"
location = azurerm_resource_group.aksgroup.location
resource_group_name = azurerm_resource_group.aksgroup.name
sku = "PerGB2018"
}
resource "azurerm_kubernetes_cluster" "aks" {
name = "cluster-aks1"
location = azurerm_resource_group.aksgroup.location
resource_group_name = azurerm_resource_group.aksgroup.name
dns_prefix = "aks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "standard_a2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "Production"
}
addon_profile {
oms_agent {
enabled = true
log_analytics_workspace_id = azurerm_log_analytics_workspace.oms.id
}
}
}
output "client_certificate" {
value = azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate
sensitive = true
}
output "kube_config" {
value = azurerm_kubernetes_cluster.aks.kube_config_raw
sensitive = true
}
resource "azurerm_monitor_diagnostic_setting" "aks" {
name = "aks-diagnostic-setting"
target_resource_id = azurerm_kubernetes_cluster.aks.id
storage_account_id = azurerm_storage_account.aks.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.oms.id
log {
category = "kube-audit"
enabled = true
}
metric {
category = "AllMetrics"
retention_policy {
days = 30
enabled = true
}
}
}
resource "azurerm_storage_account" "aks" {
name = "aksdiagnostic"
resource_group_name = azurerm_resource_group.aksgroup.name
location = azurerm_resource_group.aksgroup.location
account_tier = "Standard"
account_replication_type = "LRS"
}
Terraform Apply:
Once ran the code resources are created, like below.
Azure AKS Diagnostic settings created with Log Analytics settings.
Log Analytics settings- created.
- Unable to get all users from Microsoft Graph using Python SDK
- You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack
- MS Graph API - How to query additional pages
- how to hash users into random values in azure databricks
- How can I manage Azure SQL user/login/credentials
- How to connect secrets value stored in Azure key vault to Azure app service env variables directly
- AVD Insights Host Performance Blade Empty after vhange to new Azure Monitoring Agent
- How to get a list of users from azure graph API
- Azure App Service Flask Deployment Error: "Failed to Respond to HTTP Pings on Port 8000; Site Start Failed. Check Container Logs for Debugging."
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Can you publish a new standalone Angular project (esproj) directly from VS2022 to Azure?
- Cors configuration
- Publish error: Found multiple publish output files with the same relative path
- remove event subscriptions from system topics
- node-fetch azure document translator
- Is it possible to use .env in a React Web project?
- Sign in to Azure Account from VS Code
- How to copy blobs from azure to aws using python?
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- how to mask hash users into random values [email protected] in azure databricks
- Can we use PostgREST API with Azure
- Bicep adding DNS Records saying already exists when it doesn't
- Issue in sending personal message in MS Teams with Graph API
- import files to databricks workspace
- Create an Api connection to log analytics workspace via bicep
- az funcapp publish .net8 Isolated breaking Azure configuration runtime settings on Sync
- Is there a way to get more than 1000 Packages and versions from Azure DEVOPs Feed RESTAPI for GET Packages?
- how to insert json into cosmos db collection using c#
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?