I am hoping to configure the streaming export of platform logs on Azure for some Kubernetes service, i wish to send some of the logs to log analytics workspace and others to a storage account. I wish to do this via terraform.
I looked at the documentation for azurerm_monitor_diagnostic_setting, however i am unsure how to go about specifically allocating log categories between log analytics workspace and storage accounts.
I Created a Diagnostic setting with Terraform to send specific log categories to Log Analytics and Storage Accounts and I was successful in provisioning the requirement.
To configure the streaming export of platform logs on Azure for a Kubernetes service and allocate log categories between a Log Analytics workspace and a storage account using Terraform, you can use the azurerm_monitor_diagnostic_setting resource.
My Terraform configuration:
data "azurerm_resource_group" "main"{
name = "v-bolliv"
}
resource "azurerm_kubernetes_cluster" "example" {
name = "demovk"
location = "eastus"
resource_group_name = data.azurerm_resource_group.main.name
dns_prefix = "demovkaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
}
resource "azurerm_log_analytics_workspace" "example" {
name = "og-analyticsvk-workspace"
location = "eastus"
resource_group_name = data.azurerm_resource_group.main.name
# Add other required configuration for your Log Analytics workspace
}
resource "azurerm_storage_account" "example" {
name = "demostoragevksb"
resource_group_name = data.azurerm_resource_group.main.name
location = "eastus"
account_tier = "Standard"
account_replication_type = "GRS"
# Add other required configuration for your storage account
}
resource "azurerm_monitor_diagnostic_setting" "example" {
name = "diagnosticvk-setting"
target_resource_id = azurerm_kubernetes_cluster.example.id
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "kube-apiserver"
}
enabled_log {
category = "kube-controller-manager"
}
}
resource "azurerm_eventhub_namespace" "example" {
name = "monitorlog"
location = data.azurerm_resource_group.main.location
resource_group_name = data.azurerm_resource_group.main.name
sku = "Standard"
capacity = 2
}
resource "azurerm_monitor_log_profile" "example" {
name = "default"
categories = [
"Action",
"Delete",
"Write",
]
locations = [
"eastus",
"global",
]
servicebus_rule_id = "${azurerm_eventhub_namespace.example.id}/authorizationrules/RootManageSharedAccessKey"
storage_account_id = azurerm_storage_account.example.id
retention_policy {
enabled = true
days = 7
}
}
Specify the desired log categories and their corresponding destinations within the azurerm_monitor_diagnostic_setting resource. In the above, kube-apiserver and kube-controller-manager logs are sent to the Log Analytics workspace, while other logs will be sent to the storage account.
Output: