Azure Platform Metrics for AKS Control Plane Monitoring
Azure Kubernetes Service (AKS) now offers free platform metrics for monitoring your control plane components. This enhancement provides essential insights into the availability and performance of managed control plane components, such as the API server and etcd. In this blog post, we'll explore these new metrics and demonstrate how to leverage them to ensure the health and performance of your AKS clusters. What's New? Previously, detailed control plane metrics were only available through the paid Azure Managed Prometheus feature. Now, these metrics are automatically collected for free for all AKS clusters and are available for creating metric alerts. This democratizes access to critical monitoring data and helps all AKS users maintain more reliable Kubernetes environments. Available Control Plane Metrics The following platform metrics are now available for your AKS clusters: Name Display Name Description apiserver_memory_usage_percentage API Server (PREVIEW) Memory Usage Percentage Maximum memory percentage (based off current limit) used by API server pod across instances apiserver_cpu_usage_percentage API Server (PREVIEW) CPU Usage Percentage Maximum CPU percentage (based off current limit) used by API server pod across instances etcd_memory_usage_percentage ETCD (PREVIEW) Memory Usage Percentage Maximum memory percentage (based off current limit) used by ETCD pod across instances etcd_cpu_usage_percentage ETCD (PREVIEW) CPU Usage Percentage Maximum ETCD percentage (based off current limit) used by ETCD pod across instances etcd_database_usage_percentage ETCD (PREVIEW) Database Usage Percentage Maximum utilization of the ETCD database across instances Accessing the New Platform Metrics The metrics are automatically collected and available in the Azure Monitor Metrics explorer. Here's how to access them: Navigate to your AKS cluster in the Azure portal Select "Metrics" from the monitoring section In the Metric namespace dropdown, choose the Metric Namespace as Container Service and Metric as any of the metrics mentioned above e.g. API Server Memory Utilization. You can also choose your desired aggregation (between Avg or Max) and timeframe. You'll now see the control plane metrics available for selection: These metrics can also be retrieved through the platform metrics API or exported to other destinations. Understanding Key Control Plane Metrics API Server Memory Usage Percentage The API server is the front-end for the Kubernetes control plane, processing all requests to the cluster. Monitoring its memory usage is critical because: High memory usage can lead to API server instability and potential outages Memory pressure may cause request latency or timeouts Sustained high memory usage indicates potential scaling issues A healthy API server typically maintains memory usage below 80%. Values consistently above this threshold warrant investigation and potential remediation. To investigate further into the issue, follow the guide here. etcd Database Usage Percentage etcd serves as the persistent storage for all Kubernetes cluster data. The etcd_database_usage_percentage metric is particularly important because: etcd performance dramatically degrades as database usage approaches capacity High database utilization can lead to increased latency for all cluster operations Database size impacts backup and restore operations Best practices suggest keeping etcd database usage below 2GB (absolute usage) to ensure optimal performance. When usage exceeds this threshold, you can clean up unnecessary resources, reduce watch operations, and implement resource quota and limits. The Diagnose and Solve experience in Azure Portal has detailed insights on the cause of the etcd database saturation. To investigate this issue further, follow the guide here. Setting Up Alerts for Control Plane Metrics To proactively monitor your control plane, you can set up metric alerts: Navigate to your AKS cluster in the Azure Portal Select "Alerts" from the monitoring section Click on "Create" and select "Alert Rule" Select your subscription, resource group, and resource type "Kubernetes service" in the Scope (selected by default) and click on See all signals in Conditions Configure signal logic: Select one of the control plane metrics (e.g., "API Server Memory Usage Percentage") Set the condition (e.g., "Greater than") Define the threshold (e.g., 80%) Specify the evaluation frequency and window Define actions to take when the alert triggers Name and save your alert rule Example Alert Configurations API Server Memory Alert: Signal: apiserver_memory_usage_percentage Operator: Greater than Threshold: 80% Window: 5 minutes Frequency: 1 minute Severity: 2 (Warning) ETCD Database Usage Alert: Signal: etcd_database_usage_percentage Operator: Greater than Threshold: 75% Window: 15 minutes Frequency: 5 minutes Severity: 2 (Warning) You can also create alerts through CLI, PowerShell or ARM templates Conclusion The introduction of free Azure platform metrics for AKS control plane components represents a enhancement to the monitoring capabilities available to all AKS users. By leveraging these metrics, particularly API server memory usage and etcd database usage percentages, you can ensure the reliability and performance of your Kubernetes environments without additional cost. Start using these metrics today to gain deeper insights into your AKS clusters and set up proactive alerting to prevent potential issues before they impact your applications. Learn More For more detailed information, refer to the following documentation: Monitor the control plane List of platform metrics in AKS Troubleshoot API server and etcd problems in AKSDeploy Datadog Agent to AKS clusters with Datadog Azure Native ISV Service
Having clear visibility and monitoring into your Kubernetes environment is crucial for maintaining the health and performance of your applications. Effective monitoring helps detect issues early, optimize resource usage, and ensure your applications run smoothly. In complex environments, the sheer volume of containers being orchestrated can make monitoring cluster health challenging, which can in turn slow response times to critical incidents and create bottlenecks around long-term optimizations. Enter Datadog, which is a cloud-scale monitoring and security platform that aggregates data across the application stack. With over 850 integrations, it enables customers to monitor the performance of a wide range of technologies, providing a unified platform with centralized visibility for faster troubleshooting on dynamic architectures. To offer a more seamless experience for customers, the Datadog Azure Native ISV Service is a powerful integration between Microsoft Azure and Datadog which allows you to monitor your Azure workloads with Datadog to deliver comprehensive insights into the performance of your tech stack. This native offering is available on both Azure Marketplace and Azure portal and enables you to set up, configure, and deploy a Datadog resource on Azure similarly to creating any other native Azure resources like VMs, App Services etc. It allows you to quickly monitor and diagnose issues with your Azure resources by automatically sending logs and metrics to your Datadog organization. This year, Datadog also announced the availability of the . For Kubernetes environments specifically, Datadog’s integration with Azure Kubernetes Service (AKS) provides complete visibility into your AKS clusters. Once you’ve enabled the integration and deployed the Datadog Agent to your clusters, Datadog automatically begins collecting metrics and logs from your entire AKS setup and organizing them into high-level visualizations. Datadog also provides an out-of-the-box dashboard for AKS that enables customers to immediately visualize the health and performance of their AKS clusters. This dashboard organizes and highlights the most critical information from standard AKS metrics, while also incorporating log data to provide observability into the control plane. Datadog Agent on Kubernetes Apps Marketplace The Datadog Agent can be deployed to AKS using Kubernetes Apps, an offering on Azure Marketplace that features our partners, like Datadog, in the cloud native space. As a user, you can choose from a rich catalog of validated partner and open-source Kubernetes solutions which you can deploy to your AKS and Arc-connected clusters with integrated Azure billing and easy lifecycle management capabilities. You can quickly procure Kubernetes solutions through the trusted procurement channels of Azure Marketplace, with eligible purchases contributing 100% toward your Microsoft Azure Consumption Commitment (MACC), helping you optimize your committed spend. To take the partnership between Microsoft and Datadog further, the Datadog agent can now be installed on AKS resources via Datadog Azure Native ISV Service. How to deploy Datadog Agent on AKS via native integration Datadog Azure Native ISV Service provides out of the box Azure monitoring with seamless flow of observability data from your Azure workloads which you can monitor in real time on the Datadog portal. Once the Datadog resource is deployed on Azure, logs and metrics start to flow almost immediately. Another plus of this integration is that it makes it frictionless to deploy Datadog agent on to several Azure resources directly from Azure portal. We are now happy to extend this capability to your Azure Kubernetes Service (AKS) clusters through Azure portal which makes it easy to automate the process of agent deployment. Now you can install and un-install the Datadog extension on multiple AKS clusters via Azure portal in a few clicks. Follow this step-by-step guide below to deploy the Datadog extension on AKS resources via Azure Native Datadog Service. Create a Datadog resource You can create a Datadog resource in Azure by purchasing Datadog or setting up a trial environment. Once the resource is deployed, the Datadog environment is automatically setup. Deploy the Datadog Agent through Azure portal The Azure Kubernetes Service blade is available on the left panel of the Datadog resource. By clicking on it, you can view a list of all AKS resources in your subscription. Select all the resources you want to deploy the Datadog AKS extension to manually or use the filters that suit your needs. You can also select all the resources by clicking on select all checkbox. There is no need to go to each cluster and install manually. Once selected, click on Install Extension and wait for successful deployment. When the agent is successfully installed, the agent status and version will be displayed against the AKS resource. You can uninstall the extension by clicking on the Uninstall Extension button. Monitor your Azure Kubernetes Service clusters with Datadog There you have it – an easy method to deploy Datadog Agent on your AKS cluster. Now you can use the single sign on link present on the overview blade to access your Datadog environment or just continue to install Agent on other Azure services. Once on the Datadog portal, you can view the detailed insights of your Kubernetes clusters with the help of dedicated dashboards. Why use Datadog Azure Native ISV? Integrated onboarding: Customers can create a Datadog resource and manage the integration through the Azure portal. Unified billing: Datadog costs are reported through Azure monthly bill. Single sign-on to Datadog: Customers don't need a separate authentication for the Datadog portal. Log forwarder: Automated forwarding of subscription activity and resource logs to Datadog. Metrics collection: Automatically send all Azure resource metrics to Datadog. Datadog agent deployment: Provides unified management experience of Datadog agents. Install and uninstall Datadog agents as extensions on Virtual Machines and Azure App Practical Use cases for Datadog + AKS Datadog helps Azure customers make sense of telemetry data across their technology stack. The top use cases that Azure customers rely on Datadog to solve are: migration, modernization, and tool/cost optimization. Migration: Datadog provides deep visibility into complex Azure environments. Further, Datadog is cloud-agnostic and can ingest data from on-prem and hybrid cloud environments. Datadog tracks and secures every stage of your cloud migration, helping customers migrate with confidence and ease Modernization: Datadog helps Azure customers modernize their stack via Azure capabilities like Azure Kubernetes Service (AKS). Datadog provides full visibility into modern and legacy applications in one place. Azure customers report an improvement in performance, agility, and resilience with Datadog. Tool/Cost Optimization: Many organizations turn to Datadog because their teams are experiencing tool sprawl and total cost of ownership challenges from multiple siloed monitoring tools. Datadog addresses both challenges by enabling customers to view all of their data in a single, unified platform. Azure customers can also use Datadog to analyze and optimize their cloud spend. Additional Links Azure Blog: Explore the latest features for Datadog–An Azure Native ISV Service: https://azure.microsoft.com/en-us/blog/explore-the-latest-features-for-datadog-an-azure-native-isv-s... Azure Marketplace: Datadog: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/datadog1591740804488.dd_liftr_v2?tab=o... Benefits of Kubernetes Apps on the Marketplace: Deploy Smarter, Scale Faster – Secure, AI-Ready, Cost-Effective Kubernetes Apps at Your Fingertips! ... Get Started with Datadog - An Azure Native ISV Service: https://learn.microsoft.com/en-us/azure/partner-solutions/datadog/overview Datadog Blog: Datadog-Microsoft Partnership: Azure Native ISV Service https://www.datadoghq.com/blog/azure-datadog-partnership/ Datadog’s AKS Integration: https://www.datadoghq.com/blog/azure-kubernetes-service-cluster-visibility-with-aks-dashboard/ Datadog agent ok AKS Marketplace: https://www.datadoghq.com/blog/datadog-aks-cluster-extension/ Leave a feature request on our feedback forum We value customer feedback and plan feature suggestions into our roadmap. Let us know how we can enhance the value you get from Datadog Azure Native ISV by requesting a feature on the Developer Community. Alternatively, you can utilize “suggest a feature” option available on the Azure portal.Reference Architecture for a High Scale Moodle Environment on Azure
Introduction Moodle is an open-source learning platform that was developed in 1999 by Martin Dougiamas, a computer scientist and educator from Australia. Moodle stands for Modular Object-Oriented Dynamic Learning Environment, and it is written in PHP, a popular web programming language. Moodle aims to provide educators and learners with a flexible and customizable online environment for teaching and learning, where they can create and access courses, activities, resources, and assessments. Moodle also supports collaboration, communication, and feedback among users, as well as various plugins and integrations with other systems and tools. Moodle is widely used around the world by schools, universities, businesses, and other organizations, with over 100 million registered users and 250,000 registered sites as of 2020. Moodle is also supported by a large and active community of developers, educators, and users, who contribute to its development, documentation, translation, and support. [URL] is the official website of the Moodle project, where anyone can download the software, join the forums, access the documentation, participate in events, and find out more about Moodle. Goal The goal for this architecture is to have a Moodle environment that can handle 400k concurrent users and scale in and out its application resources according to usage. Using Azure managed services to minimize operational burden was a design premise because standard Moodle reference architectures are based on Virtual Machines that comes with a heavy operational cost. Challenges Being a monolith application, scaling Moodle in a modern cloud native environment is challenging. We choose to use Kubernetes as its computing provider due to the fact that it allow us to build a Moodle artifact in an immutable way that allows it to scale out and in when needed in a fast and automatic way and also recover from potential failures by simply recreating its Deployments without the need to maintain Virtual Machine resources, introducing the concept of pets vs cattle[1] to a scenario that at first glance wouldn't be feasible. Since Moodle is written in PHP it has no concept of database polling, creating a scenario where its underlying database is heavily impacted by new client requests, making it necessary to use an external database pooling solution that had to be custom tailored in order to handle the amount of connections for a heavy-traffic setup like this instead of using Azure Database for PostgreSQL's built-in pgbouncer. The same effect is also observed in its Redis implementation, where a custom Redis cluster had to be created, whereas using Azure Cache for Redis would incur prohibitive costs due to the way it is set up for a more general usage. 1 - https://learn.microsoft.com/en-us/dotnet/architecture/cloud-native/definition#the-cloud Architecture This architecture uses Azure managed (PaaS) components to minimize operational burden by using Azure Kubernetes Service to run Moodle, Azure Storage Account to host course content, Azure Database for PostgreSQL Flexible Server as its database and Azure Front Door to expose the application to the public as well as caching commonly used assets. The solution also leverages Azure Availability Zones to distribute its component across different zones in the region to optimize its availability. Provisioning the solution The provisioning has two parts: setting up the infrastructure and the application. The first part uses Terraform to deploy easily. The second part involves creating Moodle's database and configuring the application for optimal performance based on the templates, number of users, etc. and installing templates, courses, plugins etc. The following steps walk you through all tasks needed to have this job done. Clone the repository $ git clone https://github.com/Azure-Samples/moodle-high-scale Provision the infrastructure $ cd infra/ $ az login $ az group create --name moodle-high-scale --location <region> $ terraform init $ terraform plan -var moodle-environment=production $ terraform apply -var moodle-environment=production $ az aks get-credentials --name moodle-high-scale --resource-group moodle-high-scale Provision the Redis Cluster $ cd ../manifests/redis-cluster $ kubectl apply -f redis-configmap.yaml $ kubectl apply -f redis-cluster.yaml $ kubectl apply -f redis-service.yaml Wait for all the replicas to be running $ ./init.sh Type 'yes' when prompted. Deploy Moodle and its services Change image in moodle-service.yaml and also adjust the moodle data storage account name in the nfs-pv.yaml (see commented lines in the files) $ cd ../../images/moodle $ az acr build --registry moodlehighscale<suffix> -t moodle:v0.1 --file Dockerfile . $ cd ../../manifests $ kubectl apply -f pgbouncer-deployment.yaml $ kubectl apply -f nfs-pv.yaml $ kubectl apply -f nfs-pvc.yaml $ kubectl apply -f moodle-service.yaml $ kubectl -n moodle get svc –watch Provision the frontend configuration that will be used to expose Moodle and its assets publicly $ cd ../frontend $ terraform init $ terraform plan $ terraform apply Approve the private endpoint connection request from Frontdoor in moodle-svc-pls resource. Private Link Services > moodle-svc-pls > Private Endpoint Connections > Select the request from Front Door and click on Approve. Install database $ kubectl -n moodle exec -it deployment/moodle-deployment -- /bin/bash $ php /var/www/html/admin/cli/install_database.php --adminuser=admin_user --adminpass=admin_pass --agree-license Deploy Moodle Cron Change image in moodle-cron.yaml $ cd ../manifests $ kubectl apply -f moodle-cron.yaml Your Moodle installation is now ready to use! Conclusion You can create a Moodle environment that is scalable and reliable in minutes with a very simple approach, without having to deal with the hassle of operating its parts that normally comes with standard Moodle installations.
Getting started with Azure Fleet Manager
Why? A solution to manage multiple Azure Kubernetes Service (AKS) clusters at scale. A secure and compliant solution to streamline operations, maintenance, improve performance, and ensure efficient resource utilization. Addresses the challenges of multi-cluster scenarios orchestrating cluster updates propagating Kubernetes resources balancing multi-cluster loads Pointers Orchestrates application updates and upgrades across multiple clusters Certain Kubernetes objects to deploy on all or certain set of clusters Clusters can be the same subscription or different subscription or even in different region but should be under the same tenant Upgrade group: Updates are applied in parallel Make sure member cluster should be in the running state before joining them to Fleet There are two fleet options available, with Hub and without the Hub Supports private clusters CRP is a cluster-scoped resource HOW? Run the below commands with Azure CLI Step 1: Add the fleet extension az extension add -n fleet Step 2: Create a fleet manager az fleet create --resource-group <name of the resource group> --name <name of the fleet> --location <region> --enable-hub --enable-private-cluster --enable-managed-identity --agent-subnet-id <subent ID> --vm-size <vm size> Step 3: An AKS cluster with 1 node gets created. Get into this Hub cluster az fleet get-credentials --resource-group <name of the resource group> --name <name of the fleet> Step 4: Add and view member clusters az fleet member create --resource-group <name of the resource group> --fleet-name <name of the fleet> --name <name of the membercluster> --member-cluster-id <resource ID of the member cluster> az fleet member list --resource-group <name of the resource group> --fleet-name <name of the fleet> -o table Sample CRP deployment kubectl label membercluster <name of the member cluster> <name of the label>=<value of the label> --overwrite apiVersion: placement.kubernetes-fleet.io/v1beta1 kind: ClusterResourcePlacement metadata: name: crp-asd-prod spec: policy: placementType: PickAll affinity: clusterAffinity: requiredDuringSchedulingIgnoredDuringExecution: clusterSelectorTerms: - labelSelector: matchLabels: crp: prod resourceSelectors: - group: "" kind: Namespace name: dev version: v1 - group: "" kind: Namespace name: qa version: v1 Utilization Best Practices Plan to integrate with your DevOps platform to manage the dynamic nature of workloads. The integration is extremely helpful and easy to adopt for the dev teams, as deployments were synced across other clusters. The service is a viable candidate for multi-cluster management, disaster recovery and migration strategy. Happy Learning 🙂 Reference link: fleet/docs at main · Azure/fleet · GitHub
Persistent volume with Azure Files on AKS
Based on our document, when we need to statically create persistent volume with Azure Files integration, we need to create Kubernetes Secret to store storage account name and access key. And assign the secret into PV yaml file. https://learn.microsoft.com/en-us/azure/aks/azure-csi-files-storage-provision#create-a-kubernetes-secret However, this mechanism will allow other people that has read permission of AKS cluster to easily read the Kubernetes secret and get the storage account key. Our customer has concern about this and want to know if there was other mechanism that can prevent this risk (for example , need to fetch account key from key vault first , not directly put storage account key into Kubernetes secret)Self Hosted AI Application on AKS in a day with KAITO and CoPilot.
In this blog post I document my experience of spending a full day using KAITO and Copilot to accelerate deployment and development of a self managed AI enabled chatbot deployed in a managed cluster. The goal is to showcase how quickly using a mix of AI tooling we can go from zero to a self hosted, tuned LLM and chatbot application. At the top of this article I want to share my perspective on the future of projects such as KAITO. At the moment I believe KAITO to be somewhat ahead of its time, as most enterprises begin adopting abstracted artificial intelligence it is brilliant to see projects like KAITO being developed ready for the eventual abstraction pendulum to swing back, motivated by usual factors such as increased skills in the market, cost and governance. Enterprises will undoubtedly in the future look to take centralised control of the AI models being used by their enterprises as GPU's become cheaper, more readily available and powerful. When this shift happens open source projects like KAITO will become common place in enterprises. It is also my opinion that Kubernetes lends itself perfectly to be the AI platform of the future a position shared by the CNCF (albeit both sources here may be somewhat biased). The resiliency, scaling and existence of Kuberentes primitives such as "Jobs" mean that Kubernetes is already the de-facto platform for machine learning training and inference. These same reasons also make Kuberentes the best underlying platform for AI development. Companies including DHL, Wayve and even OpenAI all run ML or AI workloads already on Kubernetes. That does not mean that Data Scientists and engineers will suddenly be creating Dockerfiles or exploring admission controllers, Kubernetes instead, as a platform will be multiple layers of abstraction away (Full scale self service platform engineering) however the engineers responsible for running and operating the platform will hail projects like KAITO.Seamless Metric Export: Simplifying AKS Platform Metrics Routing to Any Destination
Platform metrics in Azure Platform or resource metrics are telemetry data automatically collected by Azure Monitor for resources running within the Azure environment. These metrics include performance indicators such as CPU usage, memory consumption, network traffic, and disk I/O, which are critical for resource monitoring and performance tuning. For Azure Kubernetes Service (AKS), platform metrics provide insights into both the Kubernetes cluster and its underlying infrastructure. Examples include: Node metrics: CPU utilization, memory usage Pod metrics: Pod status Control plane metrics: API server inflight requests These metrics enable administrators and developers to monitor, troubleshoot, and optimize their applications effectively. The list of platform metrics for AKS is available here. This blog explores how to export and utilize platform metrics from AKS to other destinations like Log Analytics, Event Hub and Storage Accounts, with a step-by-step example. Exporting AKS Platform metrics Azure Monitor Metrics Export is configurable through Data Collection Rules (DCR), which provides the capability to route Azure resource metrics data to Azure Storage Accounts, Azure Event Hubs and Azure Log Analytics Workspace for 18 resource types and 10 Azure public regions, which includes AKS. Metrics Export feature provides a more scalable, flexible and reliable way to export platform metrics, in comparison to Azure Monitor Diagnostic Settings. Exporting platform metrics enables users to co-locate their metrics in a single store so that they can use a wide variety of monitoring and dashboarding tools. Additionally, since platform metrics are retained in Azure Monitor only for 93 days, exporting these metrics are crucial while making long term business critical decisions. Metrics Export also enables users to export these metrics in near-real time, with full fidelity and at scale. Using Metrics Export, platform metrics can be sent to the following destinations: Log Analytics Workspaces Metrics are stored in the AzureMetricsV2 table. The workspace and DCR must reside in the same region, but the monitored resources can be in any region. Azure Event Hubs Enables integration with external systems for real-time analytics. The Event Hub, DCR, and monitored resources must be in the same region. Azure Storage Accounts Suitable for long-term storage. Similar regional constraints apply. Example: Exporting AKS platform metrics (CLI and Portal) Step 1: Create an AKS Cluster First, create a new AKS cluster using the Azure CLI / UX. You can skip this step if you have an existing AKS cluster CLI az aks create --resource-group myResourceGroup --name myAKSCluster --node-count 2 Portal 1. Search for AKS on the Azure Portal Marketplace 2. Start creating AKS Cluster using the creation wizard. You can choose the defaults Save the resource ID of the AKS cluster for further steps. You can find the resource ID in the Properties tab under Settings in Portal or use the following command az aks show --resource-group $myResourceGroup --name $aksClusterName --query id --output tsv Step 2: Configure Data Collection Rules (DCR) in Azure Monitor Create a DCR to specify the metrics to collect and the destination. We will look at examples of sending metrics to both Log Analytics and Event Hubs as destination. CLI - Log Analytics as destination 1. Creating a DCR with Log Analytics as a destination. In this example, we are exporting two metrics all metrics. If you are interested in specific metrics, you can specify them in the streams field by following the documentation here First, we need to create a rule file (named rule-file.json) with the details for the destination and the source. Make sure you to create a Log analytics workspace and have the workspace ID handy for this step. The log Analytics workspace can be located in a different region from the cluster or the DCR { "identity": { "type": "systemAssigned" }, "kind": "PlatformTelemetry", "location": "westus2", "properties": { "dataSources": { "platformTelemetry": [ { "streams": [ "Microsoft.ContainerService/managedClusters:Metrics-Group-All" ], "name": "myPlatformTelemetryDatasource" } ] }, "destinations": { "logAnalytics": [ { "workspaceResourceId": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourcegroups/rg-001/providers/microsoft.operationalinsights/workspaces/laworkspace001", "name": "ladestination" } ] }, "dataFlows": [ { "streams": [ "Microsoft.ContainerService/managedClusters:Metrics-Group-All" ], "destinations": [ "ladestination" ] } ] } } az monitor data-collection rule create --name AKSMetricsToLogAnalytics --location myRegion -g myResourceGroup --rule-file rule.json Save the resource ID of the DCR for the next step az monitor data-collection rule show --name aksMetricstoLogAnalytics -g test-rg --query id --output tsv 2. Linking DCR to the AKS resource using DCRA (Data Collection Rules Association) az monitor data-collection rule association create --resource-group myResourceGroup -n logAnalyticsDCRAssociation --rule-id "<DCR resourceid>" --resource "<AKS cluster ID>" Replace the rule ID with the resource ID of the DCR and AKS cluster ID with the resource ID of the AKS cluster CLI - Event Hubs as destination 1. Create an Event Hub in your desired namespace: az eventhubs namespace create \ --name myEventHubNamespace \ --resource-group myResourceGroup az eventhubs eventhub create --name $eventhubName --resource-group $rgName --namespace-name $namespaceName Save the resource ID of the event hub created for the next step. You can find it through CLI using the following command az eventhubs eventhub show --name $eventHubName --namespace-name $namespaceName --resource-group $resourceGroup --query id --output tsv 2. Creating a DCR with Event Hub as the destination: We first create the rule file with the details of the destination. Replace the eventHubResourceID with the ID of the Event hub created in Step 1. { "identity": { "type": "systemAssigned" }, "kind": "PlatformTelemetry", "location": "westus2", "properties": { "dataSources": { "platformTelemetry": [ { "streams": [ "Microsoft.ContainerService/managedClusters:Metrics-Group-All" ], "name": "myPlatformTelemetryDatasource" } ] }, "destinations": { "eventHubs": [ { "eventHubResourceId": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/rg-001/providers/Microsoft.EventHub/namespaces/event-hub-001/eventhubs/hub-001", "name": "myHub" } ] }, "dataFlows": [ { "streams": [ "Microsoft.ContainerService/managedClusters:Metrics-Group-All" ], "destinations": [ "myHub" ] } ] } } We create the DCR based on the rule file above az monitor data-collection rule create --name AKSMetricsToEventHub --location myRegion -g myResourceGroup --rule-file rule.json Save the resource ID of the event hub created for the next step. You can find it through CLI using the following command az eventhubs eventhub show --name $eventHubName --namespace-name $namespaceName --resource-group $resourceGroup --query id --output tsv 3. Linking DCR to the AKS resource using DCRA az monitor data-collection rule association create --resource-group myResourceGroup -n eventHubDCRAssociation --rule-id "<DCR resourceid>" --resource "<AKS cluster ID>" Once the data is routed to Event Hub, you can then integrate to external tools such as Splunk Portal- Log Analytics as destination In the DCR Creation Wizard, click the information wizard that specifies creating DCRs for Platform metrics Specify the properties for DCR as shown below (you can ignore the managed identity configuration option as it is not required for Log Analytics as a destination) Select the AKS resource(s) to export platform metrics. Note that you can select multiple resources across subscriptions here (without any region restrictions for Log Analytics as a destination) In the next "Collect and Deliver" step, click on "Add new dataflow" button. In the side panel, you will see that the "Data source type" and "Resource types" are already populated to Platform metrics and Kubernetes service. If you wish to add more resource types in the same DCR, make sure to either add those resources in the step 3 above - or you can opt not to include any resources in the step 3 above and include resources after DCR creation (which will be described in the steps later). Click "Next: Destinations" in the side panel to add a destination Log Analytics workspace. Select the "Azure Monitor Logs" destination type, and it can be in any accessible subscription, as long as the Log Analytics region is same as the DCR region. Click on "Save" in the side panel to add this workflow. You can optionally add tags, and then click on "Review+Create" to create you DCR and start platform metrics export. In the DCR, you can always associate more resource types and resources to a single DCR. Please note that there is only one destination allowed per DCR for platform metrics export Portal- Event Hubs as destination In the DCR creation wizard, make sure to select the "Enabled Managed Identity" checkbox. You can choose either System Assigned or User Assigned to enable export to Event Hub. Add the resources as described in the Log Analytics destination export section above. Please note that the resource(s) must be in the same region as the DCR for Event Hubs export. In the "Collect and Deliver" tab, in the Destinations tab of "Add new dataflow", make sure to select the appropriate Event Hub You can optionally add tags, and then click on "Review+Create" to create you DCR and start platform metrics export. In the DCR, you can always associate more resource types and resources to a single DCR. Please note that there is only one destination allowed per DCR for platform metrics export Step 3: Verify the Export For Log Analytics, navigate to the AzureMetricsV2 table in your workspace to view the exported metrics. For Event Hub, set up a consumer application or use Azure Stream Analytics to verify incoming metrics. Summary Platform metrics are a powerful feature for monitoring AKS clusters and their workloads. By leveraging Azure Monitor’s Data Collection Rules, you can seamlessly export metrics to destinations like Log Analytics, Event Hub, and Storage Accounts enabling advanced analysis and integration. Start using these tools today to gain deeper insights into your AKS clusters!Deploy Smarter, Scale Faster – Secure, AI-Ready, Cost-Effective Kubernetes Apps at Your Fingertips!
In our previous blog post, we explored the exciting launch of Kubernetes Apps on Azure Marketplace. This follow-up blog will take you a step further by demonstrating how to programmatically deploy Kubernetes Apps using tools like Terraform, Azure CLI, and ARM templates. As organizations scale their Kubernetes environments, the demand for secure, intelligent, and cost-effective deployments has never been higher. By programmatically deploying Kubernetes Apps through Azure Marketplace, organizations can harness powerful security frameworks, cost-efficient deployment options, and AI solutions to elevate their Azure Kubernetes Service (AKS) and Azure Arc-enabled clusters. This automated approach significantly reduces operational overhead, accelerates time-to-market, and allows teams to dedicate more time to innovation. Whether you're aiming to strengthen security, streamline application lifecycle management, or optimize AI and machine learning workloads, Kubernetes Apps on Azure Marketplace provide a robust, flexible, and scalable solution designed to meet modern business needs. Let’s explore how you can leverage these tools to unlock the full potential of your Kubernetes deployments. Secure Deployment You Can Trust Certified and Secure from the Start – Every Kubernetes app on Azure Marketplace undergoes a rigorous certification process and vulnerability scans before becoming available. Solution providers must resolve any detected security issues, ensuring the app is safe from the outset. Continuous Threat Monitoring – After publication, apps are regularly scanned for vulnerabilities. This ongoing monitoring helps to maintain the integrity of your deployments by identifying and addressing potential threats over time. Enhanced Security with RBAC – Eliminates the need for direct cluster access, reducing attack surfaces by managing permissions and deployments through Azure Role-Based Access Control (RBAC). Lowering Cost of your Applications If your organization has Azure Consumption Commitment (MACC) agreements with Microsoft, you can unlock significant cost savings when deploying your applications. Kubernetes Apps available on the Azure Marketplace are MACC eligible and you can gain the following benefits: Significant Cost Savings and Predictable Expenses – Reduce overall cloud costs with discounts and credits for committed usage, while ensuring stable, predictable expenses to enhance financial planning. Flexible and Comprehensive Commitment Usage – Allocate your commitment across various Marketplace solutions that maximizes flexibility and value for evolving business needs. Simplified Procurement and Budgeting – Benefit from unified billing and streamlined procurement to driving efficiency and performance. AI-Optimized Apps High-Performance Compute and Scalability - Deploy AI-ready apps on Kubernetes clusters with dynamic scaling and GPU acceleration. Optimize performance and resource utilization for intensive AI/ML workloads. Accelerated Time-to-Value - Pre-configured solutions reduce setup time, accelerating progress from proof-of-concept to production, while one-click deployments and automated updates keep AI environments up-to-date effortlessly. Hybrid and Multi-Cloud Flexibility - Deploy AI workloads seamlessly on AKS or Azure Arc-enabled Kubernetes clusters, ensuring consistent performance across on-premises, multi-cloud, or edge environments, while maintaining portability and robust security. Lifecycle Management of Kubernetes Apps Automated Updates and Patching – The auto-upgrade feature keeps your Kubernetes applications up-to-date with the latest features and security patches, seamlessly applied during scheduled maintenance windows to ensure uninterrupted operations. Our system guarantees automated consistency and reliability by continuously reconciling the cluster state with the desired declarative configuration and maintaining stability by automatically rolling back unauthorized changes. CI/CD Automation with ARM Integration – Leverage ARM-based APIs and templates to automate deployment and configuration, simplifying application management and boosting operational efficiency. This approach enables seamless integration with Azure policies, monitoring, and governance tools, ensuring streamlined and consistent operations. Flexible Billing Options for Kubernetes Apps We support a variety of billing models to suit your needs: Private Offers for Upfront Billing - Lock in pricing with upfront payments to gain better control and predictability over your expenditures. Multiple Billing Models - Choose from flexible billing options to suit your needs, including usage-based billing, where you pay per core, per node, or other usage metrics, allowing you to scale as required. Opt for flat-rate pricing for predictable monthly or annual costs, ensuring financial stability and peace of mind. Programmatic Deployments of Apps There are several ways of deploying Kubernetes app as follows: - Programmatically deploy using Terraform: Utilize the power of Terraform to automate and manage your Kubernetes applications. - Deploy programmatically with Azure CLI: Leverage the Azure CLI for straightforward, command-line based deployments. - Use ARM templates for programmatic deployment: Define and deploy your Kubernetes applications efficiently with ARM templates. - Deploy via AKS in the Azure portal: Take advantage of the user-friendly Azure portal for a seamless deployment experience. We hope this guide has been helpful and has simplified the process of deploying Kubernetes. Stay tuned for more tips and tricks, and happy deploying! Additional Links: Get started with Kubernetes Apps: https://aka.ms/deployK8sApp. Find other Kubernetes Apps listed on Azure Marketplace: https://aka.ms/KubernetesAppsInMarketplace For Customer support, please visit: https://learn.microsoft.com/en-us/azure/aks/aks-support-help#create-an-azure-support-request Partner with us: If you are an ISV or Azure partner interested in listing your Kubernetes App, please visit: http://aka.ms/K8sAppsGettingStarted Learn more about Partner Benefits: https://learn.microsoft.com/en-us/partner-center/marketplace/overview#why-sell-with-microsoft For Partner Support, please visit: https://partner.microsoft.com/support/?stage=1Unlock New AI and Cloud Potential with .NET 9 & Azure: Faster, Smarter, and Built for the Future
.NET 9, now available to developers, marks a significant milestone in the evolution of the .NET platform, pushing the boundaries of performance, cloud-native development, and AI integration. This release, shaped by contributions from over 9,000 community members worldwide, introduces thousands of improvements that set the stage for the future of application development. With seamless integration with Azure and a focus on cloud-native development and AI capabilities, .NET 9 empowers developers to build scalable, intelligent applications with unprecedented ease. Expanding Azure PaaS Support for .NET 9 With the release of .NET 9, a comprehensive range of Azure Platform as a Service (PaaS) offerings now fully support the platform’s new capabilities, including the latest .NET SDK for any Azure developer. This extensive support allows developers to build, deploy, and scale .NET 9 applications with optimal performance and adaptability on Azure. Additionally, developers can access a wealth of architecture references and sample solutions to guide them in creating high-performance .NET 9 applications on Azure’s powerful cloud services: Azure App Service: Run, manage, and scale .NET 9 web applications efficiently. Check out this blog to learn more about what's new in Azure App Service. Azure Functions: Leverage serverless computing to build event-driven .NET 9 applications with improved runtime capabilities. Azure Container Apps: Deploy microservices and containerized .NET 9 workloads with integrated observability. Azure Kubernetes Service (AKS): Run .NET 9 applications in a managed Kubernetes environment with expanded ARM64 support. Azure AI Services and Azure OpenAI Services: Integrate advanced AI and OpenAI capabilities directly into your .NET 9 applications. Azure API Management, Azure Logic Apps, Azure Cognitive Services, and Azure SignalR Service: Ensure seamless integration and scaling for .NET 9 solutions. These services provide developers with a robust platform to build high-performance, scalable, and cloud-native applications while leveraging Azure’s optimized environment for .NET. Streamlined Cloud-Native Development with .NET Aspire .NET Aspire is a game-changer for cloud-native applications, enabling developers to build distributed, production-ready solutions efficiently. Available in preview with .NET 9, Aspire streamlines app development, with cloud efficiency and observability at its core. The latest updates in Aspire include secure defaults, Azure Functions support, and enhanced container management. Key capabilities include: Optimized Azure Integrations: Aspire works seamlessly with Azure, enabling fast deployments, automated scaling, and consistent management of cloud-native applications. Easier Deployments to Azure Container Apps: Designed for containerized environments, .NET Aspire integrates with Azure Container Apps (ACA) to simplify the deployment process. Using the Azure Developer CLI (azd), developers can quickly provision and deploy .NET Aspire projects to ACA, with built-in support for Redis caching, application logging, and scalability. Built-In Observability: A real-time dashboard provides insights into logs, distributed traces, and metrics, enabling local and production monitoring with Azure Monitor. With these capabilities, .NET Aspire allows developers to deploy microservices and containerized applications effortlessly on ACA, streamlining the path from development to production in a fully managed, serverless environment. Integrating AI into .NET: A Seamless Experience In our ongoing effort to empower developers, we’ve made integrating AI into .NET applications simpler than ever. Our strategic partnerships, including collaborations with OpenAI, LlamaIndex, and Qdrant, have enriched the AI ecosystem and strengthened .NET’s capabilities. This year alone, usage of Azure OpenAI services has surged to nearly a billion API calls per month, illustrating the growing impact of AI-powered .NET applications. Real-World AI Solutions with .NET: .NET has been pivotal in driving AI innovations. From internal teams like Microsoft Copilot creating AI experiences with .NET Aspire to tools like GitHub Copilot, developed with .NET to enhance productivity in Visual Studio and VS Code, the platform showcases AI at its best. KPMG Clara is a prime example, developed to enhance audit quality and efficiency for 95,000 auditors worldwide. By leveraging .NET and scaling securely on Azure, KPMG implemented robust AI features aligned with strict industry standards, underscoring .NET and Azure as the backbone for high-performing, scalable AI solutions. Performance Enhancements in .NET 9: Raising the Bar for Azure Workloads .NET 9 introduces substantial performance upgrades with over 7,500 merged pull requests focused on speed and efficiency, ensuring .NET 9 applications run optimally on Azure. These improvements contribute to reduced cloud costs and provide a high-performance experience across Windows, Linux, and macOS. To see how significant these performance gains can be for cloud services, take a look at what past .NET upgrades achieved for Microsoft’s high-scale internal services: Bing achieved a major reduction in startup times, enhanced efficiency, and decreased latency across its high-performance search workflows. Microsoft Teams improved efficiency by 50%, reduced latency by 30–45%, and achieved up to 100% gains in CPU utilization for key services, resulting in faster user interactions. Microsoft Copilot and other AI-powered applications benefited from optimized runtime performance, enabling scalable, high-quality experiences for users. Upgrading to the latest .NET version offers similar benefits for cloud apps, optimizing both performance and cost-efficiency. For more information on updating your applications, check out the .NET Upgrade Assistant. For additional details on ASP.NET Core, .NET MAUI, NuGet, and more enhancements across the .NET platform, check out the full Announcing .NET 9 blog post. Conclusion: Your Path to the Future with .NET 9 and Azure .NET 9 isn’t just an upgrade—it’s a leap forward, combining cutting-edge AI integration, cloud-native development, and unparalleled performance. Paired with Azure’s scalability, these advancements provide a trusted, high-performance foundation for modern applications. Get started by downloading .NET 9 and exploring its features. Leverage .NET Aspire for streamlined cloud-native development, deploy scalable apps with Azure, and embrace new productivity enhancements to build for the future. For additional insights on ASP.NET, .NET MAUI, NuGet, and more, check out the full Announcing .NET 9 blog post. Explore the future of cloud-native and AI development with .NET 9 and Azure—your toolkit for creating the next generation of intelligent applications.
