AKS monitoring logging is not enabled

ID

azure_aks_monitoring_logging

Severity

low

Vendor

Azure

Resource

Logging

Tags

non-reachable

Description

AKS monitoring logging is not enabled. Logging provides valuable information about access and usage.

To fix it, you must populate the addon.monitoring.enabled=True property.

Learn more about this topic at Azure Kubernetes Service addon monitoring

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create an AKS instance With A System Node Pool & A User Node Pool
      azure_rm_aks:
        name: myAKS
        resource_group: myResourceGroup
        location: eastus
        dns_prefix: akstest
        kubernetes_version: 1.14.6
        linux_profile:
          admin_username: azureuser
          ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA...
        service_principal:
          client_id: "cf72ca99-f6b9-4004-b0e0-bee10c521948"
          client_secret: "Password1234!"
        agent_pool_profiles:
          - name: default
            count: 1
            vm_size: Standard_B2s
            enable_auto_scaling: True
            type: VirtualMachineScaleSets
            mode: System
            max_count: 3
            min_count: 1
            enable_rbac: yes
          - name: user
            count: 1
            vm_size: Standard_D2_v2
            enable_auto_scaling: True
            type: VirtualMachineScaleSets
            mode: User
            max_count: 3
            min_count: 1
            enable_rbac: yes

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create an AKS instance With A System Node Pool & A User Node Pool
      azure_rm_aks:
        name: myAKS
        resource_group: myResourceGroup
        location: eastus
        dns_prefix: akstest
        kubernetes_version: 1.14.6
        addon:
          monitoring:
            enabled: True
            log_analytics_workspace_resource_id: logResourceId
        linux_profile:
          admin_username: azureuser
          ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAA...
        service_principal:
          client_id: "cf72ca99-f6b9-4004-b0e0-bee10c521948"
          client_secret: "Password1234!"
        agent_pool_profiles:
          - name: default
            count: 1
            vm_size: Standard_B2s
            enable_auto_scaling: True
            type: VirtualMachineScaleSets
            mode: System
            max_count: 3
            min_count: 1
            enable_rbac: yes
          - name: user
            count: 1
            vm_size: Standard_D2_v2
            enable_auto_scaling: True
            type: VirtualMachineScaleSets
            mode: User
            max_count: 3
            min_count: 1
            enable_rbac: yes