#azure (2021-04)
Archive: https://archive.sweetops.com/azure/
2021-04-01
2021-04-26
Has anybody gone the “official” MS way with CAF and this terraform module?
If not - how are you going about the “admin repo ring” vs the “application repo rings” (subscription management, preparing tf state backends?) in your case?
I have a feeling that CAF in general and / or the the terraform module implementing it might be “overengineering” even for bigger orgs.
Any thoughts?
sorry but your question is not very clear, does your question is about single repos vs multiple repos to manage azure resources and terraform state ?
Hi there - not really - it’s more about CAF
and if anyone is following Microsoft’s best practices there.
Especially as there are terraform modules for it.
Essentially I’m just curious if anyone is using these modules and how it went so far.
I just discovered them when you posted them ! it’s a great source of inspiration ;)
not sure how to use it as it is by example the service_health_alerts use a provider azurecaf
terraform {
required_providers {
azurecaf = {
source = "aztfmod/azurecaf"
}
}
}
and then has dedicated resource resource “azurecaf_name” “ag1_name” {} https://github.com/aztfmod/terraform-azurerm-caf/blob/master/modules/monitoring/service_health_alerts/main.tf
I have found azure_caf on the terraform registry and it has 129k download … https://registry.terraform.io/providers/aztfmod/azurecaf/latest
2021-04-27
2021-04-28
Hello, did one of you use https://promitor.io/ ? it’s a gateway to send azure monitor metrics to prometheus ..
Yep
Just implemented a Proof of Concept with it.
nice !! , what was your though about it ?
I want to monitor my azure loadbalancer, vault etc with it
I was troublesome to get it working, documentation seems out of date and is inconsistent. I’m using the discovery agent as well.
But now it’s working I’m happy with it.
I’m monitoring AKS, API management and AKS Load Balancer with it
it discover Azure monitor probes ? or resources ? how does it get the prometheus port
i use prometheus azure_sd to discover resource to monitor based on tag with by example:
• node_exporter=true
• windows_exporter=true
• haproxy_exporter =true
ha I see promitor resource discovery is only for Kub !
The RD discovers Azure resources based on filters, eg:
- name: aks_vmss
type: VirtualMachineScaleSet
criteria:
include:
regions:
- westeurope
- name: apimanagement
type: ApiManagement
criteria:
include:
regions:
- westeurope
- northeurope
ok I see
And then you configure Promitor to query that RD group, eg:
- name: aks_vmss_cpuload
description: "Percentage CPU"
resourceType: VirtualMachineScaleSet
azureMetricConfiguration:
metricName: "Percentage CPU"
aggregation:
type: Average
resourceDiscoveryGroups:
- name: aks_vmss
understood
Some things I don’t like:
• By default the pods run as root (need to fix that before it is promoted beyond a poc)
• You need to explicitly specify which metric you want to scrape, it doesn’t discover all metrics available
• Log settings seem to be buggy
• Error / warnings are not descriptive
well first I will use the “Promitor Scraper” but not the discovery
Good luck! Let me know if you get stuck