Monitoring and instrumenting Microsoft® Azure with Instana agent
After you install the Instana host agent, the Microsoft® Azure sensor is automatically installed. You can view metrics that are related to Microsoft® Azure in the Instana UI after you configure Microsoft® Azure sensor as outlined in the configuration section.
To remotely monitor Azure in a Kubernetes or Red Hat OpenShift cluster, do not install the Instana host agent on each node of the cluster. Install the host agent on a dedicated host machine.
- Monitored services
- Instrumented services
- Supported information
- Installing the Instana agent
- Configuration
Monitored services
The Instana host agent monitor services that are managed by Azure by collecting data from Azure APIs.
Instrumented services
You can instrument the following services:
Supported information
Supported operating systems
The supported operating systems of the Microsoft® Azure sensor are consistent with host agents requirements. For more information, see the supported operating systems for each Instana host agent.
Installing the Instana agent
To monitor an Azure virtual machine or a Kubernetes cluster that runs on Azure Kubernetes Service, see Installing the Instana host agents.
// Assisted by WCA@IBM // Latest GenAI contribution: ibm/granite-20b-code-instruct-v2-->
Depending on the number of monitored entities in your cloud environment, you must increase the memory available to your host agent. Increase the agent memory by setting the environment variable AGENT_MAX_MEM
to a value greater
than the default value 512 MB.
For example, to allocate 1 GB of memory to the agent, set AGENT_MAX_MEM=1024mb
.
Install the Instana host agent on a host inside or outside your Azure environment. Each host agent can monitor remote services within a single subscription. To monitor multiple Azure subscriptions, you must deploy multiple host agents.
Installing an Instana agent outside your Azure environment
If you install the Instana agent outside your Azure environment, the agent uses the Azure public cloud endpoint by default.
To specify the Azure cloud endpoint that you want to use, modify the /opt/instana/agent/etc/instana/configuration.yaml
agent configuration file as follows:
com.instana.plugin.azure:
cloud: 'AzurePublicCloud'
Depending on the Azure cloud endpoint you want to use, you can select from these cloud configuration values: AzurePublicCloud
, AzureChinaCloud
, AzureUSGovernmentCloud
, and AzureGermanCloud
.
For more information on Azure cloud endpoints, see Azure Cloud Endpoints.
Service principal
To enable Azure monitoring, configure the host agent with a service principal that has at least reader permissions. The following steps describe how to create a service principal account with read-access to your resources in Azure portal.
-
Create a service principal by registering an application in Azure portal:
-
Open the Azure management Portal and select Microsoft Entra ID.
-
Copy the Tenant ID value, as you need it to configure the agent to connect to your Azure account.
-
Select App registrations in the navigation pane.
-
Create a new app by selecting New registration at the top of the App registrations tab.
-
Type the name of your App, leave all other settings with their default values, and select Register.
-
Copy the Application (client) ID value, as you need it to configure the Service Principal ID that the agent uses to connect to the Azure account.
-
Select the newly created app, then choose Certificates & secrets > New client secret in the navigation pane to create a new security key.
-
Copy the Value of the new Key and save it, as you need it to configure the Service Principal Secret that the agent uses to connect to your Azure account.
You can view client secret values only immediately after creation. Be sure to save the secret key when you create it, and before you leave the page.
-
-
To grant reader permission to your service principal:
-
In Azure portal, select All services > General > Subscriptions.
-
On the subscriptions page, select your subscription, and then select Access control (IAM).
-
Select Add role assignment and choose Reader. Click Next.
-
In the Members section, enter the following data:
- For Assign access to, select
user
,group
, orservice principal
. - For Members, click Select members and then select your service principal from the list on the left.
- For Assign access to, select
-
Click Next, and then select Review + assign.
-
-
Enable the Azure sensor in the agent
configuration.yaml
file. A minimal sensor configuration looks like as follows:com.instana.plugin.azure: enabled: true subscription: "Your-Subscription-Id" tenant: "Your-Tenant-Id" principals: - id: "Your-Service-Principal-Account-Id" secret: "Your-Service-Principal-Secret"
Restart the host agent to apply the new configuration. After restarting, the agent can automatically discover supported remote services on the specified subscription.
Configuration
Proxy configuration
To configure the Instana host agent to use a proxy, add the following settings to the agent configuration:
com.instana.plugin.azure:
proxy_host: 'example.com' # proxy host name or ip address
proxy_port: 3128 # proxy port
proxy_username: 'username' # OPTIONAL: proxy username
proxy_password: 'password' # OPTIONAL: proxy password
Define both the proxy_host
and proxy_port
fields to enable the agent to route traffic through a proxy server.
After configuring the proxy, restart the Instana agent for the changes to take place.
Filtering and tagging
The Instana host agent supports filtering of Azure services. The filtering of services and their instances is based on tags and resource groups.
For more information on how to apply tags to Azure resources, see Use tags to organize your Azure resources and management hierarchy.
For more information about defining resource groups in Azure, see What is Azure Resource Manager?.
Apply filtering by modifying the Instana host agent configuration file /opt/instana/agent/etc/instana/configuration.yaml
as follows:
com.instana.plugin.azure:
# Comma separated list of tags in key:value format
include_tags:
# Comma separated list of tags in key:value format
exclude_tags:
# Comma separated list of resource groups
include_resource_groups:
# Comma separated list of resource groups
exclude_resource_groups:
You can also apply filtering at the level of specific services. For more information, see the Monitored Services section for details on specific services.
Multiple service principals
Azure Monitoring API comes with a limitation of 12000
requests per service principal, which limits the number of services one host agent can monitor. To overcome this limitation, you can create multiple service principals. For
information on how to create service principles, see Use Azure PowerShell to create a service principal with a certificate.
After creating the service principals, update the /opt/instana/agent/etc/instana/configuration.yaml
file on the Instana host agent as follows:
com.instana.plugin.azure:
enabled: true
subscription: "Your-Subscription-Id"
tenant: "Your-Tenant-Id"
principals:
- id: "Your-Service-Principal-Account-Id-1"
secret: "Your-Base64-encoded-Service-Principal-Secret-1"
- id: "Your-Service-Principal-Account-Id-2"
secret: "Your-Base64-encoded-Service-Principal-Secret-2"
The host agent hot reloads changes to these principal configurations, meaning that they take effect without needing to restart the host agent.
Filtering API per API Management service
When you have too many APIs under one API Management service, it can be challenging to collect and analyze the data effectively. To focus on important APIs, configure an option to filter APIs by name, either inclusively or exclusively, by defining a regular expression as shown in the following example YAML file:
com.instana.plugin.azure.apimanagement:
monitorApiList:
- serviceName: 'robotShopApiGateway'
#inclusiveApiRegex: '^(API name 1|API name 2)$'
exclusiveApiRegex: '^(API name 1|API name 2)$'
As shown in the preceding example, you can use complex regex expressions with or
and and
logic. If you define both inclusiveApiRegex
and exclusiveApiRegex
, the host agent prioritizes exclusiveApiRegex
.