Azure Monitor for container provides a real time view in to Azure Kubernetes Service (AKS) resources. It view real time stdout/stderr without using kubectl command line tool.
We can configure logs for three different methods of control access
- AKS without Kubernetes RBAC authorization enabled
- AKS enabled with Kubernetes RBAC authorization
- AKS enabled with Azure Active Directory (AD) SAML based single-sign on
If AKS cluster has RBAC enabled first we need to create ClusterRole & ClusterRoleBinding to allow access to pod logs.
Following YAML can be used to allow RBAC to access the cluster pod logs
In above YAML first we create ClusterRole with rules it specify what API actions can be perform against Kubernetes resources. In above ClusterRole under apiGroups we specify “”, which means it indicate core API group. Under resources we specify which resource in above we give pods/log resource. In verbs we specify what action can perform, in above we use get
In next YAML we bind the ClusterRole to ClusterRoleBinding. Under roleRef we refer the ClusterRole we created previously.
View Live Logs
To view the live logs we can fallow below steps.
- Sign in to Azure Portal
- Search for Monitor
- In Azure monitor, select a container from the list under the Monitored containers view
- Select the Containers view and on the properties panel for a selected container, the link View container live logs is listed
Then it opens a new panel below showing live logs as below.
For more details follow link below
Understand AKS cluster performance with Azure Monitor for containers