Microsoft Azure

The Azure Agent collects data from Azure APIs to monitor services managed by Azure, for which there is not possible to install a host agent or any other type of agent.

Monitored Services

Installation

Note: This documentation covers installing the Azure Agent, which allows you to collect data from Azure APIs to monitor services managed by Azure. If you want to monitor an Azure Virtual Machine or a Kubernetes cluster running on Azure Kubernetes Service (AKS), refer to the Install the Instana Host Agent documentation.

The Azure Agent on must be installed on a host inside or outside your Azure environment. Each Azure agent can monitor remote services of one subscription, so you will need multiple Azure agents to monitor multiple Azure subscriptions.

  1. Create a service-principal account with read-access to your resources in Azure Portal
  2. Set environment-variables on the monitoring box to enable the sensors.

The environment-variables you need to set are as follows:

INSTANA_AZURE_SUBSCRIPTION = [Your-Subscription-Id]
INSTANA_AZURE_TENANT_ID = [Your-Tenant-Id]
INSTANA_AZURE_SPID = [Your-Service-Principal-Account-Id]
INSTANA_AZURE_SPSECRET = [Your-Base64-encoded-Service-Principal-Secret]

Once you set these environment-variables and start the agent, it will automatically start discovery for the supported remote-services on the specified subscription.

Configuration

Filtering and Tagging

The Azure Agent supports filtering which instances of Azure services should be monitored. The filtering of services and their instances is based on tags and resource groups; refer to the Use tags to organize your Azure resources and management hierarchy documentation for more information on how to apply tags to Azure resources and to the What is Azure Resource Manager? documentation for defining resource groups in Azure. The filtering is applied by modifying the agent configuration file /opt/instana/agent/etc/instana/configuration.yaml of the Azure Agent as follows:

com.instana.plugin.azure:
  # Comma separated list of tags in key:value format
  include_tags:
  # Comma separated list of tags in key:value format
  exclude_tags:
  # Comma separated list of resource groups
  include_resource_groups:
  # Comma separated list of resource groups
  exclude_resource_groups:

Filtering can also be applied at the level of the specific service; for more information, refer to the documentation of the specific services, which is linked from the Monitored Services section.

Multiple Service Principals

Azure Monitoring API comes with a limitation of 12000 request per Service principal, which limits the number of services one Azure Agent can monitor. To overcome this limitation, you can create multiple service principals. For information on how to create service principles, refer to the How to: Use Azure PowerShell to create a service principal with a certificate documentation.

Once the service principals have been created, we prive two mechanisms to configure them in the Azure Agent: using the configuration.yaml file or via the INSTANA_AZURE_CONFIG environment variable.

Note: Configuring multiple service principals via the YAML-based method overrides the same settings provided with the JSON-based method.

YAML-based Configuration

Update the /opt/instana/agent/etc/instana/configuration.yaml file on the Azure agent host to look like the following:

com.instana.plugin.azure:
  enabled: true
  subscription: "[Your-Subscription-Id]"
  tenant: "[Your-Tenant-Id]"
  principals:
    - id: "[Your-Service-Principal-Account-Id]"
      secret: "[Your-Base64-encoded-Service-Principal-Secret]"
    - id: "[Your-Service-Principal-Account-Id]"
      secret: "[Your-Base64-encoded-Service-Principal-Secret]"

Note: Changes to the principals configuration listed above will be hot-reloaded by the Azure Agent, meaning that they will take effect without needed to restart the Azure Agent.

JSON-based configuration

Create inside the host running the Azure Agent, a JSON file with following structure:

{
  "subscription": "[Your-Subscription-Id]",
  "tenant": "[Your-Tenant-Id]",
  "principals": [
    {
      "id": "[Your-Service-Principal-Account-Id]",
      "secret": "[Your-Base64-encoded-Service-Principal-Secret]"
    },
    {
      "id": "[Your-Service-Principal-Account-Id]",
      "secret": "[Your-Base64-encoded-Service-Principal-Secret]"
    }
  ]
}

Define the INSTANA_AZURE_CONFIG environment variable on the Azure Agent that has, as value, the path of the newly-created JSON file.

Note: Changes to the principals configuration listed above will not be hot-reloaded by the Azure Agent, meaning that they will take effect only after restarting the Azure Agent.