85 log analytics private ingestion works

.infracost/terraform_modules/manifest-17ddce81e82ae2cd524941c40532af9a.json

@@ -0,0 +1 @@
+{"Path":"d:\\Projects\\docker-kubernetes-course\\85_prometheus_grafana_private_endpoint","Version":"2.0","Modules":[]}

85_prometheus_grafana_private_endpoint/ampls.tf

@@ -16,3 +16,19 @@ resource "azurerm_monitor_private_link_scoped_service" "ampls-dce-log-analytics"
   scope_name          = azurerm_monitor_private_link_scope.ampls.name
   linked_resource_id  = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id
 }
+
+
+
+# resource "azurerm_monitor_private_link_scoped_service" "prometheus" {
+#   name                = "ampls-prometheus"
+#   resource_group_name = azurerm_resource_group.rg_monitoring.name
+#   scope_name          = azurerm_monitor_private_link_scope.ampls.name
+#   linked_resource_id  = azurerm_monitor_workspace.prometheus.id
+# }
+
+resource "azurerm_monitor_private_link_scoped_service" "dce-prometheus" {
+  name                = "ampls-dce-prometheus"
+  resource_group_name = azurerm_resource_group.rg_monitoring.name
+  scope_name          = azurerm_monitor_private_link_scope.ampls.name
+  linked_resource_id  = azurerm_monitor_data_collection_endpoint.dce-prometheus.id
+}

85_prometheus_grafana_private_endpoint/data_collection_endpoint.tf

@@ -1,13 +1,14 @@
-resource "azurerm_monitor_data_collection_endpoint" "dce" {
+resource "azurerm_monitor_data_collection_endpoint" "dce-prometheus" {
   name                          = "dce-prometheus"
   resource_group_name           = azurerm_resource_group.rg_monitoring.name
   location                      = azurerm_resource_group.rg_monitoring.location
   kind                          = "Linux"
-  public_network_access_enabled = true # false
+  public_network_access_enabled = false # true # false
 }
 
-# # # associate to a Data Collection Endpoint
-# # resource "azurerm_monitor_data_collection_rule_association" "dce-aks" {
-# #   target_resource_id          = azurerm_kubernetes_cluster.aks.id
-# #   data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce.id
-# # }
+# associate to a Data Collection Endpoint
+resource "azurerm_monitor_data_collection_rule_association" "dce-aks-prometheus" {
+  name                        = "configurationAccessEndpoint" # name is required when data_collection_rule_id is specified. And when data_collection_endpoint_id is specified, the name is populated with configurationAccessEndpoint
+  target_resource_id          = azurerm_kubernetes_cluster.aks.id
+  data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id
+}

85_prometheus_grafana_private_endpoint/data_collection_rule.tf

@@ -1,8 +1,8 @@
-resource "azurerm_monitor_data_collection_rule" "dcr" {
+resource "azurerm_monitor_data_collection_rule" "dcr-prometheus" {
   name                        = "dcr-prometheus"
   resource_group_name         = azurerm_resource_group.rg_monitoring.name
   location                    = azurerm_resource_group.rg_monitoring.location
-  data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce.id
+  data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-prometheus.id
   kind                        = "Linux"
 
   data_sources {
@@ -26,8 +26,8 @@ resource "azurerm_monitor_data_collection_rule" "dcr" {
 }
 
 # associate to a Data Collection Rule
-resource "azurerm_monitor_data_collection_rule_association" "dcr-aks" {
-  name                    = "dcr-aks"
+resource "azurerm_monitor_data_collection_rule_association" "dcr-aks-prometheus" {
+  name                    = "dcr-aks-prometheus"
   target_resource_id      = azurerm_kubernetes_cluster.aks.id
-  data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr.id
+  data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr-prometheus.id
 }

85_prometheus_grafana_private_endpoint/log_analytics-dce-dcr.tf → 85_prometheus_grafana_private_endpoint/dce-dcr-log_analytics.tf

@@ -1,25 +1,19 @@
 resource "azurerm_monitor_data_collection_endpoint" "dce-log-analytics" {
-  name                          = "dce-log-analytics1"
+  name                          = "dce-log-analytics"
   resource_group_name           = azurerm_resource_group.rg_monitoring.name
   location                      = azurerm_resource_group.rg_monitoring.location
   public_network_access_enabled = false
 }
 
 # associate to a Data Collection Endpoint
-resource "azurerm_monitor_data_collection_rule_association" "dce-aks" {
+resource "azurerm_monitor_data_collection_rule_association" "dce-aks-log-analytics" {
+  name                        = "configurationAccessEndpoint" # name is required when data_collection_rule_id is specified. And when data_collection_endpoint_id is specified, the name is populated with configurationAccessEndpoint
   target_resource_id          = azurerm_kubernetes_cluster.aks.id
   data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id
 }
 
-# associate to a Data Collection Rule
-resource "azurerm_monitor_data_collection_rule_association" "dcr-aks1" {
-  name                    = "dcr-aks1"
-  target_resource_id      = azurerm_kubernetes_cluster.aks.id
-  data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr-log-analytics.id
-}
-
 resource "azurerm_monitor_data_collection_rule" "dcr-log-analytics" {
-  name                        = "dcr-log-analytics1"
+  name                        = "dcr-log-analytics"
   resource_group_name         = azurerm_resource_group.rg_monitoring.name
   location                    = azurerm_resource_group.rg_monitoring.location
   data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.dce-log-analytics.id
@@ -67,7 +61,13 @@ resource "azurerm_monitor_data_collection_rule" "dcr-log-analytics" {
           }
         }
       )
-      #   extension_json = jsonencode("\"dataCollectionSettings\": { \"interval\": \"1m\", \"namespaceFilteringMode\": \"Off\", \"enableContainerLogV2\": true }\"")
     }
   }
 }
+
+# associate to a Data Collection Rule
+resource "azurerm_monitor_data_collection_rule_association" "dcr-aks-log-analytics" {
+  name                    = "dcr-aks-log-analytics"
+  target_resource_id      = azurerm_kubernetes_cluster.aks.id
+  data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr-log-analytics.id
+}

85_prometheus_grafana_private_endpoint/private_endpoint-ampls.tf

@@ -1,7 +1,7 @@
 resource "azurerm_private_endpoint" "pe-ampls" {
-  name                = "private-endpoint-ampls"
-  resource_group_name = azurerm_monitor_workspace.prometheus.resource_group_name
-  location            = azurerm_monitor_workspace.prometheus.location
+  name                = "pe-ampls"
+  resource_group_name = azurerm_virtual_network.vnet.resource_group_name
+  location            = azurerm_virtual_network.vnet.location
   subnet_id           = azurerm_subnet.snet-pe.id
 
   private_service_connection {

85_prometheus_grafana_private_endpoint/prometheus.tf

@@ -2,7 +2,7 @@ resource "azurerm_monitor_workspace" "prometheus" {
   name                          = var.prometheus_name
   resource_group_name           = azurerm_resource_group.rg_monitoring.name
   location                      = azurerm_resource_group.rg_monitoring.location
-  public_network_access_enabled = true # false # true
+  public_network_access_enabled = false # false # true
 }
 
 resource "azurerm_role_assignment" "role_monitoring_data_reader_me" {

85_prometheus_grafana_private_endpoint/variables.tf

@@ -5,22 +5,22 @@ variable "resources_location" {
 
 variable "rg_aks_cluster" {
   type    = string
-  default = "rg-aks-cluster2"
+  default = "rg-aks-cluster"
 }
 
 variable "rg_monitoring" {
   type    = string
-  default = "rg-monitoring2"
+  default = "rg-monitoring"
 }
 
 variable "aks_name" {
   type    = string
-  default = "aks-cluster2"
+  default = "aks-cluster"
 }
 
 variable "grafana_name" {
   type    = string
-  default = "azure-grafana-15"
+  default = "azure-grafana-17"
 }
 
 variable "prometheus_name" {