How to send AKS master logs to eventhub using terraform?

Question

How to send AKS master logs to eventhub using Azurerm terraform ? As Terraform only provides log analytics option only.

Answer 1

In order to send logs to Event Hub using terraform you need to create few resources :

1. Event Hub Namespace (azurerm_eventhub_namespace)
2. Event Hub (azurerm_eventhub)
3. Authorization Rule for an Event Hub Namespace (azurerm_eventhub_namespace_authorization_rule)
4. Diagnostic Setting for an existing Resource (azurerm_monitor_diagnostic_setting)

The following example based on this repo.

# Create the AKS cluster

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_kubernetes_cluster" "example" {
  name                = "example-aks1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  dns_prefix          = "exampleaks1"

  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  identity {
    type = "SystemAssigned"
  }

  tags = {
    Environment = "Production"
  }
}

# Create Event hub namespace

resource "azurerm_eventhub_namespace" "logging" {
  name                = "logging-eventhub"
  location            = "${azurerm_resource_group.example.location}"
  resource_group_name = "${azurerm_resource_group.example.name}"
  sku                 = "Standard"
  capacity            = 1
  kafka_enabled       = false
}


# Create Event hub

resource "azurerm_eventhub" "logging_aks" {
  name                = "logging-aks-eventhub"
  namespace_name      = "${azurerm_eventhub_namespace.logging.name}"
  resource_group_name = "${azurerm_resource_group.example.name}"
  partition_count     = 2
  message_retention   = 1
}

# Create an authorization rule

resource "azurerm_eventhub_namespace_authorization_rule" "logging" {
  name                = "authorization_rule"
  namespace_name      = "${azurerm_eventhub_namespace.logging.name}"
  resource_group_name = "${azurerm_resource_group.example.name}"

  listen = true
  send   = true
  manage = true
}

# Manages a Diagnostic Setting for an existing Resource

resource "azurerm_monitor_diagnostic_setting" "aks-logging" {
  name                           = "diagnostic_aksl"
  target_resource_id             = "${azurerm_kubernetes_cluster.example.id}"
  eventhub_name                  = "${azurerm_eventhub.logging_aks.name}"
  eventhub_authorization_rule_id = "${azurerm_eventhub_namespace_authorization_rule.logging.id}"

  log {
    category = "kube-scheduler"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  log {
    category = "kube-controller-manager"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  log {
    category = "cluster-autoscaler"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  log {
    category = "kube-audit"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  log {
    category = "kube-apiserver"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }
}