This project is an API server which implements the Kargo AnalysisRun Log API. This allows Kargo to read AnalysisRun Logs from Azure Log Analytics Workspaces.
- Read AnalysisRun Logs from Log Analytics Workspace
- Authentication
- AMD64 and ARM64 support
Kargo queries this API, which in turn queries the Azure Log Analytics Workspace to retrieve container logs.
The following query is issued:
ContainerLogV2 | where PodNamespace == '{jobNamespace}' and PodName startswith '{jobName}' and ContainerName == '{container}' | project LogMessage
- Create an App Registration in Azure Portal
- Grant the App Registration
ReaderRole on the Log Analytics Workspace - Generate a Client Secret for the App Registration
- In the aks-kargo-analysisrun-logs Helm Chart set
settings: # Used to connect to the Log Analytics Workspace when using Client Secret authentication authentication: # Entra Tenant Id. tenantId: "enter-tenant-id" # Entra Application Client Id. clientId: "enter-application-client-id" # Entra Application Client Secret. clientSecret: "enter-application-client-secret"
- Create a Managed Identity
- Set the Federated credetential details in the Managed Identity
- Set Subject "system:serviceaccount:{namespace}:{release-name}"
- Grant the Managed Identity
ReaderRole on the Log Analytics Workspace - In the aks-kargo-analysisrun-logs Helm Chart set
serviceAccount: create: true annotations: azure.workload.identity/client-id: {Enter Managed Identity Client Id} podLabels: azure.workload.identity/use: "true"
Set the following values in the aks-kargo-analysisrun-logs Helm Chart
settings:
# Used to connect to the Log Analytics Workspace when using Client Secret authentication
authentication:
# Entra Tenant Id.
tenantId: "enter-tenant-id"
# Entra Application Client Id.
clientId: "enter-application-client-id"
# Entra Application Client Secret.
clientSecret: "enter-application-client-secret"
# Requests to this API must include this value in the Authorization header.
authorizationHeader: "my-api-key"
# For non-sharded Kargo, use 'default' and set the Azure Monitor Workspace ID.
shards:
- name: default
azureMonitorWorkspaceId: "enter-azure-monitor-workspace-id"Set the following values in the Kargo Helm Chart
api:
## All settings relating to the use of Argo Rollouts by the API Server.
rollouts:
integrationEnabled: true
logs:
enabled: true
urlTemplate: "http://aks-kargo-analysisrun-logs/logs/default/${{jobNamespace}}/${{jobName}}/${{container}}"
httpHeaders:
Authorization: "my-api-key"Set the following values in the aks-kargo-analysisrun-logs Helm Chart
settings:
# Used to connect to the Log Analytics Workspace when using Client Secret authentication
authentication:
# Entra Tenant Id.
tenantId: "enter-entra-tenant-id"
# Entra Application Client Id.
clientId: "enter-entra-application-client-id"
# Entra Application Client Secret.
clientSecret: "enter-entra-application-client-secret"
# Requests to this API must include this value in the Authorization header.
authorizationHeader: "my-api-key"
# For sharded Kargo, set each shard's name and corresponding Azure Monitor Workspace ID.
shards:
- name: development
azureMonitorWorkspaceId: "enter-development-azure-monitor-workspace-id"
- Name: production
azureMonitorWorkspaceId: "enter-production-azure-monitor-workspace-id"Set the following values in the Kargo Helm Chart
## All settings relating to the use of Argo Rollouts by the API Server.
rollouts:
integrationEnabled: true
logs:
enabled: true
urlTemplate: "http://aks-kargo-analysisrun-logs/logs/${{shard}}/${{jobNamespace}}/${{jobName}}/${{container}}"
httpHeaders:
Authorization: "my-api-key"Download the default Helm Values
helm repo add aks-kargo-analysisrun-logs https://ivanjosipovic.github.io/aks-kargo-analysisrun-logs
helm repo update
helm inspect values aks-kargo-analysisrun-logs/aks-kargo-analysisrun-logs > values.yamlModify the settings to fit your needs
Install Helm Chart
helm install aks-kargo-analysisrun-logs aks-kargo-analysisrun-logs/aks-kargo-analysisrun-logs --create-namespace --namespace aks-kargo-analysisrun-logs -f values.yaml