This chapter covers Container Insights for Azure Kubernetes Service (AKS), a critical monitoring solution that provides visibility into the performance, health, and resource utilization of your AKS clusters. For the AZ-104 exam, Container Insights falls under Domain 5 (Monitoring), Objective 5.1 (Monitor resources by using Azure Monitor). Approximately 5-10% of monitoring questions may involve Container Insights, often in scenario-based questions where you must choose the appropriate monitoring tool. This chapter will explain what Container Insights is, how it works, its components, configuration steps, and how it integrates with other Azure Monitor features. You will learn the exact metrics collected, default data collection intervals, and how to query and visualize data. By the end, you will be able to answer exam questions confidently and apply this knowledge in real-world AKS monitoring scenarios.
Jump to a section
Container Insights for Azure Kubernetes Service (AKS) is like a centralized telemetry system for a fleet of delivery trucks. Each truck (node) has multiple compartments (pods) with packages (containers). The telemetry system collects data from each truck's onboard sensors (the Log Analytics agent) — engine temperature (CPU usage), fuel consumption (memory), tire pressure (disk I/O), and GPS location (node/pod topology). The data is streamed to a central command center (Log Analytics workspace) where dispatchers (you) can view real-time dashboards (Metrics Explorer) and historical reports (Kusto queries). If a truck is overheating or low on fuel, the system triggers an alert. The telemetry system doesn't drive the trucks — it only monitors them. Similarly, Container Insights is a monitoring solution that collects performance metrics, inventory data, and logs from AKS clusters, but it does not manage or control the cluster. It relies on the Azure Monitor agent (formerly OMS agent) deployed as a DaemonSet on each node. The agent collects data every 60 seconds by default and sends it to the Log Analytics workspace. You can query this data using Kusto Query Language (KQL) to diagnose issues, create alerts, and build custom workbooks. The key insight is that Container Insights is about observability, not management — a critical distinction for the AZ-104 exam.
What is Container Insights and Why It Exists
Container Insights is a feature of Azure Monitor that provides performance monitoring for containerized workloads deployed to Azure Kubernetes Service (AKS) clusters, Azure Container Instances (ACI), and self-managed Kubernetes clusters running on Azure Stack or on-premises. It collects memory and processor metrics from controllers, nodes, and containers, as well as container inventory and log data. The primary goal is to give you visibility into the health and performance of your Kubernetes infrastructure without requiring you to manually configure monitoring agents or build custom dashboards.
For the AZ-104 exam, you need to understand that Container Insights is the recommended monitoring solution for AKS clusters. It is not a management tool — it does not automate scaling or healing. It is purely an observability tool that provides data to Azure Monitor, which you can then use to create alerts, triggers, or integrate with other tools.
How Container Insights Works Internally
Container Insights works by deploying a containerized Log Analytics agent (the Azure Monitor agent for containers) as a DaemonSet on each node in your AKS cluster. The agent is based on the OMS (Operations Management Suite) agent and is responsible for collecting:
Performance metrics: CPU and memory usage at the node, pod, and container level.
Inventory data: Container images, running processes, and pod counts.
Logs: stdout/stderr streams from containers.
Kubernetes events: Normal and error events from the cluster.
The agent sends this data to a Log Analytics workspace every 60 seconds by default. The workspace stores the data in tables such as Perf, ContainerInventory, ContainerLog, KubeEvents, and KubePodInventory. You can query these tables using Kusto Query Language (KQL) to gain insights.
The data collection pipeline: 1. The agent on each node queries the kubelet API for pod and container statistics. 2. The agent also reads container logs from the Docker socket or containerd socket. 3. The agent sends the data to the Log Analytics workspace via HTTPS on port 443. 4. The workspace ingests the data and makes it available for querying.
Key Components, Defaults, and Timers
Log Analytics workspace: Required for Container Insights. You can use an existing workspace or create a new one. The workspace must be in the same region as the AKS cluster for optimal performance.
Azure Monitor agent for containers: Deployed as a DaemonSet named omsagent. It runs on each node and collects data.
Data collection interval: Every 60 seconds for performance metrics. Logs are collected continuously.
Default retention: 30 days for metrics and logs. You can change this at the workspace level.
Data tables: Perf (performance data), ContainerInventory (container state), ContainerLog (stdout/stderr), KubeEvents (Kubernetes events), KubePodInventory (pod metadata).
Cost: Ingested data is billable. The first 5 GB per month is free for each Log Analytics workspace.
Configuration and Verification Commands
To enable Container Insights on an existing AKS cluster using Azure CLI:
az aks enable-addons --addons monitoring --name <cluster-name> --resource-group <rg-name> --workspace-resource-id <workspace-id>To verify the agent is running:
kubectl get daemonsets --namespace=kube-system | grep omsagentTo check the agent logs:
kubectl logs -n kube-system -l app=omsagentTo query performance data in Log Analytics:
Perf
| where TimeGenerated > ago(1h)
| where ObjectName == "K8SNode"
| summarize avg(CounterValue) by Computer, CounterNameIntegration with Related Technologies
Container Insights integrates with:
Azure Monitor Metrics: You can pin charts from Container Insights to Azure dashboards.
Azure Monitor Alerts: Create alert rules based on custom log searches or metric thresholds.
Azure Workbooks: Use pre-built workbooks or create custom ones for deep analysis.
Azure Log Analytics: Query data using KQL.
Azure Policy: Enforce monitoring on new clusters using Azure Policy.
Exam-Relevant Details
Container Insights is NOT a replacement for Azure Monitor for VMs — it is specific to containerized environments.
It does NOT support Windows containers as of now (only Linux containers).
It can monitor AKS clusters, ACI, and self-managed Kubernetes.
The agent uses port 443 to send data to Azure Monitor.
Data is stored in a Log Analytics workspace, not in Azure Monitor Metrics.
You can enable Container Insights during cluster creation or after.
The agent is deployed as a DaemonSet, ensuring one agent per node.
If you disable Container Insights, the agent and data are removed but the Log Analytics workspace remains.
Common Pitfalls
Not associating a Log Analytics workspace: Container Insights requires a workspace. If you don't specify one, Azure creates a default workspace in the same region.
Using a workspace in a different region: This increases latency and data transfer costs.
Assuming Container Insights manages the cluster: It is monitoring-only.
Forgetting to check agent status: If the agent fails, no data is collected.
Step-by-Step: Enabling and Using Container Insights
Pre-requisites: An AKS cluster, Azure CLI or portal access, and a Log Analytics workspace (optional).
Enable monitoring: Use Azure CLI, portal, or Azure Policy.
Verify deployment: Check that the omsagent DaemonSet is running.
View data: In the Azure portal, navigate to your AKS cluster and select "Insights" under Monitoring.
Create alerts: Use the Metrics or Logs tab to set up alerts.
Query logs: Use Log Analytics to run KQL queries.
Conclusion
Container Insights is a powerful monitoring tool for AKS that integrates seamlessly with Azure Monitor. For the AZ-104 exam, focus on understanding its purpose, components, configuration, and how it differs from other monitoring solutions. Remember that it is a monitoring-only feature, requires a Log Analytics workspace, uses the OMS agent as a DaemonSet, and collects data every 60 seconds.
Enable Container Insights on AKS
To enable Container Insights, you can use the Azure portal, Azure CLI, or Azure Policy. Using the CLI, run `az aks enable-addons --addons monitoring --name <cluster> --resource-group <rg> --workspace-resource-id <workspace-id>`. If you omit `--workspace-resource-id`, Azure creates a default Log Analytics workspace in the same region. The command triggers the deployment of the `omsagent` DaemonSet on each node. The agent starts collecting data immediately. You can verify by checking the `kube-system` namespace for pods with `app=omsagent` label.
Agent Deployment and Data Collection
The `omsagent` DaemonSet ensures one agent pod per node. The agent communicates with the kubelet API and container runtime to collect metrics every 60 seconds. It collects CPU and memory usage, disk I/O, network statistics, container logs, and Kubernetes events. The data is sent to the Log Analytics workspace via HTTPS on port 443. The agent also performs health checks and restarts automatically if it fails. You can view agent logs using `kubectl logs -n kube-system -l app=omsagent`.
Viewing Insights in Azure Portal
In the Azure portal, navigate to your AKS cluster and select "Insights" under the Monitoring section. The default view shows a cluster map with node and pod health. You can drill down into specific nodes, controllers, or containers. The performance charts display CPU and memory usage over time. You can change the time range (e.g., last 1 hour, 6 hours, 24 hours) and granularity. The view also includes a tab for "Containers" showing inventory and logs. From here, you can also access Log Analytics to run custom queries.
Querying Data with Log Analytics
To perform advanced analysis, use Log Analytics. Click on "Logs" in the Insights blade or go directly to the Log Analytics workspace. You can write KQL queries against tables like `Perf`, `ContainerInventory`, `ContainerLog`, `KubeEvents`, and `KubePodInventory`. For example, to find the top 5 containers by CPU usage: `ContainerInventory | where TimeGenerated > ago(1h) | summarize avg(CpuUsage) by ContainerName | top 5 by avg_CpuUsage desc`. You can save queries, pin results to dashboards, and create alerts based on query results.
Creating Alerts from Container Insights
You can create alert rules based on Container Insights data. For example, to alert when a node's CPU usage exceeds 90%, create a metric alert using the `cpuUsagePercentage` metric from the `insights.container/nodes` namespace. Alternatively, create a log alert from a KQL query: `Perf | where ObjectName == "K8SNode" and CounterName == "cpuUsagePercentage" and CounterValue > 90 | summarize AggregatedValue = avg(CounterValue) by Computer`. Set the condition to fire when the result is greater than 0. Alerts can trigger actions like email, SMS, webhook, or run an Azure Automation runbook.
Scenario 1: E-commerce Platform with AKS
A large e-commerce company runs its microservices on AKS across multiple nodes. They need to monitor resource usage to ensure consistent performance during peak shopping seasons. They enable Container Insights on their production cluster. The operations team creates dashboards showing CPU and memory usage per service. They set up alerts for when any container exceeds 80% CPU for more than 5 minutes. During a flash sale, an alert triggers — a payment service container is hitting 95% CPU. The team drills into the container logs via Container Insights and discovers a memory leak. They scale up the deployment and schedule a fix. Without Container Insights, they would have only noticed the issue when customers complained about payment failures.
Scenario 2: Multi-Cluster Monitoring for a SaaS Provider
A SaaS provider manages 50 AKS clusters across different regions. They need a centralized view of all clusters. They configure each cluster to send data to a single Log Analytics workspace. Using Container Insights, they create a workbook that aggregates metrics from all clusters, showing overall health, regional performance, and cost trends. They set up alerts for node failures and high memory usage. When a cluster in West US experiences a node failure, they get an alert and quickly redeploy the node. The centralized workspace also allows them to run cross-cluster queries to identify which clusters are underutilized, helping them optimize costs.
Scenario 3: Troubleshooting Application Performance
A development team deploys a new version of their app to a staging AKS cluster. After deployment, they notice increased latency. They use Container Insights to examine the cluster map and see that one node has significantly higher CPU usage than others. They drill into that node and see that a specific pod is consuming excessive memory. They check the container logs for that pod and find repeated error messages about a database connection timeout. The team realizes the new version has a bug causing excessive database queries. They roll back the deployment. Container Insights helped them pinpoint the root cause in minutes rather than hours.
Common Misconfigurations
Using a different Log Analytics workspace for each cluster: This complicates cross-cluster analysis. Use one workspace for multiple clusters unless you need isolation.
Not setting up alerts: Without alerts, you rely on manual dashboard review, which can miss critical issues.
Ignoring agent health: If the omsagent DaemonSet is not running, no data is collected. Always verify agent status after enabling Container Insights.
Overlooking data retention: Default retention is 30 days. For compliance, you may need to increase retention or export data to Azure Storage or Event Hubs.
What AZ-104 Tests on Container Insights
AZ-104 Domain 5 (Monitoring) Objective 5.1: Monitor resources by using Azure Monitor. Specifically, you need to understand:
The purpose of Container Insights (monitoring, not management).
How to enable Container Insights on AKS clusters (using CLI, portal, or Azure Policy).
The data collected (metrics, logs, inventory, events).
The agent (OMS agent as DaemonSet, named omsagent).
The Log Analytics workspace requirement.
Integration with Azure Monitor features (alerts, dashboards, workbooks).
Common Wrong Answers and Why Candidates Choose Them
"Container Insights automatically scales the cluster based on metrics." This is wrong because Container Insights is monitoring-only. Auto-scaling is done by the cluster autoscaler or Horizontal Pod Autoscaler (HPA). Candidates confuse monitoring with management.
"Container Insights requires a dedicated Log Analytics workspace per cluster." Wrong. You can use one workspace for multiple clusters. Candidates think isolation is required.
"Container Insights collects data every 5 minutes." Wrong. The default interval is 60 seconds. Candidates assume a larger interval typical of other monitors.
"Container Insights can be enabled only during cluster creation." Wrong. You can enable it on existing clusters. Candidates think it's a one-time choice.
Specific Numbers, Values, and Terms
Default data collection interval: 60 seconds.
Agent name: omsagent (DaemonSet).
Port: 443 (HTTPS).
Log Analytics tables: Perf, ContainerInventory, ContainerLog, KubeEvents, KubePodInventory.
Default retention: 30 days.
Free data ingestion: 5 GB per month per workspace.
Supported environments: AKS, ACI, self-managed Kubernetes (Azure Stack, on-premises).
Unsupported: Windows containers (Linux only as of exam date).
Edge Cases and Exceptions
If you enable Container Insights without specifying a workspace, Azure creates a default workspace in the same region as the cluster. The workspace name includes the cluster name and resource group.
If you disable Container Insights, the agent and data are removed, but the Log Analytics workspace remains. You can still query historical data if retention hasn't expired.
Container Insights can be enabled via Azure Policy to automatically monitor new clusters.
The agent can be configured to collect additional data, but the exam focuses on default behavior.
How to Eliminate Wrong Answers
Look for keywords: "monitor" vs. "manage" — if the answer says Container Insights manages or scales, it's wrong.
Check if the answer mentions a Log Analytics workspace — Container Insights always requires one.
Verify the data collection interval — 60 seconds is correct; 5 minutes is for some other monitors.
Ensure the answer does not claim support for Windows containers — only Linux is supported.
Container Insights is a monitoring feature of Azure Monitor for AKS, not a management tool.
It deploys the OMS agent (omsagent) as a DaemonSet on each node.
Default data collection interval for metrics is 60 seconds.
Data is stored in a Log Analytics workspace in tables like Perf, ContainerInventory, ContainerLog, KubeEvents, and KubePodInventory.
Container Insights supports Linux containers only (no Windows containers).
You can enable Container Insights during or after cluster creation via CLI, portal, or Azure Policy.
Default data retention is 30 days; first 5 GB of data ingested per workspace per month is free.
Container Insights integrates with Azure Monitor alerts, dashboards, and workbooks.
It does NOT perform auto-scaling; use cluster autoscaler or HPA for scaling.
A single Log Analytics workspace can monitor multiple AKS clusters.
These come up on the exam all the time. Here's how to tell them apart.
Container Insights
Monitors AKS clusters, ACI, and self-managed Kubernetes.
Deploys OMS agent as a DaemonSet on each node.
Collects container-level metrics (CPU, memory, logs, events).
Data stored in Log Analytics tables like Perf, ContainerInventory, ContainerLog.
Requires a Log Analytics workspace.
VM Insights
Monitors Azure VMs and on-premises VMs.
Deploys Azure Monitor agent (AMA) or legacy MMA agent on each VM.
Collects VM-level metrics (CPU, memory, disk, network, processes).
Data stored in Log Analytics tables like Perf, VMComputer, VMProcess.
Requires a Log Analytics workspace.
Container Insights
Native Azure service integrated with AKS.
Automatic agent deployment via add-on.
Pre-built dashboards and workbooks.
Data sent to Azure Log Analytics workspace.
Supports AKS and ACI only.
Azure Monitor for Containers (Self-Managed)
Community or third-party solution (e.g., Prometheus, Grafana).
Manual agent deployment and configuration.
Custom dashboards required.
Data stored in custom database or external storage.
Can monitor any Kubernetes cluster, including on-premises.
Mistake
Container Insights can automatically scale AKS clusters based on metrics.
Correct
Container Insights is a monitoring-only tool. It does not perform any management actions like scaling. Scaling is handled by the cluster autoscaler or Horizontal Pod Autoscaler (HPA), which are separate features.
Mistake
Container Insights requires a separate Log Analytics workspace for each AKS cluster.
Correct
You can use a single Log Analytics workspace for multiple AKS clusters. This is common for centralized monitoring. However, you may choose separate workspaces for isolation or compliance.
Mistake
Container Insights collects data every 5 minutes.
Correct
The default data collection interval for performance metrics is 60 seconds (1 minute). Logs are collected continuously. The 5-minute interval is for some other Azure Monitor features like VM Insights.
Mistake
Container Insights supports Windows containers.
Correct
As of the current exam, Container Insights supports only Linux containers. Windows container support is not available. This is a common trick on the exam.
Mistake
Container Insights is enabled by default on all new AKS clusters.
Correct
Container Insights is not enabled by default. You must explicitly enable it during or after cluster creation. Azure Policy can enforce automatic enablement.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Use the Azure CLI command: `az aks enable-addons --addons monitoring --name <cluster-name> --resource-group <rg-name> --workspace-resource-id <workspace-id>`. If you omit the workspace ID, Azure creates a default workspace. You can also enable it via the Azure portal under the cluster's Monitoring > Insights blade.
It collects performance metrics (CPU, memory, disk, network), container inventory (images, processes), container logs (stdout/stderr), and Kubernetes events. Data is collected every 60 seconds and stored in a Log Analytics workspace.
Yes, you can use a single workspace to monitor multiple AKS clusters. This is common for centralized monitoring. However, consider isolation requirements or compliance needs that may require separate workspaces.
The default retention is 30 days. You can change this in the Log Analytics workspace settings. Note that data ingestion is billable after the first 5 GB per workspace per month.
No, as of the current exam, Container Insights supports only Linux containers. Windows container support is not available. This is a common exam trap.
Run `kubectl get daemonsets --namespace=kube-system | grep omsagent`. You should see the `omsagent` DaemonSet with the desired number of pods equal to the number of nodes. Also check that the pods are in Running state.
Yes, you can create metric alerts or log alerts. For example, create a metric alert on `cpuUsagePercentage` from the `insights.container/nodes` namespace, or a log alert from a KQL query on the `Perf` table.
You've just covered Container Insights for AKS — now see how well it sticks with free AZ-104 practice questions. Full explanations included, no account needed.
Done with this chapter?