Azure
The Azure scrapers scrapes your azure account to fetch all the resources & save them as configs.
azure-scraper.yamlapiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: azure-scraper
spec:
azure:
- connection: connection://azure/flanksource
subscriptionID: e3911016-5810-415f-b075-682db169988f
transform:
relationship:
# Link AKS Cluster to Kubernetes Cluster
- filter: config_class == 'KubernetesCluster'
expr: |
[{
"type": "Kubernetes::Cluster",
"labels": {
"aks-nodeResourceGroup": config["properties"]["nodeResourceGroup"],
"subscriptionID": tags["subscriptionID"]
}
}].toJSON()
# Link Azure Virtual Machine Scale Sets to the Kubernetes Nodes
- filter: config_class == 'Node'
expr: |
[{
"type": "Kubernetes::Node",
"labels": {
"azure/vm-scale-set": name,
"subscriptionID": tags["subscriptionID"]
}
}].toJSON()
Scraper
| Field | Description | Scheme | Required |
|---|---|---|---|
logLevel | Specify the level of logging. | string | |
schedule | Specify the interval to scrape in cron format. Defaults to every 60 minutes. | string | |
retention | Settings for retaining changes, analysis and scraped items | Retention | |
azure | Azure scrape config | []Azure |
Azure
| Field | Description | Scheme | Required |
|---|---|---|---|
connection | Specify the connection that provides the clientID, clientSecret & tenantID | string | |
subscriptionID | Azure subscription ID | string | |
tenantID | Azure tenant ID | string | |
clientID | Microsoft Entra ID app client id | EnvVar | |
clientSecret | Microsoft Entra ID app client secret | EnvVar | |
include | Azure resources to include for scraping | []string | |
exclusions | Specifies the Azure resources to exclude | Exclusion | |
entra | Microsoft Entra ID (Azure AD) scraping configuration | Entra | |
properties | Custom templatable properties for the scraped config items. | []ConfigProperty | |
transform | Field to transform result | Transform | |
tags | Set custom tags on the scraped config items | map[string]string |
Either the connection name or the credentials (clientID, clientSecret & tenantID) are required
Exclusion
| Field | Description | Scheme | Required |
|---|---|---|---|
activityLogs | A list of operations to exclude from activity logs | []string |
Entra
| Field | Description | Scheme | Required |
|---|---|---|---|
users | Selectors for scraping Entra ID users | []ResourceSelector | |
groups | Selectors for scraping Entra ID groups | []ResourceSelector | |
appRegistrations | Selectors for scraping app registrations | []ResourceSelector | |
enterpriseApps | Selectors for scraping enterprise applications | []ResourceSelector | |
appRoleAssignments | Selectors for scraping app role assignments | []ResourceSelector |
Resource Types
The following Azure resources are scraped and mapped to Mission Control config types:
| Resource Type | Config Class | | ------------------------------------------ | --------------------- | --- | | microsoft.compute/virtualmachines | VirtualMachine | | microsoft.compute/virtualmachinescalesets | Node | | microsoft.network/loadbalancers | LoadBalancer | | microsoft.network/virtualnetworks | VirtualNetwork | | microsoft.containerregistry/registries | ContainerRegistry | | microsoft.network/azurefirewalls | Firewall | | microsoft.sql/servers | RelationalDatabase | | microsoft.dbforpostgresql/servers | RelationalDatabase | | microsoft.containerservice/managedclusters | KubernetesCluster | | microsoft.resources/resourcegroups | ResourceGroup | | subscription | Subscription | | microsoft.storage/storageaccounts | StorageAccount | | microsoft.web/sites | AppService | | microsoft.network/dnszones | DNSZone | | microsoft.network/privatednszones | PrivateDNSZone | | microsoft.network/trafficmanagerprofiles | TrafficManagerProfile | | microsoft.network/networksecuritygroups | SecurityGroup | | microsoft.network/publicipaddresses | PublicIPAddress | + |