Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for Configurable Endpoint in outputs.azure_monitor Plugin for Private Link Use #16400

Open
rkoop opened this issue Jan 15, 2025 · 0 comments
Open

Add Support for Configurable Endpoint in outputs.azure_monitor Plugin for Private Link Use #16400

rkoop opened this issue Jan 15, 2025 · 0 comments
Labels
feature request Requests for new plugin and for new features to existing plugins

Comments

@rkoop
Copy link

rkoop commented Jan 15, 2025

Use Case

In our environment, we use Azure Monitor Private Link to route monitoring data through a secure private endpoint instead of the public endpoint. This setup enhances security by ensuring that all traffic remains within the Azure backbone and avoids traversing the public internet.

We want the Telegraf outputs.azure_monitor plugin to support a configurable endpoint field that allows us to specify the Private Link FQDN (e.g., https://workspace-name-east-us-monitor-xxxxx.privatelink.eastus.prometheus.monitor.azure.com), which resolves to the private endpoint via Azure Private DNS. This would simplify configuration and eliminate the need for DNS overrides or additional network proxies.

Expected behavior

When using the plugin in environments with Azure Monitor Private Link:

  1. A new optional endpoint field (or similar) in the plugin configuration allows specifying the Private Link FQDN.
  2. Metrics sent to the specified endpoint are routed to the private endpoint without relying on DNS changes.
  3. The plugin seamlessly integrates with Azure Monitor Workspaces configured with Private Link.

Example Configuration:

[[outputs.azure_monitor]]
  region = "eastus"
  resource_id = "/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/microsoft.monitor/workspaces/<workspace-name>"
  endpoint = " https://workspace-name-east-us-monitor-xxxxx.privatelink.eastus.prometheus.monitor.azure.com"  # Private DNS resolves to private endpoint

Actual behavior

Currently, the outputs.azure_monitor plugin defaults to the public endpoint (https://.monitoring.azure.com) with no option to override it for a private endpoint. This forces users to:

  1. Modify DNS to resolve the public FQDN to the private endpoint’s IP.
  2. Use a network proxy to route traffic to the private endpoint.

Both workarounds increase complexity and are prone to misconfiguration, particularly in secure environments where Private Link is mandated.

Additional info

No response
@rkoop rkoop added the feature request Requests for new plugin and for new features to existing plugins label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request Requests for new plugin and for new features to existing plugins
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rkoop