I had a cluster built with an ARM template and setup Log Analytics to collect via the ContainerInsights solution. Everything was working as expected with RBAC disabled. I was seeing logs coming from my deployed pods.
I rebuilt the cluster with RBAC enabled and Azure AD authentication configured. Now I see some data flowing to Log Analytics via ContainerInsights, but I don't see logs from my pods anymore. I'm assuming I need to update a permission somewhere to collect them, but I can't find it in the documentation. I tried inspecting the roles, clusterroles & serviceaccounts in the cluster, but nothing seemed obvious on what collection method was being used.
My question: What's the correct way to configure an RBAC enabled cluster to collect pod logs in Log Analytics?
I did have to update my AKS version since AKS only supports the last 2 micro versions, so I went from 1.10.5 to 1.11.3. I'm assuming that the version bump didn't break log collection, but wanted to call it out in case it did.
The solution to this issue was to delete the
ContainerInsights solution as well when rebuilding the cluster. My assumption is that the provisioning process doesn't fire on cluster build to setup accounts, but on the solution provisioning process. Since the Solution existed in Log Analytics, it didn't fully reprovision everything needed to work.