Azure

Integrating Hawkeye with your Azure environment allows for real-time telemetry collection, including resource configurations, activity logs, metrics, and alerts. The amount of data collected will depend on the permissions set for the resources in your Azure subscription.

To securely connect Azure to Hawkeye, you need to register an Azure application and configure permissions so that Hawkeye can access the necessary resources.

The following steps will guide you in setting this up:

Step 1: Register an Azure application

To start, you need to register an application within the Microsoft Extra ID Directory. This will allow Hawkeye to interact securely with your Azure resources.

Access Microsoft Extra ID: Log in to the Azure portal and navigate to the Microsoft Extra ID section from the sidebar.
Create a new registration: In the overview of the Microsoft Extra ID section, click Add > App registration.
Fill in the application details: Provide a name for your application, and select the supported account types.

After completing the form, click Register to create the application.

Step 2: Generate client secret for authentication

Now that your application is registered, you need to create a client secret to authenticate Hawkeye’s connection.

Navigate to Certificates & Secrets: On your application’s page, click on Add a certificate or secret as seen in pin 3 below:

Meanwhile, copy the Client ID and Tenant ID. You’ll need them when you set up the Azure connection on Hawkeye.
Create a new client secret: On the Certificates & Secrets section, click Client secrets > New client secret.

Add a description and select the expiration duration. After that, click on the button labeled Add to create the secret.

Note: When you add an expiration duration for an Azure client secret, this will determines the time period that you’ll have to go into Hawkeye and update or delete the connection.
Copy the client secret: After creating the secret, copy and save the value. This will be required when configuring the Hawkeye connection.

Step 3: Assign required roles to service principal

To enable proper access for monitoring and cluster operations, you need to assign the Reader and Azure Kubernetes Service Cluster User Role roles to your subscription.

Access Azure subscriptions:
- In the Azure portal, use the search bar to find and select Subscriptions
- Choose the specific subscription where you want to assign roles
Open Access Control:
- From the subscription navigation menu, select Access control (IAM)
- Click + Add > Add role assignment
Assign Reader role:
- In the Role dropdown, select Reader
- Under Assign access to, choose User, group, or service principal. Then, click + Select members and search for your registered application
- Confirm selection and click Review + assign
Add Azure Kubernetes Service RBAC Reader role:
- Repeat the role assignment process
- Select Azure Kubernetes Service RBAC Reader Role from the Role dropdown
- Choose the same service principal (your registered application)
- Complete the assignment with Review + assign

Step 4: Configure your Azure connection in Hawkeye

With your application registered, you can now configure the connection within Hawkeye.

Open Hawkeye dashboard: Navigate to the Connections section of the Hawkeye dashboard and click the New Connection card.
Select Azure as the Connection Type: Choose Microsoft Azure from the list of connection types.
Enter the required credentials:
- Name: Provide a name for your connection.
- Description: Briefly describe the connection.
- Tenant ID: Your Azure tenant ID.
- Client ID: The client ID from your registered application.
- Client Secret: The secret you created earlier.
Once you’ve entered all the details, click Save to establish the connection.
Confirm connection: To confirm that your connection was successfully created, navigate to the Connections tab and you should see a card like this: