We’re excited to introduce Container Network Metrics Filtering in Azure Container Networking Services (ACNS) for Azure Kubernetes Service (AKS) is now in Public Preview! This capability transforms how you manage network observability in Kubernetes clusters by giving you control over what metrics matter most.
Why Excessive Metrics Are a Problem (And How We’re Fixing It)
In today’s large-scale, microservices-driven environments, teams often face metrics bloat, Bollecting far more data than they need. The result?
- High Storage & Ingestion Costs: Paying for data you’ll never use.
- Cluttered Dashboards: Hunting for critical latency spikes in a sea of irrelevant pod restarts.
- Operational Overhead: Slower queries, higher maintenance, and fatigue.
Our new filtering capability solves this by letting you define precise filters at the pod level using standard Kubernetes Custom Resources. You collect only what matters, before it ever reaches your monitoring stack.
Key Benefits: Signal Over Noise
| Benefit | Your Gain |
|---|---|
| Fine-Grained Control | Filter by namespace or pod label. Target critical services and ignore noise. |
| Cost Optimization | Reduce ingestion costs for Prometheus, Grafana, and other tools. |
| Improved Observability | Cleaner dashboards and faster troubleshooting with relevant metrics only. |
| Dynamic & Zero-Downtime | Apply or update filters without restarting Cilium agents or Prometheus. |
How It Works: Filtering at the Source
Unlike traditional sampling or post-processing, filtering happens at the Cilium agent level—inside the kernel’s data plane.
You define filters using the ContainerNetworkMetric Custom Resource to include or exclude metrics such as:
- DNS lookups
- TCP connection metrics
- Flow metrics
- Drop (error) metrics
This reduces data volume before metrics leave the host, ensuring your observability tools receive only curated, high-value data.
Example: Filtering Flow Metrics to Reduce Noise
Here’s a sample ContainerNetworkMetric CRD that filters only dropped flows from the traffic/http namespace and excludes flows from traffic/fortio pods:
apiVersion: acn.azure.com/v1alpha1
kind: ContainerNetworkMetric
metadata:
name: container-network-metric
spec:
filters:
- metric: flow
includeFilters:
# Include only DROPPED flows from traffic namespace
verdict:
- "dropped"
from:
namespacedPod:
- "traffic/http"
excludeFilters:
# Exclude traffic/fortio flows to reduce noise
from:
namespacedPod:
- "traffic/fortio"
Before Filtering
After Applying Filters
Getting Started Today
Ready to simplify your network observability?
- Enable ACNS: Make sure ACNS is enabled on your AKS cluster.
- Define Your Filter: Apply the ContainerNetworkMetric CRD with your include/exclude rules.
- Validate: Check your settings via ConfigMap and Cilium agent logs.
- See the Impact: Watch ingestion costs drop and dashboards become clearer!
👉 Learn more in the Metrics Filtering Guide.
Try the Public Preview today and take control of your container network metrics.
Microsoft