(DEPRECATED) Monitor a Kubernetes cluster with Log Analytics
Tip
For the updated version this tutorial that uses Azure Kubernetes Service, see Azure Monitor for containers (Preview) overview.
Warning
The Azure Container Service (ACS) is being deprecated. No new features or functionality are being added to ACS. All of the APIs, portal experience, CLI commands and documentation are marked as deprecated.
In 2017, we introduced Azure Kubernetes Service (AKS) for simplifying Kubernetes management, deployment, and operations. If you use the Kubernetes orchestrator, please migrate to AKS by January 31, 2020. To get started, see migrate to Azure Kubernetes Service.
For more information, see the Azure Container Service deprecation announcement on Azure.com.
Monitoring your Kubernetes cluster and containers is critical, especially when you manage a production cluster at scale with multiple apps.
You can take advantage of several Kubernetes monitoring solutions, either from Microsoft or other providers. In this tutorial, you monitor your Kubernetes cluster by using the Containers solution in Log Analytics, Microsoft's cloud-based IT management solution. (The Containers solution is in preview.)
This tutorial, part seven of seven, covers the following tasks:
- Get Log Analytics Workspace settings
- Set up Log Analytics agents on the Kubernetes nodes
- Access monitoring information in the Log Analytics portal or Azure portal
Before you begin
In previous tutorials, an application was packaged into container images, these images uploaded to Azure Container Registry, and a Kubernetes cluster created.
If you have not done these steps, and would like to follow along, return to Tutorial 1 – Create container images.
Get Workspace settings
When you can access the Log Analytics portal, go to Settings > Connected Sources > Linux Servers. There, you can find the Workspace ID and a primary or secondary Workspace Key. Take note of these values, which you need to set up Log Analytics agents on the cluster.
Create Kubernetes secret
Store the Log Analytics workspace settings in a Kubernetes secret named omsagent-secret
using the [kubectl create secret][kubectl-create-secret] command. Update WORKSPACE_ID
with your Log Analytics workspace ID and WORKSPACE_KEY
with the workspace key.
kubectl create secret generic omsagent-secret --from-literal=WSID=WORKSPACE_ID --from-literal=KEY=WORKSPACE_KEY
Set up Log Analytics agents
The following Kubernetes manifest file can be used to configure the container monitoring agents on a Kubernetes cluster. It creates a Kubernetes DaemonSet, which runs a single identical pod on each cluster node.
Save the following text to a file named oms-daemonset.yaml
.
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: omsagent
spec:
template:
metadata:
labels:
app: omsagent
agentVersion: 1.4.3-174
dockerProviderVersion: 1.0.0-30
spec:
containers:
- name: omsagent
image: "microsoft/oms"
imagePullPolicy: Always
securityContext:
privileged: true
ports:
- containerPort: 25225
protocol: TCP
- containerPort: 25224
protocol: UDP
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-sock
- mountPath: /var/log
name: host-log
- mountPath: /etc/omsagent-secret
name: omsagent-secret
readOnly: true
- mountPath: /var/lib/docker/containers
name: containerlog-path
livenessProbe:
exec:
command:
- /bin/bash
- -c
- ps -ef | grep omsagent | grep -v "grep"
initialDelaySeconds: 60
periodSeconds: 60
nodeSelector:
beta.kubernetes.io/os: linux
# Tolerate a NoSchedule taint on master that ACS Engine sets.
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Equal"
value: "true"
effect: "NoSchedule"
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
- name: host-log
hostPath:
path: /var/log
- name: omsagent-secret
secret:
secretName: omsagent-secret
- name: containerlog-path
hostPath:
path: /var/lib/docker/containers
Create the DaemonSet with the following command:
kubectl create -f oms-daemonset.yaml
To see that the DaemonSet is created, run:
kubectl get daemonset
Output is similar to the following:
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE-SELECTOR AGE
omsagent 3 3 3 0 3 <none> 5m
After the agents are running, it takes several minutes for Log Analytics to ingest and process the data.
Access monitoring data
View and analyze the container monitoring data with the Container solution in either the Log Analytics portal or the Azure portal.
To install the Container solution using the Log Analytics portal, go to Solutions Gallery. Then add Container Solution. Alternatively, add the Containers solution from the Azure Marketplace.
In the Log Analytics portal, look for a Containers summary tile on the dashboard. Click the tile for details including: container events, errors, status, image inventory, and CPU and memory usage. For more granular information, click a row on any tile, or perform a log search.
Similarly, in the Azure portal, go to Log Analytics and select your workspace name. To see the Containers summary tile, click Solutions > Containers. To see details, click the tile.
See the Azure Log Analytics documentation for detailed guidance on querying and analyzing monitoring data.
Next steps
In this tutorial, you monitored your Kubernetes cluster with Log Analytics. Tasks covered included:
- Get Log Analytics Workspace settings
- Set up Log Analytics agents on the Kubernetes nodes
- Access monitoring information in the Log Analytics portal or Azure portal
Follow this link to see pre-built script samples for Container Service.