(DEPRECATED) Monitor an Azure Container Service cluster with Log Analytics

Tip

For the updated version this article that uses Azure Kubernetes Service, see Azure Monitor for containers.

Warning

The Azure Container Service (ACS) is being deprecated. No new features or functionality are being added to ACS. All of the APIs, portal experience, CLI commands and documentation are marked as deprecated.

In 2017, we introduced Azure Kubernetes Service (AKS) for simplifying Kubernetes management, deployment, and operations. If you use the Kubernetes orchestrator, please migrate to AKS by January 31, 2020. To get started, see migrate to Azure Kubernetes Service.

For more information, see the Azure Container Service deprecation announcement on Azure.com.

Prerequisites

This walkthrough assumes that you have created a Kubernetes cluster using Azure Container Service.

It also assumes that you have the az Azure cli and kubectl tools installed.

You can test if you have the az tool installed by running:

az --version

If you don't have the az tool installed, there are instructions here. Alternatively, you can use Azure Cloud Shell, which has the az Azure cli and kubectl tools already installed for you.

You can test if you have the kubectl tool installed by running:

kubectl version

If you don't have kubectl installed, you can run:

az acs kubernetes install-cli

To test if you have kubernetes keys installed in your kubectl tool you can run:

kubectl get nodes

If the above command errors out, you need to install kubernetes cluster keys into your kubectl tool. You can do that with the following command:

RESOURCE_GROUP=my-resource-group
CLUSTER_NAME=my-acs-name
az acs kubernetes get-credentials --resource-group=$RESOURCE_GROUP --name=$CLUSTER_NAME

Monitoring Containers with Log Analytics

Log Analytics is Microsoft's cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. Container Solution is a solution in Log Analytics, which helps you view the container inventory, performance, and logs in a single location. You can audit, troubleshoot containers by viewing the logs in centralized location, and find noisy consuming excess container on a host.

For more information about Container Solution, please refer to the Container Solution Log Analytics.

Installing Log Analytics on Kubernetes

Obtain your workspace ID and key

For the Log Analytics agent to talk to the service it needs to be configured with a workspace ID and a workspace key. To get the workspace ID and key you need to create an account at https://mms.microsoft.com. Please follow the steps to create an account. Once you are done creating the account, you can obtain your ID and key by clicking on the Log Analytics blade, then the name of your workspace. Then, under Advanced Settings, Connected Sources, and then Linux Servers, you will find the information you need, as shown below.

Install the Log Analytics agent using a DaemonSet

DaemonSets are used by Kubernetes to run a single instance of a container on each host in the cluster. They're perfect for running monitoring agents.

Here is the DaemonSet YAML file. Save it to a file named oms-daemonset.yaml and replace the place-holder values for WSID and KEY with your workspace ID and key in the file.

Once you have added your workspace ID and key to the DaemonSet configuration, you can install the Log Analytics agent on your cluster with the kubectl command-line tool:

kubectl create -f oms-daemonset.yaml

Installing the Log Analytics agent using a Kubernetes Secret

To protect your Log Analytics workspace ID and key you can use Kubernetes Secret as a part of DaemonSet YAML file.

• Copy the script, secret template file, and the DaemonSet YAML file (from repository) and make sure they are on the same directory.

  • secret generating script - secret-gen.sh
  • secret template - secret-template.yaml
    • DaemonSet YAML file - omsagent-ds-secrets.yaml

• Run the script. The script will ask for the Log Analytics Workspace ID and Primary Key. Insert that and the script will create a secret yaml file so you can run it.

  sudo bash ./secret-gen.sh
  

  • Create the secrets pod by running the following:

    kubectl create -f omsagentsecret.yaml
    

  • To check, run the following:

  kubectl get secrets
  

  NAME                  TYPE                                  DATA      AGE
  default-token-gvl91   kubernetes.io/service-account-token   3         50d
  omsagent-secret       Opaque                                2         1d
  root@ubuntu16-13db:~# kubectl describe secrets omsagent-secret
  Name:           omsagent-secret
  Namespace:      default
  Labels:         <none>
  Annotations:    <none>
  
  Type:   Opaque
  
  Data
  ====
  WSID:   36 bytes
  KEY:    88 bytes
  

  • Create your omsagent daemon-set by running the following:

  kubectl create -f omsagent-ds-secrets.yaml
  

Conclusion

That's it! After a few minutes, you should be able to see data flowing to your Log Analytics dashboard.