(DEPRECATED) Monitor a Kubernetes cluster with Log Analytics


For the updated version this tutorial that uses Azure Kubernetes Service, see Azure Monitor for containers (Preview) overview.


The Azure Container Service (ACS) is being deprecated. No new features or functionality are being added to ACS. All of the APIs, portal experience, CLI commands and documentation are marked as deprecated.

In 2017, we introduced Azure Kubernetes Service (AKS) for simplifying Kubernetes management, deployment, and operations. If you use the Kubernetes orchestrator, please migrate to AKS by January 31, 2020. To get started, see migrate to Azure Kubernetes Service.

For more information, see the Azure Container Service deprecation announcement on Azure.com.

Monitoring your Kubernetes cluster and containers is critical, especially when you manage a production cluster at scale with multiple apps.

You can take advantage of several Kubernetes monitoring solutions, either from Microsoft or other providers. In this tutorial, you monitor your Kubernetes cluster by using the Containers solution in Log Analytics, Microsoft's cloud-based IT management solution. (The Containers solution is in preview.)

This tutorial, part seven of seven, covers the following tasks:

  • Get Log Analytics Workspace settings
  • Set up Log Analytics agents on the Kubernetes nodes
  • Access monitoring information in the Log Analytics portal or Azure portal

Before you begin

In previous tutorials, an application was packaged into container images, these images uploaded to Azure Container Registry, and a Kubernetes cluster created.

If you have not done these steps, and would like to follow along, return to Tutorial 1 – Create container images.

Get Workspace settings

When you can access the Log Analytics portal, go to Settings > Connected Sources > Linux Servers. There, you can find the Workspace ID and a primary or secondary Workspace Key. Take note of these values, which you need to set up Log Analytics agents on the cluster.

Create Kubernetes secret

Store the Log Analytics workspace settings in a Kubernetes secret named omsagent-secret using the [kubectl create secret][kubectl-create-secret] command. Update WORKSPACE_ID with your Log Analytics workspace ID and WORKSPACE_KEY with the workspace key.

kubectl create secret generic omsagent-secret --from-literal=WSID=WORKSPACE_ID --from-literal=KEY=WORKSPACE_KEY

Set up Log Analytics agents

The following Kubernetes manifest file can be used to configure the container monitoring agents on a Kubernetes cluster. It creates a Kubernetes DaemonSet, which runs a single identical pod on each cluster node.

Save the following text to a file named oms-daemonset.yaml.

apiVersion: extensions/v1beta1
kind: DaemonSet
 name: omsagent
    app: omsagent
    agentVersion: 1.4.3-174
    dockerProviderVersion: 1.0.0-30
     - name: omsagent
       image: "microsoft/oms"
       imagePullPolicy: Always
         privileged: true
       - containerPort: 25225
         protocol: TCP
       - containerPort: 25224
         protocol: UDP
        - mountPath: /var/run/docker.sock
          name: docker-sock
        - mountPath: /var/log
          name: host-log
        - mountPath: /etc/omsagent-secret
          name: omsagent-secret
          readOnly: true
        - mountPath: /var/lib/docker/containers
          name: containerlog-path
         - /bin/bash
         - -c
         - ps -ef | grep omsagent | grep -v "grep"
        initialDelaySeconds: 60
        periodSeconds: 60
    beta.kubernetes.io/os: linux
   # Tolerate a NoSchedule taint on master that ACS Engine sets.
    - key: "node-role.kubernetes.io/master"
      operator: "Equal"
      value: "true"
      effect: "NoSchedule"
    - name: docker-sock
       path: /var/run/docker.sock
    - name: host-log
       path: /var/log
    - name: omsagent-secret
       secretName: omsagent-secret
    - name: containerlog-path
       path: /var/lib/docker/containers

Create the DaemonSet with the following command:

kubectl create -f oms-daemonset.yaml

To see that the DaemonSet is created, run:

kubectl get daemonset

Output is similar to the following:

omsagent   3         3         3         0            3           <none>          5m

After the agents are running, it takes several minutes for Log Analytics to ingest and process the data.

Access monitoring data

View and analyze the container monitoring data with the Container solution in either the Log Analytics portal or the Azure portal.

To install the Container solution using the Log Analytics portal, go to Solutions Gallery. Then add Container Solution. Alternatively, add the Containers solution from the Azure Marketplace.

In the Log Analytics portal, look for a Containers summary tile on the dashboard. Click the tile for details including: container events, errors, status, image inventory, and CPU and memory usage. For more granular information, click a row on any tile, or perform a log search.

Containers dashboard in Azure portal

Similarly, in the Azure portal, go to Log Analytics and select your workspace name. To see the Containers summary tile, click Solutions > Containers. To see details, click the tile.

See the Azure Log Analytics documentation for detailed guidance on querying and analyzing monitoring data.

Next steps

In this tutorial, you monitored your Kubernetes cluster with Log Analytics. Tasks covered included:

  • Get Log Analytics Workspace settings
  • Set up Log Analytics agents on the Kubernetes nodes
  • Access monitoring information in the Log Analytics portal or Azure portal

Follow this link to see pre-built script samples for Container Service.