Azure Monitor 中的容器监视解决方案Container Monitoring solution in Azure Monitor

容器符号

本文介绍如何设置和使用 Azure Monitor 中的容器监视解决方案,它可以帮助用户在单个位置查看和管理 Docker 和 Windows 容器主机。This article describes how to set up and use the Container Monitoring solution in Azure Monitor, which helps you view and manage your Docker and Windows container hosts in a single location. Docker 是一种软件虚拟化系统,用于创建自动将软件部署到其 IT 基础结构的容器。Docker is a software virtualization system used to create containers that automate software deployment to their IT infrastructure.

备注

本文最近已更新,从使用术语“Log Analytics”改为使用术语“Azure Monitor 日志”。This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. 日志数据仍然存储在 Log Analytics 工作区中,并仍然由同一 Log Analytics 服务收集并分析。Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. 我们正在更新术语,以便更好地反映 Azure Monitor 中日志的角色。We are updating the terminology to better reflect the role of logs in Azure Monitor. 有关详细信息,请参阅 Azure Monitor 术语更改See Azure Monitor terminology changes for details.

解决方案显示哪些容器正在运行,它们正在运行哪些容器映像以及正在运行容器的位置。The solution shows which containers are running, what container image they’re running, and where containers are running. 可以查看详细审核信息,它显示了与容器一起使用的命令。You can view detailed audit information showing commands used with containers. 并且,用户可以通过查看和搜索集中式日志来排查容器问题,而无需远程查看 Docker 或 Windows 主机。And, you can troubleshoot containers by viewing and searching centralized logs without having to remotely view Docker or Windows hosts. 可以在主机上找到可能具有干扰性并且占用过多资源的容器。You can find containers that may be noisy and consuming excess resources on a host. 并且,可以查看容器的集中式 CPU、内存、存储器、网络使用情况和性能信息。And, you can view centralized CPU, memory, storage, and network usage and performance information for containers. 在运行 Windows 的计算机上,可以集中比较 Windows Server、Hyper-V 和 Docker 容器中的日志。On computers running Windows, you can centralize and compare logs from Windows Server, Hyper-V, and Docker containers. 解决方案支持以下容器 Orchestrator:The solution supports the following container orchestrators:

  • Docker SwarmDocker Swarm
  • DC/OSDC/OS
  • KubernetesKubernetes
  • Service FabricService Fabric
  • Red Hat OpenShiftRed Hat OpenShift

如果在 Azure Service Fabric 中部署了容器,则建议同时启用 Service Fabric 解决方案和此解决方案,以包括对群集事件的监视。If you have containers deployed in Azure Service Fabric, we recommend enabling both the Service Fabric solution and this solution to include monitoring of cluster events. 在启用 Service Fabric 解决方案之前,请查看使用 Service Fabric 解决方案,了解它所提供的内容以及如何使用它。Before enabling the Service Fabric solution, review Using the Service Fabric solution to understand what it provides and how to use it.

若要监视部署到 Kubernetes 环境的工作负荷的性能,而该环境托管在 Azure Kubernetes 服务 (AKS) 上,请参阅监视 Azure Kubernetes 服务If you are interested in monitoring the performance of your workloads deployed to Kubernetes environments hosted on Azure Kubernetes Service (AKS), see Monitor Azure Kubernetes Service. 容器监视解决方案不支持监视该平台。The Container Monitoring solution does not support monitoring that platform.

下图显示了 Azure Monitor 中各种容器主机和代理之间的关系。The following diagram shows the relationships between various container hosts and agents with Azure Monitor.

容器关系图

系统要求和支持的平台System requirements and supported platforms

开始之前,请查看以下详细信息来验证是否满足先决条件。Before starting, review the following details to verify you meet the prerequisites.

Docker Orchestrator 和 OS 平台的容器监视解决方案支持Container monitoring solution support for Docker Orchestrator and OS platform

下表概括了 Azure Monitor 中容器清单、性能和日志的 Docker 业务流程和操作系统监视支持。The following table outlines the Docker orchestration and operating system monitoring support of container inventory, performance, and logs with Azure Monitor.

Docker 业务流程Docker Orchestration ACSACS LinuxLinux WindowsWindows 容器Container
库存Inventory
映像Image
库存Inventory
节点Node
库存Inventory
容器Container
性能Performance
容器Container
事件Event
事件Event
日志Log
容器Container
日志Log
KubernetesKubernetes
MesosphereMesosphere
DC/OSDC/OS
DockerDocker
SwarmSwarm
服务Service
FabricFabric
Red Hat OpenRed Hat Open
移位Shift
Windows ServerWindows Server
(独立)(standalone)
Linux ServerLinux Server
(独立)(standalone)

Linux 上支持的 Docker 版本Docker versions supported on Linux

  • Docker 1.11 到 Docker 1.13Docker 1.11 to 1.13
  • Docker CE 和 EE v17.06Docker CE and EE v17.06

支持用作容器主机的 x64 Linux 分发x64 Linux distributions supported as container hosts

  • Ubuntu 14.04 LTS 和 16.04 LTSUbuntu 14.04 LTS and 16.04 LTS
  • CoreOS(stable)CoreOS(stable)
  • Amazon Linux 2016.09.0Amazon Linux 2016.09.0
  • openSUSE 13.2openSUSE 13.2
  • openSUSE LEAP 42.2openSUSE LEAP 42.2
  • CentOS 7.2 和 7.3CentOS 7.2 and 7.3
  • SLES 12SLES 12
  • RHEL 7.2 和 7.3RHEL 7.2 and 7.3
  • Red Hat OpenShift 容器平台 (OCP) 3.4 和 3.5Red Hat OpenShift Container Platform (OCP) 3.4 and 3.5
  • ACS Mesosphere DC/OS 1.7.3 到 1.8.8ACS Mesosphere DC/OS 1.7.3 to 1.8.8
  • ACS Kubernetes 1.4.5 到 1.6ACS Kubernetes 1.4.5 to 1.6
    • 仅版本 1.4.1-45 和更高版本的适用于 Linux 的 Log Analytics 代理支持 Kubernetes 事件、Kubernetes 清单和容器进程Kubernetes events, Kubernetes inventory, and container processes are only supported with version 1.4.1-45 and later of the Log Analytics agent for Linux
  • ACS Docker SwarmACS Docker Swarm

备注

从 Microsoft Operations Management Suite (OMS) 过渡到 Azure Monitor 期间,Windows 或 Linux 的 OMS 代理称为 Windows 或 Linux 的 Log Analytics 代理。As part of the ongoing transition from Microsoft Operations Management Suite (OMS) to Azure Monitor, the OMS Agent for Windows or Linux will be referred to as the Log Analytics agent for Windows and Log Analytics agent for Linux.

支持的 Windows 操作系统Supported Windows operating system

  • Windows Server 2016Windows Server 2016
  • Windows 10 周年版(专业版或企业版)Windows 10 Anniversary Edition (Professional or Enterprise)

Windows 上支持的 Docker 版本Docker versions supported on Windows

  • Docker 1.12 和 1.13Docker 1.12 and 1.13
  • Docker 17.03.0 及更高版本Docker 17.03.0 and later

安装和配置解决方案Installing and configuring the solution

使用以下信息安装和配置解决方案。Use the following information to install and configure the solution.

  1. 通过 Azure 市场从解决方案库中添加监视解决方案中所述的过程,将容器监视解决方案添加到 Log Analytics 工作区。Add the Container Monitoring solution to your Log Analytics workspace from Azure marketplace or by using the process described in Add monitoring solutions from the Solutions Gallery.

  2. 安装和使用包含 Log Analytics 代理的 Docker。Install and use Docker with a Log Analytics agent. 根据所用操作系统和 Docker Ochestrator,可使用下列方法来配置代理。Based on your operating system and Docker orchestrator, you can use the following methods to configure your agent.

请参阅 Windows 上的 Docker 引擎一文,详细了解如何在运行 Windows 的计算机上安装和配置 Docker 引擎。Review the Docker Engine on Windows article for additional information about how to install and configure your Docker Engines on computers running Windows.

重要

在容器主机上安装适用于 Linux 的 Log Analytics 代理之前,主机上必须运行 Docker。Docker must be running before you install the Log Analytics agent for Linux on your container hosts. 如果在安装 Docker 之前已经安装了代理,则需要重新安装适用于 Linux 的 Log Analytics 代理。If you've already installed the agent before installing Docker, you need to reinstall the Log Analytics agent for Linux. 有关 Docker 的详细信息,请参阅 Docker 网站For more information about Docker, see the Docker website.

安装和配置 Linux 容器主机Install and configure Linux container hosts

安装 Docker 之后,请使用以下容器主机设置来配置代理以供 Docker 使用。After you've installed Docker, use the following settings for your container host to configure the agent for use with Docker. 首先,需要 Log Analytics 工作区 ID 和密钥,可在 Azure 门户中找到它们。First you need your Log Analytics workspace ID and key, which you can find in the Azure portal. 在工作区中,单击“快速启动” > “计算机”,查看工作区 ID和主键 。In your workspace, click Quick Start > Computers to view your Workspace ID and Primary Key. 将它们复制并粘贴到喜爱的编辑器中。Copy and paste both into your favorite editor.

对于除了 CoreOS 之外的所有 Linux 容器主机:****For all Linux container hosts except CoreOS:

对于包括 CoreOS 在内的所有 Linux 容器主机:For all Linux container hosts including CoreOS:

启动要监视的容器。Start the container that you want to monitor. 修改并使用以下示例:Modify and use the following example:

sudo docker run --privileged -d -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/containers:/var/lib/docker/containers -e WSID="your workspace id" -e KEY="your key" -h=`hostname` -p 127.0.0.1:25225:25225 --name="omsagent" --restart=always microsoft/oms

从使用已安装的 Linux 代理切换为使用容器中的 Linux 代理 Switching from using an installed Linux agent to one in a container

如果以前使用直接安装的代理,并且想要改为使用容器中运行的代理,则必须首先删除适用于 Linux 的 Log Analytics 代理。If you previously used the directly-installed agent and want to instead use an agent running in a container, you must first remove the Log Analytics agent for Linux. 请参阅卸载适用于 Linux 的 Log Analytics 代理,了解如何成功卸载代理。See Uninstalling the Log Analytics agent for Linux to understand how to successfully uninstall the agent.

配置适用于 Docker Swarm 的 Log Analytics 代理Configure a Log Analytics agent for Docker Swarm

可以在 Docker Swarm 中运行 Log Analytics 代理作为全局服务。You can run the Log Analytics agent as a global service on Docker Swarm. 使用以下信息创建 Log Analytics 代理服务。Use the following information to create a Log Analytics agent service. 需提供 Log Analytics 工作区 ID 和主键。You need to provide your Log Analytics Workspace ID and Primary Key.

  • 在主节点上运行以下命令。Run the following on the master node.

    sudo docker service create  --name omsagent --mode global  --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock --mount type=bind,source=/var/lib/docker/containers,destination=/var/lib/docker/containers -e WSID="<WORKSPACE ID>" -e KEY="<PRIMARY KEY>" -p 25225:25225 -p 25224:25224/udp  --restart-condition=on-failure microsoft/oms
    
保护 Docker Swarm 的机密Secure secrets for Docker Swarm

对于 Docker Swarm,一旦创建工作区 ID 的机密和主键,请使用下列信息来创建机密信息。For Docker Swarm, once the secret for Workspace ID and Primary Key is created, use the following information to create your secret information.

  1. 在主节点上运行以下命令。Run the following on the master node.

    echo "WSID" | docker secret create WSID -
    echo "KEY" | docker secret create KEY -
    
  2. 验证机密是否已正确创建。Verify that secrets were created properly.

    keiko@swarmm-master-13957614-0:/run# sudo docker secret ls
    
    ID                          NAME                CREATED             UPDATED
    j2fj153zxy91j8zbcitnjxjiv   WSID                43 minutes ago      43 minutes ago
    l9rh3n987g9c45zffuxdxetd9   KEY                 38 minutes ago      38 minutes ago
    
  3. 运行以下命令将机密装载到容器化 Log Analytics 代理。Run the following command to mount the secrets to the containerized Log Analytics agent.

    sudo docker service create  --name omsagent --mode global  --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock --mount type=bind,source=/var/lib/docker/containers,destination=/var/lib/docker/containers --secret source=WSID,target=WSID --secret source=KEY,target=KEY  -p 25225:25225 -p 25224:25224/udp --restart-condition=on-failure microsoft/oms
    

配置适用于 Red Hat OpenShift 的 Log Analytics 代理Configure a Log Analytics agent for Red Hat OpenShift

可通过三种方法将 Log Analytics 代理添加到 Red Hat OpenShift,以开始收集容器监视数据。There are three ways to add the Log Analytics agent to Red Hat OpenShift to start collecting container monitoring data.

本部分介绍安装 Log Analytics 代理作为 OpenShift daemon-set 需要执行的步骤。In this section we cover the steps required to install the Log Analytics agent as an OpenShift daemon-set.

  1. 登录到 OpenShift 主节点,从 GitHub 将 yaml 文件 ocp-omsagent.yaml 复制到主节点,并使用 Log Analytics 工作区 ID 和主键修改值。Sign on to the OpenShift master node and copy the yaml file ocp-omsagent.yaml from GitHub to your master node and modify the value with your Log Analytics Workspace ID and with your Primary Key.

  2. 运行以下命令,为 Azure Monitor 创建项目并设置用户帐户。Run the following commands to create a project for Azure Monitor and set the user account.

    oc adm new-project omslogging --node-selector='zone=default'
    oc project omslogging  
    oc create serviceaccount omsagent  
    oc adm policy add-cluster-role-to-user cluster-reader   system:serviceaccount:omslogging:omsagent  
    oc adm policy add-scc-to-user privileged system:serviceaccount:omslogging:omsagent  
    
  3. 若要部署 daemon-set,请运行以下命令:To deploy the daemon-set, run the following:

    oc create -f ocp-omsagent.yaml

  4. 若要验证其配置和运行是否正确,请键入以下命令:To verify it is configured and working correctly, type the following:

    oc describe daemonset omsagent

    输出应类似于:and the output should resemble:

    [ocpadmin@khm-0 ~]$ oc describe ds oms  
    Name:           oms  
    Image(s):       microsoft/oms  
    Selector:       name=omsagent  
    Node-Selector:  zone=default  
    Labels:         agentVersion=1.4.0-12  
                    dockerProviderVersion=10.0.0-25  
                    name=omsagent  
    Desired Number of Nodes Scheduled: 3  
    Current Number of Nodes Scheduled: 3  
    Number of Nodes Misscheduled: 0  
    Pods Status:    3 Running / 0 Waiting / 0 Succeeded / 0 Failed  
    No events.  
    

在使用 Log Analytics 代理 daemon-set yaml 文件时,若要使用机密来保护 Log Analytics 工作区 ID 和主键,请执行以下步骤。If you want to use secrets to secure your Log Analytics Workspace ID and Primary Key when using the Log Analytics agent daemon-set yaml file, perform the following steps.

  1. 登录到 OpenShift 主节点并从 GitHub 复制 yaml 文件 ocp-ds-omsagent.yaml 和机密生成脚本 ocp-secretgen.shSign on to the OpenShift master node and copy the yaml file ocp-ds-omsagent.yaml and secret generating script ocp-secretgen.sh from GitHub. 该脚本将为 Log Analytics 工作区 ID 和主键生成机密 yaml 文件,用于保护机密信息。This script will generate the secrets yaml file for Log Analytics Workspace ID and Primary Key to secure your secrete information.

  2. 运行以下命令,为 Azure Monitor 创建项目并设置用户帐户。Run the following commands to create a project for Azure Monitor and set the user account. 机密生成脚本需要 Log Analytics 工作区 ID <WSID> 和主键 <KEY>,并且会在完成时创建 ocp-secret.yaml 文件。The secret generating script asks for your Log Analytics Workspace ID <WSID> and Primary Key <KEY> and upon completion, it creates the ocp-secret.yaml file.

    oc adm new-project omslogging --node-selector='zone=default'  
    oc project omslogging  
    oc create serviceaccount omsagent  
    oc adm policy add-cluster-role-to-user cluster-reader   system:serviceaccount:omslogging:omsagent  
    oc adm policy add-scc-to-user privileged system:serviceaccount:omslogging:omsagent  
    
  3. 通过运行以下命令部署机密文件:Deploy the secret file by running the following:

    oc create -f ocp-secret.yaml

  4. 通过运行以下命令验证部署:Verify deployment by running the following:

    oc describe secret omsagent-secret

    输出应类似于:and the output should resemble:

    [ocpadmin@khocp-master-0 ~]$ oc describe secret omsagent-secret  
    Name:           omsagent-secret  
    Namespace:      omslogging  
    Labels:         <none>  
    Annotations:    <none>  
    
    Type:   Opaque  
    
    Data  
    ====  
    KEY:    89 bytes  
    WSID:   37 bytes  
    
  5. 通过运行以下命令部署 Log Analytics 代理 daemon-set yaml 文件:Deploy the Log Analytics agent daemon-set yaml file by running the following:

    oc create -f ocp-ds-omsagent.yaml

  6. 通过运行以下命令验证部署:Verify deployment by running the following:

    oc describe ds oms

    输出应类似于:and the output should resemble:

    [ocpadmin@khocp-master-0 ~]$ oc describe ds oms  
    Name:           oms  
    Image(s):       microsoft/oms  
    Selector:       name=omsagent  
    Node-Selector:  zone=default  
    Labels:         agentVersion=1.4.0-12  
                    dockerProviderVersion=10.0.0-25  
                    name=omsagent  
    Desired Number of Nodes Scheduled: 3  
    Current Number of Nodes Scheduled: 3  
    Number of Nodes Misscheduled: 0  
    Pods Status:    3 Running / 0 Waiting / 0 Succeeded / 0 Failed  
    No events.  
    

配置适用于 Kubernetes 的 Log Analytics Linux 代理Configure a Log Analytics Linux agent for Kubernetes

对于 Kubernetes,使用脚本为工作区 ID 和主密钥生成机密 yaml 文件,以便安装适用于 Linux 的 Log Analytics 代理。For Kubernetes, you use a script to generate the secrets yaml file for your Workspace ID and Primary Key to install the Log Analytics agent for Linux. Log Analytics Docker Kubernetes GitHub 页上,存在你可以对其使用或不使用机密信息的文件。At the Log Analytics Docker Kubernetes GitHub page, there are files that you can use with or without your secret information.

  • 默认适用于 Linux 的 Log Analytics 代理 DaemonSet 没有机密信息 (omsagent.yaml)The Default Log Analytics agent for Linux DaemonSet does not have secret information (omsagent.yaml)
  • 适用于 Linux 的 Log Analytics 代理 DaemonSet yaml 文件使用机密信息 (omsagent-ds-secrets.yaml) 与机密生成脚本生成机密 yaml (omsagentsecret.yaml) 文件。The Log Analytics agent for Linux DaemonSet yaml file uses secret information (omsagent-ds-secrets.yaml) with secret generation scripts to generate the secrets yaml (omsagentsecret.yaml) file.

可以选择创建包含或不包含机密的 omsagent DaemonSet。You can choose to create omsagent DaemonSets with or without secrets.

不包含机密的默认 OMSagent DaemonSet yaml 文件 Default OMSagent DaemonSet yaml file without secrets

  • 对于默认 Log Analytics 代理 DaemonSet yaml 文件,将 <WSID><KEY> 分别替换为 WSID 和 KEY。For the default Log Analytics agent DaemonSet yaml file, replace the <WSID> and <KEY> to your WSID and KEY. 将文件复制到主节点并运行以下命令:Copy the file to your master node and run the following:

    sudo kubectl create -f omsagent.yaml
    

包含机密的默认 OMSagent DaemonSet yaml 文件 Default OMSagent DaemonSet yaml file with secrets

  1. 若要使用包含机密信息的 Log Analytics 代理 DaemonSet,请先创建机密。To use Log Analytics agent DaemonSet using secret information, create the secrets first.

    1. 复制脚本和机密模板文件,并确保它们位于同一目录中。Copy the script and secret template file and make sure they are on the same directory.

      • 生成机密的脚本 - secret-gen.shSecret generating script - secret-gen.sh
      • 机密模板 - secret-template.yamlsecret template - secret-template.yaml
    2. 运行脚本,如下例所示。Run the script, like the following example. 脚本会要求你输入 Log Analytics 工作区 ID 和主密钥,而在你输入这些值后,脚本会创建一个可运行的机密 .yaml 文件。The script asks for the Log Analytics Workspace ID and Primary Key and after you enter them, the script creates a secret yaml file so you can run it.

      #> sudo bash ./secret-gen.sh
      
    3. 通过运行以下命令创建机密 Pod:Create the secrets pod by running the following:

      sudo kubectl create -f omsagentsecret.yaml
      
    4. 若要验证,请运行以下命令:To verify, run the following:

      keiko@ubuntu16-13db:~# sudo kubectl get secrets
      

      输出应类似于:Output should resemble:

      NAME                  TYPE                                  DATA      AGE
      default-token-gvl91   kubernetes.io/service-account-token   3         50d
      omsagent-secret       Opaque                                2         1d
      
      keiko@ubuntu16-13db:~# sudo kubectl describe secrets omsagent-secret
      

      输出应类似于:Output should resemble:

      Name:           omsagent-secret
      Namespace:      default
      Labels:         <none>
      Annotations:    <none>
      
      Type:   Opaque
      
      Data
      ====
      WSID:   36 bytes
      KEY:    88 bytes
      
    5. 通过运行 sudo kubectl create -f omsagent-ds-secrets.yaml 创建 omsagent daemon-setCreate your omsagent daemon-set by running sudo kubectl create -f omsagent-ds-secrets.yaml

  2. 验证 Log Analytics 代理 DaemonSet 是否正在运行,命令如下:Verify that the Log Analytics agent DaemonSet is running, similar to the following:

    keiko@ubuntu16-13db:~# sudo kubectl get ds omsagent
    
    NAME       DESIRED   CURRENT   NODE-SELECTOR   AGE
    omsagent   3         3         <none>          1h
    

对于 Kubernetes,使用脚本为适用于 Linux 的 Log Analytics 代理的工作区 ID 和主密钥生成机密 yaml 文件。For Kubernetes, use a script to generate the secrets yaml file for Workspace ID and Primary Key for the Log Analytics agent for Linux. 将以下示例信息与 omsagent yaml 文件配合使用来保护机密信息。Use the following example information with the omsagent yaml file to secure your secret information.

keiko@ubuntu16-13db:~# sudo kubectl describe secrets omsagent-secret
Name:           omsagent-secret
Namespace:      default
Labels:         <none>
Annotations:    <none>

Type:   Opaque

Data
====
WSID:   36 bytes
KEY:    88 bytes

配置适用于 Kubernetes 的 Log Analytics Windows 代理Configure a Log Analytics Windows agent for Kubernetes

对于 Windows Kubernetes,使用脚本为工作区 ID 和主密钥生成机密 yaml 文件,以便安装 Log Analytics 代理。For Windows Kubernetes, you use a script to generate the secrets yaml file for your Workspace ID and Primary Key to install the Log Analytics agent. Log Analytics Docker Kubernetes GitHub 页上,存在你可以对其使用机密信息的文件。At the Log Analytics Docker Kubernetes GitHub page, there are files that you can use with your secret information. 需要分别为主节点和代理节点安装 Log Analytics 代理。You need to install the Log Analytics agent separately for the master and agent nodes.

  1. 若要在主节点上使用包含机密信息的 Log Analytics 代理 DaemonSet,请先登录并创建机密。To use Log Analytics agent DaemonSet using secret information on the Master node, sign in and create the secrets first.

    1. 复制脚本和机密模板文件,并确保它们位于同一目录中。Copy the script and secret template file and make sure they are on the same directory.

      • 生成机密的脚本 - secret-gen.shSecret generating script - secret-gen.sh
      • 机密模板 - secret-template.yamlsecret template - secret-template.yaml
    2. 运行脚本,如下例所示。Run the script, like the following example. 脚本会要求你输入 Log Analytics 工作区 ID 和主密钥,而在你输入这些值后,脚本会创建一个可运行的机密 .yaml 文件。The script asks for the Log Analytics Workspace ID and Primary Key and after you enter them, the script creates a secret yaml file so you can run it.

      #> sudo bash ./secret-gen.sh
      
    3. 通过运行 kubectl create -f omsagentsecret.yaml 创建 omsagent daemon-setCreate your omsagent daemon-set by running kubectl create -f omsagentsecret.yaml

    4. 若要检查,请运行以下命令:To check, run the following:

      root@ubuntu16-13db:~# kubectl get secrets
      

      输出应类似于:Output should resemble:

      NAME                  TYPE                                  DATA      AGE
      default-token-gvl91   kubernetes.io/service-account-token   3         50d
      omsagent-secret       Opaque                                2         1d
      root@ubuntu16-13db:~# kubectl describe secrets omsagent-secret
      Name:           omsagent-secret
      Namespace:      default
      Labels:         <none>
      Annotations:    <none>
      
      Type:   Opaque
      
      Data
      ====
      WSID:   36 bytes
      KEY:    88 bytes
      
    5. 通过运行 kubectl create -f ws-omsagent-de-secrets.yaml 创建 omsagent daemon-setCreate your omsagent daemon-set by running kubectl create -f ws-omsagent-de-secrets.yaml

  2. 验证 Log Analytics 代理 DaemonSet 是否正在运行,命令如下:Verify that the Log Analytics agent DaemonSet is running, similar to the following:

    root@ubuntu16-13db:~# kubectl get deployment omsagent
    NAME       DESIRED   CURRENT   NODE-SELECTOR   AGE
    omsagent   1         1         <none>          1h
    
  3. 若要在运行 Windows 的工作节点上安装代理,请按照安装和配置 Windows 容器主机部分中的步骤进行操作。To install the agent on the Worker Node, which are running Windows, follow the steps in the section install and configure Windows container hosts.

使用 Helm 在 Linux Kubernetes 上部署 Log Analytics 代理Use Helm to deploy Log Analytics agent on Linux Kubernetes

若要使用 helm 在 Linux Kubernetes 环境上部署 Log Analytics 代理,请执行以下步骤。To use helm to deploy Log Analytics agent on your Linux Kubernetes environment, perform the following steps.

  1. 通过运行 helm install --name omsagent --set omsagent.secret.wsid=<WSID>,omsagent.secret.key=<KEY> stable/msoms 创建 omsagent daemon-setCreate your omsagent daemon-set by running helm install --name omsagent --set omsagent.secret.wsid=<WSID>,omsagent.secret.key=<KEY> stable/msoms

  2. 结果将与以下内容类似:The results will look similar to the following:

    NAME:   omsagent
    LAST DEPLOYED: Tue Sep 19 20:37:46 2017
    NAMESPACE: default
    STATUS: DEPLOYED
    
    RESOURCES:
    ==> v1/Secret
    NAME            TYPE    DATA  AGE
    omsagent-msoms  Opaque  3     3s
    
    ==> v1beta1/DaemonSet
    NAME            DESIRED  CURRENT  READY  UP-TO-DATE  AVAILABLE  NODE-SELECTOR  AGE
    omsagent-msoms  3        3        3      3           3          <none>         3s
    
  3. 可以通过运行 helm status "omsagent" 来查看 omsagent 的状态,输出将与以下内容类似:You can check the status of the omsagent by running: helm status "omsagent" and the output will look similar to the following:

    keiko@k8s-master-3814F33-0:~$ helm status omsagent
    LAST DEPLOYED: Tue Sep 19 20:37:46 2017
    NAMESPACE: default
    STATUS: DEPLOYED
    
    RESOURCES:
    ==> v1/Secret
    NAME            TYPE    DATA  AGE
    omsagent-msoms  Opaque  3     17m
    
    ==> v1beta1/DaemonSet
    NAME            DESIRED  CURRENT  READY  UP-TO-DATE  AVAILABLE  NODE-SELECTOR  AGE
    omsagent-msoms  3        3        3      3           3          <none>         17m
    

    有关更多信息,请访问容器解决方案 Helm 图表For further information, please visit Container Solution Helm Chart.

安装并配置 Windows 容器主机Install and configure Windows container hosts

使用本部分中信息来安装并配置 Windows 容器主机。Use the information in section to install and configure Windows container hosts.

安装 Windows 代理之前的准备Preparation before installing Windows agents

在运行 Windows 的计算机上安装代理之前,需配置 Docker 服务。Before you install agents on computers running Windows, you need to configure the Docker service. 配置允许 Windows 代理或 Azure Monitor 虚拟机扩展使用 Docker TCP 套接字,因此代理能够远程访问 Docker 守护程序并捕获用于监视的数据。The configuration allows the Windows agent or the Azure Monitor virtual machine extension to use the Docker TCP socket so that the agents can access the Docker daemon remotely and to capture data for monitoring.

配置 Docker 服务的步骤To configure the Docker service

执行以下 PowerShell 命令,为 Windows Server 启用 TCP 管道和命名的管道:Perform the following PowerShell commands to enable TCP pipe and named pipe for Windows Server:

Stop-Service docker
dockerd --unregister-service
dockerd --register-service -H npipe:// -H 0.0.0.0:2375  
Start-Service docker

若要详细了解用于 Windows 容器的 Docker 守护程序配置,请参阅 Windows 上的 Docker 引擎For more information about the Docker daemon configuration used with Windows Containers, see Docker Engine on Windows.

安装 Windows 代理Install Windows agents

若要启用 Windows 和 Hyper-V 容器监视,请在属于容器主机的 Windows 计算机上安装 Microsoft Monitoring Agent (MMA)。To enable Windows and Hyper-V container monitoring, install the Microsoft Monitoring Agent (MMA) on Windows computers that are container hosts. 要了解在本地环境中运行 Windows 的计算机,请参阅将 Windows 计算机连接到 Azure MonitorFor computers running Windows in your on-premises environment, see Connect Windows computers to Azure Monitor. 为使虚拟机在 Azure 中运行,请使用虚拟机扩展将其连接到 Azure Monitor。For virtual machines running in Azure, connect them to Azure Monitor using the virtual machine extension.

可以监视在 Service Fabric 上运行的 Windows 容器。You can monitor Windows containers running on Service Fabric. 但是,目前 Service Fabric 仅支持在 Azure 中运行的虚拟机在本地环境中运行 Windows 的计算机However, only virtual machines running in Azure and computers running Windows in your on-premises environment are currently supported for Service Fabric.

可以验证已为 Windows 正确设置容器监视解决方案。You can verify that the Container Monitoring solution is set correctly for Windows. 要检查是否已正确下载管理包,请查找 ContainerManagement.xxx 。To check whether the management pack was download properly, look for ContainerManagement.xxx. 文件应位于 C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Management Packs 文件夹中。The files should be in the C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Management Packs folder.

解决方案组件Solution components

在 Azure 门户中,导航到“解决方案库”并添加“容器监视解决方案” 。From the Azure portal, navigate to the Solutions Gallery and add the Container Monitoring Solution. 如果使用的是 Windows 代理,添加此解决方案后,将使用代理在每台计算机上安装以下管理包。If you are using Windows agents, then the following management pack is installed on each computer with an agent when you add this solution. 无需对管理包进行任何配置或维护。No configuration or maintenance is required for the management pack.

  • ContainerManagement.xxx 安装在 C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Management Packs 中 ContainerManagement.xxx installed in C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Management Packs

容器数据收集详细信息Container data collection details

容器监视解决方案使用用户启用的代理从容器主机和容器中收集各种性能指标和日志数据。The Container Monitoring solution collects various performance metrics and log data from container hosts and containers using agents that you enable.

以下代理类型每 3 分钟收集一次数据。Data is collected every three minutes by the following agent types.

容器记录Container records

下表显示了容器监视解决方案收集的记录以及日志搜索结果中显示的数据类型的示例。The following table shows examples of records collected by the Container Monitoring solution and the data types that appear in log search results.

数据类型Data type 日志搜索中的数据类型Data type in Log Search 字段Fields
主机和容器的性能Performance for hosts and containers Perf 计算机、ObjectName、CounterName、处理器时间百分比、磁盘读取 MB、磁盘写入 MB、内存使用 MB、网络接收字节数、网络发送字节数、处理器使用秒数、网络、CounterValue、TimeGenerated、CounterPath、SourceSystemComputer, ObjectName, CounterName (%Processor Time, Disk Reads MB, Disk Writes MB, Memory Usage MB, Network Receive Bytes, Network Send Bytes, Processor Usage sec, Network), CounterValue,TimeGenerated, CounterPath, SourceSystem
容器库存Container inventory ContainerInventory TimeGenerated、计算机、容器名称、ContainerHostname、映像、ImageTag、ContainerState、ExitCode、EnvironmentVar、命令、CreatedTime、StartedTime、FinishedTime、SourceSystem、ContainerID、ImageIDTimeGenerated, Computer, container name, ContainerHostname, Image, ImageTag, ContainerState, ExitCode, EnvironmentVar, Command, CreatedTime, StartedTime, FinishedTime, SourceSystem, ContainerID, ImageID
容器映像库存Container image inventory ContainerImageInventory TimeGenerated、计算机、映像、ImageTag、ImageSize、VirtualSize、正在运行、暂停、停止、失败、SourceSystem、ImageID、TotalContainerTimeGenerated, Computer, Image, ImageTag, ImageSize, VirtualSize, Running, Paused, Stopped, Failed, SourceSystem, ImageID, TotalContainer
容器日志Container log ContainerLog TimeGenerated、计算机、映像 ID、容器名称、LogEntrySource、LogEntry、SourceSystem、ContainerIDTimeGenerated, Computer, image ID, container name, LogEntrySource, LogEntry, SourceSystem, ContainerID
容器服务日志Container service log ContainerServiceLog TimeGenerated、计算机、TimeOfCommand、映像、命令、SourceSystem、ContainerIDTimeGenerated, Computer, TimeOfCommand, Image, Command, SourceSystem, ContainerID
容器节点清单Container node inventory ContainerNodeInventory_CL TimeGenerated、计算机、ClassName_s、DockerVersion_s、OperatingSystem_s、Volume_s、Network_s、NodeRole_s、OrchestratorType_s、InstanceID_g、SourceSystemTimeGenerated, Computer, ClassName_s, DockerVersion_s, OperatingSystem_s, Volume_s, Network_s, NodeRole_s, OrchestratorType_s, InstanceID_g, SourceSystem
Kubernetes 清单Kubernetes inventory KubePodInventory_CL TimeGenerated、计算机、PodLabel_deployment_s、PodLabel_deploymentconfig_s、PodLabel_docker_registry_s、Name_s、Namespace_s、PodStatus_s、PodIp_s、PodUid_g、PodCreationTimeStamp_t、SourceSystemTimeGenerated, Computer, PodLabel_deployment_s, PodLabel_deploymentconfig_s, PodLabel_docker_registry_s, Name_s, Namespace_s, PodStatus_s, PodIp_s, PodUid_g, PodCreationTimeStamp_t, SourceSystem
容器进程Container process ContainerProcess_CL TimeGenerated、计算机、Pod_s、Namespace_s、ClassName_s、InstanceID_s、Uid_s、PID_s、PPID_s、C_s、STIME_s、Tty_s、TIME_s、Cmd_s、Id_s、Name_s、SourceSystemTimeGenerated, Computer, Pod_s, Namespace_s, ClassName_s, InstanceID_s, Uid_s, PID_s, PPID_s, C_s, STIME_s, Tty_s, TIME_s, Cmd_s, Id_s, Name_s, SourceSystem
Kubernetes 事件Kubernetes events KubeEvents_CL TimeGenerated、计算机、Name_s、ObjectKind_s、Namespace_s、Reason_s、Type_s、SourceComponent_s、SourceSystem、消息TimeGenerated, Computer, Name_s, ObjectKind_s, Namespace_s, Reason_s, Type_s, SourceComponent_s, SourceSystem, Message

追加到 PodLabel 数据类型的标签是你自己的自定义标签 。Labels appended to PodLabel data types are your own custom labels. 表中显示的追加的 PodLabel 标签是示例。The appended PodLabel labels shown in the table are examples. 因此,PodLabel_deployment_sPodLabel_deploymentconfig_sPodLabel_docker_registry_s 在你环境的数据集中存在差异,但通常类似于 PodLabel_yourlabel_sSo, PodLabel_deployment_s, PodLabel_deploymentconfig_s, PodLabel_docker_registry_s will differ in your environment's data set and generically resemble PodLabel_yourlabel_s.

监视容器Monitor containers

在 Azure 门户中启用解决方案后,“容器”磁贴显示有关容器主机和在主机中运行的容器的摘要信息 。After you have the solution enabled in the Azure portal, the Containers tile shows summary information about your container hosts and the containers running in hosts.

容器磁贴

该磁贴概述了你在环境中拥有多少个容器以及它们是失败、正在运行还是已停止。The tile shows an overview of how many containers you have in the environment and whether they're failed, running, or stopped.

使用容器仪表板Using the Containers dashboard

单击“容器” 磁贴。Click the Containers tile. 将在磁贴中看到按以下内容组织的视图:From there you'll see views organized by:

  • 容器事件 - 显示容器状态和包含失败的容器的计算机 。Container Events - Shows container status and computers with failed containers.
  • 容器日志 - 显示随时间生成的容器日志文件图表,以及具有最大数量日志文件的计算机列表 。Container Logs - Shows a chart of container log files generated over time and a list of computers with the highest number of log files.
  • Kubernetes 事件 - 显示随时间生成的 Kubernetes 事件图表,以及 Pod 生成事件的原因列表 。Kubernetes Events - Shows a chart of Kubernetes events generated over time and a list of the reasons why pods generated the events. 仅在 Linux 环境中使用此数据集 。This data set is used only in Linux environments.
  • Kubernetes 命名空间清单 - 显示命名空间和 Pod 的数量,并显示其层次结构 。Kubernetes Namespace Inventory - Shows the number of namespaces and pods and shows their hierarchy. 仅在 Linux 环境中使用此数据集 。This data set is used only in Linux environments.
  • 容器节点清单 - 显示容器节点/主机上使用的业务流程类型的数量 。Container Node Inventory - Shows the number of orchestration types used on container nodes/hosts. 此计算机节点/主机还会按容器数列出。The computer nodes/hosts are also listed by the number of containers. 仅在 Linux 环境中使用此数据集 。This data set is used only in Linux environments.
  • 容器映像清单 - 显示所用的容器映像总数以及映像类型的数量 。Container Images Inventory - Shows the total number of container images used and number of image types. 映像数量还按映像标记列出。The number of images are also listed by the image tag.
  • 容器状态 - 显示包含正在运行的容器的容器节点/主机计算机的总数 。Containers Status - Shows the total number of container nodes/host computers that have running containers. 计算机还按正在运行的主机数列出。Computers are also listed by the number of running hosts.
  • 容器进程 - 显示随着时间推移运行的容器进程的折线图 。Container Process - Shows a line chart of container processes running over time. 容器还会按容器内正在运行的命令/进程列出。Containers are also listed by running command/process within containers. 仅在 Linux 环境中使用此数据集 。This data set is used only in Linux environments.
  • 容器 CPU 性能 - 显示计算机节点/主机随时间推移的平均 CPU 利用率的折线图 。Container CPU Performance - Shows a line chart of the average CPU utilization over time for computer nodes/hosts. 还根据 CPU 平均使用率列出计算机节点/主机。Also lists the computer nodes/hosts based on average CPU utilization.
  • 容器内存性能 - 显示随时间推移的内存使用率的折线图 。Container Memory Performance - Shows a line chart of memory usage over time. 还根据实例名称列出计算机内存利用率。Also lists computer memory utilization based on instance name.
  • 计算机性能 - 显示随时间推移的 CPU 性能百分比、随时间推移的内存使用率百分比和随着时间推移的可用磁盘空间的兆字节数的折线图 。Computer Performance - Shows line charts of the percent of CPU performance over time, percent of memory usage over time, and megabytes of free disk space over time. 可以将鼠标悬停在图表中的任意行,查看更多详细信息。You can hover over any line in a chart to view more details.

仪表板中的每个区域都是以可视化形式表示的对收集的数据执行的搜索。Each area of the dashboard is a visual representation of a search that is run on collected data.

容器仪表板

容器仪表板

在“容器状态”区域中,单击顶部区域,如下所示 。In the Container Status area, click the top area, as shown below.

容器状态

Log Analytics 将打开,显示有关容器状态的信息。Log Analytics opens, displaying information about the state of your containers.

用于容器的 Log Analytics

可以在此处编辑搜索查询以对其进行修改,以便查找你感兴趣的特定信息。From here, you can edit the search query to modify it to find the specific information you're interested in. 有关日志查询的详细信息,请参阅 Azure Monitor 中的日志查询For more information about log queries, see Log queries in Azure Monitor.

通过查找失败的容器进行故障排除Troubleshoot by finding a failed container

如果容器退出时带有非零退出代码,则 Log Analytics 会将其标记为“失败” 。Log Analytics marks a container as Failed if it has exited with a non-zero exit code. 可以在“失败容器”区域中查看环境中的错误和故障的概述 。You can see an overview of the errors and failures in the environment in the Failed Containers area.

查找失败的容器To find failed containers

  1. 单击“容器状态”区域 。Click the Container Status area.
    容器状态containers status
  2. Log Analytics 将打开并显示容器状态,如下所示。Log Analytics opens and displays the state of your containers, similar to the following.
    容器状态
  3. 展开“Failed”行并单击“+”,以便向查询添加条件。Expand the Failed line and click + to add its criteria to the query. 然后注释掉查询中的“Summarize”行。Then comment out the Summarize line in the query. 失败的容器failed containers
  4. 运行查询,然后展开结果中的一行,以便查看映像 ID。Run the query and then expand a line in the results to view the image ID.
    发生故障的容器
  5. 在日志查询中键入以下内容。Type the following in the log query. ContainerImageInventory | where ImageID == <ImageID> 可查看有关映像的详细信息,如映像大小以及已停止和失败映像的数量。ContainerImageInventory | where ImageID == <ImageID> to see details about the image such as image size and number of stopped and failed images.
    失败的容器failed containers

在日志中查询容器数据Query logs for container data

解决特定错误时,它可以帮助你查看环境中发生错误的位置。When you're troubleshooting a specific error, it can help to see where it is occurring in your environment. 以下日志类型将帮助你创建查询以返回所需的信息。The following log types will help you create queries to return the information you want.

  • ContainerImageInventory - 尝试查找按映像组织的信息并查看映像 ID 或大小等映像信息时,请使用此类型。ContainerImageInventory - Use this type when you're trying to find information organized by image and to view image information such as image IDs or sizes.
  • ContainerInventory - 当需要有关容器位置、容器名称和容器中运行的映像的信息时,请使用此类型。ContainerInventory - Use this type when you want information about container location, what their names are, and what images they're running.
  • ContainerLog - 想要查找特定的错误日志信息和条目时,请使用此类型。ContainerLog - Use this type when you want to find specific error log information and entries.
  • ContainerNodeInventory_CL - 如果需要容器所在主机/节点的信息时,可使用此类型 。ContainerNodeInventory_CL Use this type when you want the information about host/node where containers are residing. 它可提供 Docker 版本、业务流程类型、存储和网络信息。It provides you Docker version, orchestration type, storage, and network information.
  • ContainerProcess_CL - 使用此类型可快速查看容器内正在运行的进程 。ContainerProcess_CL Use this type to quickly see the process running within the container.
  • ContainerServiceLog - 尝试查找 Docker 守护程序的审核线索信息(如 start、stop、delete 或 pull 命令)时,请使用此类型。ContainerServiceLog - Use this type when you're trying to find audit trail information for the Docker daemon, such as start, stop, delete, or pull commands.
  • KubeEvents_CL- 使用此类型可查看 Kubernetes 事件 。KubeEvents_CL Use this type to see the Kubernetes events.
  • KubePodInventory_CL- 如果想要了解群集层次结构信息,请使用此类型 。KubePodInventory_CL Use this type when you want to understand the cluster hierarchy information.

在日志中查询容器数据的步骤To query logs for container data

  • 选择一个最近失败的映像,并找到它的错误日志。Choose an image that you know has failed recently and find the error logs for it. 首先,通过使用 ContainerInventory 搜索查找运行该映像的容器名称。Start by finding a container name that is running that image with a ContainerInventory search. 例如,搜索 ContainerInventory | where Image == "ubuntu" and ContainerState == "Failed"For example, search for ContainerInventory | where Image == "ubuntu" and ContainerState == "Failed"
    搜索 Ubuntu 容器Search for Ubuntu containers

    展开结果中的任一行,查看该容器的详细信息。Expand any row in the results to view details for that container.

示例日志查询Example log queries

从一或两个示例开始生成查询,并修改它们以适应环境,这通常很有用。It's often useful to build queries starting with an example or two and then modifying them to fit your environment. 可以首先尝试使用解决方案页面最右侧的“示例查询”区域,它可以帮助你构建更高级的查询。As a starting point, you can experiment with the SAMPLE QUERIES area on the far right of the solution page, to help you build more advanced queries.

容器查询

保存日志查询Saving log queries

保存查询是 Azure Monitor 中的一项标准功能。Saving queries is a standard feature in Azure Monitor. 通过保存这些查询,你日后可以方便地使用你觉得有用的查询。By saving them, you'll have those that you've found useful handy for future use.

创建一个对你有用的查询后,单击“日志搜索”页面底部的“收藏夹” 将其保存。After you create a query that you find useful, save it by clicking Favorites at the top of the Log Search page. 稍后可以从“我的仪表板”页轻松访问它。Then you can easily access it later from the My Dashboard page.

后续步骤Next steps

查询日志以查看详细的容器数据记录。Query logs to view detailed container data records.