Jaa


Container monitoring solution in Red Hat OpenShift

Hello all, this is Keiko, Program Manager from the Operations Management Suite (OMS) team.

Since we announced our partnership with Red Hat, we've seen a growing interest in the Red Hat OpenShift portfolio in Azure. This is particularly true regarding rich support and capabilities for container monitoring within OpenShift. Over the last few months, we've added support for rich container monitoring for OpenShift across any public or private cloud, as well as on-premises.

As long as OMS Agent is enabled, you can gather valuable insights that complement the platform value of OpenShift. So how do you get the agent installed in an OpenShift cluster, so that it can start collecting container monitoring data? There are three ways:

  • Install the OMS Agent for Linux directly on each OpenShift node.
  • Enable the Log Analytics VM Extension on each OpenShift node residing on Azure.
  • Install the OMS Agent as an OpenShift daemon-set.

Currently, we support OpenShift Container Platform versions 3.4 and 3.5.

The following resources are valuable for many use cases: Install OMS Agent for Linux? and Attach OMS VM Extension for Linux? on each node. Management becomes more difficult, however, as your OpenShift setup adds more underlying infrastructure.

This post covers the OpenShift daemon-set installation in more detail. This agent deployment works on any public cloud and on-premises. Because OpenShift uses the Kubernetes container orchestrator, it also supports daemon-sets—but they require setting permissions in the master node for OMS Agent to work correctly. Here's how:

  1. Follow the permissions written in GitHub.

  2. Copy the yaml file to your master node.

  3. Deploy the yaml file by running the following command. (Make sure you replace the <WSID> and <KEY> to your OMS Workspace and Primary Key.)

    oc create -f ocp-omsagent.yaml

  4. Check whether omsagent is deployed.

    oc describe daemonset oms [ocpadmin@khm-0 ~]$ oc describe ds oms Name:           oms Image(s):       microsoft/oms Selector:       name=omsagent Node-Selector:  zone=default Labels:         agentVersion=1.4.0-12 dockerProviderVersion=10.0.0-25 name=omsagent Desired Number of Nodes Scheduled: 3 Current Number of Nodes Scheduled: 3 Number of Nodes Misscheduled: 0 Pods Status:    3 Running / 0 Waiting / 0 Succeeded / 0 Failed No events.

Adding secrets

To secure your OMS Workspace ID and Primary Key when using the OMS Agent daemon-set yaml file, you can also use secrets.

Here's an example of a secret pod yaml file and the daemon-set that uses the secret pod.

  1. After you've replaced the Workspace ID and Primary Key on the secret yaml file, create the secret pod.

  2. Confirm that the secret pod has been created properly.

    [ocpadmin@khm-0 ~]$ oc describe secret omsagent-secret Name:         omsagent-secret Namespace:    omslogging Labels:       <none> Annotations:  <none> Type:  Opaque Data ==== KEY:  89 bytes WSID: 37 bytes

 

  1. Create the OMS Agent daemon-set by running the following command.

    oc create -f ocp-ds-omsagent.yaml

 

For more information about how to use Container Monitoring Solution, as well as the insights you can gather, see Containers (Preview) solution in Log Analytics.

How do I try this?

Get a free Microsoft Operations Management + Security (#MSOMS) account so that you can test the Container Monitoring Solution features. You can also get a free subscription for Microsoft Azure.

You can also try Red Hat OpenShift on Azure. For more information, see Deploy OpenShift Origin to Azure Virtual Machines. For more information generally about Red Hat Solution on Azure, see Red Hat solutions on Azure.

How can I give you guys feedback?

There are a few different routes to give feedback:

We plan on enhancing monitoring capabilities for containers. If you have feedback or questions, please feel free to contact us!

Keiko Harada

Program Manager, OMS team

Comments

  • Anonymous
    August 08, 2017
    We need to create an openshift project for OMS before deploying the daemon set:oadm new-project omslogging --node-selector='zone=default'oc project omsloggingoc create serviceaccount omsagentoadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:omslogging:omsagentoadm policy add-scc-to-user privileged system:serviceaccount:omslogging:omsagent
    • Anonymous
      August 08, 2017
      Hi Khaled, if you go to github, you will see that there are setting written which you've described. We also have this in our docs.microsoft.com. Thanks for specifying.