Monitor the cluster statusEstimated reading time: 2 minutes
You can monitor the status of UCP by using the web UI or the CLI.
You can also use the
_ping endpoint to build monitoring automation.
The first place to check the status of UCP is the UCP web UI, since it shows warnings for situations that require your immediate attention. Administrators might see more warnings than regular users.
You can also navigate to the Nodes page, to see if all the nodes managed by UCP are healthy or not.
Each node has a status message explaining any problems with the node. In this example, a Windows worker node is down. Learn more about node status. Click the node to get more info on its status. In the details pane, click Actions and select Agent logs to see the log entries from the node.
Use the CLI to monitor the status of a cluster
You can also monitor the status of a UCP cluster using the Docker CLI client. Download a UCP client certificate bundle and then run:
docker node ls
As a rule of thumb, if the status message starts with
[Pending], then the
current state is transient and the node is expected to correct itself back
into a healthy state. Learn more about node status.
You can use the
https://<ucp-manager-url>/_ping endpoint to check the health
of a single UCP manager node. When you access this endpoint, the UCP manager
validates that all its internal components are working, and returns one of the
following HTTP error codes:
- 200, if all components are healthy
- 500, if one or more components are not healthy
If an administrator client certificate is used as a TLS client certificate for
_ping endpoint, a detailed error message is returned if any component is
If you’re accessing the
_ping endpoint through a load balancer, you’ll have no
way of knowing which UCP manager node is not healthy, since any manager node
might be serving your request. Make sure you’re connecting directly to the
URL of a manager node, and not a load balancer. In addition, please be aware that
pinging the endpoint with HEAD will result in a 404 error code. It is better to
use GET instead.
Monitoring vulnerability counts
For those implementations with an EE Advanced subscription, UCP displays image vulnerability count data from the DTR image scanning feature. UCP displays vulnerability counts for containers, Swarm services, pods, and images.
To enable this feature, DTR 2.6 is required and single sign-on with UCP must be enabled.