You're monitoring Kubernetes Wrong

•Download as PPTX, PDF•

1 like•986 views

This document discusses monitoring Kubernetes clusters and provides best practices. It notes that monitoring has become more complex with distributed architectures like microservices and containers. Key challenges discussed are getting monitoring data from containers, making sense of large and varied data, troubleshooting distributed systems, and ensuring monitoring works for people as systems become more distributed. The document demonstrates how Sysdig provides container-level monitoring data and tools for segmenting and troubleshooting that data. It also introduces Sysdig Teams for access control and customization based on organizational teams.

Software

You're Monitoring Kubernetes Wrong
Loris Degioanni, CEO, Sysdig

Data
Application
Health
Checks
System/
Process
Infrastructure
Custom
Metrics
JVM
Data
Big Honkin’
Data Engine
Unicorns and Rainbows
Dashboards

Loris Degioanni
Founder and CEO of sysdig
Past: WinPcap, Wireshark
http://www.sysdig.org
@lorisdegio
Me

Today
• Monitoring Kubernetes
• Few best practices
• Some ideas
• Some proposals

Using
• Sysdig
• https://github.com/draios/sysdig
• Sysdig Cloud
• https://sysdig.com/

We Are in the Middle of a Big Change
PCs/Servers Virtual Machines Containers

We Are in the Middle of a Big Change
PCs/Servers Virtual Machines Containers
Unit: machine
Orchestration: none
Architecture: monolithic
Unit: machine
Orchestration: external
Architecture: monolithic
Unit: app/service
Orchestration: native
Architecture: service-based

Things Are More Complex Now
Cache
Webserver
Database

Computing Node
Computing Node
Computing Node
Service1
Service2
Service3
Computing Node
Computing Node
Computing Node
Things Are More Complex Now

Computing Node
Computing Node
Computing Node
Computing Node
Computing Node
Computing Node
Service1
Service2
Service3
Things Are More Complex

This Time Is More Than Servers and Processes

4 Things That Are Harder Now
1. Getting the data
2. Making sense of the data
3. Troubleshooting
4. People

Getting The Data
• What makes containers great…
• Simple
• Small
• Isolated
• Few dependencies
• … Also makes them more opaque

Getting The Data: Pods
OS
Container1
Docker
Container2
Docker

PodPod
Getting The Data: Pods
OS
Container1
Docker
Container2
Docker

PodPod
Getting The Data: Pods
OS
Container1
Docker
Monitoring
Docker
Container2
Docker
Monitoring
Docker

Getting The Data: Sysdig
OS
Container1
Docker
Container2
Docker
Container3
DockerAppApp

Getting The Data: Sysdig
OS
Container1
Docker
Container2
Docker
Container3
DockerAppApp
kernel
module

Getting The Data: Sysdig
OS
Container1
Docker
Container2
Docker
Container3
DockerAppApp
sysdig
Docker
Capture and
analysis

Getting/Making Sense of the Data: Guidelines
• You should not be involved in monitoring instrumentation
• You should not be involved in producing anything that is not a
custom metric
• Every metric should be tagged
• Tagging must be integrated with Kubernetes
• You should not be involved in tagging metrics
• You should collect everything, with no filters

Demo – monitoring and segmenting data
with sysdig monitoring

Troubleshooting
(https://github.com/kubernetes/kubernetes/issues/14051)

Demo – troubleshooting with open source
sysdig

People
• Microservices are about people
• Monitoring microservices should be about people too

Sysdig Teams: Service-based access control
• Designed to reflect teams of people
• Integrated with Kubernetes
• Support isolation and customization
• Self service
• Centralized

Use Cases
• “dev vs prod” split
• Team per Microservice
• PaaS
• Restricted environments

Links
• Sysdig
• https://github.com/draios/sysdig
• Sysdig Cloud
• https://sysdig.com/
• Teams
• https://sysdig.com/blog/introducing-sysdig-teams/

This document summarizes a presentation about containers and the Sysdig tool. It discusses how containers make it easy to bundle and replicate applications and environments, but introduce new challenges for monitoring, troubleshooting, and security. Sysdig is presented as a tool that can capture system events from containers to help with these tasks. The document then demonstrates Sysdig through examples of investigating login attempts, failing HTTP requests, and unusual syscall behavior in a container. It concludes by providing information on installing Sysdig and downloading example capture files to experiment with.

Trace everything, when APM meets SysAdmins

Sysdig

The document discusses Sysdig, an open source system troubleshooting tool with native container support. It allows capturing system events, filtering, and running scripts on them. Sysdig includes tracing capabilities through Sysdig Tracers, which can inject markers into the event stream to trace functions, network requests, and arbitrary code segments with low overhead. Traces can then be analyzed to troubleshoot performance and measure latencies in code and across systems.

Troubleshooting Kubernetes

Sysdig

Kubernetes is a tremendous system for orchestrating your containers onto physical infrastructure. But troubleshooting Kubernetes can be incredibly challenging due to the dynamic and isolated nature of the containers it orchestrates. Sysdig leverages the powerful concept of container-aware system events and correlates each one of them with super rich metadata Kubernetes. In this session you’ll go deep into a couple of Kubernetes issues and how you would track them down using sysdig.

The Sysdig Secure DevOps Platform

Ashnikbiz

The document describes Sysdig Secure DevOps Platform, which provides unified visibility and security for production deployments of cloud-native applications. It converges security and monitoring to embed security, maximize availability, and validate compliance across the cloud-native lifecycle. The platform provides a single source of truth with context about containers, hosts, services and infrastructure. It leverages metadata to organize application and infrastructure views. The platform includes Sysdig Monitor for observability and reliability and Sysdig Secure for protection and assurance. It addresses security and operations needs for DevOps workflows across build, run and respond phases in a cloud-native environment.

Sysdig Meetup - San Francisco, December 2014

Sysdig

The document is about a presentation on container monitoring given at a Kubernetes Meetup. It introduces Sysdig Container Vision as a solution for monitoring containers without invasive instrumentation. Sysdig Container Vision collects data using a kernel module and analyzes it to provide deep visibility into containers and hosts. It also offers Service Vision for service-oriented data enrichment across nodes and services. The presentation concludes with information on how to get started with Sysdig.

DockerCon EU 2015: Cultural Revolution - How to Mange the Change Docker Brings

Docker, Inc.

The document discusses how organizations can manage the cultural changes that adopting Docker brings. It outlines four choices organizations face: whether to adopt Docker as a skunkworks project or enterprise-wide, whether to containerize monolithic or microservice applications, whether to use standard tools or develop proprietary solutions, and whether to adopt Docker openly or secretly. The document argues that adopting Docker openly as an enterprise standard can facilitate a DevOps culture, improve software quality, and increase hardware efficiency, ultimately benefiting the organization.

Proactive ops for container orchestration environments

Docker, Inc.

This document discusses different approaches to monitoring systems from manual and reactive to proactive monitoring using container orchestration tools. It provides examples of metrics to monitor at the host/hardware, networking, application, and orchestration layers. The document emphasizes applying the principles of observability including structured logging, events and tracing with metadata, and monitoring the monitoring systems themselves. Speakers provide best practices around failure prediction, understanding failure modes, and using chaos engineering to build system resilience.

Experiences with AWS immutable deploys and job processing

Docker, Inc.

How Docker is used at Gilt: At Gilt we use Docker primarily as a unit of immutability and to allow a standard way of deploying all kinds of software as opposed to its container properties. Why Gilt built Ionroller: An overview of the problems we tried to solve with Ionroller and immutable deploys. Pitfalls we've encountered with immutable deployments since Ionroller saw adoption in Gilt. Will cover issues such as DNS traffic migration, utilisation of resources ELBs not warmed up properly, Elasticbeanstalk using Nginx as proxy etc. Our experiences with Cloudformation and Codedeploy as an alternative to Ionroller and Elasticbeanstalk. Jobs: How we used to do batch jobs. Solutions we considered such as Mesos and Chronos. An overview of Sundial, an in house solution we built in the last few months and hope to open source for running containerized Docker jobs on Amazon ECS and why we chose it as our preferred solution.

Deploying Kubernetes without scaring off your security team - KubeCon 2017

Major Hayden

Continuous Delivery With Containers

All Things Open

Sysdig Monitorama Slides

Loris Degioanni

This document discusses container monitoring and provides an overview of options for monitoring containers including command line tools, cAdvisor, Docker stats, and sysdig. It outlines some key things to monitor like resource usage, network activity, file I/O, and errors. It then dives deeper into examples and pros and cons of tools like cAdvisor, Docker stats, and sysdig which natively supports container monitoring while respecting their isolated and lightweight properties.

Containers & Security

All Things Open

Containers provide security through mechanisms like kernel namespaces, control groups (cgroups), and SELinux labels. The Docker daemon manages these mechanisms to isolate containers and apply resource limits. While containers enable application density and portability, administrators must still practice secure configuration by limiting container privileges, updating containers regularly, and monitoring logs. When used properly, containers can improve security by isolating applications and minimizing the risk of compromise.

Tupperware: Containerized Deployment at FB

Docker, Inc.

Tupperware is Facebook's system for containerized deployment of services at scale. It handles provisioning machines, distributing binaries, monitoring processes, and failover to ensure services run smoothly in production. Engineers focus on application logic rather than deployment details. Tupperware uses Linux containers to isolate over 300,000 processes across 15,000+ services running on thousands of machines. It incorporates features like service discovery, logging, resource limits, and automated rollouts to efficiently manage infrastructure. Lessons learned include releasing often, using canaries for rollouts, and providing sane defaults to reduce user burden.

DockerCon EU 2015: Docker Monitoring

Docker, Inc.

Presented by Brian Christner, Cloud Advocate, Swisscom AG Do you know the performance of your containers or Docker Hosts? I will show you how to get up and running quickly with 2 different Open Source Docker Monitoring solutions. We will quickly cover Docker Stats as the basis and discover how Google cAdvisor gathers metrics for our 2 solutions. We will then build upon this basis to build a Docker Monitoring solution with cAdvisor+InfluxDB+Grafana and then cAdvisor+Prometheus and create dashboards based on the gathered monitoring metrics with Grafna and Prometheus.

Virtualization at Gilt - Rangarajan Radhakrishnan

Datadog

Gilt uses virtualization including LXC containers and CloudStack to improve efficiency and reliability. They aim to automate provisioning, use immutable containers, and avoid repeated config enforcement. Currently they use LXC containers provisioned through CloudStack and their in-house Galactica system, which integrates with services like Puppet, LDAP, DNS and load balancers. They are testing provisioning LXC containers on different Linux distros and configurations to optimize performance.

Linuxcon secureefficientcontainerimagemanagementharbor

LinuxCon ContainerCon CloudOpen China

This document discusses container image management in enterprises and introduces Project Harbor, an open source container registry. It covers key topics like container image basics, Project Harbor features, maintaining consistency of images between environments, security and access control of images, image distribution strategies, and high availability of container registries. Project Harbor provides an enterprise-grade private registry with features for user management, image replication, security, and integration with systems like LDAP. It aims to help organizations securely manage the distribution and storage of container images.

Kubernetes 架構與虛擬化之差異

inwin stack

Kubernetes uses containers managed by container engines like Docker. It separates containers from the host machine using namespaces and cgroups for isolation. Docker containers share the host kernel and use aufs for the union filesystem. Virtual machines (VMs) run a full guest operating system with virtualization provided by hypervisors like KVM/QEMU. Containers are more lightweight than VMs as they share the host kernel and have smaller base images and faster launch times and resource usage.

Windows container security

Docker, Inc.

"The majority of the container security discussion revolves around containers on Linux while the security of containers in Windows is left as a mystical black box. In this talk we'll peel back the curtain and dive in to how Windows containers are secured. Does Windows have namespaces? How does it compose the layers of a container's filesystem? How does it limit resource usage of containers? I heard there's a Hyper-V isolation thing, what's that about? We'll answer all these questions and more!"

Fully automated kubernetes deployment and management

LinuxCon ContainerCon CloudOpen China

Fully Automated Kubernetes Deployment and Management (Peng Jiang, Rancher Labs) - Kubernetes is rapidly gaining popularity as a powerful container orchestration and scheduling platform. But deploying and managing Kubernetes clusters is still a challenge for many organizations.How to ensure Kubernetes clusters in different clouds and data centers can communicate with each other? How to automate the deployment of multiple Kubernetes clusters? How to incorporate the new Kubernetes Federation into multi cloud and multi datacenter deployments? How to manage the health of Kubernetes cluster itself? etc. In this talk, Peng will share his experience on how to automate and simplify Kubernetes deployments, and discuss how some of the latest community projects (such as kubeadm and self-hosting Kubernetes) will help address the problems in the future.

DockerCon EU 2015: Production Ready Containers from IBM and Docker

Docker, Inc.

Presented by Jason McGee, VP and CTO - Cloud Foundation Services, IBM and Chris Rosen, Sr. Technical Offering Manager, IBM Containers IBM and Docker continue to build on their partnership to deliver production-ready containers. Learn how IBM’s commitment to open source and enterprise expertise combined with Docker container technology has resulted in solutions which provide the management and security needed for production environments. In this session, we will provide an update on the IBM and Docker partnership as well as discuss and demonstrate: Docker Trusted Registry resold by IBM which includes IBM’s world-class support and Integration with our DevOps solution, UrbanCode IBM Containers on Bluemix which leverage the open source Docker engine, therefore supporting your existing Docker images and Dockerfiles How you can leverage the familiar Docker CLI against the IBM Bluemix cloud for standard commands and the Cloud Foundry CLI plug-in for the IBM added capabilities Ways to integrate deployed containers with any existing app or service from the Bluemix catalog (120+ across DevOps, Analytics, Big Data, IoT, Watson, and Databases) Use of the scalable container group deployment with integrated load balancer and optional auto-recovery and GoRoute domain name Integrated monitoring and logging at the container or container group level Security compliance insight to any Docker image in the registry regardless of source (IBM image, public Docker Hub, or automated creation via DevOps Pipeline) using the Vulnerability Advisor How IBM product teams, such as MobileFirst Platform and StrongLoop, are offering Docker images in the IBM registry as a means to improve adoption efficiency

containerd the universal container runtime

Docker, Inc.

containerd is a widely used container runtime that is now a CNCF project. It is designed to be embedded in larger systems rather than used directly by developers. containerd provides core primitives for managing containers on a host, such as container execution, image distribution, and storage. It focuses on simplicity, robustness, and portability. containerd will serve as a core container runtime for the CNCF ecosystem and is being integrated with projects like Kubernetes.

Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...

Codemotion

We are going to talk about Prometheus and how to use to monitor micro-services "Cloud-Native" application s. We are going to dive deep into the Prometheus monitoring model, we will see what are the components be hind this system and how they integrate with each others to provide an efficient and modern monitoring sy stem. We will also have a glance on Prometheus native integrations for cloud-native environments such as Kubernetes.

15 kubernetes failure points you should watch

Sysdig

Jorge Salamero discusses 15 failure points to monitor in Kubernetes: 1) Application metrics like connections, response time, and errors 2) Node availability and resource usage of CPU, memory, and disk 3) Ensuring deployments are running the desired number of instances and not experiencing glitches 4) Monitoring pod status, restarts, and the health of the Kubernetes API server and services like KubeDNS 5) Validating Kubernetes configuration changes with tools that monitor deployment commands

Releasing a Distribution in the Age of DevOps.

LinuxCon ContainerCon CloudOpen China

Presentation delivered at LinuxCon China 2017. Operating systems need to move faster without sacrificing stability. New hardware, new software features, and bugfixes are making it into distribution components every day. To maintain stability, packagers and distribution developers are looking toward lessons learned in the DevOps movement to implement Continuous Integration/Continuous Delivery (CI/CD) workflows that provide quicker test feedback to developers. This talk highlights some of the coming trends in Fedora such as: streamlined base package sets, userspace applications delivered as containers, continuous validation of individual distro components and the distro as a whole, and collaboration with the CentOS Project.

A brief history of system calls

Sysdig

System calls are the primary mechanism of user-to-kernel interaction. Today the Linux system call interface has achieved a primacy and ubiquity that make it an ideal layer at which to understand single-system and distributed-system pathologies. Sysdig advances the art of system call observability by drawing on the systems that came before it. Informed by his work with /proc, process tools and DTrace, Adam will walk through a history of system calls and system call observability from simple systems like truss and strace, moderns ones like DTrace and SystemTab, and ancient ones from the early days of Unix.

Load Balancing Applications with NGINX in a CoreOS Cluster

Kevin Jones

The document discusses load balancing applications with NGINX in a CoreOS cluster. It provides an overview of using CoreOS, etcd, and fleet to deploy and manage containers across a cluster. Etcd is used for service discovery to track dynamic IP addresses and endpoints, while fleet is used as an application scheduler to deploy units and rebalance loads. NGINX can then be used as a software load balancer to distribute traffic to the backend services. The document demonstrates setting up this environment with CoreOS, etcd, fleet and NGINX to provide load balancing in a clustered deployment.

What's hot

Sysdig monitor - a brief introduction

Daniel Kerwin

DockerCon EU 2015: Cultural Revolution - How to Mange the Change Docker Brings

Docker, Inc.

Proactive ops for container orchestration environments

Docker, Inc.

Experiences with AWS immutable deploys and job processing

Docker, Inc.

Deploying Kubernetes without scaring off your security team - KubeCon 2017

Major Hayden

Continuous Delivery With Containers

All Things Open

Sysdig Monitorama Slides

Loris Degioanni

Containers & Security

All Things Open

Tupperware: Containerized Deployment at FB

Docker, Inc.

DockerCon EU 2015: Docker Monitoring

Docker, Inc.

Virtualization at Gilt - Rangarajan Radhakrishnan

Datadog

Linuxcon secureefficientcontainerimagemanagementharbor

LinuxCon ContainerCon CloudOpen China

Kubernetes 架構與虛擬化之差異

inwin stack

Windows container security

Docker, Inc.

Fully automated kubernetes deployment and management

LinuxCon ContainerCon CloudOpen China

DockerCon EU 2015: Production Ready Containers from IBM and Docker

Docker, Inc.

containerd the universal container runtime

Docker, Inc.

Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...

Codemotion

15 kubernetes failure points you should watch

Sysdig

Releasing a Distribution in the Age of DevOps.

LinuxCon ContainerCon CloudOpen China

What's hot (20)

Sysdig monitor - a brief introduction

DockerCon EU 2015: Cultural Revolution - How to Mange the Change Docker Brings

Proactive ops for container orchestration environments

Experiences with AWS immutable deploys and job processing

Deploying Kubernetes without scaring off your security team - KubeCon 2017

Continuous Delivery With Containers

Sysdig Monitorama Slides

Containers & Security

Tupperware: Containerized Deployment at FB

DockerCon EU 2015: Docker Monitoring

Virtualization at Gilt - Rangarajan Radhakrishnan

Linuxcon secureefficientcontainerimagemanagementharbor

Kubernetes 架構與虛擬化之差異

Windows container security

Fully automated kubernetes deployment and management

DockerCon EU 2015: Production Ready Containers from IBM and Docker

containerd the universal container runtime

Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...

15 kubernetes failure points you should watch

Releasing a Distribution in the Age of DevOps.

Viewers also liked

A brief history of system calls

Sysdig

Load Balancing Applications with NGINX in a CoreOS Cluster

Kevin Jones

Designing Tracing Tools

Sysdig

You have a system with an advanced programmatic tracer: do you know what to do with it? Brendan has used numerous tracers in production environments, and has published hundreds of tracing-based tools. In this talk he will share tips and know-how for creating CLI tracing tools and GUI visualizations, to solve real problems effectively. Programmatic tracing is an amazing superpower, and this talk will show you how to wield it!

Kubernetes Boston — Custom High Availability of Kubernetes

Mike Splain

This document discusses setting up high availability for Kubernetes clusters on AWS. It describes using etcd for configuration storage, ensuring etcd is highly available through clustering. It also covers making Kubernetes masters highly available by running them as pods controlled by a podmaster service for automated failover. The approach uses CoreOS, Terraform and cloud-init scripts to deploy the Kubernetes infrastructure on AWS.

The Dark Art of Container Monitoring - Spanish

Sysdig

Este documento discute los desafíos de monitorear contenedores y propone buenas prácticas. Explica que la instrumentación tradicional no funciona bien para contenedores, debido a su naturaleza aislada. En cambio, sugiere monitorear a nivel de kernel para obtener métricas de forma transparente sin configuración. También enfatiza la necesidad de etiquetar automáticamente las métricas para darles sentido a los equipos, y proveer análisis y depuración de fallos a nivel de llamadas al sistema.

WTF my container just spawned a shell!

Sysdig

This document discusses various techniques for securing containers and monitoring container activity, including: - Static and dynamic scanning of container images to detect vulnerabilities - Using seccomp, seccomp-bpf, SELinux, and Auditd for sandboxing and monitoring system calls - Sysdig Falco for behavioral monitoring and detecting anomalies based on rules - Examples of rules to detect things like shells running in containers or overwriting system binaries The document provides an overview of these various security tools and techniques for containers, with examples of how they can be used to monitor and restrict container behavior to detect security issues or policy violations.

Building Trustworthy Containers

Sysdig

Containers have the potential to improve the security of typical deployments, but for many the argument has not yet been made convincingly. This talk will describe the existing security technologies around containers, and show how their use can make container-based systems more secure than the alternatives. It will then go further, describing new technologies that allow admins to have even greater confidence in the security of their systems, beyond anything possible with traditional deployment techniques.

Behavioural activity monitoring on CoreOS with Sysdig Falco

Sysdig

This document contains instructions and configuration details for monitoring Linux systems and containers using Falco. It includes commands to install necessary packages like Falco and its dependencies. It also provides examples of Falco rules to generate alerts for suspicious activities like modifying files in critical directories or accessing devices like cameras without the proper applications. The rules leverage conditions, macros and lists to define what behaviors to flag for further review.

KubeCon EU 2016: Distributed containers in the physical world

KubeAcademy

The building industry in the world today is at large, far behind the rest of the world, technically. Alongside this, it is at threat of being dominated by a small selection of software vendors. These vendors push specific software solutions to the technically unskilled consumers in the AEC industry. The software they provide however is monolithic, native and heavy. Containers, distributed computing, and open source microservices and applications offer a solution to turn the construction industries future on its head. When computing is ubiquitous in our buildings with the internet of things, the whole way we think about building design has to change. We need to think in advance about how our applications which will run our buildings are developed. Each building is bespoke and the offers currently on the software market simply wont fit the bill in the near future. We are trying to develop a kubernetes based platform to lay the foundations for the future of lightweight bespoke apps developed for our built environment. Sched Link:

Container Network Interface: Network Plugins for Kubernetes and beyond

KubeAcademy

With the rise of modern containers comes new problems to solve – especially in networking. Numerous container SDN solutions have recently entered the market, each best suited for a particular environment. Combined with multiple container runtimes and orchestrators available today, there exists a need for a common layer to allow interoperability between them and the network solutions. As different environments demand different networking solutions, multiple vendors and viewpoints look to a specification to help guide interoperability. Container Network Interface (CNI) is a specification started by CoreOS with the input from the wider open source community aimed to make network plugins interoperable between container execution engines. It aims to be as common and vendor-neutral as possible to support a wide variety of networking options — from MACVLAN to modern SDNs such as Weave and flannel. CNI is growing in popularity. It got its start as a network plugin layer for rkt, a container runtime from CoreOS. Today rkt ships with multiple CNI plugins allowing users to take advantage of virtual switching, MACVLAN and IPVLAN as well as multiple IP management strategies, including DHCP. CNI is getting even wider adoption with Kubernetes adding support for it. Kubernetes accelerates development cycles while simplifying operations, and with support for CNI is taking the next step toward a common ground for networking. For continued success toward interoperability, Kubernetes users can come to this session to learn the CNI basics. This talk will cover the CNI interface, including an example of how to build a simple plugin. It will also show Kubernetes users how CNI can be used to solve their networking challenges and how they can get involved. KubeCon schedule link: http://sched.co/4VAo

KubeCon EU 2016: Multi-Tenant Kubernetes

KubeAcademy

KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...

KubeAcademy

Load balancing is an important part of any resilient web application. Kubernetes supports a few options for external load balancing, but they are limited in features. After a brief discussion of those options and the features they lack, we’ll show how to build an advanced load balancing solution for Kubernetes on top of NGINX, utilizing Kubernetes features including Ingress, Annotations, and ConfigMap. We’ll conclude with a demo of how to use NGINX and NGINX Plus to expose services to the Internet. Sched Link: http://sched.co/6Bc9

Kubernetes Networking

CJ Cullen

The document discusses Kubernetes networking. It describes how Kubernetes networking allows pods to have routable IPs and communicate without NAT, unlike Docker networking which uses NAT. It covers how services provide stable virtual IPs to access pods, and how kube-proxy implements services by configuring iptables on nodes. It also discusses the DNS integration using SkyDNS and Ingress for layer 7 routing of HTTP traffic. Finally, it briefly mentions network plugins and how Kubernetes is designed to be open and customizable.

Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)

Brian Brazil

The top 5 Kubernetes metrics to monitor

Sysdig

This document discusses the top 5 metrics to monitor in Kubernetes applications. It identifies 5 layers to monitor: 1) the application layer, 2) the services layer, 3) the Kubernetes deployment layer, 4) the Kubernetes internals layer, and 5) the host/node layer. For each layer, it provides example metrics and thresholds to monitor to check that layer is performing as expected. The overall document provides guidance on monitoring all aspects of a Kubernetes application from the application and services down through the underlying Kubernetes infrastructure and hosts.

Viewers also liked (15)

A brief history of system calls

Load Balancing Applications with NGINX in a CoreOS Cluster

Designing Tracing Tools

Kubernetes Boston — Custom High Availability of Kubernetes

The Dark Art of Container Monitoring - Spanish

WTF my container just spawned a shell!

Building Trustworthy Containers

Behavioural activity monitoring on CoreOS with Sysdig Falco

KubeCon EU 2016: Distributed containers in the physical world

Container Network Interface: Network Plugins for Kubernetes and beyond

KubeCon EU 2016: Multi-Tenant Kubernetes

KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...

Kubernetes Networking

Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)

The top 5 Kubernetes metrics to monitor

Similar to You're monitoring Kubernetes Wrong

Monitoring microservices: Docker, Mesos and Kubernetes visibility at scale

Alessandro Gallotta

This document discusses monitoring microservices running in containers at scale. It introduces Sysdig, an open source tool that captures system events and provides visibility into containers, processes, files, and more through a curses UI. Sysdig addresses the challenges of getting monitoring data out of orchestrated applications running in containers across nodes and making sense of that data. It collects kernel-level data without adding dependencies to containers. Sysdig Cloud provides correlated monitoring data at scale. The document also introduces Falco, an anomaly detection system built on Sysdig that monitors for security threats through behavior rules.

DockerCon EU 2015: Monitoring Docker

Docker, Inc.

This document discusses monitoring Docker containers. It provides an overview of Datadog and how it can be used to monitor dynamic infrastructure like Docker. It then discusses the challenges in monitoring Docker environments due to their dynamic and distributed nature. Finally, it outlines different methods for collecting key metrics on Docker containers like CPU, memory, I/O and network metrics using Docker's pseudo-files, stats command and API.

Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015

Datadog

DevNexus 2015: Kubernetes & Container Engine

Kit Merker

10 tips for Cloud Native Security

Karthik Gaekwad

Kubernetes Security

Karthik Gaekwad

Container Monitoring with Sysdig

Sreenivas Makam

This document discusses container monitoring using Sysdig. It begins with an introduction of the presenter and overview of existing Linux debugging tools and their limitations for container monitoring. It then summarizes Sysdig's architecture, features and examples for monitoring containers running on Docker, Kubernetes, Mesos and other platforms. The document concludes with references and demonstrations of Sysdig for monitoring a HAProxy load balancer and Kubernetes guestbook application.

Integration in the Cloud, by Rob Davies

Judy Breedlove

Tampere Docker meetup - Happy 5th Birthday Docker

Sakari Hoisko

DockerCon 16 General Session Day 1

Docker, Inc.

This document discusses Docker and its goals of making development and operations tools easier to use. It outlines Docker's focus on three areas: 1) improving the developer experience by creating tools that are simple and intuitive, 2) building orchestration capabilities directly into Docker to simplify managing multiple containers, and 3) enhancing the operations experience through deep integration with cloud platforms and a new application bundle format. The document promotes Docker 1.12 which includes built-in orchestration functionality and announces public betas of Docker for Mac and Windows.

Docker Birthday #5 Meetup Cluj - Presentation

Alex Vranceanu

- Docker celebrated its 5th birthday with events worldwide including one in Cluj, Romania. Over 100 user and customer events were held. - The Docker platform now has over 450 commercial customers, 37 billion container downloads, and 15,000 Docker-related jobs on LinkedIn. - The event in Cluj included presentations on Docker and hands-on labs to learn Docker, as well as social activities like taking selfies with a birthday banner.

Docker in Production: How RightScale Delivers Cloud Applications

RightScale

This document discusses how RightScale delivers cloud applications using Docker. It begins with an introduction to Docker and outlines three approaches to using Docker: containerizing code, composing applications, and deploying a sea of containers. It then details RightScale's plan of attack for using Docker which takes a gradual, phased approach. The document also covers RightScale's development to production workflow when using Docker and compares operations before and after adopting Docker. It concludes with discussing next steps such as improving monitoring, composition, and orchestration when using Docker.

TIAD : Automating the aplication lifecycle

The Incredible Automation Day

This document discusses automating the application lifecycle using infrastructure as code principles. It demonstrates building infrastructure like VPCs and databases automatically with CloudFormation templates. It then shows deploying application components like load balancers and servers from templates. It discusses updating applications by building new server images from code changes rather than modifying existing servers. This allows deploying updates instantly by replacing server instances. The talk concludes that automating infrastructure and deployments in this way allows integrating new applications or changes much faster.

DCSF19 Container Security: Theory & Practice at Netflix

Docker, Inc.

Michael Wardrop, Netflix Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads. As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.

20170831 - Greg Palmier: Terraform & AWS at Tempus

DevOps Chicago

Terraform is used at Tempus to define AWS infrastructure as code using modules and blueprints. Common utilities like a shared VPC are defined for re-use, while environment-specific configurations are generated. Applications are deployed using modules that define resources like load balancers, auto-scaling groups, and databases, allowing standardized deployment across environments in about 5 minutes. Monitoring and automation is implemented through CloudWatch, ASGs, and tools like Jenkins and PagerDuty.

Monitoring in a fast-changing world with Prometheus

Julien Pivotto

Where and When to Docker

dantheelder

This document provides an overview of Docker including what it is, why it's useful, considerations around security, when and where it should be used, and examples of how three customers have implemented Docker. Docker allows for consistent packaging of applications and their environments, improved resource usage, and more rapid deployments. Key benefits include standardization, security, auditability, and bridging the gap between development and operations. Docker is well-suited for web applications, microservices, and environments requiring frequent deployments, while legacy applications may not be the best fit. The document outlines lessons learned around each customer case study.

Big Brother: Kubernetes Edition

Knox Anderson

In this short demo-driven meetup, we'll help you get a handle on what's changing and how it will impact your DevOps practice. We'll cover: - What are the operational limitations of containers in production? - How do you get visibility inside containers without super-human effort? - How do you look into kubernetes performance, and not just container performance? - A live install of Sysdig Cloud on a running environment

Docker Introduction

Peng Xiao

This document provides an introduction to Docker and discusses: - The challenges of managing applications across different environments which Docker aims to solve through lightweight containers. - An overview of Docker concepts including images, containers, the Docker workflow and networking. - How Docker Compose allows defining and running multi-container applications and Docker Swarm enables orchestrating containers across a cluster. - The open container ecosystem including the Open Container Initiative for standardization.

Greenfields tech decisions

Trent Hornibrook

Similar to You're monitoring Kubernetes Wrong (20)

Monitoring microservices: Docker, Mesos and Kubernetes visibility at scale

DockerCon EU 2015: Monitoring Docker

Docker Usage Patterns - Meetup Docker Paris - November, 10th 2015

DevNexus 2015: Kubernetes & Container Engine

10 tips for Cloud Native Security

Kubernetes Security

Container Monitoring with Sysdig

Integration in the Cloud, by Rob Davies

Tampere Docker meetup - Happy 5th Birthday Docker

DockerCon 16 General Session Day 1

Docker Birthday #5 Meetup Cluj - Presentation

Docker in Production: How RightScale Delivers Cloud Applications

TIAD : Automating the aplication lifecycle

DCSF19 Container Security: Theory & Practice at Netflix

20170831 - Greg Palmier: Terraform & AWS at Tempus

Monitoring in a fast-changing world with Prometheus

Where and When to Docker

Big Brother: Kubernetes Edition

Docker Introduction

Greenfields tech decisions

More from Sysdig

Wordpress y Docker, de desarrollo a produccion

Sysdig

This document summarizes a presentation about using Docker for WordPress development and deployment. It discusses using Docker to create development environments for WordPress, building Docker images, and deploying WordPress containers to production using Docker Compose or Kubernetes. It also covers customizing configurations, using Traefik for proxy and SSL termination, backup strategies, and notes that Kubernetes is more complex than Docker for simple use cases.

What Prometheus means for monitoring vendors

Sysdig

Prometheus has become a de facto standard for exposing metrics from cloud-native applications and services. While originally intended as a time series database (TSDB) and monitoring stack, Prometheus metrics can now be used across different monitoring vendors through open standards like Open Metrics. This has implications for how monitoring vendors operate and provide value. Rather than seeing Prometheus as a threat, vendors should embrace the ecosystem and offer services that support Prometheus, like providing a scalable Prometheus backend, visualization tools, and metric collection agents. Doing so allows vendors to continue helping customers while respecting the open standards and tools they choose to use.

Docker Runtime Security

Sysdig

While there have been many improvements around securing containers, there is still a large gap in monitoring the behaviour of containers in production. Sysdig Falco is an open source behavioural activity monitor for containerized environments. Sysdig Falco can detect and alert on anomalous behaviour at the application, file, system, and network level. In this session get a deep dive into Falco: How does behavioural security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? What can Sysdig Falco detect? Building and customizing rules for your Docker and Kubernetes apps. Forensics analysis with Sysdig Inspect even when the container doesn't exist anymore! Read more on: https://sysdig.com/blog/docker-runtime-security/ https://sysdig.com/blog/runtime-security-kubernetes-sysdig-falco/

CI / CD / CS - Continuous Security in Kubernetes

Sysdig

Continuous Delivery helps to keep your software and Docker images updated and deploy new versions in production easily. Microservices are great at reducing the attack vector and limiting the privileges or credentials access of each piece of your application. Containers provide an opportunity to implement better security, small, immutable, single process and purpose. In this session, we will discover real use case examples on how to make your CI/CD pipeline interact with Docker security tools. But security doesn’t stop where your deployment pipeline ends. How can we prepare for 0-days and policy violations that happen at run-time? Can we make it part of the CI/CD process?

Continuous Security

Sysdig

Continuous Delivery helps to keep your software and Docker images updated and deploy new versions in production easily. Microservices are great reducing the attack vector and limiting the privileges or credentials access of each piece of your application. Containers provide an opportunity to implement better security, small, immutable, single process and purpose. In this session, we will discover real use case examples on how to make your CI/CD pipeline interact with Docker security tools. But security doesn’t stop where your deployment pipeline ends. How we can prepare for 0-days and policy violations that happen at run-time? Can we make it part of the CI/CD process?

The top 5 Kubernetes metrics to monitor

Sysdig

This document discusses metrics to monitor in a Kubernetes environment across 5 layers: 1. Application metrics like request rates, errors, and durations 2. Service metrics like database connections and service-specific metrics 3. Kubernetes deployment metrics like available replicas and rolling update status 4. Kubernetes internal metrics like node status and resource availability 5. Host/node metrics like CPU, memory, and disk usage Monitoring all 5 layers provides visibility into the health of applications, services, Kubernetes clusters and underlying infrastructure.

Find the Hacker

Sysdig

How to Secure Containers

Sysdig

While there have been many improvements around improving containers, there is still a large gap in securing the behavior of containers in production. Enter sysdig falco, the behavioral activity monitor for containerized environments. It can detect and alert on anomalous behavior at the application, file, system, and network level. In this session get a deep dive into falco and learn: - How does behavioral security differ from existing security solutions like image scanning? - How does falco work? What can it detect? - How do you build and customize rules for falco?

More from Sysdig (8)

Wordpress y Docker, de desarrollo a produccion

What Prometheus means for monitoring vendors

Docker Runtime Security

CI / CD / CS - Continuous Security in Kubernetes

Continuous Security

The top 5 Kubernetes metrics to monitor

Find the Hacker

How to Secure Containers

Recently uploaded

UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions

Peter Muessig

The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.

Fundamentals of Programming and Language Processors

Rakesh Kumar R

一比一原版(USF毕业证)旧金山大学毕业证如何办理

dakas1

USF硕士毕业证成绩单【微信95270640】一比一伪造旧金山大学文凭@假冒USF毕业证成绩单+Q微信95270640办理USF学位证书@仿造USF毕业文凭证书@购买旧金山大学毕业证成绩单USF真实使馆认证/真实留信认证回国人员证明 #一整套旧金山大学文凭证件办理#—包含旧金山大学旧金山大学本科毕业证成绩单学历认证|使馆认证|归国人员证明|教育部认证|留信网认证永远存档教育部学历学位认证查询办理国外文凭国外学历学位认证#我们提供全套办理服务。一整套留学文凭证件服务：一：旧金山大学旧金山大学本科毕业证成绩单毕业证 #成绩单等全套材料从防伪到印刷水印底纹到钢印烫金二：真实使馆认证（留学人员回国证明）使馆存档三：真实教育部认证教育部存档教育部留服网站永久可查四：留信认证留学生信息网站永久可查国外毕业证学位证成绩单办理方法： 1客户提供办理旧金山大学旧金山大学本科毕业证成绩单信息：姓名生日专业学位毕业时间等（如信息不确定可以咨询顾问：我们有专业老师帮你查询）； 2开始安排制作毕业证成绩单电子图； 3毕业证成绩单电子版做好以后发送给您确认； 4毕业证成绩单电子版您确认信息无误之后安排制作成品； 5成品做好拍照或者视频给您确认； 6快递给客户（国内顺丰国外DHLUPS等快读邮寄）。教育部文凭学历认证认证的用途：如果您计划在国内发展那么办理国内教育部认证是必不可少的。事业性用人单位如银行国企公务员在您应聘时都会需要您提供这个认证。其他私营 #外企企业无需提供！办理教育部认证所需资料众多且烦琐所有材料您都必须提供原件我们凭借丰富的经验帮您快速整合材料让您少走弯路。实体公司专业为您服务如有需要请联系我: 微信95270640奈一次次令他失望山娃今年岁上五年级识得很多字从走出小屋开始山娃就知道父亲的家和工地共有一个很动听的名字——天河工地的底层空空荡荡很宽阔很凉爽在地上铺上报纸和水泥袋父亲和工人们中午全睡在地上地面坑坑洼洼山娃曾多次绊倒过也曾有长铁钉穿透凉鞋刺在脚板上但山娃不怕工地上也常有五六个从乡下来的小学生他们的父母亲也是高楼上的建筑工人小伙伴来自不同省份都操着带有浓重口音的普通话可不知为啥山娃不仅很快与他们熟识了

WWDC 2024 Keynote Review: For CocoaCoders Austin

Patrick Weigel

一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理

dakas1

UMN硕士毕业证成绩单【微信95270640】购买（明尼苏达大学毕业证成绩单硕士学历）Q微信95270640代办UMN学历认证留信网伪造明尼苏达大学学位证书精仿明尼苏达大学本科/硕士文凭证书补办明尼苏达大学 diplomaoffer,Transcript购买明尼苏达大学毕业证成绩单购买UMN假毕业证学位证书购买伪造明尼苏达大学文凭证书学位证书,专业办理雅思、托福成绩单，学生ID卡，在读证明，海外各大学offer录取通知书，毕业证书，成绩单，文凭等材料:1:1完美还原毕业证、offer录取通知书、学生卡等各种在读或毕业材料的防伪工艺（包括烫金、烫银、钢印、底纹、凹凸版、水印、防伪光标、热敏防伪、文字图案浮雕，激光镭射，紫外荧光，温感光标）学校原版上有的工艺我们一样不会少，不论是老版本还是最新版本，都能保证最高程度还原，力争完美以求让所有同学都能享受到完美的品质服务。 #毕业证成绩单 #毕业証 #成绩单 #學生卡 #OFFER录取通知书 #雅思#托福等…… 国外大学明尼苏达大学明尼苏达大学毕业证offer制作方法（一对一专业服务） 1客户提供办理信息：姓名生日专业学位毕业时间等（如信息不确定可以咨询顾问：我们有专业老师帮你查询）； 2开始安排制作毕业证成绩单电子图； 3毕业证成绩单电子版做好以后发送给您确认； 4毕业证成绩单电子版您确认信息无误之后安排制作成品； 5成品做好拍照或者视频给您确认； 6快递给客户（国内顺丰国外DHLUPS等快读邮寄） — — 制作工艺【高仿真】— — 凭借多年的制作经验本公司制作明尼苏达大学明尼苏达大学毕业证offer《激光》《水印》《钢印》《烫金》《紫外线》凹凸版uv版等防伪技术一流高精仿度几乎跟学校100%相同！让您绝对满意。 — — -公司理念【诚信为主】— — — 我們以質量求生存.以服务求发展有雄厚的实力专业的团队咨询顾问为您细心解答可详谈是真是假眼见为实让您真正放心平凡人生,尽我所能助您一臂之力让我們携手圆您梦想! 此贴长年有效【贴心专线/微-信: 95270640】敬请保留此联系方式以备用！如有不在线请给我们留言！我们将在第一时间给您回复!上散发着一抹抹的光晕而这每处自然形成的细节融合在一起浑然天成的美实在令人心生愉悦小道的周边无秩序的生长着几株艳丽的野花红的粉的紫的虽混乱无章却给这幅美景更增添一份性感夹杂着一份纯洁的妖娆毫无违和感实在给人带来一份悠然幸福的心情如果说现在的审美已经断然拒绝了无声的话那么在树林间飞掠而过的小鸟叽叽咋咋的叫声是否就是这最后的点睛之笔悠然走在林间的小路上宁静与清香一丝丝的盛夏气息吸入身体昔日生活里的繁忙多

Liberarsi dai framework con i Web Component.pptx

Massimo Artizzu

In Italian Presentazione sulle feature e l'utilizzo dei Web Component nell sviluppo di pagine e applicazioni web. Racconto delle ragioni storiche dell'avvento dei Web Component. Evidenziazione dei vantaggi e delle sfide poste, indicazione delle best practices, con particolare accento sulla possibilità di usare web component per facilitare la migrazione delle proprie applicazioni verso nuovi stack tecnologici.

UI5con 2024 - Bring Your Own Design System

Peter Muessig

How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.

如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样

gapen1

原版定制【微信:bwp0011】《(hull学位证书)英国赫尔大学毕业证硕士文凭》【微信:bwp0011】成绩单、雅思、外壳、留信学历认证永久存档查询，采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。【业务选择办理准则】一、工作未确定，回国需先给父母、亲戚朋友看下文凭的情况，办理一份就读学校的毕业证【微信bwp0011】文凭即可二、回国进私企、外企、自己做生意的情况，这些单位是不查询毕业证真伪的，而且国内没有渠道去查询国外文凭的真假，也不需要提供真实教育部认证。鉴于此，办理一份毕业证【微信bwp0011】即可三、进国企，银行，事业单位，考公务员等等，这些单位是必需要提供真实教育部认证的，办理教育部认证所需资料众多且烦琐，所有材料您都必须提供原件，我们凭借丰富的经验，快捷的绿色通道帮您快速整合材料，让您少走弯路。留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才【关于价格问题（保证一手价格）】我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。

Artificia Intellicence and XPath Extension Functions

Octavian Nadolu

Energy consumption of Database Management - Florina Jonuzi

Green Software Development

Measures in SQL (SIGMOD 2024, Santiago, Chile)

Julian Hyde

SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries. SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL. To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context. A talk at SIGMOD, June 9–15, 2024, Santiago, Chile Authors: Julian Hyde (Google) and John Fremlin (Google) https://doi.org/10.1145/3626246.3653374

GreenCode-A-VSCode-Plugin--Dario-Jurisic

Green Software Development

All you need to know about Spring Boot and GraalVM

Alina Yurenko

fiscal year variant fiscal year variant.

AnkitaPandya11

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies

Quickdice ERP

Preparing Non - Technical Founders for Engaging a Tech Agency

ISH Technologies

Preparing non-technical founders before engaging a tech agency is crucial for the success of their projects. It starts with clearly defining their vision and goals, conducting thorough market research, and gaining a basic understanding of relevant technologies. Setting realistic expectations and preparing a detailed project brief are essential steps. Founders should select a tech agency with a proven track record and establish clear communication channels. Additionally, addressing legal and contractual considerations and planning for post-launch support are vital to ensure a smooth and successful collaboration. This preparation empowers non-technical founders to effectively communicate their needs and work seamlessly with their chosen tech agency.Visit our site to get more details about this. Contact us today www.ishtechnologies.com.au

SQL Accounting Software Brochure Malaysia

GohKiangHock

14 th Edition of International conference on computer vision

ShulagnaSarkar2

About the event 14th Edition of International conference on computer vision Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products. Nomination are Open!! Don't Miss it Visit: computer.scifat.com Award Nomination: https://x-i.me/ishnom Conference Submission: https://x-i.me/anicon For Enquiry: Computer@scifat.com

Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...

XfilesPro

Hand Rolled Applicative User ValidationCode Kata

Philip Schwarz

Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>? The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory. Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away. The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.

Recently uploaded (20)

UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions

Fundamentals of Programming and Language Processors

一比一原版(USF毕业证)旧金山大学毕业证如何办理

WWDC 2024 Keynote Review: For CocoaCoders Austin

一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理

Liberarsi dai framework con i Web Component.pptx

UI5con 2024 - Bring Your Own Design System

如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样

Artificia Intellicence and XPath Extension Functions

Energy consumption of Database Management - Florina Jonuzi

Measures in SQL (SIGMOD 2024, Santiago, Chile)

GreenCode-A-VSCode-Plugin--Dario-Jurisic

All you need to know about Spring Boot and GraalVM

fiscal year variant fiscal year variant.

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies

Preparing Non - Technical Founders for Engaging a Tech Agency

SQL Accounting Software Brochure Malaysia

14 th Edition of International conference on computer vision

Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...

Hand Rolled Applicative User ValidationCode Kata

You're monitoring Kubernetes Wrong

1. You're Monitoring Kubernetes Wrong Loris Degioanni, CEO, Sysdig

2. Data Application Health Checks System/ Process Infrastructure Custom Metrics JVM Data Big Honkin’ Data Engine Unicorns and Rainbows Dashboards

4. Loris Degioanni Founder and CEO of sysdig Past: WinPcap, Wireshark http://www.sysdig.org @lorisdegio Me

5. Today • Monitoring Kubernetes • Few best practices • Some ideas • Some proposals

6. Using • Sysdig • https://github.com/draios/sysdig • Sysdig Cloud • https://sysdig.com/

7. In a Vendor Neutral Way

8. We Are in the Middle of a Big Change PCs/Servers Virtual Machines Containers

9. We Are in the Middle of a Big Change PCs/Servers Virtual Machines Containers Unit: machine Orchestration: none Architecture: monolithic Unit: machine Orchestration: external Architecture: monolithic Unit: app/service Orchestration: native Architecture: service-based

10. Things Are More Complex Now Cache Webserver Database

11. Computing Node Computing Node Computing Node Service1 Service2 Service3 Computing Node Computing Node Computing Node Things Are More Complex Now

12. Computing Node Computing Node Computing Node Computing Node Computing Node Computing Node Service1 Service2 Service3 Things Are More Complex

13. This Time Is More Than Servers and Processes

14. How Does This Impact Monitoring?

15. 4 Things That Are Harder Now 1. Getting the data 2. Making sense of the data 3. Troubleshooting 4. People

16. Getting The Data • What makes containers great… • Simple • Small • Isolated • Few dependencies • … Also makes them more opaque

17. Getting The Data: Pods OS Container1 Docker Container2 Docker

18. PodPod Getting The Data: Pods OS Container1 Docker Container2 Docker

19. PodPod Getting The Data: Pods OS Container1 Docker Monitoring Docker Container2 Docker Monitoring Docker

20. Getting The Data: Sysdig OS Container1 Docker Container2 Docker Container3 DockerAppApp

21. Getting The Data: Sysdig OS Container1 Docker Container2 Docker Container3 DockerAppApp kernel module

22. Getting The Data: Sysdig OS Container1 Docker Container2 Docker Container3 DockerAppApp sysdig Docker Capture and analysis

23. Getting The Data: Sysdig OS Container1 Docker Container2 Docker Container3 DockerAppApp sysdig Docker Capture and analysis

24. Getting/Making Sense of the Data: Guidelines • You should not be involved in monitoring instrumentation • You should not be involved in producing anything that is not a custom metric • Every metric should be tagged • Tagging must be integrated with Kubernetes • You should not be involved in tagging metrics • You should collect everything, with no filters

25. Demo – monitoring and segmenting data with sysdig monitoring

26. Troubleshooting (https://github.com/kubernetes/kubernetes/issues/14051)

27. Demo – troubleshooting with open source sysdig

28. People • Microservices are about people • Monitoring microservices should be about people too

29. Introducing: Sysdig Teams

30.

31. Sysdig Teams: Service-based access control • Designed to reflect teams of people • Integrated with Kubernetes • Support isolation and customization • Self service • Centralized

32. Use Cases • “dev vs prod” split • Team per Microservice • PaaS • Restricted environments

33. Links • Sysdig • https://github.com/draios/sysdig • Sysdig Cloud • https://sysdig.com/ • Teams • https://sysdig.com/blog/introducing-sysdig-teams/

Editor's Notes

Kubernetes monitoring is the focus of this presentation Sysdig has worked with hundreds of customers deploying and monitoring kubernetes Here’s a little bit of what we’ve learned
Monitoring is easy right? Just grab a bunch of data, put it in the washing machine, and happiness unicorns and rainbows emerge.
But in reality it looks a little more like this
Hi I’m loris, creator and founder of sysdig Started as an opensource tool (http://www.sysdig.org) Formerly one of the co-creators of wireshark
Sure I love Sysdig, but much of what I’ll show you here is applicable to monitoring any kubernetes environment.
We’ve seen series of generational changes to deployment architectures
In each generation, we’ve seen more complexity in application architecture in order to support a faster development process, that can deliver more functionality faster to the end user.
Here’s my simple example, your classic three tier application
In the microservice world you’ve got: Multiple containers per service Distributed physically across many nodes And the nodes might not be physically located in the same place Driven by an orchestration system that can be making changes at any point in time
Networking and communications in this world is an order of magnitude more complex Naturally that makes the data even more essential to understanding the system
….and it’s not just tech, it’s also the people behind it You’re actually changing the way dev teams are working They are mapping organizations to their services Smaller teams dedicated to individual services And different expectations about how their tools will support them
Now Let’s talk about the impact of docker containers, microservices and kubernetes on monitoring
Pods are how kubernetes describes containers that require a shared fate
Pods are used to create a “sidecar” for monitoring agents. This is useful, but still complex: Networking requirements Resource utilization (agent / pod) More uncertainty for application performance
The other method uses transparent instrumentation at the kernel/host layer
The pros here are greater simplicity around instrumentation, networking, and resource utilization
The con here is that, in order for this to work, the agent must be deployed in priviledged mode.
If there is one thing you remember from this presentation, it should be this slide. This is the way we believe monitoring data should be collected, filtered, and managed in a kubernetes world.
Let’s go deeper into troubleshooting The complexity of orchestrated environments means that troubleshooting is even hard than before. In addition, the slimmed nature of containers means you won’t have most of your tools like tcpdump or htop. Even if you did, they wouldn’t have the context of your environment, containers, and orchestrators to solve your issues. That’s where sysdig’s open source CLI comes into play.
This isn’t all about technology. What excites me about the move to microservices is that it also can impact the way people work. We’ve seen that in terms of developer teams reorganizing around services. We think your monitoring should do the same.

You're monitoring Kubernetes Wrong

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (15)

Similar to You're monitoring Kubernetes Wrong

Similar to You're monitoring Kubernetes Wrong (20)

More from Sysdig

More from Sysdig (8)

Recently uploaded

Recently uploaded (20)

You're monitoring Kubernetes Wrong

Editor's Notes