runtimes over traditional Cloud instances • Dogfooding! • We use GCP GKE • Stock monitoring options work, but we wanted to leverage our Stack • All container logs and metrics • Host metrics • Beats + k8s metadata Beats + Kubernetes in Practice Deployment
apps and use cases Kubernetes itself (events, unavailable pods, etc.) Why is $x burning its allocation of CPU resources? What is our current cluster capacity, and how much room to grow? Logs and metrics for dev apps, ES, Vault, Logstash, etc. “How much network traffic is our nginx ingress controller serving?”
changes for our environment (helm) • RBAC and default configs all work well out-of-the box • Just pay attention where to send logs and metrics (internal vs. external Elasticsearch) This is a sample image Kubernetes Definitions Setup go.es.io/beats-k8s
handles Pod restarts well • Defining pipelines at config-time is useful for extra parsing without changing container configs • Very favorable performance versus stock GKE fluentd log shippers (more on that later) Deployment Observations 21 From the field
in k8s • Gets ahead of questions like Metricbeat’s ability to introspect host node metrics, Docker socket access, etc. • Pour everything into Elasticsearch and repurpose your data • Other engineers have built monitoring tools atop the metrics we’re already collecting to alert on unavailable pods with Watcher, for example (one label = monitored app) • Democratizing metrics and logs in Elasticsearch has permitted anyone to create app dashboards for their own purposes (self-serve monitoring, alerting, and more) • Textual search alongside metrics is powerful (aggregations, regexes, etc.) Lessons about Beats and Kubernetes 33
Creative Commons and the double C in a circle are registered trademarks of Creative Commons in the United States and other countries. Third party marks and brands are the property of their respective holders. 36 Please attribute Elastic with a link to elastic.co