Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Making your Kubernetes-based log collection rel...

Palark
November 24, 2023
Technology
1
11k

Making your Kubernetes-based log collection reliable & durable with Vector

Tech talk by Maksim Nabokikh, Platform Lead @ Palark, presented at KCD (Kubernetes Community Days) Austria 2023 and OSMC (Open Source Monitoring Conference) 2023.

Vector is an Open Source high-performance solution for collecting & processing your observability data. In this talk, Maksim shares our experience using it for log collection in hundreds of Kubernetes clusters.

Find more resources for this talk:
* Blog article: Collecting logs in Kubernetes with Vector: Benefits, architecture, real cases.
* YouTube video.

P.S. Subscribe to the Palark tech blog to get our latest articles on DevOps, SRE, Kubernetes, and more!

Palark

November 24, 2023
Tweet

More Decks by Palark

See All by Palark
Exchanging third-party tokens in Dex
palark
1
93
DevOps & SRE job satisfaction survey 2023 by Palark
palark
0
51

Other Decks in Technology

See All in Technology
プロダクトエンジニアが活躍する環境を作りたくて 事業責任者になった話 ~プロダクトエンジニアの行き着く先~
gimupop
1
460
APIテスト自動化の勘所
yokawasa
7
4.1k
Aurora_BlueGreenDeploymentsやってみた
tsukasa_ishimaru
1
120
よくわからんサービスについての問い合わせが来たときの強い味方 Amazon Q について
kazzpapa3
0
220
「最高のチューニング」をしないために / hack@delta 24.10
fujiwara3
21
3.4k
いまならこう作りたい AWSコンテナ[本格]入門ハンズオン 〜2024年版 ハンズオンの構想〜
horsewin
9
2.1k
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
6
1.1k
Emacs x Nostr
hakkadaikon
1
150
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
オニオンアーキテクチャで実現した 本質課題を解決する インフラ移行の実例
hryushm
14
3k
生成AIの強みと弱みを理解して、生成AIがもたらすパワーをプロダクトの価値へ繋げるために実践したこと / advance-ai-generating
cyberagentdevelopers
PRO
1
180
CyberAgent 生成AI Deep Dive with Amazon Web Services / genai-aws
cyberagentdevelopers
PRO
1
480

Featured

See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
The Cost Of JavaScript in 2023
addyosmani
45
6.6k
The Cult of Friendly URLs
andyhume
78
6k
Music & Morning Musume
bryan
46
6.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
363
19k
Gamification - CAS2011
davidbonilla
80
5k
Designing the Hi-DPI Web
ddemaree
280
34k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
167
49k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Git: the NoSQL Database
bkeepers
PRO
425
64k

Transcript

  1. Making your kubernetes-based log collection reliable & durable with vector

    VECTOR MAKSIM NABOKIKH Platform Lead

  2. DISCLAIMER During this talk preparation, no Kubernetes clusters were hurt

  3. DISCLAIMER During this talk preparation, no Kubernetes clusters were hurt

    Just kidding, in reality, there were ple-e-e-enty of outages

  4. ABOUT PALARK We offer all-in-one DevOps-as-a-Service and pick the best

    Open Source projects to fulfill our client goals 16 70 Years in Linux, DevOps & Kubernetes Managed Kubernetes clusters 15 90 Awesome engineers Tech posts at blog.palark.com

  5. PLAN LOGS IN KUBERNETES Let’s recall what to collect in

    Kubernetes WHAT IS VECTOR And in which way it is applicable PRACTICAL USE Exciting operating (Ops) experience cases 1 2 3

  6. LOGS IN KUBERNETES

  7. LOGS IN KUBERNETES: POD LOGS Log file location path consists

    of a pod name, container name, and UID Format and location of files depends on the CRI settings Max size and rotation depends on the kubelet settings kubernetes.io/docs/concepts/cluster-administration/logging/ /var/log/pods pod-1 pod-2 kubelet stdout stderr stdout stderr

  8. LOGS IN KUBERNETES: NODE SERVICES Files in the /var/log directory

    (probably) Max size and rotation configured by journald Format can be anything… kubernetes.io/docs/concepts/cluster-administration/logging/ containerd kubelet audit logs syslog

  9. LOGS IN KUBERNETES: EVENTS Can only be collected from the

    Kubernetes API Can be collected as either logs, metrics, or traces kubernetes.io/docs/concepts/cluster-administration/logging/ apiVersion: v1 kind: Event count: 1 metadata: name: standard-worker-1.178264e1185b006f namespace: default reason: RegisteredNode firstTimestamp: '2023-09-06T19:08:47Z' lastTimestamp: '2023-09-06T19:08:47Z' involvedObject: apiVersion: v1 kind: Node name: standard-worker-1 uid: 50fb55c5-d97e-4851-85c6-187465154db6 message: 'Registered Node standard-worker-1 in Controller'

  10. LOGS IN KUBERNETES: EVENTS Can only be collected from the

    Kubernetes API Can be collected as either logs, metrics, or traces kubernetes.io/docs/concepts/cluster-administration/logging/ apiVersion: v1 kind: Event count: 1 metadata: name: standard-worker-1.178264e1185b006f namespace: default reason: RegisteredNode firstTimestamp: '2023-09-06T19:08:47Z' lastTimestamp: '2023-09-06T19:08:47Z' involvedObject: apiVersion: v1 kind: Node name: standard-worker-1 uid: 50fb55c5-d97e-4851-85c6-187465154db6 message: 'Registered Node standard-worker-1 in Controller'

  11. LOGS IN KUBERNETES: EVENTS Can only be collected from the

    Kubernetes API Can be collected as either logs, metrics, or traces kubernetes.io/docs/concepts/cluster-administration/logging/ apiVersion: v1 kind: Event count: 1 metadata: name: standard-worker-1.178264e1185b006f namespace: default reason: RegisteredNode firstTimestamp: '2023-09-06T19:08:47Z' lastTimestamp: '2023-09-06T19:08:47Z' involvedObject: apiVersion: v1 kind: Node name: standard-worker-1 uid: 50fb55c5-d97e-4851-85c6-187465154db6 message: 'Registered Node standard-worker-1 in Controller'

  12. LOGS IN KUBERNETES: EVENTS Can only be collected from the

    Kubernetes API Can be collected as either logs, metrics, or traces kubernetes.io/docs/concepts/cluster-administration/logging/ apiVersion: v1 kind: Event count: 1 metadata: name: standard-worker-1.178264e1185b006f namespace: default reason: RegisteredNode firstTimestamp: '2023-09-06T19:08:47Z' lastTimestamp: '2023-09-06T19:08:47Z' involvedObject: apiVersion: v1 kind: Node name: standard-worker-1 uid: 50fb55c5-d97e-4851-85c6-187465154db6 message: 'Registered Node standard-worker-1 in Controller'

  13. LOGS IN KUBERNETES kubernetes.io/docs/concepts/cluster-administration/logging/ What we can collect? Source Pod

    logs Files Node services logs Files Events Kubernetes API

  14. LOGS IN KUBERNETES kubernetes.io/docs/concepts/cluster-administration/logging/ What we can collect? Source Pod

    logs Files Node services logs Files Events Kubernetes API

  15. WHAT IS VECTOR

  16. WHAT IS VECTOR A lightweight, ultra-fast tool for building observability

    pipelines vector.dev

  17. WHAT IS VECTOR A lightweight, ultra-fast tool for building observability

    pipelines vector.dev

  18. WHAT IS VECTOR An open source, efficient tool for building

    log collecting pipelines vector.dev

  19. WHAT IS VECTOR Vendor agnostic You do not need to

    rewrite Vector in Rust Performance by design and continuous benchmarking Flexible building block vector.dev An open source, efficient tool for building log collecting pipelines

  20. VECTOR’S ARCHITECTURE

  21. VECTOR’S ARCHITECTURE Remap Filter Aggregate Collect Transform Send File K8s

    Socket 9 in total 40 in total 52 in total …

  22. … VECTOR’S ARCHITECTURE Remap Filter Aggregate Collect Transform Send File

    K8s Socket 9 in total 40 in total 52 in total Vector Remap Language (VRL)

  23. VECTOR REMAP LANGUAGE

  24. VECTOR REMAP LANGUAGE [transforms.filter_severity] type = "filter" inputs = ["logs"]

    condition = '.severity != "info"'

  25. VECTOR REMAP LANGUAGE [transforms.filter_severity] type = "filter" inputs = ["logs"]

    condition = '.severity != "info"' [transforms.sanitize_kubernetes_labels] type = "remap" inputs = ["logs"] source = ''' if exists(.pod_labels."controller-revision-hash") { del(.pod_labels."controller-revision-hash") } if exists(.pod_labels."pod-template-hash") { del(.pod_labels."pod-template-hash") } '''

  26. VECTOR REMAP LANGUAGE [transforms.filter_severity] type = "filter" inputs = ["logs"]

    condition = '.severity != "info"' [transforms.sanitize_kubernetes_labels] type = "remap" inputs = ["logs"] source = ''' if exists(.pod_labels."controller-revision-hash") { del(.pod_labels."controller-revision-hash") } if exists(.pod_labels."pod-template-hash") { del(.pod_labels."pod-template-hash") } ''' [transforms.backslash_multiline] type = "reduce" inputs = ["logs"] group_by = ["file", "stream"] merge_strategies."message" = "concat_newline" ends_when = ''' matched, err = match(.message, r'[^\\]$'); if err != null { false; } else { matched; } '''

  27. LOG COLLECTING TOPOLOGIES

  28. LOG COLLECTING TOPOLOGIES log-shipper log-shipper log-shipper log-shipper log-shipper storage Distributed

  29. LOG COLLECTING TOPOLOGIES log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper

    log-shipper log-shipper log-shipper aggregator storage aggregator storage Distributed Centralized

  30. LOG COLLECTING TOPOLOGIES log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper

    log-shipper log-shipper log-shipper aggregator storage aggregator storage log-shipper log-shipper log-shipper log-shipper log-shipper queue storage Distributed Centralized Stream

  31. LOG COLLECTING TOPOLOGIES log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper

    log-shipper log-shipper log-shipper aggregator storage aggregator storage log-shipper log-shipper log-shipper log-shipper log-shipper queue storage Distributed Centralized Stream

  32. LOG COLLECTING TOPOLOGIES aggregator storage aggregator storage queue storage Distributed

    Centralized Stream log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper log-shipper

  33. VECTOR IN KUBERNETES

  34. VECTOR IN KUBERNETES github.com/deckhouse/deckhouse/blob/main/modules/460-log-shipper/templates/daemonset.yaml /var/log /vector-data /etc/vector Vector Reloader Kube

    RBAC proxy log-shipper Vector – collects logs Reloader – validates config and reloads Kube RBAC proxy – protects metrics Node File System

  35. VECTOR IN KUBERNETES github.com/deckhouse/deckhouse/blob/main/modules/460-log-shipper/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet /var/log /vector-data

    /etc/vector Vector Reloader Kube RBAC proxy log-shipper Vector – collects logs Reloader – validates config and reloads Kube RBAC proxy – protects metrics Node File System

  36. VECTOR IN KUBERNETES github.com/deckhouse/deckhouse/blob/main/modules/460-log-shipper/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet volumes: -

    name: var-log hostPath: path: /var/log/ - name: vector-data-dir hostPath: path: /mnt/vector-data - name: localtime hostPath: path: /etc/localtime /var/log /vector-data /etc/vector Vector Reloader Kube RBAC proxy log-shipper Vector – collects logs Reloader – validates config and reloads Kube RBAC proxy – protects metrics Node File System

  37. VECTOR IN KUBERNETES github.com/deckhouse/deckhouse/blob/main/modules/460-log-shipper/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet volumes: -

    name: var-log hostPath: path: /var/log/ - name: vector-data-dir hostPath: path: /mnt/vector-data - name: localtime hostPath: path: /etc/localtime volumeMounts: - name: var-log mountPath: /var/log/ readOnly: true /var/log /vector-data /etc/vector Vector Reloader Kube RBAC proxy log-shipper Vector – collects logs Reloader – validates config and reloads Kube RBAC proxy – protects metrics Node File System

  38. VECTOR IN KUBERNETES github.com/deckhouse/deckhouse/blob/main/modules/460-log-shipper/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet volumes: -

    name: var-log hostPath: path: /var/log/ - name: vector-data-dir hostPath: path: /mnt/vector-data - name: localtime hostPath: path: /etc/localtime volumeMounts: - name: var-log mountPath: /var/log/ readOnly: true terminationGracePeriodSeconds: 120 /var/log /vector-data /etc/vector Vector Reloader Kube RBAC proxy log-shipper Vector – collects logs Reloader – validates config and reloads Kube RBAC proxy – protects metrics Node File System

  39. VECTOR IN KUBERNETES github.com/deckhouse/deckhouse/blob/main/modules/460-log-shipper/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet volumes: -

    name: var-log hostPath: path: /var/log/ - name: vector-data-dir hostPath: path: /mnt/vector-data - name: localtime hostPath: path: /etc/localtime volumeMounts: - name: var-log mountPath: /var/log/ readOnly: true terminationGracePeriodSeconds: 120 shareProcessNamespace: true /var/log /vector-data /etc/vector Vector Reloader Kube RBAC proxy log-shipper Vector – collects logs Reloader – validates config and reloads Kube RBAC proxy – protects metrics Node File System

  40. VECTOR IN KUBERNETES github.com/deckhouse/deckhouse/blob/main/modules/460-log-shipper/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet volumes: -

    name: var-log hostPath: path: /var/log/ - name: vector-data-dir hostPath: path: /mnt/vector-data - name: localtime hostPath: path: /etc/localtime volumeMounts: - name: var-log mountPath: /var/log/ readOnly: true terminationGracePeriodSeconds: 120 shareProcessNamespace: true /var/log /vector-data /etc/vector Vector Reloader Kube RBAC proxy log-shipper Vector – collects logs Reloader – validates config and reloads Kube RBAC proxy – protects metrics Node File System

  41. PRACTICAL USE

  42. CASE #1: NO SPACE LEFT ON THE DEVICE

  43. $ lsof -nP | grep '(deleted)' CASE #1: NO SPACE

    LEFT ON THE DEVICE

  44. $ lsof -nP | grep '(deleted)' vector 6331 root 25r

    REG 253,3 10602 72738831 /var/log/.../1.log (deleted) vector 6331 root 44r REG 253,3 10239 33665268 /var/log/.../1.log (deleted) vector 6331 6628 vector-wo root 25r REG 253,3 10602 72738831 /var/log/.../1.log (deleted) vector 6331 6628 vector-wo root 44r REG 253,3 10239 33665268 /var/log/.../1.log (deleted) vector 6331 6629 vector-wo root 25r REG 253,3 10602 72738831 /var/log/.../1.log (deleted) CASE #1: NO SPACE LEFT ON THE DEVICE

  45. $ lsof -nP | grep '(deleted)' vector 6331 root 25r

    REG 253,3 10602 72738831 /var/log/.../1.log (deleted) vector 6331 root 44r REG 253,3 10239 33665268 /var/log/.../1.log (deleted) vector 6331 6628 vector-wo root 25r REG 253,3 10602 72738831 /var/log/.../1.log (deleted) vector 6331 6628 vector-wo root 44r REG 253,3 10239 33665268 /var/log/.../1.log (deleted) vector 6331 6629 vector-wo root 25r REG 253,3 10602 72738831 /var/log/.../1.log (deleted) CASE #1: NO SPACE LEFT ON THE DEVICE

  46. Vector CASE #1: NO SPACE LEFT ON THE DEVICE

  47. Vector /var/log/pods CASE #1: NO SPACE LEFT ON THE DEVICE

  48. Vector /var/log/pods /var/log/pods/{uid}/1.log 10Mb CASE #1: NO SPACE LEFT ON

    THE DEVICE

  49. Vector /var/log/pods /var/log/pods/{uid}/1.log 20Mb CASE #1: NO SPACE LEFT ON

    THE DEVICE

  50. Vector /var/log/pods /var/log/pods/{uid}/1.log 50Mb CASE #1: NO SPACE LEFT ON

    THE DEVICE

  51. Vector /var/log/pods /var/log/pods/{uid}/1.log 50Mb kubelet CASE #1: NO SPACE LEFT

    ON THE DEVICE

  52. Vector /var/log/pods /var/log/pods/{uid}/1.log 50Mb kubelet CASE #1: NO SPACE LEFT

    ON THE DEVICE

  53. Vector /var/log/pods /var/log/pods/{uid}/1.log 10Mb kubelet CASE #1: NO SPACE LEFT

    ON THE DEVICE

  54. Vector /var/log/pods /var/log/pods/{uid}/1.log 50Mb kubelet CASE #1: NO SPACE LEFT

    ON THE DEVICE

  55. Vector /var/log/pods /var/log/pods/{uid}/1.log 50Mb kubelet Loki CASE #1: NO SPACE

    LEFT ON THE DEVICE

  56. Vector /var/log/pods /var/log/pods/{uid}/1.log 50Mb kubelet Loki 429 CASE #1: NO

    SPACE LEFT ON THE DEVICE

  57. Vector /var/log/pods /var/log/pods/{uid}/1.log 50Mb kubelet Loki 429 CASE #1: NO

    SPACE LEFT ON THE DEVICE

  58. Vector /var/log/pods /var/log/pods/{uid}/1.log 10Mb kubelet Loki 429 /var/log/pods/{uid}/1.log (DELETED) 50Mb

    CASE #1: NO SPACE LEFT ON THE DEVICE

  59. Vector /var/log/pods /var/log/pods/{uid}/1.log kubelet Loki 429 /var/log/pods/{uid}/1.log (DELETED) 50Mb 10Mb

    CASE #1: NO SPACE LEFT ON THE DEVICE

  60. Vector /var/log/pods /var/log/pods/{uid}/1.log kubelet Loki 429 /var/log/pods/{uid}/1.log (DELETED) 50Mb 10Mb

    /var/log/pods/{uid}/1.log (DELETED) 50Mb CASE #1: NO SPACE LEFT ON THE DEVICE

  61. Vector /var/log/pods /var/log/pods/{uid}/1.log kubelet Loki 429 /var/log/pods/{uid}/1.log (DELETED) 50Mb 10Mb

    /var/log/pods/{uid}/1.log (DELETED) 50Mb CASE #1: NO SPACE LEFT ON THE DEVICE

  62. Vector /var/log/pods /var/log/pods/{uid}/1.log kubelet Loki 429 /var/log/pods/{uid}/1.log (DELETED) 50Mb 10Mb

    /var/log/pods/{uid}/1.log (DELETED) 50Mb /var/log/pods/{uid}/1.log (DELETED) 50Mb CASE #1: NO SPACE LEFT ON THE DEVICE

  63. HOW TO SOLVE? 1. Tune buffer settings Blocking (default) Drop

    Newest In Memory (default) Disk buffer Max events 1000 (default) 10000 2. Rule of a thumb Let logs go out of the node as quick as possible 3. If you brave enough sysctl -w fs.file-max=1000 (unsafe) vector.dev/docs/about/under-the-hood/architecture/buffering-model/ CASE #1: NO SPACE LEFT ON THE DEVICE

  64. CASE #2: PROMETHEUS EXPLODED

  65. uid=a uid=b vector_checkpoints_total{file=”/var/log/pods/a/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/b/{container}/1.log”} Vector Prometheus a b CASE #2:

    PROMETHEUS EXPLODED

  66. uid=a uid=b vector_checkpoints_total{file=”/var/log/pods/a/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/b/{container}/1.log”} Vector Prometheus a b CASE #2:

    PROMETHEUS EXPLODED

  67. uid=c uid=d vector_checkpoints_total{file=”/var/log/pods/a/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/b/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/c/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/d/{container}/1.log”} Vector Prometheus a b

    c d CASE #2: PROMETHEUS EXPLODED

  68. uid=c uid=d vector_checkpoints_total{file=”/var/log/pods/a/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/b/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/c/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/d/{container}/1.log”} Vector Prometheus a b

    c d CASE #2: PROMETHEUS EXPLODED

  69. uid=f uid=e vector_checkpoints_total{file=”/var/log/pods/a/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/b/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/c/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/d/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/e/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/f/{container}/1.log”} Vector Prometheus

    a b c d e f CASE #2: PROMETHEUS EXPLODED

  70. uid=f uid=e vector_checkpoints_total{file=”/var/log/pods/a/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/b/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/c/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/d/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/e/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/f/{container}/1.log”} Vector Prometheus

    a b c d e f CASE #2: PROMETHEUS EXPLODED

  71. uid=f uid=e vector_checkpoints_total{file=”/var/log/pods/a/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/b/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/c/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/d/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/e/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/f/{container}/1.log”} Vector Prometheus

    a b c d e f metric_relabel_configs: - regex: 'file' action: labeldrop CASE #2: PROMETHEUS EXPLODED

  72. uid=f uid=e vector_checkpoints_total{file=”/var/log/pods/a/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/b/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/c/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/d/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/e/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/f/{container}/1.log”} Vector Prometheus

    a b c d e f metric_relabel_configs: - regex: 'file' action: labeldrop CASE #2: PROMETHEUS EXPLODED

  73. uid=f uid=e vector_checkpoints_total{file=”/var/log/pods/a/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/b/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/c/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/d/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/e/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/f/{container}/1.log”} Vector Prometheus

    a b c d e f HOW TO SOLVE? expire_metrics_secs=60 CASE #2: PROMETHEUS EXPLODED

  74. uid=f uid=e vector_checkpoints_total{file=”/var/log/pods/c/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/d/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/e/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/f/{container}/1.log”} Vector Prometheus c d

    e f HOW TO SOLVE? expire_metrics_secs=60 CASE #2: PROMETHEUS EXPLODED

  75. uid=f uid=e vector_checkpoints_total{file=”/var/log/pods/e/{container}/1.log”} vector_checkpoints_total{file=”/var/log/pods/f/{container}/1.log”} Vector Prometheus e f HOW TO

    SOLVE? expire_metrics_secs=60 CASE #2: PROMETHEUS EXPLODED

  76. HOW TO SOLVE? expire_metrics_secs=60 vector_component_errors_total time 7 3 3 errors

    4 m ore errors expiration triggered 3 errors empty! This behavior makes the result of the rate PromQL function equal to zero. CASE #2: PROMETHEUS EXPLODED

  77. HOW TO SOLVE? expire_metrics_secs=60 CASE #2: PROMETHEUS EXPLODED

  78. HOW TO SOLVE? expire_metrics_secs=60 Patch for Vector to remove the

    file label CASE #2: PROMETHEUS EXPLODED

  79. CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  80. Vector Vector Vector Kubernetes CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  81. Vector Vector Vector Kubernetes CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  82. Vector Vector Vector Kubernetes CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  83. control-plane node memory consumption etcd memory consumption CASE #3: KUBERNETES

    CONTROL PLANE OUTAGE

  84. Vector Vector Vector Kubernetes CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  85. Vector Vector Vector Kubernetes CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  86. Vector Vector Vector Kubernetes LIST /api/v1/pods?fieldSelector=spec.nodeName=$NODE_NAME 110 pods CASE #3:

    KUBERNETES CONTROL PLANE OUTAGE

  87. Vector Vector Vector Kubernetes LIST /api/v1/pods?fieldSelector=spec.nodeName=$NODE_NAME 110 pods etcd /registry/<kind>/<namespace>/<name>

    ALL pods CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  88. Vector Vector Vector Kubernetes LIST /api/v1/pods?fieldSelector=spec.nodeName=$NODE_NAME 110 pods etcd /registry/<kind>/<namespace>/<name>

    ALL pods RAM↑ RAM↑ CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  89. Vector Vector Vector Kubernetes LIST /api/v1/pods?fieldSelector=spec.nodeName=$NODE_NAME 110 pods etcd /registry/<kind>/<namespace>/<name>

    ALL pods RAM↑ RAM↑ CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  90. HOW TO SOLVE? CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  91. 1. Cache read (resourceVersion=0) LIST /api/v1/pods?fieldSelector=spec.nodeName=$NODE_NAME&resourceVersion=0 HOW TO SOLVE? CASE

    #3: KUBERNETES CONTROL PLANE OUTAGE

  92. 1. Cache read (resourceVersion=0) LIST /api/v1/pods?fieldSelector=spec.nodeName=$NODE_NAME&resourceVersion=0 HOW TO SOLVE? CASE

    #3: KUBERNETES CONTROL PLANE OUTAGE

  93. 1. Cache read (resourceVersion=0) LIST /api/v1/pods?fieldSelector=spec.nodeName=$NODE_NAME&resourceVersion=0 use_apiserver_cache=true HOW TO SOLVE?

    CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  94. 1. Cache read (resourceVersion=0) 2. Limit concurrent requests (Priority and

    Fairness API) apiVersion: flowcontrol.apiserver.k8s.io/v1beta1 kind: PriorityLevelConfiguration metadata: name: limit-list-custom spec: type: Limited limited: assuredConcurrencyShares: 5 limitResponse: queuing: handSize: 4 queueLengthLimit: 50 queues: 16 type: Queue apiVersion: flowcontrol.apiserver.k8s.io/v1beta1 kind: FlowSchema metadata: name: limit-list-custom spec: priorityLevelConfiguration: name: limit-list-custom distinguisherMethod: type: ByUser rules: - resourceRules: - apiGroups: [""] clusterScope: true namespaces: ["*"] resources: ["pods"] verbs: ["list", "get"] subjects: - kind: ServiceAccount serviceAccount: name: *** namespace: *** HOW TO SOLVE? CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  95. 1. Cache read (resourceVersion=0) 2. Limit concurrent requests (Priority and

    Fairness API) apiVersion: flowcontrol.apiserver.k8s.io/v1beta1 kind: PriorityLevelConfiguration metadata: name: limit-list-custom spec: type: Limited limited: assuredConcurrencyShares: 5 limitResponse: queuing: handSize: 4 queueLengthLimit: 50 queues: 16 type: Queue apiVersion: flowcontrol.apiserver.k8s.io/v1beta1 kind: FlowSchema metadata: name: limit-list-custom spec: priorityLevelConfiguration: name: limit-list-custom distinguisherMethod: type: ByUser rules: - resourceRules: - apiGroups: [""] clusterScope: true namespaces: ["*"] resources: ["pods"] verbs: ["list", "get"] subjects: - kind: ServiceAccount serviceAccount: name: *** namespace: *** HOW TO SOLVE? CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  96. 1. Cache read (resourceVersion=0) 2. Limit concurrent requests (Priority and

    Fairness API) HOW TO SOLVE? CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  97. 1. Cache read (resourceVersion=0) 2. Limit concurrent requests (Priority and

    Fairness API) 3. Use kubelet API instead of Kubernetes Pods metadata can be fetched by requesting the /pods endpoint HOW TO SOLVE? CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  98. 1. Cache read (resourceVersion=0) 2. Limit concurrent requests (Priority and

    Fairness API) 3. Use kubelet API instead of Kubernetes HOW TO SOLVE? CASE #3: KUBERNETES CONTROL PLANE OUTAGE

  99. CONCLUSION 1. Great to build platforms 2. Vector is awesome,

    seriously, deploy it today 3. Share practical cases and learn together

  100. github.com/werf github.com/palark THANK YOU! Q&A @nabokihms [email protected] OPEN SOURCE TOOLS

    OUR BLOGS AND SOCIAL MEDIA CONTACT US palark.com twitter.com/palark_com MAKSIM NABOKIKH Platform Lead