Cloudadmins Barcelona: Meetup 19/12/2020

Transcript

1. Infrastructure monitoring with Elastic Carlos Pérez-Aradros Herce - Platform Integrations

   Tech Lead 19 Nov 2020

2. Carlos Pérez-Aradros Herce Tech lead - Integrations platforms [email protected] exekias

3. Elastic is a search company.

4. Search. Observe. Protect.

5. 3 solutions Elastic Enterprise Search Elastic Security Elastic Observability

6. Elastic Enterprise Search Elastic Security Elastic Observability Kibana Elasticsearch Beats

   Logstash 3 solutions powered by 1 stack Elastic Stack

7. SaaS Orchestration Elastic Cloud on Kubernetes Elastic Cloud Elastic Cloud

   Enterprise Elastic Enterprise Search Elastic Security Elastic Observability Kibana Elasticsearch Beats Logstash Deploy anywhere. Powered by the Elastic Stack 3 solutions Deployed anywhere

8. Elastic Observability Logs Metrics APM Uptime

9. Unified visibility across your entire ecosystem Bring your logs, metrics,

   and traces together into a single stack so you can monitor, detect, and react to events with speed. ELASTIC OBSERVABILITY

10. Cloud monitoring

11. You don’t choose multi-cloud; multi-cloud chooses you. Enterprise Cloud Strategy

    More than 1000 employees Multiple public Single public Single private Multi-cloud 93% Source: Flexera 2020 State of the Cloud Report Hybrid cloud 87% 6% 6% 1%

12. Beats: The Lightweight Shippers of the Elastic Stack auditbeat filebeat

    heartbeat metricbeat packetbeat winlogbeat

13. On-Premises alerting User group A User group B Observability With

    Multi-Cloud

14. APM Logs&Metrics API API Azure Monitor Event Hub APM GCP

    Stackdriver Logs&Metrics API APM Logs&Metrics API AWS CloudWatch CCS CCS CCS Future: Multi-Cloud and Cross Cluster

15. Method 1 Metrics Azure Services GCP Services Stackdriver Monitoring Monitor

    CloudWatch Method 2 AWS Services

16. Configuration Example – module: aws period: 5m metricsets: – ec2

    credential_profile_name: elastic – module: googlecloud period: 1m metricsets: – compute region: "us-" project_id: "elastic-observability" credentials_file_path: "/Desktop/gcp_creds.json" exclude_labels: false – module: azure period: 300s metricsets: – compute_vm client_id: '$AZURE_CLIENT_ID""}' client_secret: '$AZURE_CLIENT_SECRET""}' tenant_id: '$AZURE_TENANT_ID""}' subscription_id: '$AZURE_SUBSCRIPTION_ID""}' refresh_list_interval: 600s

17. GCP BigQuery AWS Cost Explorer AWS CloudWatch Azure Cost Management

    Billing Billing

18. AWS Services Azure Services GCP Services SQS S3 CloudWatch Event

    Hub PubSub Logs

19. filebeat.inputs: – type: awscloudwatch credential_profile_name: elastic-beats log_group_arn: arn:aws:logs:us-east-1123:log-group:test:* region: us-east-1

    scan_frequency: 30s start_position: beginning api_timeout: 5m filebeat.inputs: – type: s3 queue_url: https://sqs.us-east-1.amazonaws.com/123/test-fb-ks credential_profile_name: elastic-beats json.message_key: Records Configuration Example Using Inputs

20. Kubernetes monitoring

21. cluster Kubernetes: pods, nodes, cluster node kubelet proxy node kubelet

    proxy node kubelet proxy node kubelet proxy - pod schedule

22. Monitoring kubernetes environments

23. Monitoring kubernetes environments - What to monitor - Hosts -

    Containers - Containerized applications - Kubernetes components - Metrics sources - cAdvisor, kubelet - kube-state-metrics - Prometheus - APM Metricbeat Heapster Prometheus ... Elasticsearch Kibana

24. Metadata processors - ECS Enrich events with useful metadata to

    correlate logs, metrics & traces • cloud.availability_zone • cloud.region • cloud.instance_id • cloud.machine_type • cloud.project_id • cloud.provider • docker.container.id • docker.container.image • docker.container.name • docker.container.labels • kubernetes.pod.name • kubernetes.namespace • kubernetes.labels • kubernetes.annotations • kubernetes.container.name • kubernetes.container.image add_cloud_metadata add_docker_metadata add_kubernetes_metadata

25. Kubernetes deployment Node 1 Metricbeat Filebeat Node 2 Metricbeat Filebeat

    Node n Metricbeat Filebeat Filebeat DaemonSet Metricbeat DaemonSet

26. Inventory view Birds-eye view of your kubernetes clusters

27. Node Metricbeat Autodiscover Oh no! My applications are moving! Logs

    Metrics nginx Elasticsearch metricbeat.autodiscover: providers: - type: kubernetes host: ${HOSTNAME} templates: - condition.contains: kubernetes.container.name: nginx config: - module: nginx period: 10s metricsets: ["stubstatus"] hosts: ["${data.host}:8080"]

28. Metricbeat Autodiscover

29. Hints based auto-discovery - Hints tell Metricbeat how to get

    metrics for the given container. - It looks for hints in K8s Pod annotations or Docker labels which have the prefix co.elastic.metrics . - As soon as the container starts, Metricbeat will check if it contains any hints and launch the proper config for it. metricbeat.autodiscover: providers: - type: kubernetes hints.enabled: true annotations: co.elastic.metrics/module: prometheus co.elastic.metrics/metricsets: collector co.elastic.metrics/hosts: '${data.host}:9090' co.elastic.metrics/period: 1m

30. Demo time

31. Service: “beats-demo” LoadBalancer Deployment: “beats-demo“ Demo scenario: http://34.77.157.229 Pod Pod

    ... Deployment: “mysql“ Logs Metrics Network analytics App Performance Metrics Pod

32. Elastic is a Search Company. www.elastic.co Thank You