Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Monitor Docker Containers on CoreOS cluster #monitoringcasual

taichi nakashima
January 30, 2015
9
970

Monitor Docker Containers on CoreOS cluster #monitoringcasual

http://www.zusaar.com/event/9807003

taichi nakashima

January 30, 2015
Tweet

More Decks by taichi nakashima

See All by taichi nakashima
Platform Engineering at Mercari
tcnksm
7
3.3k
Embedded SRE at Mercari
tcnksm
0
1.3k
How We Harden Platform Security at Mercari
tcnksm
2
1.6k
SRE Practices in Mercari Microservices
tcnksm
11
12k
開発者向けの基盤をつくる
tcnksm
38
11k
How We Structure Our Work At Mercari Microservices Platform Team
tcnksm
11
22k
Microservices Platform on Kubernetes at Mercari
tcnksm
16
16k
Introduction to Mercari Micorservices Platform Team
tcnksm
5
3.4k
Continuous Delivery for Microservices with Spinnaker at Mercari
tcnksm
15
2.5k

Featured

See All Featured
Product Roadmaps are Hard
iamctodd
44
9.7k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k
The Invisible Customer
myddelton
114
12k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
The Brand Is Dead. Long Live the Brand.
mthomps
49
28k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
2
3.4k
Being A Developer After 40
akosma
57
580k
KATA
mclloyd
15
12k
The Straight Up "How To Draw Better" Workshop
denniskardys
227
130k
GitHub's CSS Performance
jonrohan
1025
450k
Building an army of robots
kneath
300
41k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
120
39k

Transcript

  1. Monitor Docker Containers on CoreOS cluster

  2. I’m Taichi Nakashima @deeeet tcnksm https://www.flickr.com/photos/unforgiven/9278027165

  3. None
  4. None
  5. None
  6. None

  7. What is difference? Traditional stack vs. Containers

  8. Physical (Machines) Virtual Virtual Service A Service B Service C

    Service D

  9. Physical (Machines) Virtual Virtual Container Container Container Container Service A

    Service B Service C Service D

  10. Monitoring by Yourself Have your own monitoring system Monitoring as

    a Service Use external service

  11. Monitoring by Yourself Have your own monitoring system Monitoring as

    a Service Use external service

  12. For a single host monitoring cAdvisor For a cluster scale

    monitoring Heapster Monitoring by Yourself Have your own monitoring system
  13. None

  14. Just running dockerized cAdvisor container Collect all container metrics on

    a host Just access to :8080 in your browser Provide Web UI cAdvisor

  15. Run cAdvisor container $ docker run \ --volume=/:/rootfs:ro \ --volume=/var/run:/var/run:rw

    \ --volume=/sys:/sys:ro \ --volume=/var/lib/docker/:/var/lib/docker:ro \ --publish=8080:8080 \ --detach=true \ --name=cadvisor \ google/cadvisor:latest
  16. None

  17. Collect cAdvisor metrics from cluster member, it’s used in Kubernetes

    Enables cluster wide monitoring of containers Draw graph by Grafana Support InfluxDB backend Heapster

  18. Container

  19. Container

  20. Container Heapster

  21. Container Heapster 

  22. None

  23. Monitoring by Yourself Have your own monitoring system Monitoring as

    a Service Use external service
  24. None
  25. None
  26. None

  27. But No README and No document… stanaka/mackerel-docker Mackerel Not Support

    container specific feature No container specific monitoring

  28. New Relic Dockerized collector agent but only for host metrics

    not for containers, To monitor each container we need to install it on each our docker image johanneswuerbach/newrelic-sysmond Not Support container specific feature No container specific monitoring

  29. DataDog Dockerized collector agent, just run docker container DataDog/docker-dd-agent Support

    container specific feature !! Container metrics, Tagging, Lifecycle of container, etc

  30. DataDog Container feature What is good point and why ?

  31. None

  32. DataDog container feature Agent tags by docker container name and

    its image name (by default) Tagging All containers on a host If you run 1 dd-agent container, it monitors all containers in the host It collects each container’s CPU, memory, network I/O and disk I/O (General) Lifecycle monitoring Agent also monitor container create, start, stop, destroy events

  33. DataDog container feature Agent tags by docker container name and

    its image name (by default) Tagging All containers on a host If you run 1 dd-agent container, it monitors all containers in the host It collects each container’s CPU, memory, network I/O and disk I/O (General) Lifecycle monitoring Agent also monitor container create, start, stop, destroy events Easy to start

  34. Run dd-agent container $ docker run \ --privileged \ --name

    dd-agent \ -h `hostname` \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /proc/mounts:/host/proc/mounts:ro \ -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \ -e API_KEY={your_api_key_here} \ datadog/docker-dd-agent

  35. Container dd-agent

  36. To dd-agent container on CoreOS cluster [Unit] … [Service] TimeoutStartSec=0

    ExecStartPre=-/usr/bin/docker kill dd-agent ExecStartPre=-/usr/bin/docker rm dd-agent ExecStartPre=/usr/bin/docker pull datadog/docker-dd-agent ExecStart=/usr/bin/bash -c \ "/usr/bin/docker run --privileged --name dd-agent -h `hostname` \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /proc/mounts:/host/proc/mounts:ro \ -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \ -e API_KEY=`YOUR_API_KEY` \ datadog/docker-dd-agent" [X-Fleet] Global=true

  37. To dd-agent container on CoreOS cluster [Unit] … [Service] TimeoutStartSec=0

    ExecStartPre=-/usr/bin/docker kill dd-agent ExecStartPre=-/usr/bin/docker rm dd-agent ExecStartPre=/usr/bin/docker pull datadog/docker-dd-agent ExecStart=/usr/bin/bash -c \ "/usr/bin/docker run --privileged --name dd-agent -h `hostname` \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /proc/mounts:/host/proc/mounts:ro \ -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \ -e API_KEY=`YOUR_API_KEY` \ datadog/docker-dd-agent" [X-Fleet] Global=true

  38. To dd-agent container on CoreOS cluster [Unit] … [Service] TimeoutStartSec=0

    ExecStartPre=-/usr/bin/docker kill dd-agent ExecStartPre=-/usr/bin/docker rm dd-agent ExecStartPre=/usr/bin/docker pull datadog/docker-dd-agent ExecStart=/usr/bin/bash -c \ "/usr/bin/docker run --privileged --name dd-agent -h `hostname` \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /proc/mounts:/host/proc/mounts:ro \ -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \ -e API_KEY=`YOUR_API_KEY` \ datadog/docker-dd-agent" [X-Fleet] Global=true

  39. To dd-agent container on CoreOS cluster $ fleetctl start dd-agent.service

    Run dd-agent.service by fleet

  40. DataDog container feature Agent tags by docker container name and

    its image name (by default) Tagging All containers on a host If you run 1 dd-agent container, it monitors all containers in the host It collects each container’s CPU, memory, network I/O and disk I/O (General) Lifecycle monitoring Agent also monitor container create, start, stop, destroy events Easy to explore what you want

  41. DataDog container feature Agent tags by docker container name and

    its image name (by default) Tagging All containers on a host If you run 1 dd-agent container, it monitors all containers in the host It collects each container’s CPU, memory, network I/O and disk I/O (General) Lifecycle monitoring Agent also monitor container create, start, stop, destroy events Help understand unexpected value
  42. None
  43. None
  44. None

  45. New containers are created

  46. DataDog container feature Agent tags by docker container name and

    its image name (by default) Tagging All containers on a host If you run 1 dd-agent container, it monitors all containers in the host It collects each container’s CPU, memory, network I/O and disk I/O (General) Lifecycle monitoring Agent also monitor container create, start, stop, destroy events Easy to start Easy to explore what you want Help understand unexpected value

  47. Requirement for container monitoring Common part of recent trend

  48. Container Heapster 

  49. Container dd-agent

  50. Install agent each container is not good idea, keep container

    simple ! All containers in a host by 1 agent Requirement for container monitoring Containerized Agent Container only approach is Docker-way (CoreOS)

  51. Manage secret values on distributed KVS Save API token on

    etcd/consul Extra edition

  52. To dd-agent container on CoreOS cluster [Unit] … [Service] TimeoutStartSec=0

    ExecStartPre=-/usr/bin/docker kill dd-agent ExecStartPre=-/usr/bin/docker rm dd-agent ExecStartPre=/usr/bin/docker pull datadog/docker-dd-agent ExecStart=/usr/bin/bash -c \ "/usr/bin/docker run --privileged --name dd-agent -h `hostname` \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /proc/mounts:/host/proc/mounts:ro \ -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \ -e API_KEY=`YOUR_API_KEY` \ datadog/docker-dd-agent" [X-Fleet] Global=true

  53. xordataexchange/crypt

  54. Generate pub and sub key $ gpg2 --gen-key # generate

    pub.gpg and secret.gpg

  55. Save json value on etcd by crypt $ cat <<EOF

    > config.json {"test": "passw0rd"} EOF $ crypt set -keyring=pub.gpg /app/config config.json

  56. Get value withtout crypt and secret-key $ etcdctl get /app/config

    wcBMA0OL+oKDi4zdAQgAh7iKVASBZvvX6WiiLPYSZgAbhYDhZyVGqX +uK2Bc1plC/mYkqw/n3FXyL+ZC0ISdK9Hdqv6HpCthnMHmBCfhPAjV4 DsrXKWO7TP0AYTxUPMxX9sIiTzrLTJGb73134Z6l0z0Ocj2dEuhyAt5u 3cucKkQb3CWGyuhM7C02aTeJoPjIkqi3agAizQn0uwcurSONpmCkArq33 3579iHZv42Xnr+1Dq4CkcDG9OYPyKcoixOvvW9OpB1E

  57. Get value from etcd by crypt and key $ crypt

    get -secret-keyring secret.gpg /app/config {"test":"passw0rd"}

  58. To dd-agent container on CoreOS cluster [Unit] … [Service] TimeoutStartSec=0

    ExecStartPre=-/usr/bin/docker kill dd-agent ExecStartPre=-/usr/bin/docker rm dd-agent ExecStartPre=/usr/bin/docker pull datadog/docker-dd-agent ExecStart=/usr/bin/bash -c \ "/usr/bin/docker run --privileged --name dd-agent -h `hostname` \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /proc/mounts:/host/proc/mounts:ro \ -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \ -e API_KEY=`crypt get -secret-keyring /etc/secret.gpg /ddapikey` \ datadog/docker-dd-agent" [X-Fleet] Global=true

  59. @deeeet