Kubernetes Series — Integrate Sysdig with Kubernetes
Kubernetes is poised to become the de-facto cloud computing orchestration platform, therefore, various cloud-native practises need to be set up along with it. For monitoring and alerting, there’re multiple products in the market, open-source tools such as Prometheus, Kubewatch, cAdvisor, cloudprober etc. and paying products including Sysdig, NewRelic, Sensu, Datadog and so on. In this article, I’ll focus on integrating Sysdig with Kubernetes.
Why do we need monitoring?
Kubernetes is built with failure in mind, and if an application running in Kubernetes is written following cloud-native best practises, making sure application running smoothly in the production environment should be the responsibility of Kubernetes. However, in most cases, apps are not strictly following best practises (e.g. missing readiness and liveness probes so Kubernetes can’t detect app’s status correctly and take appropriate actions). Even if apps are written perfectly (which is never the case), we still want to understand our application’s behaviour in production and make necessary improvements based on the observations because applications are constantly moving in the cluster. More, the underlying infrastructure of running Kubernetes can be unstable too.
What are we monitoring?
The status of infrastructure running our Kubernetes cluster, containers running in the pods, services created, traffic, networking conditions, events inside Kubernetes cluster etc.
Deploy Sysdig into Kubernetes cluster
Sysdig is using Daemonset to deploy its agents into the Kubernetes cluster, this way it can scale dynamically with the addition/deletion of cluster nodes without redeploying.
# create namespace
kubectl create namespace kube-monitor# create sysdig secret
kubectl create secret generic sysdig-agent --from-literal=access-key=<your sysdig access key> -n sysdig-agent# create a service account for sysdig agent
kubectl apply -f sysdig-agent-clusterrole.yaml -n sysdig-agent
kubectl create serviceaccount sysdig-agent -n sysdig-agent
kubectl create clusterrolebinding sysdig-agent --clusterrole=sysdig-agent --serviceaccount=sysdig-agent:sysdig-agent# deploy sysdig configmap
kubectl apply -f sysdig-agent-configmap.yaml -n sysdig-agent# deploy sysdig daemonset
kubectl apply -f sysdig-agent-daemonset-v2.yaml -n sysdig-agent
Conclusion
Setting up monitoring and alerting is essential to run your application in Kubernetes effectively. Sysdig is one of many solutions out there. If you are a huge believer in open source, Sysdig has an open-source option available as well.
