hubble
kube-state-metrics
Our great sponsors
hubble | kube-state-metrics | |
---|---|---|
7 | 33 | |
3,292 | 5,086 | |
3.3% | 2.1% | |
9.4 | 8.9 | |
9 days ago | 9 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hubble
-
Architecting for Resilience: Crafting Opinionated EKS Clusters with Karpenter & Cilium Cluster Mesh — Part 1
Since we installed Hubble on the cluster, Let’s check its cool UI and see how the traffic flows between the pods. To do so, let’s run:
- cilium/hubble: Hubble - Network, Service & Security Observability for Kubernetes using eBPF
-
Getting started with kubectl plugins
This doesn’t just provide improved operational visibility - it’s incredibly beneficial to network security engineers. For instance, if Cilium is unable to communicate with core components such as ‘Hubble,’ this will show-up in the connectivity test.
-
Linux Audit comes at a cost, is that where BPF steps in?
It may be we could further optimize in some way, but in our testing we didn't find the streaming or EBPF based tables to work all that well for our purposes in osquery. This tool seems more promising for logging this sort of activity: https://github.com/cilium/hubble. We're focused on K8s visibility but this could replace all of our Linux Auditing level logging if it works well.
-
Cilium: eBPF powered CNI, a NOS Solution for Modern Clouds
Cilium team also offers Hubble (yes, the name is the same as the famous far space crawling telescope's one, but for clouds), which is a fully distributed networking and security observability platform for cloud native workloads. Hubble is open source software and built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner.
-
Managing Distributed Applications in Kubernetes Using Cilium and Istio with Helm and Operator for Deployment
However, if you look at projects like Cilium Hubble and Istio Galley, you can see that you not only get all the instrumentation to manage this stuff out of the box, but you also get observability into the health of your pods and fine-grained visibility that you won’t get with traditional tools.
-
Kubernetes cluster diagram
CNI plugins like Cilium
kube-state-metrics
- Do we have any Prometheus metric to get the kubernetes cluster-level CPU/Memory requests/limits?
-
10 Kubernetes Visualization Tool that You Can't Afford to Miss
git clone https://github.com/kubernetes/kube-state-metrics.git
-
Why is the Prometheus metric 'kube_pod_completion_time' returning empty query results?
https://github.com/kubernetes/kube-state-metrics/blob/main/docs/pod-metrics.md According to this github repo completion is responsible of termination date if I correctly understood .
-
Google Kubernetes Engine's metrics vs Self-managed
kube-state-metrics
-
Prometheus node exporter and cadvisor to send metrics to central prometheus cluster
Those are entirely different types of data. You can get that from something like kube-state-metrics
-
Scaling kube-state-metrics in large cluster
I've never had a cluster of that size, so take it with a grain of salt - but maybe you could try purpose-based sharding? KSM has allowlist and denylist config flags, for configuring which metrics it exposes https://github.com/kubernetes/kube-state-metrics/blob/main/docs/cli-arguments.md
-
Questions about Kubernetes
Kubernetes itself will not notify you, the way I've seen people do this, is to use something like kube-state-metrics or node_exporter, export that to Prometheus (or preferrably VictoriaMetrics because Prometheus is terrible IMO), and then setup alarms on that with alertmanager or equivalent, or just look at dashboards regularly with Grafana. Realistically I recommend only setting alerts on disk usage and application/database latency. CPU and memory utilization isn't a great metric to alert on a lot of the time.
-
EKS scalability best practices
Another tip that you could consider spelling out a little more, is to monitor the number of resources created by Kind. This is somewhat mentioned for jobs and services, but any Kind of which thousands of resources are created will put stress on the control-plane. The total number of resources per namespace/cluster can be monitored with kube-state-metrics. KSM does not emit metrics of resources created from CRDs. These metrics can be implemented with KSM's custom resource state metrics: https://github.com/kubernetes/kube-state-metrics/blob/main/docs/customresourcestate-metrics.md
-
Observability-Landscape-as-Code in Practice
We then have various other Metrics called Kubernetes Workload Metrics. These are the dashboards with names that start with “Kubernetes / Compute Resources / Workload”. These dashboards are specific to the services you are running. They take into account the Kubernetes Workloads in your various namespaces, using kube-state-metrics. For a closer look, check out otel_demo_app_k8s_dashboard.tf.
-
Kubernetes Costs: Effective Cost Optimization Strategies To Reduce Your k8s Bill
The first step to optimizing costs is gaining visibility into your costs using tools. Kubernetes provides a Metrics Server and kube-state-metrics that can give you the overall picture of resource utilization by your cluster. There are more tools that provide more granular breakdowns and provide dashboards with business metrics, infra cost, and alerting functionalities. Here are some strategies to optimize your resource utilization and cloud bills on k8s.
What are some alternatives?
eBPF-Guide - eBPF (extended Berkeley Packet Filter) Guide. Learn all about the eBPF Tools and Libraries for Security, Monitoring , and Networking.
cadvisor - Analyzes resource usage and performance characteristics of running containers.
kubernetes-event-exporter - Export Kubernetes events to multiple destinations with routing and filtering
metrics-server - Scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
php-fpm_exporter - A prometheus exporter for PHP-FPM.
cilium-cli - CLI to install, manage & troubleshoot Kubernetes clusters running Cilium
k3s - Lightweight Kubernetes
coroot - Coroot is an open-source APM & Observability tool, a DataDog and NewRelic alternative 📊, 🖥️, 👉. Powered by eBPF for rapid insights into system performance. Monitor, analyze, and optimize your infrastructure effortlessly for peak reliability at any scale.
kubespray - Deploy a Production Ready Kubernetes Cluster
cilium - eBPF-based Networking, Security, and Observability
kube-metrics-adapter - General purpose metrics adapter for Kubernetes HPA metrics