Elastic Stack provides the integrated monitoring feature. This feature allows you to use Kibana to analyze and display the logs, metrics, and application performance monitoring (APM) data of a Container Service for Kubernetes (ACK) cluster in a centralized manner. If you deploy your applications in the pods of an ACK cluster, you can view the logs generated by the pods, event metrics of the hosts and network, and APM data in the Kibana console. This facilitates troubleshooting. This topic describes how to implement integrated monitoring for an ACK cluster.
Prerequisites
- An Alibaba Cloud Elasticsearch cluster is created, a whitelist is configured for the cluster, and the Auto Indexing feature is enabled for the cluster. In this example, An Alibaba Cloud Elasticsearch V6.8 cluster is created.
For more information, see Create an Alibaba Cloud Elasticsearch cluster, Configure a public or private IP address whitelist for an Elasticsearch cluster, and Configure the YML file.
- An ACK cluster is created, and pods are created in the cluster. In this example, the ACK cluster version 1.18.8-aliyun.1 is used, and each Elastic Compute Service (ECS) instance used for the cluster has 2 vCPUs and 8 GiB of memory.
For more information, see Create an ACK managed cluster.
- The kubectl client is configured and can be used to access the ACK cluster.
For more information, see Connect to ACK clusters by using kubectl.
Background information
This topic describes how to use Elastic Stack to implement integrated monitoring for an ACK cluster. For more information, see the following sections:
For more information about the features of Metricbeat, Filebeat, and Elastic APM, see Infrastructure monitoring, Log monitoring, and Elastic APM.
Use Metricbeat to collect metrics
The following controllers can be used to deploy Metricbeat to the ACK cluster:
- DaemonSet: The DaemonSet controller ensures that each node in the cluster runs one pod. This enables Metricbeat to collect host metrics, system metrics, Docker statistics, and the metrics of all the services that are run on the ACK cluster.
- Deployment: You can use the Deployment controller to deploy a single Metricbeat shipper. The shipper is used to retrieve the unique metrics of the ACK cluster, such as metrics for Kubernetes events and the kube-state-metrics service.
Important - In this example, both the DaemonSet and Deployment controllers are used to deploy Metricbeat to the ACK cluster. You can also use only the DaemonSet or Deployment controller to deploy Metricbeat.
- Metricbeat depends on the monitoring feature provided by the kube-state-metrics service. Before you deploy Metricbeat, you must make sure that kube-state-metrics is deployed. By default, kube-state-metrics is deployed in the arms-prom namespace of a container in an ACK cluster.
- Use the kubectl client to access the ACK cluster and download the Metricbeat configuration file.
curl -L -O https://raw.githubusercontent.com/elastic/beats/6.8/deploy/kubernetes/metricbeat-kubernetes.yaml
- Modify the Metricbeat configuration file.
Important The official Metricbeat configuration file uses the extensions/v1beta1 API version for DaemonSets and Deployments. This API version is deprecated in ACK V1.18 and later. You must modify the Metricbeat configuration file to use the apps/v1 API version for Kubernetes, DaemonSets, Deployments, and ReplicaSets in ACK V1.18 and later.
- Modify the configurations in kind: Deployment and kind: DaemonSet.
- Modify environment variables. The following code provides an example:
env:
- name: ELASTICSEARCH_HOST
value: es-cn-nif23p3mo0065****.elasticsearch.aliyuncs.com
- name: ELASTICSEARCH_PORT
value: "9200"
- name: ELASTICSEARCH_USERNAME
value: elastic
- name: ELASTICSEARCH_PASSWORD
value: ****
- name: KIBANA_HOST
value: es-cn-nif23p3mo0065****-kibana.internal.elasticsearch.aliyuncs.com
- name: KIBANA_PORT
value: "5601"
Note By default, Kibana variables are not defined in the downloaded Metricbeat configuration file. You can use the env parameter to pass the variables.
| Parameter | Description |
|---|
| ELASTICSEARCH_HOST | The internal endpoint of your Elasticsearch cluster. |
| ELASTICSEARCH_PORT | The private port of your Elasticsearch cluster. |
| ELASTICSEARCH_USERNAME | The username of your Elasticsearch cluster. The default value of this parameter is elastic. |
| ELASTICSEARCH_PASSWORD | The password that corresponds to the elastic username. |
| KIBANA_HOST | The internal endpoint of Kibana. |
| KIBANA_PORT | The private port of Kibana. |
- Add the spec.selector configurations. The following code provides an example:
## kind: DaemonSet
spec:
selector:
matchLabels:
k8s-app: metricbeat
template:
metadata:
labels:
k8s-app: metricbeat
## kind: Deployment
spec:
selector:
matchLabels:
k8s-app: metricbeat
template:
metadata:
labels:
k8s-app: metricbeat
- Configure the Kibana output information in name: metricbeat-daemonset-config and name: metricbeat-deployment-config to use the environment variables that are configured in the configuration file.
output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD}
setup.kibana:
host: "https://${KIBANA_HOST}:${KIBANA_PORT}"
setup.dashboards.enabled: true
- Modify configurations related to metricbeat-daemonset-modules. Define the system metrics monitored by the System module and the metrics that can be obtained by the Kubernetes module. The System module monitors the following metrics: CPU, load, memory, and network.
apiVersion: v1
kind: ConfigMap
metadata:
name: metricbeat-daemonset-modules
namespace: kube-system
labels:
k8s-app: metricbeat
data:
system.yml: |-
- module: system
period: 10s
metricsets:
- cpu
- load
- memory
- network
- process
- process_summary
- core
- diskio
- socket
processes: ['.*']
process.include_top_n:
by_cpu: 5 # include top 5 processes by CPU
by_memory: 5 # include top 5 processes by memory
- module: system
period: 1m
metricsets:
- filesystem
- fsstat
processors:
- drop_event.when.regexp:
system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
kubernetes.yml: |-
- module: kubernetes
metricsets:
- node
- system
- pod
- container
- volume
period: 10s
host: ${NODE_NAME}
hosts: ["localhost:10255"]
- Modify configurations related to metricbeat-deployment-modules to obtain the metrics for kube-state-metrics and Kubernetes events.
Important The Metricbeat service is deployed in the kube-system namespace. The kube-state-metrics service is deployed in the arms-prom namespace by default. The two services belong to different namespaces. Therefore, specify the hosts parameter in the format of kube-state-metrics.<namespace>:8080. If the Metricbeat and kube-state-metrics services are deployed in the same namespace, set the hosts parameter to kube-state-metrics:8080.
apiVersion: v1
kind: ConfigMap
metadata:
name: metricbeat-deployment-modules
namespace: kube-system
labels:
k8s-app: metricbeat
data:
# This module requires `kube-state-metrics` up and running under `kube-system` namespace
kubernetes.yml: |-
- module: kubernetes
metricsets:
- state_node
- state_deployment
- state_replicaset
- state_pod
- state_container
period: 10s
host: ${NODE_NAME}
hosts: ["kube-state-metrics.arms-prom:8080"]
# Uncomment this to get k8s events:
- module: kubernetes
metricsets:
- event
- Create a role and assign the role to Metricbeat to implement role-based access control (RBAC). This ensures that Metricbeat can obtain the resource information of the ACK cluster.
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: metricbeat
subjects:
- kind: ServiceAccount
name: metricbeat
namespace: kube-system
roleRef:
kind: ClusterRole
name: metricbeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: metricbeat
labels:
k8s-app: metricbeat
rules:
- apiGroups: [""]
resources:
- nodes
- namespaces
- events
- pods
verbs: ["get", "list", "watch"]
- apiGroups: ["extensions"]
resources:
- replicasets
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources:
- statefulsets
- deployments
verbs: ["get", "list", "watch"]
- apiGroups:
- ""
resources:
- nodes/stats
verbs:
- get
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metricbeat
namespace: kube-system
labels:
k8s-app: metricbeat
---
- Deploy Metricbeat in the ACK cluster and view the resources of the cluster.
Use the kubectl client to run the following commands:
kubectl apply -f metricbeat-kubernetes.yaml
kubectl get pods -n kube-system
Important You must make sure that the resources in the pods are running. Otherwise, data may not be displayed in the Kibana console.
- View the monitored data in the Kibana console.
- Log on to the Kibana console of your Elasticsearch cluster.
- In the left-side navigation pane, click Infrastructure.
- View the statistics on the metrics of the hosts and pods in the ACK cluster.
- View the statistics on the metrics of the hosts: On the Infrastructure page, click Hosts in the upper-right corner. On the Map View tab, click a host and select View metrics. Then, you can view the statistics on the CPU, load, and memory metrics.
- View the statistics on the metrics of the pods in the ACK cluster: On the Infrastructure page, click Kubernetes in the upper-right corner. On the Map View tab, click a pod and select View metrics. Then, you can view the statistics on the CPU, memory, and network metrics.
- View the overall statistics on the resources of the ACK cluster.
Click Dashboard in the left-side navigation pane. On the Dashboards page, click [Metricbeat Kubernetes] Overview. Then, you can view the overall statistics on the resources of the ACK cluster.
Use Filebeat to collect logs
In this example, the DaemonSet controller is used to deploy Filebeat. The DaemonSet controller ensures that each node of the ACK cluster runs a pod to collect data. The resources in the Filebeat configuration file are deployed in the kube-system namespace. If you want to change the namespace in which the resources are deployed, you can modify the configuration file.
- Download the Filebeat configuration file.
Use the kubectl client to access the ACK cluster and download the Filebeat configuration file.
curl -L -O https://raw.githubusercontent.com/elastic/beats/6.8/deploy/kubernetes/filebeat-kubernetes.yaml
- Modify the Filebeat configuration file.
- Modify the configurations in kind: DaemonSet.
env:
- name: ELASTICSEARCH_HOST
value: es-cn-nif23p3mo0065****.elasticsearch.aliyuncs.com
- name: ELASTICSEARCH_PORT
value: "9200"
- name: ELASTICSEARCH_USERNAME
value: elastic
- name: ELASTICSEARCH_PASSWORD
value: ****
- name: KIBANA_HOST
value: es-cn-nif23p3mo0065****-kibana.internal.elasticsearch.aliyuncs.com
- name: KIBANA_PORT
value: "5601"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
| Parameter | Description |
|---|
| ELASTICSEARCH_HOST | The internal endpoint of your Elasticsearch cluster. |
| ELASTICSEARCH_PORT | The private port of your Elasticsearch cluster. |
| ELASTICSEARCH_USERNAME | The username of your Elasticsearch cluster. The default value of this parameter is elastic. |
| ELASTICSEARCH_PASSWORD | The password that corresponds to the elastic username. |
| KIBANA_HOST | The internal endpoint of Kibana. |
| KIBANA_PORT | The private port of Kibana. |
| NODE_NAME | The hosts in the ACK cluster. |
- Change the ConfigMap configurations in name: filebeat-config and configure the Kibana output information to use the environment variables configured in the configuration file.
output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD}
setup.kibana:
host: "https://${KIBANA_HOST}:${KIBANA_PORT}"
- Configure Filebeat to collect logs from the containers in the ACK cluster.
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-inputs
namespace: kube-system
labels:
k8s-app: filebeat
data:
kubernetes.yml: |-
- type: docker
containers.ids:
- "*"
processors:
- add_kubernetes_metadata:
host: ${NODE_NAME}
in_cluster: true
---
- Deploy Filebeat in the ACK cluster and view the resources of the cluster.
Use the kubectl client to run the following commands:
kubectl apply -f filebeat-kubernetes.yaml
kubectl get pods -n kube-system
Important You must make sure that the resources in the pods are running. Otherwise, data may not be displayed in the Kibana console.
- View real-time logs in the Kibana console.
- Log on to the Kibana console of your Elasticsearch cluster.
- View the logs of the hosts and pods in the ACK cluster.
- View the logs of the hosts: On the Infrastructure page, click Hosts in the upper-right corner. On the Map View tab, click a host and select View logs. Then, you can view the real-time logs of the host.
- View the logs of the pods in the ACK cluster: On the Infrastructure page, click Kubernetes in the upper-right corner. On the Map View tab, click a pod and select View logs. Then, you can view the real-time logs of the pod.
Use Elastic APM to monitor the performance of applications
Elastic APM is an application performance monitoring system built on Elastic Stack. Elastic APM allows you to monitor software services and applications in real time. To implement monitoring and facilitate troubleshooting, Elastic APM collects detailed performance information about response time for requests, database queries, calls to caches, and external HTTP requests. Elastic APM also automatically collects unhandled errors and exceptions. Errors are grouped based on the stacktrace. This helps you identify new errors and understand the number of times specific errors occur.
For more information about Elastic APM, see Elastic APM Overview.
- Deploy APM Server to a container.
In this example, APM Server is deployed in the ACK cluster. You can use a ConfigMap controller to define the apm-server.yml file and start APM Server by initializing the pods. Then, you can use a Service object to implement service self-discovery and load balancing.
- Configure the apm-server-yml file.
The file contains the following code:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: apm-deployment-config
namespace: kube-system
labels:
k8s-app: apmserver
data:
apm-server.yml: |-
apm-server.host: "0.0.0.0:8200"
output.elasticsearch:
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD}
setup.kibana:
host: "https://${KIBANA_HOST}:${KIBANA_PORT}"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apmserver
namespace: kube-system
labels:
k8s-app: apmserver
spec:
selector:
matchLabels:
k8s-app: apmserver
template:
metadata:
labels:
k8s-app: apmserver
spec:
serviceAccountName: apmserver
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: apmserver
image: docker.elastic.co/apm/apm-server:6.8.14
args: [
"-c", "/etc/apm-server.yml",
"-e",
]
env:
- name: ELASTICSEARCH_HOST
value: es-cn-oew20i5h90006****.elasticsearch.aliyuncs.com
- name: ELASTICSEARCH_PORT
value: "9200"
- name: ELASTICSEARCH_USERNAME
value: elastic
- name: ELASTICSEARCH_PASSWORD
value: ****
- name: KIBANA_HOST
value: es-cn-oew20i5h90006****-kibana.internal.elasticsearch.aliyuncs.com
- name: KIBANA_PORT
value: "5601"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
runAsUser: 0
resources:
limits:
memory: 50Mi
requests:
cpu: 20m
memory: 30Mi
volumeMounts:
- name: config
mountPath: /etc/apm-server.yml
readOnly: true
subPath: apm-server.yml
volumes:
- name: config
configMap:
defaultMode: 0600
name: apm-deployment-config
---
apiVersion: v1
kind: Service
metadata:
name: apmserver
namespace: kube-system
labels:
k8s-app: apmserver
spec:
clusterIP: None
ports:
- name: http-metrics
port: 8200
targetPort: 8200
selector:
k8s-app: apmserver
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: apmserver
namespace: kube-system
labels:
k8s-app: apmserver
---
Important - When you use the Deployment controller to deploy APM Server, the docker.elastic.co/apm/apm-server:6.8.14 image is used to deploy pods. The version of the image must be consistent with that of the Elasticsearch cluster.
- Port 8200 is exposed to the ACK cluster by using the Service object. This ensures that APM agents can communicate with APM Server.
| Parameter | Description |
|---|
| ELASTICSEARCH_HOST | The internal endpoint of your Elasticsearch cluster. |
| ELASTICSEARCH_PORT | The private port of your Elasticsearch cluster. |
| ELASTICSEARCH_USERNAME | The username of your Elasticsearch cluster. The default value of this parameter is elastic. |
| ELASTICSEARCH_PASSWORD | The password that corresponds to the elastic username. |
| KIBANA_HOST | The internal endpoint of Kibana. |
| KIBANA_PORT | The private port of Kibana. |
| NODE_NAME | The hosts in the ACK cluster. |
- Deploy APM Server to a container and view the status of APM Server.
Use the kubectl client to run the following commands:
kubectl apply -f apm-server.yml
kubectl get pods -n kube-system
Important You must make sure that the resources in the pods are running. Otherwise, data may not be displayed in the Kibana console.
- Configure APM agents.
In this example, Spring Boot is used to create a simple Spring application and compress the application into a JAR package. Then, the JAR package and the latest Java agent that is downloaded from Maven Central Repository are uploaded to APM Server. For more information, see
Spring Boot and
Maven Central.
- Log on to a node of the ACK cluster and create a Dockerfile named myapply in the working directory.
The Dockerfile must contain the following information:
FROM frolvlad/alpine-oraclejdk8
MAINTAINER peterwanghao.com
VOLUME /tmp
ADD spring-boot-0.0.1-SNAPSHOT.jar spring-boot-0.0.1-SNAPSHOT.jar
ADD elastic-apm-agent-1.21.0.jar elastic-apm-agent-1.21.0.jar
EXPOSE 8080
ENTRYPOINT ["java","-javaagent:/elastic-apm-agent-1.21.0.jar","-Delastic.apm.service_name=my-application","-Delastic.apm.server_url=http://apmserver:8200","-Delastic.apm.application_packages=com.example","-jar","/spring-boot-0.0.1-SNAPSHOT.jar"]
The parameters and Java commands that are used to start the pods are defined in ENTRYPOINT. The following table describes these parameters.
| Parameter | Description |
|---|
| -javaagent | The JAR package of the APM agents. |
| -Delastic.apm.service_name | The name of the Service object. The name can contain letters, digits, hyphens (-), underscores (_), and spaces. |
| -Delastic.apm.server_url | The URL of APM Server. http://apmserver:8200 is specified in the apm-server.yml file. |
| -Delastic.apm.application_packages | The basic software package of the application. |
| -jar | The JAR package of the application. |
- Use the
docker build command and the Dockerfile myapply to build an image. Run the following command in the current path:
docker build -t myapply .
- Load the built image to other containers.
- Configure the deployment file for the pods. The file is named my-application.yaml.
The file contains the following code:
---
apiVersion: v1
kind: Pod
metadata:
name: my-apply
namespace: kube-system
labels:
app: my-apply
spec:
containers:
- name: my-apply
image: myapply:latest
ports:
- containerPort: 8080
imagePullPolicy: Never
---
apiVersion: v1
kind: Service
metadata:
name: my-apply
namespace: kube-system
labels:
app: my-apply
spec:
type: NodePort
ports:
- name: http-metrics
port: 8080
nodePort: 30000
selector:
app: my-apply
---
Note image specifies the built image.
- Use the kubectl client to run the following command to deploy the pods:
kubectl apply -f my-application.yaml
- Use a curl command to access the host over port 30000 after all resources in the pods are running.
Run the following curl command:
curl http://10.7.XX.XX:30000
Note 10.7.XX.XX specifies the IP address of the node in the ACK cluster.
If the access to the host is successful, APM agents are deployed.
- View the monitoring data obtained by Elastic APM in the Kibana console.
- Log on to the Kibana console of your Elasticsearch cluster.
- Click APM in the left-side navigation pane.
- Find the application whose performance is monitored and click the application name. Then, you can view the overall performance statistics of the application. In this example, my-application is used.
- Click the interface that is requested. Then, you can view the detailed request information.
- View the statistics on the logs and metrics of the hosts and pods.
Click
Actions and select
Show pod logs or
Show pod metrics. Then, you can view the statistics on the logs or metrics.
FAQ
- Problem description: The resources.requests parameter is set to a large value in the configuration file of the ACK cluster. As a result, pods fail to be started.
Solution: Change the value of the resource.requests parameter. The resources.requests parameter must be specified in the configuration files of Metricbeat, Filebeat, and Elastic APM. We recommend that you set this parameter to an appropriate value based on the specifications of the ACK cluster.
- Problem description: Errors keep occurring when I deploy Metricbeat, Filebeat, and Elastic APM. The error message is similar to
no matches for kind "DaemonSet" in version "extensions/v1beat1". Solution: Use the apps/v1 API version. This is because that the official configuration file uses the extensions/v1beta1 API version for DaemonSets and Deployments. However, in ACK V1.18 and later, the extensions/v1beta1 API version is deprecated for DaemonSets, Deployments, and ReplicaSets.
