Nikolay Sivko
4a9d581f65
Merge pull request #26 from coroot/fix_mongodb_message_parsing
|
2 жил өмнө | |
|---|---|---|
| .github | 3 жил өмнө | |
| cgroup | 3 жил өмнө | |
| common | 4 жил өмнө | |
| containers | 2 жил өмнө | |
| ebpftracer | 2 жил өмнө | |
| flags | 3 жил өмнө | |
| logs | 3 жил өмнө | |
| manifests | 4 жил өмнө | |
| node | 3 жил өмнө | |
| pinger | 4 жил өмнө | |
| proc | 3 жил өмнө | |
| tracing | 2 жил өмнө | |
| .dockerignore | 3 жил өмнө | |
| .gitignore | 4 жил өмнө | |
| Dockerfile | 3 жил өмнө | |
| LICENSE | 4 жил өмнө | |
| README.md | 3 жил өмнө | |
| go.mod | 2 жил өмнө | |
| go.sum | 2 жил өмнө | |
| main.go | 3 жил өмнө |
README.md
Coroot-node-agent
The agent gathers metrics related to a node and the containers running on it, and it exposes them in the Prometheus format.
It uses eBPF to track container related events such as TCP connects, so the minimum supported Linux kernel version is 4.16.
Features
TCP connection tracing
To provide visibility into the relationships between services, the agent traces containers TCP events, such as connect() and listen().
Exported metrics are useful for:
- Obtaining an actual map of inter-service communications. It doesn't require integration of distributed tracing frameworks into your code.
- Detecting connections errors from one service to another.
- Measuring network latency between containers, nodes and availability zones.
Related blog posts:
- Building a service map using eBPF
- How ping measures network round-trip time accurately using SO_TIMESTAMPING
The current state of eBPF portability
Log patterns extraction
Log management is usually quite expensive. In most cases, you do not need to analyze each event individually. It is enough to extract recurring patterns and the number of the related events.
This approach drastically reduces the amount of data required for express log analysis.
The agent discovers container logs and parses them right on the node.
At the moment the following sources are supported:
- Direct logging to files in /var/log/
- Journald
- Dockerd (JSON file driver)
- Containerd (CRI logs)
To learn more about automated log clustering, check out the blog post "Mining metrics from unstructured logs".
Delay accounting
Delay accounting allows engineers to accurately identify situations where a container is experiencing a lack of CPU time or waiting for I/O.
The agent gathers per-process counters through Netlink and aggregates them into per-container metrics:
Related blog posts:
Out-of-memory events tracing
The container_oom_kills_total metric shows that a container has been terminated by the OOM killer.
Instance meta information
If a node is a cloud instance, the agent identifies a cloud provider and collects additional information using the related metadata services.
Supported cloud providers: AWS, GCP, Azure, Hetzner
Collected info:
- AccountID
- InstanceID
- Instance/machine type
- Region
- AvailabilityZone
- AvailabilityZoneId (AWS only)
- LifeCycle: on-demand/spot (AWS and GCP only)
- Private & Public IP addresses
Related blog posts:
Installation
The documentation is available at coroot.com/docs/metric-exporters/node-agent.
Metrics
The collected metrics are described here.
Coroot
The best way to turn metrics to answers about app issues is to use Coroot - a zero-instrumentation observability tool for microservice architectures.
A live demo of Coroot is available at community-demo.coroot.com
License
Coroot-node-agent is licensed under the Apache License, Version 2.0.
The BPF code is licensed under the General Public License, Version 2.0.