Observability - Istio Service Mesh

-

Thanks to the sidecar deployment model where Envoy proxies run next to application instances and intercept the traffic, these proxies also collect metrics. 

The metrics Envoy proxies collect and helping us get visibility into the state of your system. Gaining this visibility into our systems is critical because we need to understand what's happening and empower the operators to troubleshoot, maintain, and optimize applications. 

Istio generates three types of telemetry to provide observability to services in the mesh: 

• Metrics 

• Distributed traces 

• Access logs 


Metrics 

Istio generates metrics based on the four golden signals: latency, traffic, errors, and saturation. 

Latency represents the time it takes to service a request. These metrics should be broken down into latency of successful requests (e.g., HTTP 200) and failed requests (e.g., HTTP 500). 

Traffic measures how much demand gets placed on the system, and it's measured in system-specific metrics. For example, HTTP requests per second, or concurrent sessions, retrievals per second, and so on. 

Errors measures the rate of failed requests (e.g., HTTP 500s). 

Saturation measures how full the most constrained resources of service are. For example, utilization of a thread pool. 

The metrics are collected at different levels, starting with the most granular, the Envoy proxy-level, then the service-level and control plane metrics. 


Proxy-level metrics 

Envoy has a crucial role in generating metrics. It generates a rich set of metrics about all traffic passing through it. Using the metrics generated by Envoy, we can monitor the mesh at the lowest granularity, for example, metrics for individual listeners and clusters in the Envoy proxy. 

We can control which Envoy metrics get generated and collected at each workload instance as a mesh operator. 


Service-level metrics 

The service level metrics cover the four golden signals we mentioned earlier. These metrics allow us to monitor service-to-service communication. Additionally, lstio comes with dashboards to monitor the service behavior based on these metrics. 

Just like with the proxy-level metrics, the operator can customize which service-level metrics lstio collects. 

Istio exports the standard set of metrics to Prometheus by default. 


Control plane metrics 

Istio also emits control plane metrics that can help monitor the control plane and behavior of Istio, not user services. 

The control plane metrics include the number of conflicting inbound/outbound listeners, the number of clusters without instances, rejected or ignored configurations, and so on. 


Comments

Post a Comment

Popular posts from this blog

DevOps Interview Questions

-
Questions from GIT, Jenkins, Ansible, Dockers & Containers, Kubernetes, OpenShift, AWS, CI/CD, Scripting, Linux (RHEL), Monitoring, Python GIT ########### * What is GIT ? * What is difference between GIT & Github ? * Why we use GIT ? * What is SCM & VCS ? * What are the process of pushing the code to Github Repository ? * Why do we commit ? * What are the commands of GIT to push the code ? * How you can merge a git repository with another ?  * What is branching in git ? * Different types of branching in GIT ? * What is merge conflict in git ? * How you can resolve merge conflict if you are merging same    project and in the same branch ?    Jenkins ########## * What is Jenkins ? * Why we use Jenkins ? * What are the other tools/technologies present in market other than    Jenkins for CI/CD ? * How to move Jenkins from one server to another ?    * How to create Jenkins backup ?  * What are plugins in Jenkins ? * What are
Read more

Calico Certified Operator: AWS Expert Questions & Answers

-
Section 1 Which one of the following is NOT an AWS networking concept? 1 point possible (graded, results hidden) AWS Region Virtual Private Cloud Elastic Network Interface Cloud NAT submitted Which of the following are network configuration options for the Calico CNI in BYOC clusters? 1 point possible (graded, results hidden) Select all that apply: VLAN based segmentation VXLAN encapsulation IP-IP encapsulation CrossSubnet mode submitted Why does AWS-CNI networking make use of source based routing on the nodes? 1 point possible (graded, results hidden) To provide more available IP addresses To allow the utilisation of all ENIs attached to the node To secure the node’s compute resources To ensure all pods use the same ENI submitted Which of the following are true when using the CrossSubnet mode in Calico CNI on BYOC clusters? 1 point possible (graded, results hidden) Select all that apply: It is recommended that for best performanc
Read more

CKAD Certification Exam Preparation Guide and Tips

-
Image
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. The CNCF/Linux Foundation offers this performance-based exam which targets the developer aspect of Kubernetes skills such as deploying apps, configuring apps, rolling out the application, creating persistent volumes, etc. CKAD (Certified Kubernetes Application Developer) is designed for software developers who would like to develop and deploy their containerized applications in Kubernetes. The curriculum includes the following general domains with the associated weights: Core Concepts – 13% Configuration – 18% Multi-Container Pods – 10% Observability – 18% Pod Design – 20% Services & Networking – 13% State Persistence – 8% ------------------------------------------------------------------------- After my successful achievement of CKAD Certification, I would love to share my experience and tips to clear the exam. I have  practiced a lot on kubectl  commands and
Read more